May 2025 Release

May 2025 release of PcapPlusPlus (v25.05)

Binaries included in this release

• Binaries compiled for Ubuntu 24.04 LTS, 22.04 LTS, 20.04 LTS
  • For Ubuntu 24.04 both x86_64 and ARM packages are available
• Binaries compiled for RHEL 9.4
• Binaries compiled for Fedora 42
• Binaries compiled for Alpine 3.20.3
• Binaries compiled for macOS Intel and Apple Silicon with Xcode 15 and 16
• Binaries compiled for Android with all 4 ABIs: arm64-v8a, armeabi-v7a, x86, x86_64
• Binaries compiled for FreeBSD 14.1 and 13.4
• Binaries compiled for Windows using MinGW-w64 15.1.0 (32bit + 64bit)
• Binaries compiled for Windows using Microsoft Visual Studio 2022, 2019 (32bit + 64bit, Debug + Release configurations)
• Full documentation (both PcapPlusPlus website and API doxygen documentation) is available here: https://pcapplusplus.github.io/docs/quickstart

What's changed (changes from v24.09)

• New protocol support:
  • WireGuard (thanks @nadongjun !)
  • Add gratuitous ARP requests (thanks @Dimi1010 !)
  • GTPv2
  • Cisco HDLC
• Added the option to build only Common++ and Packet++ libraries without Pcap++, removing the dependency on third-party libraries like libpcap or WinPcap/Npcap (thanks @Dimi1010 !)
• Updated the CMake files to support using pcapplusplus/ as the include prefix (thanks @clementperon !)
• Added support for DPDK 23.11 and 24.11
• Introduced nanosecond precision for timestamps in TCP reassembly
• Added support for timestamp-related libpcap options (thanks @vcomito-apexai !)
• Added multi-language README support (Traditional Chinese, Korean) (thanks @tigercosmos, @nadongjun !)
• Updated OS/platform support running in CI: Ubuntu ARM64, Alpine 3.20, Fedora 42, FreeBSD 13.4/14.1, newer macOS runners (thanks @clementperon !)
• Migrated Android build to use the new version of ToyVPN
• Introduced a new benchmark system using Google Benchmark (thanks @egecetin !)
• Enhanced Python testing and linting infrastructure with ruff (thanks @tigercosmos !)
• Code refactoring:
  • Overhauled the logging infrastructure for better performance and flexibility (thanks @Dimi1010 !)
  • Reformatted CMakeLists files using gersemi (thanks @egecetin !)
  • Updated the internal implementation of PcapLiveDevice to store IP information as IPAddress (thanks @Dimi1010!)
  • Streamlined packet parsing using templated next-layer sub-construction (thanks @Dimi1010 !)
  • Refactored device list classes (PcapLiveDeviceList, DpdkDeviceList, etc.) to use smart pointers internally for memory management and consolidated common behavior under a base class (thanks @Dimi1010 !)
  • Improved the internal implementation of MacAddress, IPAddress and IPNetwork classes (thanks @Dimi1010 !)
  • Enhanced and modernized the internal implementation of PfRingDevice (thanks @Dimi1010 !)
  • Removed usage of VLAs (Variable Length Arrays) for C++ standard compliance (thanks @Dimi1010 !)
  • Numerous C++11 modernization efforts (thanks @Dimi1010, @egecetin, @lumiZGorlic, @kiwixz, @ol-imorozko !)
• Improved documentation using triple-slash Doxygen formatting (thanks @Dimi1010, @tigercosmos !)
• Tons of bug fixes, security fixes and small improvements (thanks @Dimi1010, @clementperon, @rndx21033, @prudens, @Doekin, @egecetin, @ol-imorozko, @1ndahous3, @fxlb, @jj683, @oss-patch, @enomis101, @Shivam7-1, @orgads, @Alexis-Lapierre, @s-genereux, @fasonju !)

Breaking changes

• Logger::LogLevel has been deprecated and moved to LogLevel. LogLevel is now an enum class, so arithmetic operations on it will fail to compile
• The Logger copy constructor and copy assignment operator are marked as deleted
• The return type of Packet::getRawPacketReadOnly() has been changed from RawPacket* to RawPacket const*
• SSLv2 support has been removed (it was non-functional in previous versions) (thanks to @droe!)

