Fedora 40: tcpreplay 2024-ecd4cc8435 Security Advisory Updates
Summary
Tcpreplay is a tool to replay captured network traffic. Currently, tcpreplay
supports pcap (tcpdump) and snoop capture formats. Also included, is tcpprep
a tool to pre-process capture files to allow increased performance under
certain conditions as well as capinfo which provides basic information about
capture files.
Update Information:
Announcing v4.5.1 This release contains contributions from a record number of new contributors. This is greatly appreciated since I am a team of one, and do Tcpreplay maintenance in my spare time. There are many bug fixes and new features. Most notable features: AF_XDP socket support - if you have a newer Linux kernel, you will be able to transmit at line rates without having to install 3rd party kernel modules (e.g. netmap, PF_RING) -w tcpreplay option - this overrides the -i option, and allows you to write to a PCAP file rather than an interface --include and --exclude tcpreplay options - allows replay of a list of specific packet numbers to replay. This may slow things down, so consider using in combination with -w. --fixhdrlen tcpreplay option - added to control action on packet length changes -W tcpreplay option - suppress warnings when replaying SLL2( Linux "cooked" capture encapsulation v2) Haiku support What's Changed Add support for LINUX_SLL2 by @btriller in #728 Feature #727 - Linux SLL v2 by @fklassen in #820 Bug #779 - honour overflow for all PPS values by @fklassen in #821 AF_XDP socket extension using libxdp api by @plangarbalint in #797 Feature #822 - AF_XDP socket extension by @fklassen in #823 Nanosec accurate packet processing by @plangarbalint in #796 Handle IPv6 fragment extension header by @ChuckCottrill in #832 Bug #837 - handle IPv6 fragment extension header by @fklassen in #838 Feature #796 - nanosecond packet processing by @fklassen in #836 configure.ac: unify search dirs for pcap and add lib32 by @shr-project in #819 Feature #839 - add pull request template by @fklassen in #840 ipv6 - add check for extension header length by @GabrielGanne in #842 Bug #827 PR #842 IPv6 extension header - staging by @fklassen in #859 add check for empty cidr by @GabrielGanne in #843 Bug #824 and PR #843: check for empty CIDR by @fklassen in #860 Add option to turn on/off fix packet header length by @ChuckCottrill in #846 Bug #703 #844 PR #846: optionally fix packet header length --fixhdrlen by @fklassen in #861 Bug 863: fix nansecond timestamp regression by @fklassen in #865 autotools - AC_HELP_STRING is obsolete in 2.70 by @GabrielGanne in #856 some Haiku support by @infrastation in #847 configure.ac: do not run conftest in case of cross compilation by @ChenQi1989 in #849 dlt_jnpr_ether_cleanup: check config before cleanup by @Marsman1996 in #851 Fix recursive tcpedit cleanup by @GabrielGanne in #855 Bug #813: back out PR #855 by @fklassen in #866 Bug #867 - run regfree() on close by @fklassen in #868 Bug #869 tcpprep memory leak include exclude by @fklassen in #870 Bug #811 - add check for invalid jnpr header length by @fklassen in #872 Bug #792 avoid assertion and other fixes by @fklassen in #873 Bug #844 tap: ignore TUNSETIFF EBUSY errors by @fklassen in #874 Bug #876 - add missing free_umem_and_xsk function by @fklassen in #877 Feature #878 - add -w / --suppress-warning option by @fklassen in #879 Bug #835 false unsupported dlt warnings on 802.3 (Ethernet I) and LLC by @fklassen in #880 Feature #884 include exclude options by @fklassen in #885 Feature #853 direct traffic to pcap by @fklassen in #871 Feature #853 restore missing -P command by @fklassen in #887 Bug #888: check for map == NULL in cidr.c by @fklassen in #889
Change Log
* Sat Jul 13 2024 Bojan Smojver
References
[ 1 ] Bug #2271992 - CVE-2024-3024 tcpreplay: heap-based buffer overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2271992
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-ecd4cc8435' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label