Snort mailing list archives

Previous By Date Next
Previous By Thread Next

[ANNOUNCE] WinPcap 3.2 alpha1 has been released

From: "Gianluca Varenni" <gianluca.varenni () gmail com>
Date: Sun, 18 Dec 2005 12:59:27 -0800
WinPcap 3.2 alpha1 is available from today in the download section of the
WinPcap website, http://www.winpcap.org/install/.

The most remarkable feature of this new version is the long-awaited support
for x86-64 platforms. Under 64bit platforms, the NPF driver is 64bit, and the 
user level DLLs (packet.dll and wpcap.dll) are 32bit. As a consequence, it's
possible to run any 32bit WinPcap-based application without any
recompilation. Thanks to Ramiro Polla doing pre-release testing on x86-64
platforms.

NOTE: on 32bit platforms, this build does not add any new feature to the
current stable version of WinPcap (3.1), apart for the update to libpcap
0.9.4, and some minor bugfixes in the code and the installer.


A new alpha/beta is expected to be available in a couple of months; it will
probably include support for JITted BPF filters on x86-64 and bugfixes
related to the problems reported by the users of this alpha version.
Therefore, if you test it, please give us feedback.

The complete change log is attached at the end of this message.
Enjoy!

Gianluca Varenni
WinPcap Team



Changelog
=========

- Added support for x86-64 (AMD64) under Windows XP/2003. Under 64bit
 platforms, the NPF driver is 64bit, and the user level DLLs (packet.dll
 and wpcap.dll) are 32bit. As a consequence, it's possible to run any
 32bit WinPcap-based application without any recompilation.
 The x86-64 NPF driver has the following limitations
 * BPF filters are not JITted to x86-64 instructions (filters are
   interpreted).
 * The MONITOR_MODE (used mainly by Analyzer) is not supported.
 * it's not possible to change the timestamping mode using the registry key
     HKLM\System\CurrentControlSet\Services\NPF\TimestampMode
   Timestamps are always computed using KeQueryPerformanceCounter.

 Moreover, due to the lack of the NetMon COM component on the 64bit version
 of Windows, dialup adapters are not supported.

- wpcap.dll has been updated to libpcap 0.9.4 from http://www.tcpdump.org.

- Added a patch file containing the patches for remote capture against the
 vanilla libpcap sources.

- Better error handling in the installer.

- Applied some patches to the bpf_filter and verifier (from Guy Harris):
 + BPF programs with no instructions
 + BPF_STX and BPF_LDX|BPF_MEM instructions that have out-of-range offsets
   (which could be made to fetch or store into arbitrary memory locations)
 + BPF_DIV instructions with a constant 0 divisor (that's a check also done
   at run time)
 + In addition, it makes the "k" field in BPF instructions unsigned, as it
   is in other BPF interpreters

- Enabled PREFast (static code analysis tool from the Microsoft DDK) on the
 x86 build of the driver.

- Bug fixing:
 + Added a patch in PacketGetAdapterNames to set the last error to
   ERROR_INSUFFICIENT_BUFFER if the buffer passed to the function is too
   small. Modified pcap_findalldevs() so that it correctly handles this
   situation.
 + Fixed a bug in PacketGetAdapterNames(): the requested buffer size to
   correctly return all the adapter names was wrongly computed
   (overestimated of 3-4 bytes)
 + Fixed a problem while listing the adapters under Win9x: if the key
   HKLM\System\CurrentControlSet\Services\Class\Net\<number> did not
   contain an "NDIS" key, the code was going into an infinite loop.
 + Minor fixes the documentation.
 + Fixed the prototype for the JITted BPF filter function under x86; thanks
   to this patch, we no longer need to manually fix the stack pointer after
   the JITted function returns.


=========



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: