CHANGES

2023-02-06 Jerry Lundström

    Release pcap-thread 4.0.1

    Fixed issue with `pcap_dispatch()` during non-threaded timed runs by
    checking packet timestamp and use `pcap_breakloop()` if the run
    should end.
    Based on reports, it looks like `pcap_dispatch()` won't stop
    processing if load is high enough even if documentation says "only
    one bufferful of packets is read at a time".

    8b72d7e Copyright
    8f2370e Dispatch, error, hexdump, format
    63502bb Bye Travis
    5639468 Badges

2018-12-03 Jerry Lundström

    Release pcap-thread 4.0.0

    Major version build due to renaming of an API function and various CI
    improvements.

    Fixes:
    - Fix spelling of `pcap_thread_filter_optimize()`
    - Fix `pcap_thread_next()` when using layers
    - `reassemble()`:
      - Check that we have `f_prev` before using it
      - Free frag and return error if RFC815 since it's not complete yet

    02fc33a clang scan, LGTM, configure
    1a64e7d Fix `pcap_thread_next()` when using layers
    75d8d72 Fix spelling of `pcap_thread_filter_optimize()`

2017-12-18 Jerry Lundström

    Release pcap-thread 3.1.0, hexdump 2.1.0

    Fix handling with IP packets that have padding or are missing some of
    the payload. The padding data can be accessed by going beyond the length
    of payload reported (see `hexdump -G`).

    New `pcap_thread_packet_t` fields:
    - `have_ippadding`: Indicate that the IPv4 packet has padding
    - `have_ip6padding`: Indicate that the IPv6 packet has padding
    - `ippadding`: The IPv4 padding length
    - `ip6padding`: The IPv6 padding length

    New `hexdump` option:
    - Add option `-G` to report padding of IP packets

    91b9703 Readd tests
    c30295e `hexdump` report padding
    f4e8b6f Padding and payload

2017-12-15 Jerry Lundström

    Release pcap-thread 3.0.1

    95db71c Remove bad-packets and scapy as a submodule, was bloating dist
            too much

2017-12-14 Jerry Lundström

    Release pcap-thread 3.0.0, hexdump 2.0.0

    Implement callback for additional layers, especially IP fragmentation.
    - `pcap_thread_set_callback_ipv4_frag()`
    - `pcap_thread_set_callback_ipv6_frag()`
    - `pcap_thread_set_callback_icmp()`
    - `pcap_thread_set_callback_icmpv6()`
    - Additional `pcap_thread_packet_t` fields:
      - `have_icmphdr`: Indicate present of ICMP header
      - `have_icmpv6hdr`: Indicate present of ICMPv6 header
      - `have_tcpopts`: Indicate present of TCP options
      - `icmphdr`: ICMP header
      - `icmpv6hdr`: ICMPv6 header
      - `tcpopts`: An array with a copy of the TCP options
      - `tcpopts_len`: Total length of TCP options

    IP fragmentation handling is hooked in with a callback object called
    `pcap_thread_layer_callback_frag_t` that contains callbacks for:
    - `new`: Create a new context, this is called per PCAP/interface
    - `free`: Free the context
    - `reassemble`: Called with the packet that needs reassembly, this
      callback may return a fully reassembled packet.
    - `release`: Called to release resources around a fully reassembled
      packet after the packet has been passed to the next layers.
    - Additional `pcap_thread_packet_t` fields:
      - `ip6frag`: The IPv6 extension header for fragmentation
      - `ip6frag_payload`: The protocol of the payload in the fragment
      - `ip6rtdst`: The IPv6 destination address from the router extension
        header if not the same as in `ip6hdr`

    New IP fragmentation extension `pcap_thread_ext_frag.c|h`!
    - Use `pcap_thread_ext_frag_conf_t` to configure
    - Has two defragmentation modes
      - `PCAP_THREAD_EXT_FRAG_REASSEMBLE_RFC791` will arrange fragments by
        ascending offset, higher offset fragments will overwrite lower ones
      - `PCAP_THREAD_EXT_FRAG_REASSEMBLE_BSD` will arrange fragments by
        descending offset, lower offset fragments will overwrite higher ones
    - Use `pcap_thread_ext_frag_layer_callback()` to generate a
      `pcap_thread_layer_callback_frag_t` object and
      `pcap_thread_set_callback_ipv4_frag()` /
      `pcap_thread_set_callback_ipv6_frag()` to enable the extension

    Breaking changes:
    - When a fragmented packet is received and no callbacks are set to
      handled them, the packets will get passed to the next layer if a
      callback has been set. These packets will also be parse in a non-fatal
      way so callbacks need to check packet state before processing, see
      below.
    - Layers and invalid callbacks can now get packets that are fragmented,
      this is indicated with new packet states:
      - `PCAP_THREAD_PACKET_IS_FRAGMENT`
      - `PCAP_THREAD_PACKET_INVALID_FRAGMENT`
      - `PCAP_THREAD_PACKET_FRAGMENTED_GREHDR`
      - `PCAP_THREAD_PACKET_FRAGMENTED_ICMPHDR`
      - `PCAP_THREAD_PACKET_FRAGMENTED_ICMPV6HDR`
      - `PCAP_THREAD_PACKET_FRAGMENTED_UDPHDR`
      - `PCAP_THREAD_PACKET_FRAGMENTED_TCPHDR`
    - Additional packet states added:
      - `PCAP_THREAD_PACKET_ENOMEM`: No more memory
      - `PCAP_THREAD_PACKET_EMUTEX`: Mutex locking/unlocking error
    - Not really breaking but `enum pcap_thread_packet_state` can be
      represented with `pcap_thread_packet_state_t` now.

    `hexdump`:
    - New option `-F` to enable or configure IP fragmentation handling
      - `-F <ip proto>` to enable defragmentation
      - `-F m<ip prot><num>` to set maximum number of fragments
      - `-F p<ip prot><num>` to set maximum number of fragments per packet
      - `-F R<ip proto>` to reject overlapping fragments
      - `-F t<ip proto>[sec]` to set enable/set timeout for fragments
      - `-F d<ip proto><what>` for more output about fragmentations
    - Add packet state in output, in both text and numerical
    - Add `icmp` and `icmpv6` to `-L`

    Bugfixes:
    - Rearrange headers for compatibility with *BSD
    - #36: Use `AC_HEADER_TIME` to include time functions
    - Layer callback was not set if using non-threaded mode
    - IPv4 addresses was incorrectly parse from IP header
    - Check that `PCAP_TSTAMP_PRECISION_MICRO` macro exists instead of
      function
    - #97: Check for TCP options and offload into `tcpopts`

    f6b5676 TCP options and IP fragments
    201d4ce Fix warning that `_release()` is unused if compiled without
            threads support
    f897c1d IP fragmentation extension
    c4e9dfa Append fragment payload length to the reassembled packet's
            pkthdr len and caplen
    c1819cf Check that `PCAP_TSTAMP_PRECISION_MICRO` macro exists instead
            of function
    3f8caf3 Also copy indicator of pkthdr when reassembling IP packets
    55086bb Add test output to CLEANFILES
    b2c812f Use defines for layer tracing
    b357d3d Fix setting of IPv4 addresses from IP header
    011e128 Fix bug where layer callback was not set if using non-threaded
            mode
    3e9926b Packet is a fragment
    be359be Add ICMP/ICMPv6 callback layer support
    450466a Issue DNS-OARC/dnscap#87: IP v4/v6 fragmentation
    54200b1 Fix #36: Use `AC_HEADER_TIME`
    bdd5755 Update code format
    5746474 Rearrange headers for *BSD
    8a74bd4 Format code
    7472531 Format before format

2017-06-06 Jerry Lundström

    Release pcap-thread 2.1.3

    Compatibility fixes for older versions of libpcap submitted by
    Ray Bellis (ISC).

    ce20e89 Config header is generated by autotools
    d485a0b don't do DLT_IPV4 or DLT_IPV6 if not supported
    1efb0a3 missing PCAP_NETMASK_UNKNOWN macro

2017-03-28 Jerry Lundström

    Release pcap-thread 2.1.2

    Bugfixes:
    - The first byte of the IP header is read to determine the IP version
      and when it is IPv6 the pointers and length variables are "reversed"
      one byte to later continue reading the whole IPv6 header.  This was
      done incorrectly and could result in reading outside the boundaries.
    - Add OS X headers for endian

    6fe2b2a Update
    7306e58 Issue DNS-OARC/dnscap#65: tv_* are signed
    a65ac8b Issue DNS-OARC/dnscap#65: Add check for OS X endian
    4185b7b Issue DNS-OARC/drool#43, DNS-OARC/drool#44: Fix reverse reading
            a byte

2017-03-09 Jerry Lundström

    Release pcap-thread 2.1.1

    b1a3a80 Define UDP/TCP headers ourself to not depend on __FAVOR_BSD

2017-03-09 Jerry Lundström

    Release pcap-thread 2.1.0, hexdump 1.3.0

    Implement callbacks for different packet/protocol layers to simplify
    processing, based on `pcap_layers` by Duane Wessels (@wessels).

    Following callback exists:
    - `pcap_thread_set_callback_ether()`
    - `pcap_thread_set_callback_null()`
    - `pcap_thread_set_callback_loop()`
    - `pcap_thread_set_callback_ieee802()`
    - `pcap_thread_set_callback_gre()`
    - `pcap_thread_set_callback_ip()`
    - `pcap_thread_set_callback_ipv4()`
    - `pcap_thread_set_callback_ipv6()`
    - `pcap_thread_set_callback_udp()`
    - `pcap_thread_set_callback_tcp()`

    For most layers, only one callback can be set so you can't intersect
    the packet processing in the middle at, for example GRE. There are a
    few layers that can have multiple callback:
    - IPv4 and IPv6 callbacks can be set at the same time
    - UDP and TCP callbacks can be set at the same time

    Layer processing is enabled by `pcap_thread_set_use_layers()` and is
    used if set and no callback has been set (`pcap_thread_set_callback()`).

    For any packet that the layers does not understand or is invalid, use
    `pcap_thread_set_callback_invalid()` to set a handler for them and
    check `packet->state` what went wrong.

    Bug fix:
    - Fix `have_timestamp_type` check.
      When converting set functions for some libpcap functionality to a
      `have_what` bitmap, one of the functions was left with a compare of
      greater then -1 (`> -1` which will always be true).  This would run
      `pcap_set_tstamp_type()` every time in `pcap_thread_open()`, if the
      functionality existed at compile time, and most likely fail.

    New features:
    - Ability to reuse pcap_thread
      - `pcap_thread_close()` only frees/clears things related to running
      - fix `pcap_thread_close()`, also clear stepping pointer
      - add `pcap_thread_clear_filter()` for releasing filter on non-allocated
        pcap_threads
      - fix `pcap_thread_set_filter()`, check for memory issue
    - Add `pcap_thread_was_stopped()` to indicate if `pcap_thread_stop()` was
      used
    - New option in `hexdump`, `-L <layer>` enabled capturing for the given
      layer and dumps the payload for it and not the whole packet.

    44361e6 Fix unsigned short check
    3f44586 Fix automake files to handle building in build dir
    b56496b Add `pcap_thread_was_stopped()` to indicate if
            `pcap_thread_stop()` was used
    f644789 Ignore errors on apt-get update
    aeaded7 Ability to reuse pcap_thread
    4900361 Add support for Linux "cooked" capture encapsulation
            (DLT_LINUX_SLL)
    48574b4 Packet Layer Callbacks

2017-01-23 Jerry Lundström

    Release pcap-thread 2.0.0, hexdump 1.2.0

    Reworked queues from being "lockless" to using one mutex, two conditions
    and use only one queue per context instead of one per interface.
    Deprecated most queue modes, all callback queue modes and obsoleted
    `pcap_thread_add()`.

    Fixes and tweaks:
    - Use bitmaps internally in structures to allow for setting values to
      zero (as some are enums with valid zero values) for:
      - `pcap_thread_set_timestamp_precision()`
      - `pcap_thread_set_timestamp_type()`
      - `pcap_thread_set_direction()`
    - Memory leaks
    - Clear and fill errbuf everywhere it should be done
    - Handle errors from `pcap_snapshot()`
    - Protect against changing anything while running
    - Don't run `pcap_stats()` on offline pcaps since it will return an error
    - Rearrange booleans in `hexdump` output to make more sense.

    New features:
    - Delayed activation of pcap capturing can be done by setting
      `PCAP_THREAD_ACTIVATE_MODE_DELAYED` with
      `pcap_thread_set_activate_mode()` and then calling
      `pcap_thread_activate()` before processing packets.
    - `pcap_thread_timedrun_to()` can be used to process packet until an
      absolute time.
    - `PCAP_THREAD_QUEUE_MODE_DIRECT` can be used to run the callback within
      the capturing threads and in so with-go of the queue and increase the
      performance.
    - `pcap_thread_filter_errno()` can be used to get the non-fatal error
      from setting the pcap bpf, if there is an error it can indicate that
      the bpf was too large or there is no support for it. This will also
      mean that libpcap will run it in userland and it may be a lot slower
      then if it ran in the kernel.
    - New option `-a <0|1>` for `hexdump` to use delayed activation.
    - New queue mode `direct` for `hexdump` (`-C <mode>`) to use process
      packets in the capture thread.

    60fbeb7 Tab to spaces
    1161efa Remove lockless and update help
    e88f035 Detect if errno was set during open or activate but libpcap did
            not return error, this indicates filter may be running userland
            (which is A LOT slower)
    1f4a329 Don't run pcap_stats() on offline pcaps, will just return error
    814524d Implement direct queue mode, will send packets to callback in
            the capturing thread
    4c7195f Timed run to
    200bb11 Reattach threads and join them
    3fd399a Notify that _thread have existed
    e3a0b92 Prevent changes if we are running
    df86684 Simplify thread queue
    29ef49e Tweaks and fixes
    355e761 If we don't have pcap_activate() then it is already activated
    ab8bb9a Rearrange bools for hexdump options to correspond with help text
    f5e79e4 Implement the possibility for delayed activation of the interface
            capturing

2017-01-12 Jerry Lundström

    Release 1.2.3

    The non-threaded code did not consider the time left for a timed run
    so it would run for one timeout period longer then necessary.

    eac378c Handle timed run better with non-threaded code, calculate
            the diff and use it as timeout if lower then the configurable
            timeout
    ea01d0f Fix timestamp type and change way we initialize allocated
            pcap_thread_t

2017-01-10 Jerry Lundström

    Release 1.2.2

    Fix for reading pcap files, got stuck because `pcap_loop()` returned
    zero and forgot to check for that.  Added test for reading a pcap and
    checking against a gold output file.

    1842682 Got stuck reading pcap files, add test
    deb6d28 Use ACLOCAL_AMFLAGS in hexdump
    e9f0d48 Add documentation ACLOCAL_AMFLAGS

2016-12-22 Jerry Lundström

    Release 1.2.1

    03018bc More tweaks to thread handling, locking, stopping and errors.

    A situation could occur, because `pcap_thread_stop()` was canceling
    and joining threads, that if called from a PCAP thread would result
    in a deadlock.

    - `pcap_thread_stop()` can now be safely called from any thread
    - PCAP threads are not handled within `pcap_thread_run()`
    - Store related system call in `errbuf` for all `PCAP_THREAD_ERRNO`
      errors, retrieve system call with `pcap_thread_errbuf()`
    - Detach PCAP threads for easier clean up
    - Use `pthread_cleanup_push()` to unlock mutex on cancellation
    - Use `pcap_breakloop()` and `pthread_cancel()` to correctly
      cancel processing

2016-10-26 Jerry Lundström

    Release 1.2.0

    Implement callback queue mode which can be used to wait for space in
    the queue when it is full to not drop packets. A new queue mode
    PCAP_THREAD_QUEUE_MODE_DROP is the default for callback queues and
    will just drop packets if the queue is full, this was the old behavior.

    If all of the pcaps are offline and the callback queue mode is to drop
    packets then it will be changed to use pthread conditions, otherwise
    there is a risk that packets will be dropped if reading packets is
    faster then processing them.

    Other changes:
    - Fix a deadlock issue that could happen when having multiple pcaps
      and using threads with cond mode
    - Fix handling of offline pcaps, they can not be put into nonblocking
      mode
    - Fix uninitialization warnings

    New option in `hexdump`:
    - `-C <mode>`: callback queue mode: cond, drop, wait or yield

    Commits:

    c7eabec Fix CID 1371137
    87cadfc Deadlock fix, handling of offline pcaps and callback queue mode

2016-10-15 Jerry Lundström

    Release 1.1.2

    0b4f6dd Need to stop threads before exiting `pcap_thread_run()`

2016-08-26 Jerry Lundström

    Release 1.1.1

    0a06702 Fix Coverity CID 143102 (#1 of 1): Buffer not null terminated

2016-08-25 Jerry Lundström

    Release 1.1.0

    New features:
    - `pcap_thread_next()`, will step through the pcaps and process
      one packet at a time starting with the first pcap open/add'ed
      and then looping around.
    - `pcap_thread_next_reset()`, resets the internal so that next
      call with `pcap_thread_next()` will start again with the first
      pcap open/add'ed.
    - `pcap_thread_timedrun()`/`pcap_thread_set_timedrun()` can be
      used to do a timed run which means that `pcap_thread_run()` will
      return a short while after the `struct timeval` time has passed.
    - New options to `hexdump`:
      `-A <secs>`          exit after a number of seconds
      `-c <count>`         process count packets then exit

    Bug/tweak fixes:
    - Fix behavior of the none threaded engine part of `pcap_thread_run()`,
      will end only after all pcaps are done.
    - Various error handling

    Commits:

    88715da Add `pcap_thread_next_reset()` to reset the stepping and
            begin all over again
    582c63d Taking the next step
    281ebe4 Timed run and errors
    76d1739 No threads, same behavior
    7186e31 Update README with CPP/CXX flags for C++

2016-08-22 Jerry Lundström

    Release 1.0.1

    b475589 Use -Wall when compiling, fix a few warnings and a oops in
            `pcap_thread_stop()`

2016-08-21 Jerry Lundström

    Release 1.0.0

    First version with basic pthreads support and fallback to `select()`
    on pcaps file descriptors in non-blocking mode.  Three different queue
    modes exists for threaded mode when processing packets; `cond` which
    uses pthread conditions, `wait` which uses `select()` to unconditionally
    wait a while and `yield` which uses `sched_yield()` (if supported) if
    there are no packets to process.

    The example program `hexdump` is included which is a "show and tell"
    of how to use pcap_thread.  The program is a simple `tcpdump` clone
    which will output packets in hexadecimal.

    Commit:

    f5f5237 Add -V for version
    24cb009 Stats and more
    c9b892a Fix #4: add `pcap_thread_strerr()` and better error handling
            in hexdump
    770f675 Check that we have libpcap and headers
    dddea7d Skip timestamp options in help if they are not supported
    81a7c5e Timestamp type/precision not available everywhere
    5e2e9da Add travis
    bf3eec9 Fix #6: Offline support and hexdump
    5109651 Fix set_filter compile warning
    6fee1a9 Keep inside the yellow line, thanks
    740bc37 Correct Makefile.am instructions, add datalink and fix
            read/write buffer.
    6574254 More ignore
    641deed Fix typos
    1388c62 Add version
    24b91c0 Initial commit