iperf-3.20

iperf-3.20 2025-11-14

NOTE: iperf-3.20 incorporates all of the changes in prior iperf3
releases, including iperf-3.19.1.

• Notable user-visible changes

  • Millisecond-resolution representations have been added to JSON
    timestamps. (PR #1846)

  • The reorder_seen metric, where available, is now available in
    the JSON output. (PR #1278)

  • A division by zero error has been fixed. (PR #1906)

  • Some command-line options were not properly restricted to the
    client or server; this problem has been fixed. (#1892 / PR #1894)

  • The combination of --udp and --file is now explicitly
    disallowed. (PR #1909)

  • It is now possible to get both the full JSON result object as
    well as streaming intermediate JSON result objects. This
    functionality is enabled by using the new --json-stream-full
    command-line flag, in addition to the existing --json-stream
    flag (PR #1903)

  • Sends with --zerocopy are now properly seeded with data
    instead of being all-zeroes. (PR #1949)

  • The --server-max-duration flag is now allowed on the iperf3 server to impose
    a maximum duration on timed tests. (PR #1684)

  • The --rcv-timeout flag is now ignored for --bidir
    tests. This change prevents premature termination of
    bidirectional tests. (#1766 / PR #1946)

  • Several errors in the authentication code were uncovered when
    building with OpenSSL 3.5.3 and later versions. These were
    fixed. (#1951 / PR #1956)

  • Various issues in the iperf3 manual page were fixed up. (PR
    #1887, PR #1927, PR #1936, PR #1941, #1891 / PR #1952)

• Notable developer-visible changes

  • A build failure with uClibc has been fixed. (#1888 / PR #1890)

  • It is now possible to use the API to load RSA keys from a file.
    (PR #1889)

  • Some calls to sprintf() were replaced with calls to
    snprintf(). There were no hazards in the code as written, but
    this change might help silence some compiler warnings and
    potentially prevent future vulnerabilities. (PR #1929)

  • Proper error handling has been added to the unit_atoX()
    functions. (PR #1394)

  • Some memory handling errors in t_auth were fixed. (PR #1953)

  • Minor enhancements and fixes to GitHub Actions workflows (PR
    #1919, PR #1928, PR #1942).

iperf-3.19.1 2025-07-25

iperf-3.19.1 2025-07-25

• Notable user-visible changes

  • SECURITY NOTE: Thanks to Han Lee with Apple Information Security
    for finding and reporting several memory errors
    including a buffer overflow within the
    --skip-rx-copy option, and two memory errors
    within authentication, including a heap overflow
    in the plaintext password and an assert.

  • An off-by-one heap overflow has been fixed in authentication.
    (CVE-2025-54349, ESNET-SECADV-2025-0003)

  • An assert in authentication has been removed. (CVE-2025-54350,
    ESNET-SECADV-2025-0002)

  • A buffer overflow in the --skip-rx-copy option for zerocopy
    has been fixed. (CVE-2025-54351, ESNET-SECADV-2025-0001)

iperf-3.19 2025-05-16

iperf-3.19 2025-05-16

• Notable user-visible changes

  • iperf3 now supports the use of Multi-Path TCP (MPTCPv1) on Linux
    with the use of the -m or --mptcp flag. (PR #1661)

  • iperf3 now supports a --cntl-ka option to enable TCP keepalives
    on the control connection. (#812, #835, PR #1423)

  • iperf3 now supports the MSG_TRUNC receive option, specified by
    the --skip-rx-copy. This theoretically improves the rated
    throughput of tests at high bitrates by not delivering network
    payload data to userspace. (#1678, PR #1717)

  • A bug that caused the bitrate setting to be ignored when bursts
    are set, has been fixed. (#1773, #1820, PR #1821, PR #1848)

  • The congestion control protocol setting, if used, is now
    properly reset between tests. (PR #1812)

  • iperf3 now exits with a non-error 0 exit code if exiting via a
    SIGTERM, SIGHUP, or SIGINT. (#1009, PR# 1829)

  • The current behavior of iperf3 with respect to the -n and -k
    options is now documented as correct. (#1768, #1775, #596, PR #1800)

• Notable developer-visible changes

  • iperf3 now supports a callback function to get the JSON output
    strings. (#1711, PR #1798)

  • iperf3 now builds correctly with gcc-15 (#1838, PR #1805)

  • Various memory leaks were fixed (#1881, PR#1823, #1814, PR#1822)

  • A potential segfault crash was fixed (#1807)

  • Improved warning messages when reading malformed JSON messages
    (PR #1817)

  • The Github CI configuration was changed to use a more up-to-date
    set of runners (PR #1864)

iperf-3.18 2024-12-13

iperf-3.18 2024-12-13

• Notable user-visible changes

  • SECURITY NOTE: Thanks to Leonid Krolle Bi.Zone for discovering a
    JSON type security vulnerability that caused a
    segmentation fault in the
    server. (CVE-2024-53580) This has now been
    fixed. (PR#1810)

  • UDP packets per second now reports the correct number of
    packets, by reporting NET_SOFTERROR if there's a EAGAIN/EINTR
    errno if no data was sent (#1367/PR#1379).

  • Several segmentation faults related to threading were fixed. One
    where pthread_cancel was called on an improperly initialized
    thread (#1801), another where threads were being recycled
    (#1760/PR#1761), and another where threads were improperly
    handling signals (#1750/PR#1752).

  • A segmentation fault from calling freeaddrinfo with NULL was
    fixed (PR#1755).

  • Some JSON options were fixed, including checking the size for
    json_read (PR#1709), but the size limit was removed for
    received server output (PR#1779).

