Recent Releases
2.5.104 Feb 2016 18:25
minor bugfix:
: make options '-4' and '-6', used as a hint for a hostname.
Resolution, to be position independent. In case one of those options was used
Before the option '-t, --hostname', its effect was canceled out.
: do not use AI_ADDRCONFIG flag when resolving a hostname/address. If.
The flag is in effect on a computer without a configured IP address, resolving
Will fail.
: if a mandatory option had been undefined in a configuration file.
Program had been killed with unfreed memory.
: invalid memory access, when receiving client's data.
: check if a value of a parameter for '-m, --accept-max' is a number.
2.5.013 Jan 2016 09:45
major bugfix:
Treat event hook definitions (session_begin, session_error, session_end) as.
Optional.
New option '-V, --verbose' to increase verbosity of the process. Additional.
LOG_INFO messages shall be printed to syslog and/or stderr, such as client
Connections/disconnections and event triggers.
: some long options had been unrecognized.
: limit maximum length of a filter name to 128 Bytes. In previous.
Versions, when socket notifications were enabled, a notification message which
Contained a filter name longer than 123 Bytes, was transmitted in incomplete
Fashion, due to a size of an intermediate buffer used in transmission.
: validate hostformat properly. Port number could had been undefined.
Without rising an error.
Limit maximum number of filters which can be loaded from a configuration.
File. This hard-limit can be changed by updating a value of CONF_FILTER_MAXCNT
And recompiling.
2.4.026 Nov 2015 03:16
major feature:
Option '-l, --listen' is no longer supported. This option was removed in.
Favor for a new option '-t, --hostname'.
New option '-t, --hostname' allows to specify an address/hostname and port.
Number to which etherpoke should bind and listen on for incoming client
Connections. This option supersedes option '-l, --listen' as it allows to
Change otherwise default address 0.0.0.0. This feature addresses the complains
About etherpoke being exposed to LAN/WAN network when used only locally.
Notifications via IPv6.
New options '-4' and '-6' to control how the hostname gets resolved when.
'-t, --hostname' is used. If '-4' is in effect IPv4 gets precedence over.
IPv6 and vice versa.
2.3.103 Jun 2015 16:45
bugfix:
BUGFIX: if executable was invoked using specific command, path to the
configuration file became invalid.
2.3.010 May 2015 07:25
feature:
Support for sockets (TCP/UNIX domain) as an alternative to execv(3). If this.
mode is enabled, event hooks are sent via socket instead of being executed
localy. This feature allows remote systems to be notified immediately after
event occurs without unnecessary overhead.
New configuration options 'notify_sock', 'notify_exec'. If set to true,.
'notify_sock' sends notification message (FILTER_NAME:EVT) to all connected.
clients via TCP socket (configured with option '-l' on program's invocation),
'notify_exec' executes content of event hooks. Both options can be set.
simultaneously. By default socket notification is disabled.
Command-line option names has been changed, long options are supported.
Running `make install` not only copies compiled binary into target directory.
but it also sets file capabilities with `setcap`. This allows to run the
binary without root privileges.
New option '-m' (--accept-max) which overrides default value for maximum.
number of concurrent client connections on socket.
Working directory is set to match directory name where configuration file is.
located. This allows to use @include statement in the configuration file
referencing included files by their relative path.
2.2.106 May 2015 16:05
minor bugfix:
Carry out the command expansion only once for each event, at program start.
2.2.008 Mar 2015 08:05
minor feature:
Match rule is optional in the filter definition. If no BPF filter is
specified or the option is ommited altogether, capture all traffic on the
interface.
New event session_error. If there's an error in packet capture, fire up this
event. The event was introduced to act upon interface shutdowns immediatelly.
If this event is triggered before the event 'session_end', it cancels out any
future triggers of 'session_end', until the event 'session_begin' is
triggered again. This event is mandatory. Note that in some cases it is not
possible to restart packet capture.
2.1.218 Jan 2015 07:45
minor feature:
System call select replaced by poll. The latter system call no longer
limits how many file descriptors can be watched for. This allows users to
define number of filters greater than FD_SETSIZE, which on most GNU/Linux
distributions is 1024.
2.1.106 Jan 2015 11:45
minor feature:
Interface shutdown or any other problem causing packet reading to fail is no
longer a reason to kill the daemon.
Use DLT_IEEE802_11_RADIO link-layer type when monitor mode is enabled.
Allow users to alter default link-layer type using the configuration option
link_type'.
2.1.025 Dec 2014 14:05
minor feature:
New configuration option 'monitor_mode'. If enabled and supported by the
network interface, IEEE 802.11 wireless LANs management and control frames
will be accessible.
Specify read timeout using pcap_set_timeout. On some systems, unspecified
timeout caused the select to freeze.
2.0.209 Nov 2014 17:31
minor feature:
Validation rules for configuration file. Hook execution is done in 'controlled' manner, transparency of the whole ordeal was increased. Event hooks that failed to execute are not subsequently reexecuted, entire filter is freed from the memory. Bug fixes and code cleanup.
2.003 Nov 2014 21:41
major feature:
Homepage
Download
Dan Antagon