Memory, API change and 1.2 release

After careful review and a long design session about "Dissectors/containers" (analyzers are also part of this decision), I have made a decision that this feature can not be properly implemented using current memory model used in jNetPcap when managing natively allocated memory. This is something I will be working on, but only after 1.2.alpha is released. Therefore I am almost ready to freeze the feature set and get things ready for an official 1.2 release.

Development priorities

jNetPcap is growing rapidly in terms of usage and features. I have been prioritizing work. Up until recently the priorities were a bit too flexible and shifting from one thing to another. So I would like to make my priorities public and would apprechiate feedback and suggestions.

Build jnetpcap-1.3.b0003 available

Development build jnetpcap-1.3.b0003 is available for download. This is the latest snapshot of the main development trunk. It looks stable on all the platforms tested.

Key updates:

  • Sip, Sdp, Rtp, Arp, Rip, SLL protocols are all now CORE protocols.
  • Protocol heuristics (bindings are guessed based on evaluation of raw header data for matches against protocols.)
  • Low level header-state-structure has been expanded to take into account a header prefix, the header itself, a gap between header and payload, payload length and a postfix.
  • Packet truncation is now also applied at low level to scanner and appropriate packet and header specific flags are set to indicate packet fragments and/or truncated packets.
  • Checksum calculation class and package is provided. Checksum validation is supported through a new interface JHeaderChecksum which is implemented by Ip4, Tcp, Udp, Icmp headers.
  • a number of bug fixes in protocols and analyzers.

You can download the build package for MsWindows, Linux and Debian from file release system:

org.jnetpcap.util.checksum package

I SVN checked in the above package. This package is responsible for calculating various types of checksum and CRCs. Also appropriate Tcp, Udp, Ip4, Ip6 and Icmp headers received new methods calculateChecksum and dynamic description method checksumDescription which compares the claculated checksum with the computed one and displays "correct" or "incorrect" next to the checksum field in each of the above protocols. Both Tcp and Udp over Ip4 and Ip6 are supported with pseudo headers.

Truncated packet support

I've updated the scanner to keep track packets that have been truncated. Until now, headers assumed certain header properties based on the current length of the buffer, which might have been truncated during capture by pcap (i.e. by using snaplen parameter during capture). Although this approach worked OK most of the time, it did not work all the time when dealing with a truncated packet.

I have enhanced the scanner to keep track of both buffer length and original packet wire length, where wire length (wirelen) is the length of the packet during transmission. The scanner keps track of 3 packet length properties: buffer-length, memory-length, wire-length.

Syndicate content