I started work on 1.4.b0001. The new branch-1.4 is based branch-1.3. Its using exact same code base, but will have few new features added and expanded platform support. Any bugs that will be discovered in 1.3, the fixes will be incorporated into 1.4 as well.

Here is what I'm working on right at the moment:

1) Adding the "lazy decode" feature.

2) Adding JPacketBufferHandler feature.

Lazy decode is when packet scan/decoding is triggered only when the packet contents are first accessed and not when the packet is created. This will delay packet decoding to a time when its actually needed. This will allow packet decoding to be delayed by the user, to be performed in other threads and not the capture thread.

The JPacketBufferHandler is a new dispatcher handler that is designed for efficiency and minimization of java overhead during capture. This new handler uses a new container object JPacketBuffer which is designed to allocate large user memory buffer to store multiple packets. The default allocation size is 1MB and allows storage of anywhere between 500 to 10,000 packets depending on the packet size. Both the pcap header and the packet contents are stored in the buffer. The native dispatcher copies incoming packets from libpcap into this buffer until its full. Only when the buffer is full is the buffer dispatched to java handler with all of the captured packets. The JPacketBuffer container provides an iterator to access packets within the buffer. This minimizes interaction with java as hundreds if not thousands of packets can be efficiently stored in the buffer before any interaction with java has to occur. After the buffer is dispatched to java, a new buffer is allocated to receive more packets.

The official release jnetpcap-1.3.a1 is released. This release freezes new feature development. Only bug and documentation fixes will be allowed on this release branch.

This is the recommended release for environments not looking for very latest features and which require code stability in production environments.

Release 1.3 contains the following features:

1. All the libpcap wrapper API
2. Header decoder (the quick native scanner)
3. Existing core protocols (Ethernet, 802.3, Ip4, Tcp, Icmp, etc..)
4. Native checksum generation and verification for various protocol CRC fields
5. No changes to existing native memory model.
6. Flow-key generation

Here is an example that demonstrates how to use Pcap.nextEx method. The example uses various peering methods, Libpcap DLT to jNetPcap protocol ID mapping, initiating a new PcapPacket object and invoking the scanner on a newly created packet.
Download Source from SVN:

• Pcap.nextEx Example featured below

package org.jnetpcap.examples;

import org.jnetpcap.Pcap;
import org.jnetpcap.PcapHeader;
import org.jnetpcap.nio.JBuffer;
import org.jnetpcap.nio.JMemory;
import org.jnetpcap.packet.JRegistry;
import org.jnetpcap.packet.PcapPacket;
import org.jnetpcap.packet.format.FormatUtils;
import org.jnetpcap.protocol.lan.Ethernet;
import org.jnetpcap.protocol.network.Ip4;

/**
 * This example opens up a capture file found in jNetPcap's installation
 * directory for of the "source" distribution package and iterates over every
 * packet. The example also demonstrates how to property peer
 * PcapHeader, JBuffer and initialize a new
 * PcapPacket object which will contain a copy of the peered
 * packet and header data. The libpcap provide header and data are stored in
 * libpcap private memory buffer, which will be overriden with each iteration of
 * the loop. Therefore we use the constructor in PcapPacket to
 * allocate new memory to store header and packet buffer data and perform the
 * copy. The we
 * 
 * @author Mark Bednarczyk
 * @author Sly Technologies, Inc.
 */
public class NextExExample {

	/**
	 * Start of our example.
	 * 
	 * @param args
	 *          ignored
	 */
	public static void main(String[] args) {
		final String FILE_NAME = "tests/test-l2tp.pcap";
		StringBuilder errbuf = new StringBuilder(); // For any error msgs

Added a fast native PcapDumper handler that allows packet dumps completely in native land without entering java environment once set running.

Two new methods have been added to Pcap class:

• Pcap.loop(int cnt, PcapDumper dumper)
• Pcap.dispatch(int cnt, PcapDumper dumper)

After careful review and a long design session about "Dissectors/containers" (analyzers are also part of this decision), I have made a decision that this feature can not be properly implemented using current memory model used in jNetPcap when managing natively allocated memory. This is something I will be working on, but only after 1.2.alpha is released. Therefore I am almost ready to freeze the feature set and get things ready for an official 1.2 release.