Deprecation list

• PcapLiveDevice::getAddresses(), which was previously deprecated, has now been removed
• libpcap versions < 0.9 are no longer supported. As a result, the following CMake options have been removed: PCAPPP_ENABLE_PCAP_IMMEDIATE_MODE and PCAPPP_ENABLE_PCAP_SET_DIRECTION
• The following methods are now deprecated and will be removed in future versions:
  • Logger::Error, Logger::Info, and Logger::Debug are deprecated. Please use LogLevel::XXX instead
  • PcapLiveDeviceList::getPcapLiveDeviceBy*** methods have been deprecated in favor of PcapLiveDeviceList::getDeviceBy***
  • ArpLayer(ArpOpcode opCode, const MacAddress &senderMacAddr, const MacAddress &targetMacAddr, const IPv4Address &senderIpAddr, const IPv4Address &targetIpAddr) constructor has been deprecated in favor of more explicit overloads

Collaborators

• @tigercosmos
• @Dimi1010
• @egecetin
• @clementperon
• @seladb

Full Changelog: v24.09...v25.05

September 2024 Release

September 2024 release of PcapPlusPlus (v24.09)

Binaries included in this release

• Binaries compiled for Ubuntu 24.04 LTS, 22.04 LTS, 20.04 LTS
• Binaries compiled for RHEL 9.4
• Binaries compiled for Fedora 39
• Binaries compiled for Alpine 3.17.2
• Binaries compiled for macOS Intel and Apple Silicon with Xcode 15.4 and 14.3.1
• Binaries compiled for Android with all 4 ABIs: arm64-v8a, armeabi-v7a, x86, x86_64
• Binaries compiled for FreeBSD 14.0 and 13.2
• Binaries compiled for Windows using MinGW-w64 14.2.0 (32bit + 64bit)
• Binaries compiled for Windows using Microsoft Visual Studio 2022, 2019 (32bit + 64bit, Debug + Release configurations)
• Full documentation (both PcapPlusPlus website and API doxygen documentation) is available here: https://pcapplusplus.github.io/docs/quickstart

What's changed (changes from v23.09)

• Added support for eBPF AF_XDP
• New protocols:
  • SMTP (thanks @egecetin !)
  • ASN.1 encoding and decoding
  • Enabled ASN.1 root record parsing in x509 certificates
  • LDAP
  • S7COMM (thanks @wivien19 !)
• DPDK improvements:
  • DPDK 22.11 support (thanks @clementperon !)
  • Jumbo frames support (thanks @gyl30 !)
  • Added an option to disable hugepages and driver verification on initialization (thanks @MatteO-Matic !)
  • NUMA awareness (thanks @SesomB !)
• Examples and utils:
  • Added XdpExample-FilterTraffic to demonstrate XdpDevice usage
  • PcapSplitter: updated output filenames with 5-tuple information (thanks @hidd3ncod3s !)
• Added support for nanosecond precision in reading and writing pcap files (thanks @egecetin !)
• Blocking mode packet capture now uses poll() (thanks @tigercosmos !)
• Added millisecond precision timeout in RawSocketDevice (thanks @tigercosmos !)
• Extended IPFilter to support IPv6 where possible (thanks @Dimi1010 !)
• Boosted build time with Ccache (thanks @clementperon !)
• Fixed precision issue in pcapng file reader (thanks @mserdarsanli !)
• Improved method for retrieving the default gateway on macOS (thanks @zhengfeihe !)
• Added security and code of conduct guidelines (thanks @egecetin !)
• Refactoring and modernization of the code base:
  • Refactored and cleaned up live devices (thanks @Dimi1010 !)
    • Added a getter for fetching all IP addresses as IPAddress objects.
  • Refactored IP address classes IPv4Address, IPv6Address, IPAddress (thanks @tigercosmos , @Dimi1010 !)
    • Added equality operators between IPAddress and in_addr types
  • Refactored the MAC address class MacAddress (thanks @tigercosmos !)
  • Ported PcapPlusPlus libraries to C++11 (thanks @Dimi1010 , @tigercosmos , @egecetin , @WojtekMs , @rtmeng, @DeepakReddy1999 !)
  • Ported most of the examples and tutorials to C++11 (thanks @jpcofr , @merttozer !)
  • Refactored and cleaned up PF_RING devices (thanks @Dimi1010 !)
  • Refactored and cleaned up the PointerVector class (thanks @Dimi1010 !)
  • Converted Macro Guard to pragma once (thanks @clementperon !)
  • Replaced std::map with std::unordered_map (thanks @tigercosmos !)
  • Refactored large parts of the packet filtering code (thanks @Dimi1010 !)
• Supported platforms update:
  • Ubuntu: added 24.04 LTS and dropped 18.04 LTS (thanks @tigercosmos !)
  • Added support for RHEL 9.4 (thanks @clementperon !)
  • Fedora: added support for 39 and removed 37 (thanks @clementperon !)
  • Removed support for CentOS 7
  • FreeBSD: added support for 14.0 and dropped 12 (thanks @clementperon !)
• Internal tools:
  • Reformatted the entire code base using clang-format (thanks @tigercosmos , @Dimi1010 !)
  • Added dependabot to keep GitHub Actions and Python packages up-to-date (thanks @egecetin !)
  • Added OpenSSF Scorecard automation to monitor and enhance security (thanks @egecetin !)
  • Transitioned from CirrusCI to GitHub Actions for all workflows (thanks @tigercosmos !)
  • Scheduled regular CI builds (thanks @tigercosmos !)
  • Replaced deprecated netifaces by scapy (thanks @zhengfeihe !)
  • Improved fuzzing coverage and added Fuzz CI (thanks @sashashura !)
  • Added a template for opening GitHub issues (thanks @tigercosmos !)
  • Upgraded LightPcapNg to the latest from master (thanks @tigercosmos !)
  • Fixed unhandled exceptions crashing the entire test suite (thanks @Dimi1010 !)
• Tons of bug fixes, security fixes and small improvements (thanks @sashashura , @tigercosmos , @clementperon , @egecetin , @kraj , @liu0hy , @lucashc , @axmahr, @Double0101, @prudens , @MCredbear, @rahagal, @nadongjun !)

