September 2024 Release

September 2024 release of PcapPlusPlus (v24.09)

Binaries included in this release

• Binaries compiled for Ubuntu 24.04 LTS, 22.04 LTS, 20.04 LTS
• Binaries compiled for RHEL 9.4
• Binaries compiled for Fedora 39
• Binaries compiled for Alpine 3.17.2
• Binaries compiled for macOS Intel and Apple Silicon with Xcode 15.4 and 14.3.1
• Binaries compiled for Android with all 4 ABIs: arm64-v8a, armeabi-v7a, x86, x86_64
• Binaries compiled for FreeBSD 14.0 and 13.2
• Binaries compiled for Windows using MinGW-w64 14.2.0 (32bit + 64bit)
• Binaries compiled for Windows using Microsoft Visual Studio 2022, 2019 (32bit + 64bit, Debug + Release configurations)
• Full documentation (both PcapPlusPlus website and API doxygen documentation) is available here: https://pcapplusplus.github.io/docs/quickstart

What's changed (changes from v23.09)

• Added support for eBPF AF_XDP
• New protocols:
  • SMTP (thanks @egecetin !)
  • ASN.1 encoding and decoding
  • Enabled ASN.1 root record parsing in x509 certificates
  • LDAP
  • S7COMM (thanks @wivien19 !)
• DPDK improvements:
  • DPDK 22.11 support (thanks @clementperon !)
  • Jumbo frames support (thanks @gyl30 !)
  • Added an option to disable hugepages and driver verification on initialization (thanks @MatteO-Matic !)
  • NUMA awareness (thanks @SesomB !)
• Examples and utils:
  • Added XdpExample-FilterTraffic to demonstrate XdpDevice usage
  • PcapSplitter: updated output filenames with 5-tuple information (thanks @hidd3ncod3s !)
• Added support for nanosecond precision in reading and writing pcap files (thanks @egecetin !)
• Blocking mode packet capture now uses poll() (thanks @tigercosmos !)
• Added millisecond precision timeout in RawSocketDevice (thanks @tigercosmos !)
• Extended IPFilter to support IPv6 where possible (thanks @Dimi1010 !)
• Boosted build time with Ccache (thanks @clementperon !)
• Fixed precision issue in pcapng file reader (thanks @mserdarsanli !)
• Improved method for retrieving the default gateway on macOS (thanks @zhengfeihe !)
• Added security and code of conduct guidelines (thanks @egecetin !)
• Refactoring and modernization of the code base:
  • Refactored and cleaned up live devices (thanks @Dimi1010 !)
    • Added a getter for fetching all IP addresses as IPAddress objects.
  • Refactored IP address classes IPv4Address, IPv6Address, IPAddress (thanks @tigercosmos , @Dimi1010 !)
    • Added equality operators between IPAddress and in_addr types
  • Refactored the MAC address class MacAddress (thanks @tigercosmos !)
  • Ported PcapPlusPlus libraries to C++11 (thanks @Dimi1010 , @tigercosmos , @egecetin , @WojtekMs , @rtmeng, @DeepakReddy1999 !)
  • Ported most of the examples and tutorials to C++11 (thanks @jpcofr , @merttozer !)
  • Refactored and cleaned up PF_RING devices (thanks @Dimi1010 !)
  • Refactored and cleaned up the PointerVector class (thanks @Dimi1010 !)
  • Converted Macro Guard to pragma once (thanks @clementperon !)
  • Replaced std::map with std::unordered_map (thanks @tigercosmos !)
  • Refactored large parts of the packet filtering code (thanks @Dimi1010 !)
• Supported platforms update:
  • Ubuntu: added 24.04 LTS and dropped 18.04 LTS (thanks @tigercosmos !)
  • Added support for RHEL 9.4 (thanks @clementperon !)
  • Fedora: added support for 39 and removed 37 (thanks @clementperon !)
  • Removed support for CentOS 7
  • FreeBSD: added support for 14.0 and dropped 12 (thanks @clementperon !)
• Internal tools:
  • Reformatted the entire code base using clang-format (thanks @tigercosmos , @Dimi1010 !)
  • Added dependabot to keep GitHub Actions and Python packages up-to-date (thanks @egecetin !)
  • Added OpenSSF Scorecard automation to monitor and enhance security (thanks @egecetin !)
  • Transitioned from CirrusCI to GitHub Actions for all workflows (thanks @tigercosmos !)
  • Scheduled regular CI builds (thanks @tigercosmos !)
  • Replaced deprecated netifaces by scapy (thanks @zhengfeihe !)
  • Improved fuzzing coverage and added Fuzz CI (thanks @sashashura !)
  • Added a template for opening GitHub issues (thanks @tigercosmos !)
  • Upgraded LightPcapNg to the latest from master (thanks @tigercosmos !)
  • Fixed unhandled exceptions crashing the entire test suite (thanks @Dimi1010 !)
• Tons of bug fixes, security fixes and small improvements (thanks @sashashura , @tigercosmos , @clementperon , @egecetin , @kraj , @liu0hy , @lucashc , @axmahr, @Double0101, @prudens , @MCredbear, @rahagal, @nadongjun !)

