libtrace 3.0.10 (2011-03-11)
Bug Fixes
Improvements
* Significantly improved performance of libtrace event API
* Transport headers and payload length are now cached for each
packet, saving time on subsequent lookups
libtrace 3.0.9 (2011-01-25)
Bug Fixes
Improvements
* tracesplit can now accept multiple input URIs which are read in turn
libtrace 3.0.8 (2010-12-03)
Bug Fixes
New Features
* Added a new API function called trace_get_payload_length() that returns
the length of the original payload content (i.e. the size of the
post-transport header payload prior to any snapping)
Improvements
* Added IPv6 and IPv6 fragmentation header decoders to libpacketdump
* traceanon can now read cryptopan keys from a file
* Replaced IO subsystem with wandio abstraction
* IO / compression / decompression is now performed in a separate thread, resulting in improved performance
* Modular design makes it easy to add support for new compression formats
* Added native support for reading and writing bzip files
* Added native support for writing lzo files
* JITing of BPF bytecode using LLVM, leading to faster BPF filtering
* Added enums for post-IP protocols and Ethertypes
* Write support added for DAG cards - thanks to Daniel Lawson
* Added new trace tool: tracetop. Shows the top N flows each second
* Added new trace tool: tracereplay. Attempts to replay trace files in trace time
* Added new trace tool: tracediff. Displays packets that differ between two trace files
* Added trace_get_timespec() function
* If the format is not specified as part of the URI, libtrace can now attempt to guess the trace format
* Libpacketdump can now decode CHDLC and PPP/HDLC headers
* Added all the code examples from the libtrace tutorial to the examples directory
Bug Fixes:
* Fixed bug where packets read from a DAG card that did not match the filter were causing lengthy sleep events under the event API
* Fixed various tools that were not reporting the occurrence of a read error
* Fixed segfault caused by malformed URIs
* Fixed bug where reading a zero-length payload from a PCAP trace would result in an EOF being incorrectly reported
* Fixed bug where filtered packet count was not initialised to zero
* trace_get_payload_from_ip() now returns NULL when the IP version is incorrect rather than asserting
* Fixed segfault when writing packets to a Linux native socket, caused by byte ordering issue
* Fixed bug where custom pcap event function was not being used
* Fixed misplaced assertion in the pcap file reading code
* Fixed bug where trace_event would never get a packet event under recent versions of libpcap
* Fixed assertion failure when an unknown linktype is encountered by libpacketdump
* Fixed error caused by LCP packets that are common in some trace sets, e.g. Leipzig
* Increased size of RT packet buffer to fix problems caused by jumbograms
* Fixed errors caused by 32- and 64-bit incompatibility when sending Linux Native packets using the RT protocol
* trace_get_*_port() functions now always return 0 for ICMP packets
* Fixed problems with decoding HDLC and CHDLC headers
* Fixed segfault when reading PCAP packets that had no packet content
* Fixed bug where PCAP packets would be written with a larger capture length than the wire length
* Fixed segfault in the TCP segment report in tracereport caused by segments larger than 1500 bytes
* Fixed bug with restarting a PCAP trace file
* Fixed bugs relating to the size of the TSH packet records
* Fixed bug where we were not accounting for the FCS in legacy Ethernet captures
* Fixed bug where libpacketdump could not decode Linux SLL properly due to using an "undefined" function
* Fixed bug where libpacketdump was not skipping IP options before attempting to decode the next header
* Fixed bug where padding was being treated as part of a truncated header
* Fixed assertion when converting a packet with a corrupt wire length to PCAP
* More fixes for missing #includes
Improvements:
* trace_get_source_address() and trace_get_destination_address() now return link layer addresses in the absence of an IP header wherever possible
* trace_get_<protocol> short-cut functions now return NULL if the entire header (minus options) is not present in the packet
* Added missing set_capture_length() functionality for Linux Native
* traceanon can now write compressed traces
* traceanon now replaces checksums with zeroes
* traceanon, tracesplit and tracemerge now support all libtrace compression types for output
* tracereport no longer does the flow report by default
* Added support for new ERF types
* Added linktype for Experimental Ethernet
* Added --count option to tracereport
* Added --merge-inputs option to tracertstats
* Added support for ARPHRD_NONE
* Added a libpacketdump decoder for ubiquity headers
* Improved libpacketdump's method of searching for decoders
* More efficient arrangement of internal structures
* Tidied up exported symbols
* General code maintenance
* Tidied up manpages
* Improved documentation
libtrace 3.0.6 (2008-11-27)
* Fixed compilation errors caused by missing #includes (r1382)
* Added trace_get_payload_from_pppoe() to external API (r1383)
* autoconf now correctly detects libgdc properly for tracertstats (r1384)
* Fixed some warnings on recent versions of gcc (r1385)
libtrace 3.0.4 (2008-01-02)
Deprecate wtf:/wag: format. These traces no longer exist.