Breaking changes

This version includes a small number of breaking changes:

• Removed isValid() from MacAddress, IPAddress, IPv4Address, IPv6Address, instead they throw an exception if the input argument is invalid
• Introduced a new TcpOptionEnumType
• Removed the dummy argument in PayloadLayer's constructor

Deprecation list

The following methods that were marked as deprecated in previous versions were removed:

• IPv4Address::matchSubnet()

The following methods are now marked as deprecated and will be removed in future versions:

• PointerVector::getAndRemoveFromVector() -> replaced by PointerVector::getAndDetach()
• HttpResponseLayer::HttpResponseLayer(version, statusCode, statusCodeString) -> use other constructors
• HttpResponseLayer::setStatusCode(newStatusCode, statusCodeString) -> use the other overload
• TcpOptionType enum -> replaced by TcpOptionEnumType
• TcpOption::getTcpOptionType() -> replaced by TcpOption::getTcpOptionEnumType()
• TcpOptionBuilder::TcpOptionBuilder() -> use other constructors
• TcpLayer::getTcpOption(TcpOptionType option) -> use the other overload
• TcpLayer::addTcpOptionAfter() -> replaced by TcpLayer::insertTcpOptionAfter()
• TcpLayer::removeTcpOption() -> use the other overload
• PcapLiveDevice::getAddresses() -> replaced by PcapLiveDevice::getIPAddresses()
• PcapRemoteDeviceList::getRemoteDeviceList() -> replaced by PcapRemoteDeviceList::createRemoteDeviceList()

Collaborators

• @tigercosmos
• @Dimi1010
• @egecetin
• @clementperon
• @seladb

Full Changelog: v23.09...v24.09

September 2023 Release

September 2023 release of PcapPlusPlus (v23.09)

This package contains

• Binaries compiled for Ubuntu 22.04 LTS, 20.04 LTS, 18.04 LTS
• Binaries compiled for CentOS 7
• Binaries compiled for Fedora 37
• Binaries compiled for Alpine 3.17.2
• Binaries compiled for macOS Intel and Apple Silicon with Xcode 13.1.6 and 14.0.0
• Binaries compiled for Android with all 4 ABIs: arm64-v8a, armeabi-v7a, x86, x86_64
• Binaries compiled for FreeBSD 12.3 and 13.1
• Binaries compiled for Windows using MinGW-w64 13.2.0 (32bit + 64bit)
• Binaries compiled for Windows using Microsoft Visual Studio 2022, 2019 (32bit + 64bit, Debug + Release configurations)
• Full documentation (both PcapPlusPlus web-site and API doxygen documentation) is available here: https://pcapplusplus.github.io/docs/quickstart

What's Changed (changes from v22.11)

• PcapPlusPlus moved from a custom build system to CMake! (thanks @clementperon !)
• Added IP/IPv4/IPv6 network classes to better support netmask and subnets
• Add support for opening NFLOG live device (thanks @MrPeck !)
• MAC address OUI Lookup (thanks @egecetin !)
• Intel oneAPI compiler support (icpx) (thanks @egecetin !)
• DPDK improvements:
  • Properly support no RSS mode in DpdkDevice
  • Make DPDK app name configurable (thanks @szokovacs !)
  • More generic search of DPDK KNI kernel module in setup_dpdk.py
• New protocols:
  • NFLOG (Linux Netfilter NFLOG) (thanks @jafar75 !)
  • SLL2 (Linux cooked capture v2) (thanks @jiangjiongyu !)
  • TPKT (thanks @wivien19 !)
  • COTP (thanks @wivien19 !)
  • VRRP (thanks @wangchong2023 !)
• Existing protocols improvements:
  • HTTP - refactor and improve HttpResponseStatusCode (thanks @tigercosmos !)
  • SSL/TLS - better detection of possible encrypted handshake messages (thanks @axmahr !)
  • DNS - support parsing of resources with larger data (thanks @aengusjiang !)
  • STP - add editing/crafting support (thanks @egecetin !)
  • ARP - add isRequest and isReply methods (thanks @tigercosmos !)
  • FTP-DATA support (thanks @egecetin !)
  • NTP - support Kiss of Death (thanks @egecetin !)
  • SIP - refactor status codes + add a few missing ones
• Modernize the codebase to use nullptr instead of NULL (thanks @clementperon !)
• Remove usage of unsupported pcap_compile_nopcap() (thanks @yushijinhun !)
• Internal tools:
  • Codecov integration for coverage reports (thanks @egecetin !)
  • Enable Clang-Tidy (thanks @clementperon !)
  • Enable cppcheck (thanks @egecetin !)
  • Improve the test framework
  • Increase test coverage
• Remove deprecated methods (due to typos):
  • DhcpLayer::getMesageType() -> replaced by DhcpLayer::getMessageType()
  • DhcpLayer::setMesageType() -> replaced by DhcpLayer::setMesasgeType()
  • SSLHandshakeMessage::createHandhakeMessage() -> replaced by SSLHandshakeMessage::createHandshakeMessage()
  • SSLClientHelloMessage::getExtensionsLenth() -> replaced by SSLClientHelloMessage::getExtensionsLength()
  • SSLServerHelloMessage::getExtensionsLenth() -> replaced by SSLServerHelloMessage::getExtensionsLength()
• Tons of bug fixes, security fixes, major and minor improvements (thanks @egecetin, @clementperon, @sashashura, @tigercosmos, @kolbex, @traversebitree, @JasMetzger, @tbhaxor, @yishai1999, @aengusjiang, @Heysunk, @jpcofr !)