Breaking changes

This version includes a small number of breaking changes:

• Removed isValid() from MacAddress, IPAddress, IPv4Address, IPv6Address, instead they throw an exception if the input argument is invalid
• Introduced a new TcpOptionEnumType
• Removed the dummy argument in PayloadLayer's constructor

Deprecation list

The following methods that were marked as deprecated in previous versions were removed:

• IPv4Address::matchSubnet()

The following methods are now marked as deprecated and will be removed in future versions:

• PointerVector::getAndRemoveFromVector() -> replaced by PointerVector::getAndDetach()
• HttpResponseLayer::HttpResponseLayer(version, statusCode, statusCodeString) -> use other constructors
• HttpResponseLayer::setStatusCode(newStatusCode, statusCodeString) -> use the other overload
• TcpOptionType enum -> replaced by TcpOptionEnumType
• TcpOption::getTcpOptionType() -> replaced by TcpOption::getTcpOptionEnumType()
• TcpOptionBuilder::TcpOptionBuilder() -> use other constructors
• TcpLayer::getTcpOption(TcpOptionType option) -> use the other overload
• TcpLayer::addTcpOptionAfter() -> replaced by TcpLayer::insertTcpOptionAfter()
• TcpLayer::removeTcpOption() -> use the other overload
• PcapLiveDevice::getAddresses() -> replaced by PcapLiveDevice::getIPAddresses()
• PcapRemoteDeviceList::getRemoteDeviceList() -> replaced by PcapRemoteDeviceList::createRemoteDeviceList()

Collaborators

• @tigercosmos
• @Dimi1010
• @egecetin
• @clementperon
• @seladb

Full Changelog: v23.09...v24.09

September 2023 Release

September 2023 release of PcapPlusPlus (v23.09)

This package contains

• Binaries compiled for Ubuntu 22.04 LTS, 20.04 LTS, 18.04 LTS
• Binaries compiled for CentOS 7
• Binaries compiled for Fedora 37
• Binaries compiled for Alpine 3.17.2
• Binaries compiled for macOS Intel and Apple Silicon with Xcode 13.1.6 and 14.0.0
• Binaries compiled for Android with all 4 ABIs: arm64-v8a, armeabi-v7a, x86, x86_64
• Binaries compiled for FreeBSD 12.3 and 13.1
• Binaries compiled for Windows using MinGW-w64 13.2.0 (32bit + 64bit)
• Binaries compiled for Windows using Microsoft Visual Studio 2022, 2019 (32bit + 64bit, Debug + Release configurations)
• Full documentation (both PcapPlusPlus web-site and API doxygen documentation) is available here: https://pcapplusplus.github.io/docs/quickstart

What's Changed (changes from v22.11)

