[Snort-users] ANNOUNCE: WinPcap 4.0 alpha1 has been released
gianluca.varenni at ...13809...
Wed May 10 14:45:42 EDT 2006
WinPcap 4.0 alpha1 is available from today in the download section of the
WinPcap website, http://www.winpcap.org/install/.
This release includes major changes to several modules in the Windows NTx
driver. This effort is aimed at improving the reliability of WinPcap when an
adapter is disabled or "repaired" while a WinPcap-based application is
running, and was prompted by a number of system crash reports from our
users. This extensive rewriting is the main reason why we decided to move to
This new release of WinPcap has been thoroughly tested internally. However,
due to the extensive modifications to the kernel driver code, we feel that a
testing period from the WinPcap community is necessary to guarantee a level
of stability comparable with WinPcap 3.1. We encourage everyone to play with
this new version and report any problems on the various WinPcap mailing
Other modifications include
- a new flag to pcap_open() to avoid capturing packets transmitted by the
same WinPcap adapter instance.
- merging of the 64bit code on the main trunk.
The complete change log is attached at the end of this message.
- Various modifications to the Windows NTx driver npf.sys:
+ General rewriting of all the functions dispatching the
open/close/cleanup/bind/unbind requests from the operating system.
This should should solve a number of crashes when an adapter is
disabled, removed or "repaired".
+ Rewrote the IOCTL dispatcher managing the NDIS_REQUESTs to the driver.
This should solve a number of crashes dispatching an NDIS_REQUEST when
the adapter has been removed/disabled.
+ Rewrote several parts of the tracing code.
+ Moved from named to unnamed events for the shared read events. This fix
solves a large number of issues with the closing of handles.
+ Merged the x86-64 modifications into the main trunk.
+ Cleaned up the compilation scripts.
- Added all the new tracing infrastructure into packet.dll NTx version.
- Removed the ODS and ODSEx macros from the packet32.h include files, as
they are private debugging macros.
- Updated some parts of the documentation related to the compilation of
WinPcap and related samples under Visual Studio 6.
- Cleaned up the installer:
+ added more error checking and reporting when the driver and remote
capture capture service are not installed correctly.
+ removed the 'dial-home' page at the beginning of the installation.
+ Cleaned up some error messages in the message boxes.
- Added support for remote capture into pcap_dispatch(). Thanks to Guy
Harris for the patch.
- Added the PCAP_OPENFLAG_NOCAPTURE_LOCAL to pcap_open(). This flag
instructs an adapter not to capture the packets sent by itself, and is
useful to build applications like network bridges.
- Added the UserBridge sample application, that implements a user-level
bridge between two winpcap interfaces.
- Bug fixing:
+ [From Guy Harris]; PacketSetReadEventTimeout had some bugs in the DAG
code path (INFINITE vs. IMMEDIATE timeouts were messed up).
+ Added some check to verify the result of MmGetSystemAddressForMdl(Safe).
+ Minor fixes to remove some PREfast warnings in the compilation of the
+ Minor patches to properly compile packet.dll and wpcap.dll under Cygnus
and MingW32. Thanks to "deadchicken" for the patches.
+ Added a patch to set the last error to ERROR_INSUFFICIENT_BUFFER if the
buffer passed to PacketGetAdapterNames is too small.
+ Fixed a couple of buffer overruns while creating the device name to be
opened with CreateFile.
+ Fixed a couple of buffer overruns while copying the devices within
AddAdapter(). Added a check to prevent copying truncated names in
adapter names in ADAPTER_INFO (if the adapter name is too long, we
simply skip it).
+ Fixed a couple of memory leaks found in AddAdapter() by Real Blanchet.
+ Fixed a bug that prevented WinPcap 3.2a1 to work correctly on Windows
More information about the Snort-users