Collaborators

• @clementperon
• @egecetin

Contributors

• @sashashura
• @tigercosmos
• @wivien19
• @jafar75
• @MrPeck
• @szokovacs
• @axmahr
• @yishai1999
• @traversebitree
• @jiangjiongyu
• @wangchong2023
• @kolbex
• @JasMetzger
• @yushijinhun
• @aengusjiang
• @tbhaxor
• @Heysunk
• @jpcofr

Full Changelog: v22.11...v23.09

November 2022 Release

November 2022 release of PcapPlusPlus (v22.11)

This package contains

• Binaries compiled for Ubuntu 22.04 LTS, 20.04 LTS, 18.04 LTS
• Binaries compiled for CentOS 7
• Binaries compiled for Fedora 34
• Binaries compiled for Alpine 3.15.0
• Binaries compiled for macOS 12 (Monterey), 11 (Big Sur), 10.15 (Catalina) using Xcode ranging from 12.2 to 13.3 with Intel processor
• Binaries compiled for macOS 12 (Monterey) with Apple Silicon (M1) processor
• Binaries compiled for Android with all 4 ABIs: arm64-v8a, armeabi-v7a, x86, x86_64
• Binaries compiled for FreeBSD 12.3 and 13.0
• Binaries compiled for Windows using MinGW-w64 8.1.0 (32bit)
• Binaries compiled for Windows using Microsoft Visual Studio 2019, 2017, 2015 (32bit + 64bit, Debug + Release configurations)
• Source code + Linux installation scripts for DPDK, PF_RING and vanilla
• Full documentation (both PcapPlusPlus web-site and API doxygen documentation) is available here: https://pcapplusplus.github.io/docs/quickstart

Release notes (changes from v22.05)

• PcapPlusPlus officially moved to C++11! (thanks @clementperon !)
• Remove the pthreads dependency and replace it with C++11 std::thread (thanks @clementperon !)
• Stop supporting MinGW32 on Windows since it doesn't support std::thread. MinGW-w64 and Visual Studio support remains unchanged
• New protocols:
  • Telnet (thanks @egecetin !)
  • FTP (thanks @egecetin !)
  • ICMPv6 (thanks @kolbex !)
  • NDP (thanks @kolbex !)
  • LLC (thanks @egecetin !)
  • STP (thanks @egecetin !)
  • SOME/IP (thanks @kolbex !)
  • Wake on LAN (WoL) (thanks @egecetin !)
• DPDK 21.11 support
• Better support for DPDK i40e NICs
• DPDK set up - add an option to get RTE_SDK from the command line or from an environment variable
• Handle unilateral RST in TCP reassembly (thanks @neilstephens !)
• Retrieve live device IPv6 address if available (thanks @jafar75 !)
• Add .zst file extension support for pcapng files compressed with Zstd
• Internal tooling:
  • Auto pre-commit monthly update (thanks @egecetin !)
  • Add memory sanitizer regressions check (thanks @sashashura !)
  • Add CodeQL SAST and remove LGTM which is being deprecated (thanks @sashashura !)
  • Support multiple packets in fuzzing tests (thanks @sashashura !)
  • Revamped README.md (thanks @egecetin !)
• Tons of bug fixes and minor improvements (thanks @clementperon, @egecetin, @sashashura, @szokovacs, @kayoub5, @bladchan, @npc144, @AlienX2001, @cswindle !)