• PcapPlusPlus moved from a custom build system to CMake! (thanks @clementperon !)
• Added IP/IPv4/IPv6 network classes to better support netmask and subnets
• Add support for opening NFLOG live device (thanks @MrPeck !)
• MAC address OUI Lookup (thanks @egecetin !)
• Intel oneAPI compiler support (icpx) (thanks @egecetin !)
• DPDK improvements:
  • Properly support no RSS mode in DpdkDevice
  • Make DPDK app name configurable (thanks @szokovacs !)
  • More generic search of DPDK KNI kernel module in setup_dpdk.py
• New protocols:
  • NFLOG (Linux Netfilter NFLOG) (thanks @jafar75 !)
  • SLL2 (Linux cooked capture v2) (thanks @jiangjiongyu !)
  • TPKT (thanks @wivien19 !)
  • COTP (thanks @wivien19 !)
  • VRRP (thanks @wangchong2023 !)
• Existing protocols improvements:
  • HTTP - refactor and improve HttpResponseStatusCode (thanks @tigercosmos !)
  • SSL/TLS - better detection of possible encrypted handshake messages (thanks @axmahr !)
  • DNS - support parsing of resources with larger data (thanks @aengusjiang !)
  • STP - add editing/crafting support (thanks @egecetin !)
  • ARP - add isRequest and isReply methods (thanks @tigercosmos !)
  • FTP-DATA support (thanks @egecetin !)
  • NTP - support Kiss of Death (thanks @egecetin !)
  • SIP - refactor status codes + add a few missing ones
• Modernize the codebase to use nullptr instead of NULL (thanks @clementperon !)
• Remove usage of unsupported pcap_compile_nopcap() (thanks @yushijinhun !)
• Internal tools:
  • Codecov integration for coverage reports (thanks @egecetin !)
  • Enable Clang-Tidy (thanks @clementperon !)
  • Enable cppcheck (thanks @egecetin !)
  • Improve the test framework
  • Increase test coverage
• Remove deprecated methods (due to typos):
  • DhcpLayer::getMesageType() -> replaced by DhcpLayer::getMessageType()
  • DhcpLayer::setMesageType() -> replaced by DhcpLayer::setMesasgeType()
  • SSLHandshakeMessage::createHandhakeMessage() -> replaced by SSLHandshakeMessage::createHandshakeMessage()
  • SSLClientHelloMessage::getExtensionsLenth() -> replaced by SSLClientHelloMessage::getExtensionsLength()
  • SSLServerHelloMessage::getExtensionsLenth() -> replaced by SSLServerHelloMessage::getExtensionsLength()
• Tons of bug fixes, security fixes, major and minor improvements (thanks @egecetin, @clementperon, @sashashura, @tigercosmos, @kolbex, @traversebitree, @JasMetzger, @tbhaxor, @yishai1999, @aengusjiang, @Heysunk, @jpcofr !)

Collaborators

• @clementperon
• @egecetin

Contributors

• @sashashura
• @tigercosmos
• @wivien19
• @jafar75
• @MrPeck
• @szokovacs
• @axmahr
• @yishai1999
• @traversebitree
• @jiangjiongyu
• @wangchong2023
• @kolbex
• @JasMetzger
• @yushijinhun
• @aengusjiang
• @tbhaxor
• @Heysunk
• @jpcofr

Full Changelog: v22.11...v23.09

November 2022 Release

November 2022 release of PcapPlusPlus (v22.11)

This package contains

• Binaries compiled for Ubuntu 22.04 LTS, 20.04 LTS, 18.04 LTS
• Binaries compiled for CentOS 7
• Binaries compiled for Fedora 34
• Binaries compiled for Alpine 3.15.0
• Binaries compiled for macOS 12 (Monterey), 11 (Big Sur), 10.15 (Catalina) using Xcode ranging from 12.2 to 13.3 with Intel processor
• Binaries compiled for macOS 12 (Monterey) with Apple Silicon (M1) processor
• Binaries compiled for Android with all 4 ABIs: arm64-v8a, armeabi-v7a, x86, x86_64
• Binaries compiled for FreeBSD 12.3 and 13.0
• Binaries compiled for Windows using MinGW-w64 8.1.0 (32bit)
• Binaries compiled for Windows using Microsoft Visual Studio 2019, 2017, 2015 (32bit + 64bit, Debug + Release configurations)
• Source code + Linux installation scripts for DPDK, PF_RING and vanilla
• Full documentation (both PcapPlusPlus web-site and API doxygen documentation) is available here: https://pcapplusplus.github.io/docs/quickstart

Release notes (changes from v22.05)

• PcapPlusPlus officially moved to C++11! (thanks @clementperon !)
• Remove the pthreads dependency and replace it with C++11 std::thread (thanks @clementperon !)
• Stop supporting MinGW32 on Windows since it doesn't support std::thread. MinGW-w64 and Visual Studio support remains unchanged
• New protocols:
  • Telnet (thanks @egecetin !)
  • FTP (thanks @egecetin !)
  • ICMPv6 (thanks @kolbex !)
  • NDP (thanks @kolbex !)
  • LLC (thanks @egecetin !)
  • STP (thanks @egecetin !)
  • SOME/IP (thanks @kolbex !)
  • Wake on LAN (WoL) (thanks @egecetin !)
• DPDK 21.11 support
• Better support for DPDK i40e NICs
• DPDK set up - add an option to get RTE_SDK from the command line or from an environment variable
• Handle unilateral RST in TCP reassembly (thanks @neilstephens !)
• Retrieve live device IPv6 address if available (thanks @jafar75 !)
• Add .zst file extension support for pcapng files compressed with Zstd
• Internal tooling:
  • Auto pre-commit monthly update (thanks @egecetin !)
  • Add memory sanitizer regressions check (thanks @sashashura !)
  • Add CodeQL SAST and remove LGTM which is being deprecated (thanks @sashashura !)
  • Support multiple packets in fuzzing tests (thanks @sashashura !)
  • Revamped README.md (thanks @egecetin !)
• Tons of bug fixes and minor improvements (thanks @clementperon, @egecetin, @sashashura, @szokovacs, @kayoub5, @bladchan, @npc144, @AlienX2001, @cswindle !)

