[Snort-users] [ANNOUNCE] WinPcap 4.1 beta3 has been released

Gianluca Varenni gianluca.varenni at ...11827...
Thu Jan 31 13:13:36 EST 2008


As of today, WinPcap 4.1 beta3 is available in the download section of
the WinPcap website, http://www.winpcap.org/install/ . 
  
This new software release includes a couple fixes to the BPF filter 
engine in the kernel, as well as several fixes and additions to the 
BPF compiler for filters on wireless traffic (802.11).
 
Full details can be found in the change log attached at the end of 
this message. 
  
Being a beta release, as usual, we encourage people to test it and 
report any anomaly or strange behavior to the WinPcap mailing lists. 

Gianluca Varenni
WinPcap Team



Changelog from WinPcap 4.1 beta2
================================

- (from libpcap) Make some arguments of some pcap functions const 
  pointers if that makes sense.
  
- (from libpcap) Add some additional checks to bpf_validate(), from 
  OpenBSD.
  
- (from libpcap) Use bpf_validate() in install_bpf_program(), so we 
  validate programs even when they're being processed by userland 
  filters.
  
- (from libpcap) Get rid of BPF_MAXINSNS - we don't have a limit on 
  program size in libpcap/WinPcap.
  
- (from libpcap) Support for the "addr1", "addr2", "addr3", and 
  "addr4" link-layer address filtering keywords for 802.11.
  
- (from libpcap) Support for filtering over 802.11 frame types with 
  the keywords "type" and "subtype".
  
- Bug fixing:
  + Fixed a bug when generating wireless filters in the form "link src
    host ...". The source address was not retrieved properly. 
  + Added some more logic in the installer to account for errors while
    installing the Network Monitor component (NetMon). If NetMon is 
    not available, we install a version of packet.dll that doesn't 
    depend on it. 
  + Fixed two bugs in the original OpenBSD filter validation code, one
    that caused it to reject all filters that used multiply 
    instructions, and another that caused it to reject all filters 
    that used divide instructions. 
  + Fixed a bug in the filter engine in the driver. When the packet to
    filter is split into two buffers, under some circumstances the 
    engine was not checking the right bytes in the packet. 






More information about the Snort-users mailing list