Collaborators

• @clementperon
• @egecetin

Contributors

• @kolbex
• @sashashura
• @neilstephens
• @jafar75
• @kayoub5
• @szokovacs
• @bladchan
• @npc144
• @AlienX2001
• @cswindle

Full Changelog: v22.05...v22.11

May 2022 Release

May 2022 release of PcapPlusPlus (v22.05)

This package contains

• Binaries compiled for Ubuntu 20.04 LTS, 18.04 LTS,16.04 LTS
• Binaries compiled for CentOS 7
• Binaries compiled for Fedora 34
• Binaries compiled for Alpine 3.15.0
• Binaries compiled for macOS 12 (Monterey), 11 (Big Sur), 10.15 (Catalina) using Xcode ranging from 12.2 to 13.3 with Intel processor
• Binaries compiled for macOS 12 (Monterey) with Apple Silicon (M1) processor
• Binaries compiled for Android with all 4 ABIs: arm64-v8a, armeabi-v7a, x86, x86_64
• Binaries compiled for FreeBSD 12.3 and 13.0
• Binaries compiled for Windows using MinGW32 9.2.0 (32bit) and MinGW-w64 8.1.0 (32bit)
• Binaries compiled for Windows using Microsoft Visual Studio 2019, 2017, 2015 (32bit + 64bit, Debug + Release configurations)
• Source code + Linux installation scripts for DPDK, PF_RING and vanilla
• Full documentation (both PcapPlusPlus web-site and API doxygen documentation) is available here: https://pcapplusplus.github.io/docs/quickstart

Release notes (changes from v21.11)

• NTP protocol support (thanks @egecetin !)
• Support build for Android on macOS (thanks @leleliu008!)
• Clone live devices and live devices list (thanks @egecetin!)
• Add support for reading SNOOP capture files (thanks @miketruman!)
• Add an option to supply additional arguments when calling initDpdk() (thanks @egecetin!)
• Detect DPDK installed via pkg-config during PcapPlusPlus configuration (thanks @szokovacs!)
• Try modprobe if insmod fails in DPDK setup script (thanks @szokovacs!)
• Support parsing of IPv6 over IPv4 (thanks @egecetin!)
• TCP reassembly improvmements:
  • Update timestamp of last packet seen in connection info (thanks @leoparente!)
  • Add the timestamp of the received packet in the message callback (thanks @HrshWardhan!)
  • Add config parameter to disable OOO buffer cleanup (thanks @HrshWardhan!)
• Remove deprecated methods in IPv4Layer, IPv6Layer and IPcapDevice
• Internal changes:
  • Massive revamp of PcapPlusPlus CI pipeline (thanks @clementperon!)
  • Add Alpine to PcapPlusPlus CI (thanks @clementperon!)
  • Run live network tests in CI
  • Use standard compiler macros to detect which platform PcapPlusPlus is running on (thanks @clementperon!)
  • Add pre-commit hooks to detect spelling mistakes, trailing spaces, wrong end-of-file, and more (thanks @egecetin!)
  • Run Black formatter on all Python files
• Tons of bug fixes and minor improvements (thanks @clementperon, @egecetin, @catenacyber, @matez0, @dehmarc, @szokovacs, @ceggers-arri, @guebe!)

Collaborators

• @clementperon
• @egecetin

Contributors

• @catenacyber
• @matez0
• @dehmarc
• @szokovacs
• @ceggers-arri
• @leleliu008
• @guebe
• @HrshWardhan
• @leoparente
• @miketruman

Full Changelog: v21.11...v22.05

November 2021 Release

November 2021 release of PcapPlusPlus (v21.11)

This package contains

• Binaries compiled for Ubuntu 20.04 LTS, 18.04 LTS,16.04 LTS
• Binaries compiled for CentOS 7
• Binaries compiled for Fedora 34
• Binaries compiled for macOS 11.1 (Big Sur), 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra), 10.12 (Sierra) using Xcode ranging from 9.2 to 12.3 with Intel processor
• Binaries compiled for macOS 11.1 (Big Sur) with Apple Silicon (M1) processor,
• Binaries compiled for Android with all 4 ABIs: arm64-v8a, armeabi-v7a, x86, x86_64
• Binaries compiled for FreeBSD 11.4 and 12.2
• Binaries compiled for Windows using MinGW32 9.2.0 (32bit) and MinGW-w64 8.1.0 (32bit)
• Binaries compiled for Windows using Microsoft Visual Studio 2019, 2017, 2015 (32bit + 64bit, Debug + Release configurations)
• Source code + Linux installation scripts for DPDK, PF_RING and vanilla
• Full documentation (both PcapPlusPlus web-site and API doxygen documentation) is available here: https://pcapplusplus.github.io/v2111/

Release notes (changes from v21.05)

