libtrace - Libtrace 4.0.27

• Added new API methods: trace_get_uri_format() and trace_get_uri_body().
• etsilive: added ability to have keepalive messages be returned by packet read functions by setting the environment variable LIBTRACE_ETSILI_SHOW_KEEPALIVE.
• ndagtcp: fix uninitialised address size when accepting connections
• ndagtcp: fix packet reassembly bug that would occasionally result in malformed packets.
• ndag / ndagtcp: set libtrace error state when a received packet is unable to be parsed due to invalid header content.
• Fixed parsing bug in trace_set_configuration() that affected configuration strings that ended in a ] character.
• ndagtcp: fixed bug where the beacon thread would not be started for ndagtcp inputs that were started after a previous ndagtcp input had been paused or destroyed.

- C
Published by salcock about 1 year ago

libtrace - Libtrace 4.0.26

Bug fixes

• pcapfile: preserve nanosecond timestamp resolution from original input file when writing pcap files.
• ndag: fix very minor memory leak.

- C
Published by salcock almost 2 years ago

libtrace - Libtrace 4.0.25

Bug fixes

ndag: fix bug that prevented the most recently received packets from being readable if the multicast source does not send any further packets.

- C
Published by salcock almost 2 years ago

libtrace - Libtrace 4.0.24

This release fixes a number of bugs in the ndagtcp: input and traceucast tool that were added in the previous release.

• ndagtcp: fix miscalculation of ERF header length that would prevent packets from being able to be decoded correctly.
• traceucast: do not exit if the client disconnects, instead try to reconnect and resume unicasting.
• traceucast: fix memory errors when attempting to send a captured packet that is larger than 10K bytes.
• ndagtcp: fix issue that would cause input to silently stop reading if it received a packet larger than 10K bytes.
• ndagtcp: fix lock-up that occurred when trying to halt a program that was reading from an ndagtcp input.
• ndagtcp: fix erroneous "Malformed beacon" message when an ndagtcp input reconnects to traceucast.
• traceucast: fix getaddrinfo memory leak.
• traceucast: fix endless reconnection loop bug.
• traceucast: fix race condition that would prevent Ctrl-C from halting traceucast properly.

- C
Published by salcock about 2 years ago

libtrace - Libtrace 4.0.23

New features:

• Added new tool: traceucast, a TCP unicast variant of tracemcast.
• Added new input format: ndagtcp:, for receiving packets sent by traceucast.

Bug fixes

• libpacketdump: fix premature free when decoding IPMM IRIs received via an etsilive input.
• tracemcast: fix bug where the sequence number was not being incremented for each sent datagram.
• object cache data structure: fix potential segfault after resizing the cache.
• pcapfile: fix issue where packets owned by "dead" pcapfile trace would have an invalid pcap version.

- C
Published by salcock over 2 years ago

libtrace - Libtrace 4.0.22

• Fix segmentation fault when closing an ndag input that had set a hasher function and was configured to use multiple processing threads.
• Disable setting a hasher function on ndag inputs, as this is not generally a good idea anyway (ndag inputs are already hashed by the ndag sender).
• Fix problem where tracewritepacket() would throw an error on ring outputs because a write could not be completed without blocking and there was no mechanism for trying the write again later.

- C
Published by salcock almost 3 years ago

libtrace - Libtrace 4.0.21

New features

• Added new supported file format: etsifile -- to read and write binary files containing ASN.1 encoded ETSI LI intercept records.

Bug fixes

• Fixed issue where idle per packets threads would use 100% CPU constantly.
• Fixed numerous build issues on Mac OS X caused by changes in the BPF headers.
• Fixed bug where packets returned by trace_event() for certain live formats would not work with subsequent API calls.
• Fixed problems with compiling XDP support on more recent buildchains.

- C
Published by salcock almost 3 years ago

libtrace - Libtrace 4.0.20

Bug fixes

• Fixed compilation issues for XDP module when using more recent versions of libbpf and libxdp
• Replace outdated macros in configure script

Improvements

• libpacketdump can now decode ETSI LI email CCs and IRIs

- C
Published by salcock over 3 years ago

libtrace - Libtrace 4.0.19

Bug fixes

• Fixed compilation issues when building against DPDK 21.11
  • Incorporate various build system patches from Gentoo
  • Fix ./configure syntax error on Mac OS

- C
Published by salcock almost 4 years ago

libtrace - Libtrace 4.0.18

Bug fixes

• Fixed issue that was preventing packets received via etsilive: from being converted to the pcap format.
• Renamed internal method pfring_get_link_type() that was preventing compilation against recent pfring releases.
• Fixed numerous thread mutex bugs that had been reported by Ryan Cai.

Improvements

• traceanon: Framed-IP-Netmask, Acct-Session-Id and Acct-Authentic RADIUS AVPs are no longer encrypted by default.
• traceanon: NAS-Port-ID and Chargeable-User-Identity AVPs are encrypted using printable characters only.

- C
Published by salcock about 4 years ago

libtrace - Libtrace 4.0.17

New features

• Added support for PF_RING zero-copy -- this is now the official libtrace pfring: format, and the original non-zero-copy version is now available via pfringold:.

Bug fixes

• PF_RING formats now default to promiscuous capture mode, which is consistent with other live formats.
• Fixed incorrect statistics counters for PF_RING formats.
• Fixed various libpacketdump crashes or infinite loops when presented with bogus packet content.
• Fixed bug where pfringold: was not setting the order field for packets.
• Fixed bug where writing packets to a virtual interface via ring: would cause libtrace to hang.
• Fixed bug where DPDK port stats could not be reset if using Napatech DPDK.
• Fixed race condition in the etsilive: format.
• Fixed various memory errors and leaks in the etsilive: format.
• Fixed race condition in tracertstats when processing a user interrupt.

Improvements

• Improved capture speed for pfringold:.
• ring: format now supports trace_flush_output() method.

- C
Published by salcock over 4 years ago

libtrace - Libtrace 4.0.16

New features

• Added support for PF_RING (via pfring).
• Allow input configuration options to be specified as part of the libtrace URI. Options are specified as comma-separated key=value strings and end with a : character, e.g coremap=[1,2]:int:eth0.
• New API function trace_hold_packet(), which allows users to safely retain a reference to a packet that has been received via a format for later use.
• Added coremap option, trace_set_coremap(), to bind per-packet threads to physical CPU cores

Bug fixes

• Fixed bug where XDP packet buffers were not released back to the fill queue properly.
• Fixed thread-safety issues with freeing XDP packets.
• Fixed bug where libtrace would unload XDP programs that were not loaded by libtrace.
• Fixed crash when sending packets via DPDK.
• Fixed crash when closing a pcap input that is NULL due to an error on initialisation.
• Fixed read of freed memory when an error occurs in trace_create_output().
• Fixed bogus bitshifting when expanding a toeplitz hash key.
• Fixed DAG transmit functionality to actually work.
• Fixed multiple issues with trace_get_outermost_vlan() and trace_get_outermost_mpls().
• Fixed various bugs when promoting or demoting pcap packets from one linktype to another.
• tracertstats should now correctly process trace files as fast as possible (but can be configured to run in "trace-time" instead).
• Fixed inconsistencies when running tracertstats against the same trace file multiple times.
• Fix concurrency bug which would cause an error result when calling trace_apply_filter() in a parallel program.
• Fix possible packet buffer leak when reading a packet via pcap:.
• Fixed packet header structures with incorrect field definitions (libtrace_8021q_t, libtrace_atm_cell_t, libtrace_atm_nni_cell_t, libtrace_atm_capture_cell_t, libtrace_atm_nni_capture_cell_t). If you use these in your code you may need to update your code to use the new field names.

Improvements

• XDP now uses the undirectional hasher by default and moves hashing to the network card
• XDP: warn users if flow director rules are found on the interface during initialisation.
• XDP: push hashing onto the NIC where possible.
• Improve receive performance for Linux native formats by ensuring internal structures are properly cache aligned.
• A single libtrace program should now be able to run against multiple concurrent DPDK inputs (requires sensible use of the coremap option).
• DPDK support now extended to Mellanox DPDK libraries.
• Improved DPDK detection, including detection of DPDK meson builds for DPDK version 20.11 and newer

- C
Published by salcock about 5 years ago

libtrace - Libtrace 4.0.15

Bug fixes

• Fixed bug where reading a pcapng trace file would result in an endless stream of "NULL meta pointer" error messages.
• Fixed bug where libpacketdump would truncate packets that had been captured using the Linux SLL format, such as the any interface.

- C
Published by salcock over 5 years ago

libtrace - Libtrace 4.0.14

New features

• Added read and write support for interfaces using AF_XDP (xdp:). You can use the built-in eBPF program or provide your own.
• Added basic API for parsing RADIUS messages: trace_get_radius(), trace_get_radius_avp() and trace_get_radius_username().
• tracediff can now write the differing packets to libtrace outputs (one output per input trace), instead of just using libpacketdump to print them on the terminal.

Bug fixes

• Fixed bug in traceends that was causing invalid byte counts to be reported.
• Fixed DPDK build issues on Fedora, Centos and FreeBSD systems.
• Fixed bug where multi-threaded programs that receive no packets on one or more threads for a long period of time would silently exit.

Improvements

• tracediff can now use a window to "look ahead" for possible packet matches, rather than directly comparing packets in the same position in their respective input traces.
• Added option to tracereplay to control the transmit batch size for replayed packets.

- C
Published by salcock over 5 years ago

libtrace - Libtrace 4.0.13

New features

• Added support for DPDK vdevs as a libtrace input and output format.

Bug fixes

• Fix segfault in libpacketdump when the next header is incorrectly inferred to be a meta-data header.
• Fix misleading display of Netacq-Edge polygon IDs in libpacketdump.
• DPDK: separate snap length calculation from buffer size calculation.
• DPDK: resolve issues with feature detection in cases where the device fails to initialise; also only enable features if they are supported by the underlying device.
• DPDK: fix linking problems when using a system version of DPDK.
• Fix bugs that occur when a dedicated hasher thread is used with a parallel input format.
• Fix bug where tracesplit would attempt to gather statistics from a destroyed trace object.
• DPDK: Fix issue where the initial packets were not being transmitted when using dpdk as an output format.
• DPDK: Make sure shared memory and huge pages are properly removed once libtrace stops.

Improvements

• tracereplay can now replay raw IP traces onto Ethernet links (by substituting in a fake Ethernet header).
• Updated DPDK support to work with DPDK 19.11 and 20.02.
• DPDK: improve error messaging so that libtrace errors are distinct from internal DPDK error messages.

- C
Published by salcock almost 6 years ago

libtrace - Libtrace 4.0.12

New features

• Added new tool for multicasting captured packets from a single capture source to multiple clients: tracemcast.
• Updated libtrace and libpacketdump to be able to parse tagged packets produced by the corsarotagger software.

Bug fixes

• Fix packet truncation bug when a packet has a larger capture length than wire length due to the addition of post-capture meta-data.

Improvements

• Minor performance improvement when calling trace_get_wire_length() on a packet multiple times.

- C
Published by salcock almost 6 years ago

libtrace - Libtrace 4.0.11

This release contains a collection of bug fixes; no new features or APIs this time around.

Bugs that have been fixed: * Fix bug where traceapplyfilter() would not work correctly with a parallel trace input. * Fix bug where non-parallel ETSI programs would fail to halt nicely. * Fix libpacketdump being unable to decode Ethernet within MPLS properly. * Fix libtrace (tracegetlayer3()) being unable to decode Ethernet within MPLS properly. * tracereplay now strips VLAN and MPLS headers before trying to replay a packet from a trace file. * Fix bug where the simple circular buffer would leak shared memory files. * Fix segfault when using traceapplyfilter() on a packet which came from an input trace that is now "closed". * Fix bug where libtrace could try to flush a NULL pcap file handle.

- C
Published by salcock about 6 years ago

libtrace - Libtrace 4.0.10

• Fixed SIOCGSTAMP undeclared error when building against newer Linux kernels.
• Fixed corruption bug when running multiple etsilive: input processes concurrently.
• Added new API function (trace_get_errstr()) that provides printable error message strings for a given libtrace error number.
• Increased TTL for nDAG multicast join messages from 1 to 4.

- C
Published by salcock over 6 years ago

libtrace - Libtrace 4.0.9

This release fixes a number of bugs in libtrace 4.0.8

• Fixed traceanon build error on systems that did not have libcrypto installed.
• Fixed DPDK detection in configure when the DPDK package was installed on either Debian buster and Ubuntu disco.
• Updated DPDK code to compile against more recent DPDK releases, such as 18.11.
• Fixed segmentation fault when failing to open a DAG device.
• Fixed issue where a pcapng packet that does not match any of our known data types ends up having an uninitialised data type.
• Fix some compilation errors when using DPDK on FreeBSD (may still be linking problems if you have built DPDK using the ports tree, though).
• Fix infinite decoding loop if libpacketdump sees an SCTP option with a length of zero.

- C
Published by salcock over 6 years ago

libtrace - Libtrace 4.0.8

New features

• traceanon is now capable of anonymising RADIUS traffic within packet traces. The anonymisation will obfuscate the data within AVPs that can be considered 'sensitive', including user names, IP addresses and password hashes. Counter fields such as byte and packet counters are by default untouched, but traceanon can be configured to anonymise those as well if required.
• traceanon can now be configured using a YAML configuration file, instead of CLI arguments. This change is due to the increased number of configuration options introduced by the RADIUS anonymisation feature. Instructions on how to write a configuration file can be found on the traceanon manpage, as well as on the traceanon wiki page.

Bug fixes

• Fixed bug where ndag multicast sockets would bind to all addresses on an interface, rather than just the address of the multicast group.
• Fixed segfault that can occur when pausing a trace input that has not been able to create its per packet processing threads for some reason.

