Found a new bug#2981951 - Intermittent crashes in scanner. The problem is in the native protocol implementation of the scan functions. There is a combination of validate_* and scan_* functions called on various protocols. I found 2 problems:
1) http and sip scanners would rely on tcp header residing within the packet.
2) some headers did not check buffer boundary properly and would cause VM crashes, especially for mal-formed or truncated packets.
Latest snapshot of the development trunk has been released as jnetpcap-2.0.b0001. This is a development release which contains analysis and all the latest features.
This release fixes and contains the same features and bug fixes as official jnetpcap-1.3.a1 release.
The development build can be downloaded from here:
The official release jnetpcap-1.3.a1 is released. This release freezes new feature development. Only bug and documentation fixes will be allowed on this release branch.
This is the recommended release for environments not looking for very latest features and which require code stability in production environments.
Release 1.3 contains the following features:
I am working toward the official 1.3 stable release. Just wanted to update everyone ahead of time what will be part of this release and what the changes are in the SVN repository.
The release jnetpcap-1.3.a1 (a1 == alpha 1) contains all of the features found so far with the exception of the "analysis". All analyzers, reassemblers, sequencers, analysis events and the getAnalysis methods have been removed from the API in 1.3 release. This feature is still present in the main development trunk and is designated to be released after 1.3 into one of the jnetpcap-2.X releases sometime Q1 of next year. Not exactly sure if this will be in 2.0 or later since there are other features such as native-dissector, that need to be included before full analysis support can be officially provided. Analysis feature will continue to be released with more frequent development builds.
jNetPcap is a java project that comes with a required native shared library. The requirement of a native library typically adds confusion and presents difficulty for many as to how properly setup a project in eclipse to reference jNetPcap library correctly.
There are several ways that jNetPcap can be added to your existing java project in Eclipse IDE. Let me briefly outline them here and then lets go through the detailed steps of actually creating a proper build path so your project will compile with jNetPcap.