• DPDK 20.11 support
• Support uio_pci_generic and vfio-pci kernel modules in DPDK setup script
• Add the stream operator << to IP address and MAC address classes
• Add the stream operator << to Packet and Layer
• Add DHCPv6 protocol support
• Get the full timestamp resolution from a standard pcap file (thanks @ian-p-cooke!)
• Add a new Packet constructor that uses a pre-allocated buffer
• Add src/dst IP address setters in IPv6 layer (thanks @jafar75!)
• Add musl support (thanks @adubovikov!)
• Support loopback interface in PfRingDeviceList
• Modernize PcapPlusPlus examples and tutorials
• Add IPv6 support in DNS Spoofing example
• Convert TLVRecord to a templated class that can represent records with any type and length size
• Convert PPPoE tags to use the TLV infrastructure
• Modernize PcapPlusPlus test infrastructure:
  • Simplify string and object asserts
  • Replace printf with std::cout
• Refactor and modernize PcapPlusPlus logger
• Implement VlanLayet::computeCalculateFields() to calculate the next EtherType
• Parse the 802.1ad QinQ EtherType as VlanLayer
• Replace c-style string copy (sprintf) with cpp-style string copy using sstreams
• Tons of bug fixes (thanks @clementperon, @slhck, @bbenne10!)

Contributors

Big thank you for everyone who contributed to this release:

• @clementperon
• @jafar75
• @slhck
• @adubovikov
• @ian-p-cooke
• @bbenne10

Full Changelog: v21.05...v21.11

May 2021 Release

May 2021 release of PcapPlusPlus (v21.05)

This package contains

• Binaries compiled for Ubuntu 20.04 LTS, 18.04 LTS,16.04 LTS
• Binaries compiled for CentOS 7
• Binaries compiled for Fedora 29
• Binaries compiled for macOS 11.1 (Big Sur), 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra), 10.12 (Sierra) using Xcode ranging from 9.2 to 12.3 with Intel processor
• Binaries compiled for macOS 11.1 (Big Sur) with Apple Silicon (M1) processor,
• Binaries compiled for Android with all 4 ABIs: arm64-v8a, armeabi-v7a, x86, x86_64
• Binaries compiled for FreeBSD 11.4 and 12.2
• Binaries compiled for Windows using MinGW32 9.2.0 (32bit) and MinGW-w64 8.1.0 (32bit)
• Binaries compiled for Windows using Microsoft Visual Studio 2019, 2017, 2015 (32bit + 64bit, Debug + Release configurations)
• Source code + Linux installation scripts for DPDK, PF_RING and vanilla
• Full documentation (both PcapPlusPlus web-site and API doxygen documentation) is available here: https://pcapplusplus.github.io/v2105/

Release notes (changes from v20.08)

• Added official Android support!
• TLS fingerprinting based on JA3
  • Extract TLS fingerprints from TLS ClientHello and ServerHello packets
  • TLS fingerprinting example app
• TLS 1.3 support
• A brand new DPDK setup script written in Python that makes it easier to setup DPDK
• Apple silicon M1 support (thanks @szigetics !)
• Significant size reduction of PcapPlusPlus compiled libraries
• Calculate a packet's network data size before sending a packet and make sure it doesn't exceed the MTU (thanks @SamuelBailey !)
• UDP multicast support (thanks @mmizi !)
  • Add isMulticast() property to IPAddress, IPv4Address, IPv6Address
  • PcapSplitter: take into consideration multicast packets when splitting by client/server IP/port
• New protocol support:
  • SSH (parsing only)
  • IP Sec (AH + ESP, parsing only)
• Existing protocol enhancement:
  • DNS over TCP
  • Parse 2 new TLS extensions: Supported Groups and EC Point Format
  • Added a new IPLayer interface to abstract IPv4Layer and IPv6Layer
  • Added convenient methods to fetch source and dest ports in TCP and UDP layers
  • GRE layer - add Transparent Ethernet Bridging support (thanks @justin-parus !)
• Major header files cleanup: remove platform-specific includes, remove pcap.h from PcapPlusPlus includes, remove redundant header files, replace c-str arguments with C++ std::string
• New API method to search PcapLiveDevice by IP address or name
• Parse packets with link type of LINKTYPE_IPV4 and LINKTYPE_IPV6 (thanks @miketruman !)
• TCP reassembly
  • Add configurable out-of-order packets per flow limit (thanks @LeonBuikstraFox !)
  • Expose missing bytes size on data loss (thanks @cryptocode !)
• hash5Tuple improvements (thanks @miketruman !)
• Fix Makefile dependencies - detect when header files are changed (thanks @amirgon !)
• Recognize *.zstd file extension in IFileReaderDevice::getReader() (thanks @naugler !)
• Moved a large portion of PcapPlusPlus CI to GitHub Actions
• Tons of bug fixes (thank you to everyone who reported issues and contributed bugfixes!)