Collaborators

• @clementperon
• @egecetin

Contributors

• @kolbex
• @sashashura
• @neilstephens
• @jafar75
• @kayoub5
• @szokovacs
• @bladchan
• @npc144
• @AlienX2001
• @cswindle

Full Changelog: v22.05...v22.11

May 2022 Release

May 2022 release of PcapPlusPlus (v22.05)

This package contains

• Binaries compiled for Ubuntu 20.04 LTS, 18.04 LTS,16.04 LTS
• Binaries compiled for CentOS 7
• Binaries compiled for Fedora 34
• Binaries compiled for Alpine 3.15.0
• Binaries compiled for macOS 12 (Monterey), 11 (Big Sur), 10.15 (Catalina) using Xcode ranging from 12.2 to 13.3 with Intel processor
• Binaries compiled for macOS 12 (Monterey) with Apple Silicon (M1) processor
• Binaries compiled for Android with all 4 ABIs: arm64-v8a, armeabi-v7a, x86, x86_64
• Binaries compiled for FreeBSD 12.3 and 13.0
• Binaries compiled for Windows using MinGW32 9.2.0 (32bit) and MinGW-w64 8.1.0 (32bit)
• Binaries compiled for Windows using Microsoft Visual Studio 2019, 2017, 2015 (32bit + 64bit, Debug + Release configurations)
• Source code + Linux installation scripts for DPDK, PF_RING and vanilla
• Full documentation (both PcapPlusPlus web-site and API doxygen documentation) is available here: https://pcapplusplus.github.io/docs/quickstart

Release notes (changes from v21.11)

• NTP protocol support (thanks @egecetin !)
• Support build for Android on macOS (thanks @leleliu008!)
• Clone live devices and live devices list (thanks @egecetin!)
• Add support for reading SNOOP capture files (thanks @miketruman!)
• Add an option to supply additional arguments when calling initDpdk() (thanks @egecetin!)
• Detect DPDK installed via pkg-config during PcapPlusPlus configuration (thanks @szokovacs!)
• Try modprobe if insmod fails in DPDK setup script (thanks @szokovacs!)
• Support parsing of IPv6 over IPv4 (thanks @egecetin!)
• TCP reassembly improvmements:
  • Update timestamp of last packet seen in connection info (thanks @leoparente!)
  • Add the timestamp of the received packet in the message callback (thanks @HrshWardhan!)
  • Add config parameter to disable OOO buffer cleanup (thanks @HrshWardhan!)
• Remove deprecated methods in IPv4Layer, IPv6Layer and IPcapDevice
• Internal changes:
  • Massive revamp of PcapPlusPlus CI pipeline (thanks @clementperon!)
  • Add Alpine to PcapPlusPlus CI (thanks @clementperon!)
  • Run live network tests in CI
  • Use standard compiler macros to detect which platform PcapPlusPlus is running on (thanks @clementperon!)
  • Add pre-commit hooks to detect spelling mistakes, trailing spaces, wrong end-of-file, and more (thanks @egecetin!)
  • Run Black formatter on all Python files
• Tons of bug fixes and minor improvements (thanks @clementperon, @egecetin, @catenacyber, @matez0, @dehmarc, @szokovacs, @ceggers-arri, @guebe!)

