Projects / libnids


Libnids is a library that provides the functionality of one of the NIDS (Network Intrusion Detection System) components, namely E-component. Libnids code watches all local network traffic, cooks received datagrams a bit, and provides convenient information about them to the NIDS analyzing modules. Libnids performs assembly of TCP segments into TCP streams, IP defragmentation, and TCP port scan detection.


Recent releases

  •  17 Mar 2010 21:03

    Release Notes: This release fixes another remotely triggerable NULL dereference in ip_fragment.c. An unofficial patch enables tracking of already established TCP connections. Missing reset of some tcp_* variables upon nids_exit has been fixed. This release has correct calculation of the radiotap header, compilation warning fixes with newer gcc, and uses pcap_get_selectable_fd() instead of pcap_fileno().

    •  10 May 2006 13:05

      Release Notes: More externals were added to access libnids' intrinsics from the outside. nids_unregister_*() functions were added. UDP checksumming was fixed. nids_params.tcp_workarounds was added. For nids_params.multiproc and queue_limit, a patch was applied which creates a separate thread for packet capture. In killtcp.c, two more RST packets are sent (which is required because of the MS05-019 patch). A glibc 2.4 syslog.h disaster workaround was made.

      •  10 Feb 2005 22:16

        Release Notes: This release adds wscale option parsing. It adds nids_dispatch() for systems that do not ignore pcap timeout, and the ability to specify hosts/networks for which checksums are not checked.

        •  09 Aug 2004 07:05

          Release Notes: This version fixed signed/unsigned comparisons that could cause crashes in TCP option parsing. The PCAP header of the last received packet is now exported along with the timeout parameter to pcap_open_live. DLT_PRISM_HEADER and DLT_PPP_SERIAL are now supported, and dataless ACKs are now let through. The raw_init() prototype was fixed, and %edi is used instead of %ebx in csum_partial to resolve issues with GCC 3.5. Inline assembly was cleaned up, and a bug where queued FIN segments were not processed properly was fixed.

          •  18 Oct 2003 20:24

            Release Notes: Starting with version 1.18, libnids discards TCP packets with old timestamps, which is required to pass "fragroute" tests. Memory corruption which could be caused by overlarge TCP packets has been fixed. checksum.c has been adjusted to not use multiline literals (for gcc 3.3). In, compilation is attempted even if libnet files are found; there is another library with the same name. A bug has been fixed in "collect" field handling where if you did collect-- and then collect++ (which is rare) you would get a single junk packet.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.