Contributors

Thank you to everyone who contributed to this release:

• @mmizi
• @github-euronext
• @szigetics
• @SamuelBailey
• @nickamon
• @naugler
• @skorup101
• @amirgon
• @cartman-156
• amritanshu.johri
• @weyrick
• @justin-parus
• @LeonBuikstraFox
• @miketruman
• Julian Härig
• @clementperon
• @cryptocode
• @ramazantokay

August 2020 Release

August 2020 release of PcapPlusPlus (v20.08)

This package contains

• Binaries compiled with Ubuntu 20.04 LTS, 18.04 LTS,16.04 LTS
• Binaries compiled with CentOS 7
• Binaries compiled with Fedora 29
• Binaries compiled with MacOS 10.15 (Catalina) , 10.14 (Mojave), 10.13 (High Sierra), 10.12 (Sierra), and 10.11 (El Capitan) using Xcode ranging from 8.0 to 12.0
• Binaries compiled with FreeBSD 11.3 and 12.1
• Binaries compiled with Windows using MinGW32 9.2.0 (32bit) and MinGW-w64 8.1.0 (32bit)
• Binaries compiled with Windows using Microsoft Visual Studio 2019, 2017, 2015 (32bit + 64bit, Debug + Release configurations)
• Source code + Linux installation scripts for DPDK, PF_RING and vanilla
• Full documentation (both PcapPlusPlus web-site and API doxygen documentation) is available here: https://pcapplusplus.github.io/v2008/

Release notes (changes from v19.12)

• Major security and quality improvements:
  • PcapPlusPlus was added to Google OSS-Fuzz which uses the Fuzz testing technique to discover security vulnerabilities and stability bugs (thank you @zlowram !)
  • Created a new regression test suite for OSS-Fuzz bugfixes under Tests/Fuzzers/RegressionTests (thank you @zlowram !)
  • Added LGTM integration to enable continuous code analysis and prevent critical vulnerabilities (thank you @alexey-tereshenkov-oxb !)
  • More than 60 issues were found by OSS-Fuzz and LGTM and fixed in this release
  • Revamped Packet++Test and Pcap++Test: tests are now more structured, divided into multiple files and use common and more intuitive test infrastructure
  • Added a new test suite (written in Python) for PcapPlusPlus examples under Tests/ExamplesTests
• Added Npcap support for Windows (in parallel to WinPcap support)
• Added DPDK 19.11 (LTS) support
• New supported protocols:
  • BGP v4
  • IEEE 802.3 Ethernet
• New platforms officially supported:
  • MacOS Catalina (10.15)
  • Ubuntu 20.04
• A complete rewrite of the IP address classes IPv4Address, IPv6Address and IPAddress to make them more efficient and east to use (thank you @gx740 !)
• In addition, new features were added to IP address classes:
  • Added "less than" comparison operator (thank you @maruu !)
  • Added subnet match for IPv6Address (thank you @DinoStray !)
• Performance optimization, readability improvements and code cleanup in various parts of the code (thank you @maruu and @gx740 !)
• Integrated streaming ZStd compression for pcapng files (thank you @Dysl3xik !)
• Pcap/pcapng files:
  • Read and write in nanoseconds precision for pcapng files (thank you @Akvinikym !)
  • Enable flush for pcap and pcapng file writers (thank you @rickyzhang82 and @l-henken !)
• TCP reassembly returns status in every call to TcpReassembly::reassemblePacket() (thank you @starliiit !)
• Added port filter to HttpAnalyzer (thank you @makefriend8 !)
• Support for setting snapshot length in PcapLiveDevice (thank you @wongsingfo !)
• GeneralFilter::matchPacketWithFilter() can now match packet of any link type (thank you @skorup101 !)
• Added user link types 147-162 to support custom protocols (thank you @l-henken !)
• Tons of bug fixes (thank you everyone who reported issues and contributed bugfixes!)

Contributors

Thank you for everyone who contributed to this release:

• @gx740
• @Dysl3xik
• @maruu
• @zlowram
• @Akvinikym
• @alexey-tereshenkov-oxb
• @rickyzhang82
• @DinoStray
• @l-henken
• @skorup101
• @starliiit
• @NanXiao
• @makefriend8
• @v0l0dia
• @wongsingfo
• @mchuahua
• @NinethDimension
• @OrkunTokdemir
• @fquinner

December 2019 Release

December 2019 release of PcapPlusPlus (v19.12)

This package contains

• Binaries compiled with Ubuntu 18.04 LTS, 16.04 LTS,14.04 LTS
• Binaries compiled with CentOS 7
• Binaries compiled with Fedora 29
• Binaries compiled with MacOS 10.11 (El Capitan), 10.12 (Sierra), 10.13 (High Sierra) and 10.14 (Mojave) using Xcode ranging from 7.3 to 11.2
• Binaries compiled with FreeBSD 11.2 and 12.0
• Binaries compiled with Windows using MinGW32 5.3.0 (32bit) and MinGW-w64 6.3.0 (32bit)
• Binaries compiled with Windows using Microsoft Visual Studio 2015, 2017, 2019 (32bit + 64bit, Debug + Release configurations)
• Source code
• Source code + Linux installation scripts for DPDK, PF_RING and vanilla
• Full documentation (both PcapPlusPlus web-site and API doxygen documentation) is available here: https://pcapplusplus.github.io/v1912/