Collaborators

• @clementperon
• @egecetin

Contributors

• @catenacyber
• @matez0
• @dehmarc
• @szokovacs
• @ceggers-arri
• @leleliu008
• @guebe
• @HrshWardhan
• @leoparente
• @miketruman

Full Changelog: v21.11...v22.05

November 2021 Release

November 2021 release of PcapPlusPlus (v21.11)

This package contains

• Binaries compiled for Ubuntu 20.04 LTS, 18.04 LTS,16.04 LTS
• Binaries compiled for CentOS 7
• Binaries compiled for Fedora 34
• Binaries compiled for macOS 11.1 (Big Sur), 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra), 10.12 (Sierra) using Xcode ranging from 9.2 to 12.3 with Intel processor
• Binaries compiled for macOS 11.1 (Big Sur) with Apple Silicon (M1) processor,
• Binaries compiled for Android with all 4 ABIs: arm64-v8a, armeabi-v7a, x86, x86_64
• Binaries compiled for FreeBSD 11.4 and 12.2
• Binaries compiled for Windows using MinGW32 9.2.0 (32bit) and MinGW-w64 8.1.0 (32bit)
• Binaries compiled for Windows using Microsoft Visual Studio 2019, 2017, 2015 (32bit + 64bit, Debug + Release configurations)
• Source code + Linux installation scripts for DPDK, PF_RING and vanilla
• Full documentation (both PcapPlusPlus web-site and API doxygen documentation) is available here: https://pcapplusplus.github.io/v2111/

Release notes (changes from v21.05)

• DPDK 20.11 support
• Support uio_pci_generic and vfio-pci kernel modules in DPDK setup script
• Add the stream operator << to IP address and MAC address classes
• Add the stream operator << to Packet and Layer
• Add DHCPv6 protocol support
• Get the full timestamp resolution from a standard pcap file (thanks @ian-p-cooke!)
• Add a new Packet constructor that uses a pre-allocated buffer
• Add src/dst IP address setters in IPv6 layer (thanks @jafar75!)
• Add musl support (thanks @adubovikov!)
• Support loopback interface in PfRingDeviceList
• Modernize PcapPlusPlus examples and tutorials
• Add IPv6 support in DNS Spoofing example
• Convert TLVRecord to a templated class that can represent records with any type and length size
• Convert PPPoE tags to use the TLV infrastructure
• Modernize PcapPlusPlus test infrastructure:
  • Simplify string and object asserts
  • Replace printf with std::cout
• Refactor and modernize PcapPlusPlus logger
• Implement VlanLayet::computeCalculateFields() to calculate the next EtherType
• Parse the 802.1ad QinQ EtherType as VlanLayer
• Replace c-style string copy (sprintf) with cpp-style string copy using sstreams
• Tons of bug fixes (thanks @clementperon, @slhck, @bbenne10!)

Contributors

Big thank you for everyone who contributed to this release:

• @clementperon
• @jafar75
• @slhck
• @adubovikov
• @ian-p-cooke
• @bbenne10

Full Changelog: v21.05...v21.11

May 2021 Release

May 2021 release of PcapPlusPlus (v21.05)

This package contains

• Binaries compiled for Ubuntu 20.04 LTS, 18.04 LTS,16.04 LTS
• Binaries compiled for CentOS 7
• Binaries compiled for Fedora 29
• Binaries compiled for macOS 11.1 (Big Sur), 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra), 10.12 (Sierra) using Xcode ranging from 9.2 to 12.3 with Intel processor
• Binaries compiled for macOS 11.1 (Big Sur) with Apple Silicon (M1) processor,
• Binaries compiled for Android with all 4 ABIs: arm64-v8a, armeabi-v7a, x86, x86_64
• Binaries compiled for FreeBSD 11.4 and 12.2
• Binaries compiled for Windows using MinGW32 9.2.0 (32bit) and MinGW-w64 8.1.0 (32bit)
• Binaries compiled for Windows using Microsoft Visual Studio 2019, 2017, 2015 (32bit + 64bit, Debug + Release configurations)
• Source code + Linux installation scripts for DPDK, PF_RING and vanilla
• Full documentation (both PcapPlusPlus web-site and API doxygen documentation) is available here: https://pcapplusplus.github.io/v2105/

Release notes (changes from v20.08)