- C
Published by salcock over 6 years ago

libtrace - Libtrace 4.0.7

New features

• Added new API functions for exploring meta-data that is either attached to a specific packet or included in a trace as separate records (e.g. ERF provenance or pcap-ng meta-data). Many meta-data fields have a specific accessor function that can be called directly (e.g. trace_get_interface_fcslen()). You can also use trace_get_section() to get an array containing all meta-data items within a particular section, which will allow you to get access to any fields for which we have not implemented direct access functions.
• Added new API functions to instant decoding all of the post-layer 2, pre-layer 3 headers in a packet so you can now easily explore any / all VLAN, MPLS, etc. headers in a packet without having to effectively re-implement trace_get_layer3() in your own code. See trace_get_layer2_headers() for more details.
• Added support for both reading and writing TZSP sniffing streams.

Bug fixes

• Fixed uninitialised bytes in message structure sent via trace_post_reporter.
• Fixed build errors caused by attempting to #include pcap-int.h.
• Fixed bug where a corrupt ERF record could cause a libtrace program to become un-haltable.
• Fixed bug in error tracking when creating a fanout socket for the ring and int formats.
• Fixed potential segfault when halting a libtrace program that was reading from a ring: input.
• Fixed uninitialised mutex when copying a packet.

Improvements

• Improved parallel performance by skipping some needless per-packet sanity checks.

- C
Published by salcock almost 7 years ago

libtrace - Libtrace 4.0.6

See https://github.com/LibtraceTeam/libtrace/wiki/ChangeLog for a full detailed list of changes in this release.

Major changes in this release: * Added write support for pcapng trace files. * Fixed segmentation fault when using tracereplay on certain packet types. * Fixed bug where trace_event() API was ignoring all received packets. * Fixed build issue when enabling DPDK. * Fixed build issue where recvmmsg availability was not detected properly. * Fixed packet corruption bug when using the "jump to IP header mode" in tracesplit. * Better error messaging and handling -- no more unexpected assertion failures! * Improved read performance of both ring: and ndag: live captures. * traceends and tracetopends now use the parallel API.

- C
Published by salcock about 7 years ago

libtrace - Libtrace 4.0.5

See https://github.com/LibtraceTeam/libtrace/wiki/ChangeLog for a full detailed list of changes in this release.

Major changes in this release:

• Fixed bug where only one client could subscribe to an nDAG multicast group concurrently.
• Fixed bad payload length calculations on outgoing packets when IP length field is populated by hardware.
• Fixed build error when compiling with DPDK support.
• Improved performance when decoding ETSI records via etsilive:
• Improved ERF / DAG packet processing performance by caching the framing length.

- C
Published by salcock over 7 years ago

libtrace - Libtrace 4.0.4

See https://github.com/LibtraceTeam/libtrace/wiki/ChangeLog for a full detailed list of changes in this release.

Major additions in this release: * Added reference counting API for keeping track of packets shared across multiple threads. * Added new input format for receiving live streams of packets encoded using the ETSI LI standard. * Libpacketdump can now also decode ETSI-encoded packets. * Added CLI option to tracereplay to "speed up" replays by a given factor, i.e. set to 2 to replay at double speed.

Bug fixes: * Fixed problems with trying to have two ring: inputs active at the same time. * Fixed missing subseconds in timestamps from pcapng: packets. * Fixed bug that was causing poor ndag: performance. * Fixed bug that prevented trace_pstop() from working correctly on some live inputs. * Many other minor bug fixes and tidyups.

- C
Published by salcock over 7 years ago

libtrace - Libtrace 4.0.3

See https://github.com/LibtraceTeam/libtrace/wiki/ChangeLog for a full detailed list of changes in this release.

This release exposes some previously internal structures and information via the public API, specifically: * Processing thread ids * Message Queue data structure * Toeplitz hasher * trace_prepare_packet()

Major bugs fixed in this release: * Problems with capturing packets from GRE tunnel interfaces are resolved. * Fixed inability to handle ERF provenance records. * DPDK packet truncation, causing some payload to replaced with zeroes. * A couple of nDAG packet corruption bugs.

Other important changes: * Updated DAG code to use 64 bit API so should now work with large streams. * Some nDAG performance enhancements. * New format: dpdkndag:, which will decode nDAG records that are intercepted by a DPDK interface (as opposed to receiving them via conventional multicast).

- C
Published by salcock about 8 years ago

libtrace - Libtrace 4.0.2

This release adds support for two new input formats: pcapng and nDAG.

It also fixes a number of bugs, most notably: * Bad IPv6 fragment offset calculation. * Compile error when building traceanon against newer versions of libssl. * Bad libpacketdump decoding for truncated IPv6 and SCTP. * Compile error when pcap-bpf.h is missing. * Failure to detect and link against DPDK if it was built as a shared library.

- C
Published by salcock over 8 years ago