Release notes (changes from v19.04)

• Added support for Visual Studio 2017 and 2019
• Added support for DPDK 19.08 (thanks @gx740 !)
• Major improvements in TCP reassembly (thanks @gx740 !):
  • Reducing memory consumption by cleaning up old connections
  • A lot of performance and code optimizations
• Added out-of-the-box support for MacOS 10.14 Mojave and later
• Added support for FreeBSD (thanks @rickyzhang82 !)
• Added support for GTP v1 protocol
• Added DPDK KNI support (thanks @echo-Mike !)
• Added KniPong example to demo the new KNI API (thanks @echo-Mike !)
• Lots of performance optimizations and code cleanups (special thanks to @gx740 !)
• Major revamp of reading/writing pcapng files - use streaming instead of memory copies and added support for compression (thanks @Dysl3xik !)
• Added support for pcap_setdirection in PcapLiveDevice (thanks @MrSiz !)
• Performance optimization and fixes in IPReassembly (thanks @gx740, @silviucpp !)
• Added a new BPFStringFilter pcap filter to handle raw BPF filter strings and deprecated the old IPcapDevice::matchPacketWithFilter() API (thanks @Dysl3xik !)
• Let the user add custom LDFLAGS to the main Makefile (thanks @rom1sqr !)
• Added data validations in IPv4Layer before parsing the next layers (thanks @gx740 !)
• Created a new unit-test framework to make it easier to write unit-tests
• Replaced old 3rd-party debug-new with new homegrown MemPlumber
• Tons of bug fixes (special thanks to @gx740 , @echo-Mike , @Dysl3xik !)

Contributors

Thank you for everyone who contributed to this release:

• @gx740
• @echo-Mike
• @Dysl3xik
• @rickyzhang82
• @MrSiz
• Roman Koshelev
• @silviucpp
• @eteran
• @tomerb
• @Minilulatsch
• @rom1sqr
• @christinaa
• @russkel

April 2019 Release

April 2019 release of PcapPlusPlus (v19.04)

This package contains:

• Binaries compiled with Ubuntu 18.04 LTS, 16.04 LTS,14.04 LTS
• Binaries compiled with CentOS 7
• Binaries compiled with Fedora 29
• Binaries compiled with MacOS 10.10 (Yosemite), 10.11 (El Capitan), 10.12 (Sierra) and 10.13 (High Sierra) using Xcode ranging from 7.3 to 10.1
• Binaries compiled with Windows using MinGW32 5.3.0 (32bit) and MinGW-w64 6.3.0 (32bit)
• Binaries compiled with Windows using Microsoft Visual Studio 2015 (32bit and 64bit, Debug and Release configurations)
• Source code
• Source code + Linux installation scripts for DPDK, PF_RING and vanilla
• Full documentation (both PcapPlusPlus web-site and API doxygen documentation) is available here: https://pcapplusplus.github.io/v1904/

Release notes (changes from v18.08):

• DPDK support enhancements:
  • Added support for the newest DPDK releases: 18.05, 18.08, 18.11, 19.02
  • Added a new DpdkBridge example which is a PcapPlusPlus implementation for DPDK's L2 forwarding example - Thanks @vicenterb !
  • Added a new tutorial for using PcapPlusPlus with DPDK which walks through building a simple version of DpdkBridge
• Packet parsing and crafting enhancements:
  • Added RADIUS layer
  • Revamped DNS record API and added support for DNS MX records
  • Revamped remove layer from packet - removing a layer is more intuitive now + added an option to detach a layer from a packet
  • Revamped TLV data handling - simplified the way IPv4 options, TCP options, DHCP options, RADIUS attributes and IPv6 extensions with options are handled. API is now more intuitive and shares a common infrastructure
  • Fixed bugs in fetching VLAN properties in VlanLayer - thanks @Lapshin !
• Added support for raw sockets on Linux and Windows (RawSocketDevice)
• Added support for link-types other than Ethernet in PcapLiveDevice - thanks @axasoft !
• Exposed start and end times in TCP reassembly - thanks @Lnk2past !
• PcapSplitter:
  • Added pcapng support
  • When splitting by connection, multiple flows with the same 5-tuple are now separated to different files
• Added filtering capabilities to PcapNgFileWriterDevice - thanks @vrobles-gee !
• Added more accurate time measurement for packet capture in blocking mode
• Added DeviceConfiguration to PcapLiveDevice to provide an interface to set WinPcap/libpcap packet buffer size and buffer timeout
• Refactored the devices class hierarchy (the new root class is now IDevice)
• Build system improvements to provide better support for package managers - thanks @solvingj !
• Lots of bugfixes