• Added official Android support!
• TLS fingerprinting based on JA3
  • Extract TLS fingerprints from TLS ClientHello and ServerHello packets
  • TLS fingerprinting example app
• TLS 1.3 support
• A brand new DPDK setup script written in Python that makes it easier to setup DPDK
• Apple silicon M1 support (thanks @szigetics !)
• Significant size reduction of PcapPlusPlus compiled libraries
• Calculate a packet's network data size before sending a packet and make sure it doesn't exceed the MTU (thanks @SamuelBailey !)
• UDP multicast support (thanks @mmizi !)
  • Add isMulticast() property to IPAddress, IPv4Address, IPv6Address
  • PcapSplitter: take into consideration multicast packets when splitting by client/server IP/port
• New protocol support:
  • SSH (parsing only)
  • IP Sec (AH + ESP, parsing only)
• Existing protocol enhancement:
  • DNS over TCP
  • Parse 2 new TLS extensions: Supported Groups and EC Point Format
  • Added a new IPLayer interface to abstract IPv4Layer and IPv6Layer
  • Added convenient methods to fetch source and dest ports in TCP and UDP layers
  • GRE layer - add Transparent Ethernet Bridging support (thanks @justin-parus !)
• Major header files cleanup: remove platform-specific includes, remove pcap.h from PcapPlusPlus includes, remove redundant header files, replace c-str arguments with C++ std::string
• New API method to search PcapLiveDevice by IP address or name
• Parse packets with link type of LINKTYPE_IPV4 and LINKTYPE_IPV6 (thanks @miketruman !)
• TCP reassembly
  • Add configurable out-of-order packets per flow limit (thanks @LeonBuikstraFox !)
  • Expose missing bytes size on data loss (thanks @cryptocode !)
• hash5Tuple improvements (thanks @miketruman !)
• Fix Makefile dependencies - detect when header files are changed (thanks @amirgon !)
• Recognize *.zstd file extension in IFileReaderDevice::getReader() (thanks @naugler !)
• Moved a large portion of PcapPlusPlus CI to GitHub Actions
• Tons of bug fixes (thank you to everyone who reported issues and contributed bugfixes!)

Contributors

Thank you to everyone who contributed to this release:

• @mmizi
• @github-euronext
• @szigetics
• @SamuelBailey
• @nickamon
• @naugler
• @skorup101
• @amirgon
• @cartman-156
• amritanshu.johri
• @weyrick
• @justin-parus
• @LeonBuikstraFox
• @miketruman
• Julian Härig
• @clementperon
• @cryptocode
• @ramazantokay

August 2020 Release

August 2020 release of PcapPlusPlus (v20.08)

This package contains

• Binaries compiled with Ubuntu 20.04 LTS, 18.04 LTS,16.04 LTS
• Binaries compiled with CentOS 7
• Binaries compiled with Fedora 29
• Binaries compiled with MacOS 10.15 (Catalina) , 10.14 (Mojave), 10.13 (High Sierra), 10.12 (Sierra), and 10.11 (El Capitan) using Xcode ranging from 8.0 to 12.0
• Binaries compiled with FreeBSD 11.3 and 12.1
• Binaries compiled with Windows using MinGW32 9.2.0 (32bit) and MinGW-w64 8.1.0 (32bit)
• Binaries compiled with Windows using Microsoft Visual Studio 2019, 2017, 2015 (32bit + 64bit, Debug + Release configurations)
• Source code + Linux installation scripts for DPDK, PF_RING and vanilla
• Full documentation (both PcapPlusPlus web-site and API doxygen documentation) is available here: https://pcapplusplus.github.io/v2008/

Release notes (changes from v19.12)

• Major security and quality improvements:
  • PcapPlusPlus was added to Google OSS-Fuzz which uses the Fuzz testing technique to discover security vulnerabilities and stability bugs (thank you @zlowram !)
  • Created a new regression test suite for OSS-Fuzz bugfixes under Tests/Fuzzers/RegressionTests (thank you @zlowram !)
  • Added LGTM integration to enable continuous code analysis and prevent critical vulnerabilities (thank you @alexey-tereshenkov-oxb !)
  • More than 60 issues were found by OSS-Fuzz and LGTM and fixed in this release
  • Revamped Packet++Test and Pcap++Test: tests are now more structured, divided into multiple files and use common and more intuitive test infrastructure
  • Added a new test suite (written in Python) for PcapPlusPlus examples under Tests/ExamplesTests
• Added Npcap support for Windows (in parallel to WinPcap support)
• Added DPDK 19.11 (LTS) support
• New supported protocols:
  • BGP v4
  • IEEE 802.3 Ethernet
• New platforms officially supported:
  • MacOS Catalina (10.15)
  • Ubuntu 20.04
• A complete rewrite of the IP address classes IPv4Address, IPv6Address and IPAddress to make them more efficient and east to use (thank you @gx740 !)
• In addition, new features were added to IP address classes:
  • Added "less than" comparison operator (thank you @maruu !)
  • Added subnet match for IPv6Address (thank you @DinoStray !)
• Performance optimization, readability improvements and code cleanup in various parts of the code (thank you @maruu and @gx740 !)
• Integrated streaming ZStd compression for pcapng files (thank you @Dysl3xik !)
• Pcap/pcapng files:
  • Read and write in nanoseconds precision for pcapng files (thank you @Akvinikym !)
  • Enable flush for pcap and pcapng file writers (thank you @rickyzhang82 and @l-henken !)
• TCP reassembly returns status in every call to TcpReassembly::reassemblePacket() (thank you @starliiit !)
• Added port filter to HttpAnalyzer (thank you @makefriend8 !)
• Support for setting snapshot length in PcapLiveDevice (thank you @wongsingfo !)
• GeneralFilter::matchPacketWithFilter() can now match packet of any link type (thank you @skorup101 !)
• Added user link types 147-162 to support custom protocols (thank you @l-henken !)
• Tons of bug fixes (thank you everyone who reported issues and contributed bugfixes!)