Cleanup bpf: capture format
add LINUX_SLL header support to get_source_mac()
deprecate trace_get_link() and replace it with the newer
trace_get_packet_buffer()/trace_get_layer2()
Bug: Don't crash when destroying an output trace that failed to
initialise
Use Linux's in kernel BPF filter if available
Add support for Cisco HDLC over PoS
Allow BPF bytecode to be used to construct a filter
Code cleanups
Fix libtrace_ip's bitfields
Fix pcapfile output bug
Documentation cleanups
Discard RT packets when writing pcapfile: files
Add a new "stats" example program
Build system cleanups
Avoid using assert() to report errors
RT packet issues
Properly deal with the packet parsing/length cache when using the
event system
Add a new loss counter framework
Bug: Event framework not generating sleep events when reading traces
from disk
Be more strict about returning NULL from trace_get_payload_from_X()
functions
libtrace 3.0.3 (2007-09-05)
Code cleanups w.r.t warnings
tracesplit_dir now provides a warning of the number of packets that had
an unknown direction at the end of the trace
Fix a segfault in tracereport with rxerrors, non ip
Add support for decoding 802.2 LLC/SNAP and Ethernet II in 802.11 frames
Documentation fixes and clarifications
Fix bug with trace_get_payload_from_80211() and 3 vs 4 frame formats
Deal correctly with uri's with parse errors causing segfaults on cleanup
Minor tidyups to protocol decoders
Add more information to libtracepktdump
Correctly deal with PPP captures
Cache trace_get_capture_length() and trace_get_l3() which are both
heavily used internally
Build system cleanups
Add a GRE tracepktdump decoder
Add a preliminary PPPoE tracepktdump decoder
Add more information to tracereport
Fix bug in legacy decoder with wire lengths
Fix bug in trace_ether_ntoa
Add legacynzix: trace format
Don't assert() on bad packets (instead return BADPACKET) for erf traces
Add TRACE_OPTION_EVENT_REALTIME to allow the event framework to playback
traces in realtime
Rename TRACE_META_FREQ to TRACE_OPTION_META_FREQ to follow naming
convention
Correctly deal with errors when using trace_set_option
Deal better with signals when writing packets to files
Add support for dag 3.x
Improved dag 2.5+ support
dag2.5+ supports setting the snaplen from libtrace
Add support for setting direction on linux int: formats
Consider loopback packets outgoing, not incoming
Fix trace_get_source_mac() for wireless frames
Add support for interfaces_per_input to tracemerge
Fix tracereport direction report
Deprecated wag: and wtf formats
libtrace 3.0.2 (2007-04-27)
Fixed make install for libpacketdump
Add support for tsh: and rf+ tracefiles.
Update support for radiotap
Add a new tool traceflow(1)
More correctly deal with pcap LINKTYPE's vs DLT's
Major cleanups of tracereport
libpacketdump Decoder cleanups
trace_event() memory leak fixes
Fix segfaults with bad arguments in tracesplit(1)
Don't suffix a number if we are only generating one file
Support snapping packets
Minor bugs in libtrace error handling
Misc cleanups and bug fixes
libtrace 3.0.1 (2007-03-26)
Added missing manpages to release tarball
Update manpages
Fixed TCP option length calculation in libpacketdump
tracereport has had a massive tidy up
getopt support for disabling/enabling reports.
Documentation cleanups
Fix 0 byte gzwrite(3)'s were causing the compressed file checksum to fail
RT closing issues
Metadata available
tracedump renamed tracepktdump due to naming conflict in debian
Implement better PoS decoding in libtrace for erf, legacypos.
Build fixes for MacOS
libtrace is a library for trace processing. It supports multiple input methods,
including device capture, raw and gz-compressed trace, and sockets; and
multiple input formats, including pcap and DAG.
Features
* Understands PCAP, ERF, DAG, legacy POS, ATM and Ethernet and preliminary
WAG formats
* Read from tracefile, gz-compressed tracefile
* Native DAG read support
* BPF filter support on all input formats
* Format conversion into ERF and PCAP formats
* Write to tracefile for all formats
* Write to interface via PCAP or Natively under Linux
* libpacketdump, a packet dumping library useful for diagnosis
* Various tools for trace manipulation