[Snort-users] [ANNOUNCE] WinPcap 4.1 beta3 has been released
gianluca.varenni at ...11827...
Thu Jan 31 13:13:36 EST 2008
As of today, WinPcap 4.1 beta3 is available in the download section of
the WinPcap website, http://www.winpcap.org/install/ .
This new software release includes a couple fixes to the BPF filter
engine in the kernel, as well as several fixes and additions to the
BPF compiler for filters on wireless traffic (802.11).
Full details can be found in the change log attached at the end of
Being a beta release, as usual, we encourage people to test it and
report any anomaly or strange behavior to the WinPcap mailing lists.
Changelog from WinPcap 4.1 beta2
- (from libpcap) Make some arguments of some pcap functions const
pointers if that makes sense.
- (from libpcap) Add some additional checks to bpf_validate(), from
- (from libpcap) Use bpf_validate() in install_bpf_program(), so we
validate programs even when they're being processed by userland
- (from libpcap) Get rid of BPF_MAXINSNS - we don't have a limit on
program size in libpcap/WinPcap.
- (from libpcap) Support for the "addr1", "addr2", "addr3", and
"addr4" link-layer address filtering keywords for 802.11.
- (from libpcap) Support for filtering over 802.11 frame types with
the keywords "type" and "subtype".
- Bug fixing:
+ Fixed a bug when generating wireless filters in the form "link src
host ...". The source address was not retrieved properly.
+ Added some more logic in the installer to account for errors while
installing the Network Monitor component (NetMon). If NetMon is
not available, we install a version of packet.dll that doesn't
depend on it.
+ Fixed two bugs in the original OpenBSD filter validation code, one
that caused it to reject all filters that used multiply
instructions, and another that caused it to reject all filters
that used divide instructions.
+ Fixed a bug in the filter engine in the driver. When the packet to
filter is split into two buffers, under some circumstances the
engine was not checking the right bytes in the packet.
More information about the Snort-users