Contributors

Thank you for everyone who contributed to this release:

• @gx740
• @Dysl3xik
• @maruu
• @zlowram
• @Akvinikym
• @alexey-tereshenkov-oxb
• @rickyzhang82
• @DinoStray
• @l-henken
• @skorup101
• @starliiit
• @NanXiao
• @makefriend8
• @v0l0dia
• @wongsingfo
• @mchuahua
• @NinethDimension
• @OrkunTokdemir
• @fquinner

December 2019 Release

December 2019 release of PcapPlusPlus (v19.12)

This package contains

• Binaries compiled with Ubuntu 18.04 LTS, 16.04 LTS,14.04 LTS
• Binaries compiled with CentOS 7
• Binaries compiled with Fedora 29
• Binaries compiled with MacOS 10.11 (El Capitan), 10.12 (Sierra), 10.13 (High Sierra) and 10.14 (Mojave) using Xcode ranging from 7.3 to 11.2
• Binaries compiled with FreeBSD 11.2 and 12.0
• Binaries compiled with Windows using MinGW32 5.3.0 (32bit) and MinGW-w64 6.3.0 (32bit)
• Binaries compiled with Windows using Microsoft Visual Studio 2015, 2017, 2019 (32bit + 64bit, Debug + Release configurations)
• Source code
• Source code + Linux installation scripts for DPDK, PF_RING and vanilla
• Full documentation (both PcapPlusPlus web-site and API doxygen documentation) is available here: https://pcapplusplus.github.io/v1912/

Release notes (changes from v19.04)

• Added support for Visual Studio 2017 and 2019
• Added support for DPDK 19.08 (thanks @gx740 !)
• Major improvements in TCP reassembly (thanks @gx740 !):
  • Reducing memory consumption by cleaning up old connections
  • A lot of performance and code optimizations
• Added out-of-the-box support for MacOS 10.14 Mojave and later
• Added support for FreeBSD (thanks @rickyzhang82 !)
• Added support for GTP v1 protocol
• Added DPDK KNI support (thanks @echo-Mike !)
• Added KniPong example to demo the new KNI API (thanks @echo-Mike !)
• Lots of performance optimizations and code cleanups (special thanks to @gx740 !)
• Major revamp of reading/writing pcapng files - use streaming instead of memory copies and added support for compression (thanks @Dysl3xik !)
• Added support for pcap_setdirection in PcapLiveDevice (thanks @MrSiz !)
• Performance optimization and fixes in IPReassembly (thanks @gx740, @silviucpp !)
• Added a new BPFStringFilter pcap filter to handle raw BPF filter strings and deprecated the old IPcapDevice::matchPacketWithFilter() API (thanks @Dysl3xik !)
• Let the user add custom LDFLAGS to the main Makefile (thanks @rom1sqr !)
• Added data validations in IPv4Layer before parsing the next layers (thanks @gx740 !)
• Created a new unit-test framework to make it easier to write unit-tests
• Replaced old 3rd-party debug-new with new homegrown MemPlumber
• Tons of bug fixes (special thanks to @gx740 , @echo-Mike , @Dysl3xik !)

Contributors

Thank you for everyone who contributed to this release:

• @gx740
• @echo-Mike
• @Dysl3xik
• @rickyzhang82
• @MrSiz
• Roman Koshelev
• @silviucpp
• @eteran
• @tomerb
• @Minilulatsch
• @rom1sqr
• @christinaa
• @russkel

April 2019 Release

April 2019 release of PcapPlusPlus (v19.04)

This package contains:

• Binaries compiled with Ubuntu 18.04 LTS, 16.04 LTS,14.04 LTS
• Binaries compiled with CentOS 7
• Binaries compiled with Fedora 29
• Binaries compiled with MacOS 10.10 (Yosemite), 10.11 (El Capitan), 10.12 (Sierra) and 10.13 (High Sierra) using Xcode ranging from 7.3 to 10.1
• Binaries compiled with Windows using MinGW32 5.3.0 (32bit) and MinGW-w64 6.3.0 (32bit)
• Binaries compiled with Windows using Microsoft Visual Studio 2015 (32bit and 64bit, Debug and Release configurations)
• Source code
• Source code + Linux installation scripts for DPDK, PF_RING and vanilla
• Full documentation (both PcapPlusPlus web-site and API doxygen documentation) is available here: https://pcapplusplus.github.io/v1904/

Release notes (changes from v18.08):

• DPDK support enhancements:
  • Added support for the newest DPDK releases: 18.05, 18.08, 18.11, 19.02
  • Added a new DpdkBridge example which is a PcapPlusPlus implementation for DPDK's L2 forwarding example - Thanks @vicenterb !
  • Added a new tutorial for using PcapPlusPlus with DPDK which walks through building a simple version of DpdkBridge
• Packet parsing and crafting enhancements:
  • Added RADIUS layer
  • Revamped DNS record API and added support for DNS MX records
  • Revamped remove layer from packet - removing a layer is more intuitive now + added an option to detach a layer from a packet
  • Revamped TLV data handling - simplified the way IPv4 options, TCP options, DHCP options, RADIUS attributes and IPv6 extensions with options are handled. API is now more intuitive and shares a common infrastructure
  • Fixed bugs in fetching VLAN properties in VlanLayer - thanks @Lapshin !
• Added support for raw sockets on Linux and Windows (RawSocketDevice)
• Added support for link-types other than Ethernet in PcapLiveDevice - thanks @axasoft !
• Exposed start and end times in TCP reassembly - thanks @Lnk2past !
• PcapSplitter:
  • Added pcapng support
  • When splitting by connection, multiple flows with the same 5-tuple are now separated to different files
• Added filtering capabilities to PcapNgFileWriterDevice - thanks @vrobles-gee !
• Added more accurate time measurement for packet capture in blocking mode
• Added DeviceConfiguration to PcapLiveDevice to provide an interface to set WinPcap/libpcap packet buffer size and buffer timeout
• Refactored the devices class hierarchy (the new root class is now IDevice)
• Build system improvements to provide better support for package managers - thanks @solvingj !
• Lots of bugfixes

August 2018 Release

August 2018 release of PcapPlusPlus (v18.08)

Master branch is always kept stable, so the latest code can always be considered as the newest stable version.

This package contains:

• Binaries compiled with Ubuntu 16.04 LTS and Ubuntu14.04 LTS
• Binaries compiled with CentOS 7
• Binaries compiled with Fedora 26
• Binaries compiled with MacOS 10.10 (Yosemite), 10.11 (El Capitan), 10.12 (Sierra) and 10.13 (High Sierra) using Xcode ranging from 6.4 to 9.4
• Binaries compiled with Windows using MinGW32 5.3.0 (32bit) and MinGW-w64 6.3.0 (32bit)
• Binaries compiled with Windows using Microsoft Visual Studio 2015 (32bit and 64bit, Debug and Release configurations)
• Source code
• Source code + Linux installation scripts for DPDK, PF_RING and vanilla
• Full documentation (both PcapPlusPlus web-site and API doxygen documentation) is available here: https://pcapplusplus.github.io/v1808/

Release notes (changes from v17.11):

• Massive DPDK enhancements:
  • Major performance improvements
  • Fixed some mbuf leakages
  • DPDK 17.11 and 18.02 support (thanks @luigino !)
  • Re-designed some of DpdkDevice APIs to make them cleaner, faster and easier to use
  • Expose DPDK-specific stats
  • RSS (Receive Side Scaling) support
  • DPDK TX buffers support
  • Enable DPDK master core configuration
• Added IP reassembly module (a.k.a IP de-fragmenetation). Supports both IPv4 and IPv6
• Added IPv6 support for TCP reassembly
• Install to custom directory on Linux and MacOS
• Performance improvement in packet parsing
• Fixed compatibility issues with C++17 (thanks @echo-Mike !)
• Read multiple packets from pcap/pcapng files
• Build system improvements (thanks @echo-Mike !)
• New protocols:
  • Packet trailer (a.k.a footer or padding)
  • IPv6 extensions
• New and updated utilities:
  • New IPFragUtil for splitting packets into IP fragments
  • New IPDefragUtil for reassembling IP fragments into packets
  • PcapSplitter now supports round-robin splitting
• Many bugfixes