  • A rcv-timeout error has been fixed. The Nread timeout was
    hardcoded and timed out before the --rcv-timeout option
    (PR#1744).

  • There is no longer a limit on the omit time period
    (#1770/PR#1774).

  • Fixed an output crash under 32-bit big-endian systems (PR#1713).

  • An issue was fixed where CPU utilization was unexpectedly high
    during limited baud rate tests. The --pacing-timer option was
    removed, but it is still available in the library
    (#1741/PR#1743).

  • Add SCTP information to --json output and fixed compile error
    when SCTP is not supported (#1731).

  • --fq-rate was changed from a uint to a uint64 to allow pacing above
    32G. Not yet tested on big-endian systems (PR#1728).

• Notable developer-visible changes

  • Clang compilation failure on Android were fixed (PR#1687).

  • iperf_time_add() was optimizated to improve performance
    (PR#1742).

  • Debug messages were added when the state changes (PR#1734).

  • To increase performance, the old UDP prot_listener is cleared
    and removed after each test (PR#1708).

  • A file descriptor leak was closed (PR#1619).

3.17.1

iperf-3.17.1 2024-05-13

• Notable user-visible changes

  • Version number has been corrected. (#1699)

• Notable developer-visible changes

  • No longer signing tags

3.17

iperf-3.17 2024-05-10

• Notable user-visible changes

  • BREAKING CHANGE: iperf3's authentication features, when used with
    OpenSSL prior to 3.2.0, contain a vulnerability to a side-channel
    timing attack. To address this flaw, a change has been made to the
    padding applied to encrypted strings. This change is not backwards
    compatible with older versions of iperf3 (before 3.17). To restore
    the older (vulnerable) behavior, and hence
    backwards-compatibility, use the --use-pkcs1-padding flag. The
    iperf3 team thanks Hubert Kario from RedHat for reporting this
    issue and providing feedback on the fix. (CVE-2024-26306)(PR#1695)

  • iperf3 no longer changes its current working directory in --daemon
    mode. This results in more predictable behavior with relative
    paths, in particular finding key and credential files for
    authentication. (PR#1672)

  • A new --json-stream option has been added to enable a streaming
    output format, consisting of a series of JSON objects (for the
    start of the test, each measurement interval, and the end of the
    test) separated by newlines (#444, #923, #1098).

  • UDP tests now work correctly between different endian hosts
    (#1415).

  • The --fq-rate parameter now works for --reverse tests (#1632, PR#1667).

  • The statistics reporting interval is now available in the --json
    start test object (#1663).

  • A negative time test duration is now properly flagged as an error
    (IS#1662 / PR#1666).

• Notable developer-visible changes

  • Fixes have been made to better (unofficially) support builds on
    Android (#1641 / #1651) and VxWorks (#1595).

  • iperf3 now builds correctly on architectures without native
    support for 64-bit atomic types, by linking with the libatomic
    library (#1611).

3.16

iperf-3.16 2023-11-30

• Notable user-visible changes

  • Multiple test streams started with -P/--parallel will now be
    serviced by different threads. This allows iperf3 to take
    advantage of multiple CPU cores on modern processors, and will
    generally result in significant throughput increases (PR #1591).

  • OpenSSL 3 is now detected at build time. If OpenSSL 3 is found,
    various older, deprecated, APIs will not be used. iperf3 will
    continue to work with OpenSSL 1.1.1. OpenSSL is used as a part
    of the iperf3 authentication functionality (Issue #1300, PR
    #1589).

  • The authorized users file used by the authentication functionality
    is now checked for accessibility much earlier during the program
    startup, as opposed to being checked near the start of a
    test (Issue #1583, PR #1585).

• Developer-visible changes

  • BREAKING CHANGE: iperf3 now requires pthreads and C atomic
    variables to compile and run.

iperf-3.16-beta1

iperf-3.16-beta1 2023-11-15

• Notable user-visible changes

  • Multiple test streams started with -P/--parallel will now be
    serviced by different threads. This allows iperf3 to take
    advantage of multiple CPU cores on modern processors, and will
    generally result in significant throughput increases (PR #1591).

  • OpenSSL 3 is now detected at build time. If OpenSSL 3 is found,
    various older, deprecated, APIs will not be used. iperf3 will
    continue to work with OpenSSL 1.1.1. OpenSSL is used for as a part
    of the iperf3 authentication functionality (Issue #1300, PR
    #1589).

  • The authorized users file used by the authentication functionality
    is now checked for accessibility much earlier during the program
    startup, as opposed to being checked near the start of a
    test (Issue #1583, PR #1585).

• Developer-visible changes

  • BREAKING CHANGE: iperf3 now requires pthreads and C atomic
    variables to compile and run.

iperf-3.15-mt-beta1

iperf-3.15-mt-beta1 2023-09-29

Accumulated release notes from iperf-3.14 and earlier multithreaded
beta releases:

• Notable user-visible changes

  • Multiple test streams started with -P/--parallel will now be
    serviced by different threads. This allows iperf3 to take
    advantage of multiple CPU cores on modern processors.

  • Remove some busy-waiting left over from the original
    single-threaded implementation, which caused the multi-threaded
    iperf3 to consume CPU resources for no particular reason, and
    possible subsequent packet loss.

  • CentOS 7's default compiler is a version of GCC that is too old to
    compile code using C11 atomic variables. A workaround has been
    devised for 64-bit CentOS 7 systems, it is not clear whether this
    approach will work on 32-bit CentOS 7 hosts, or other
    similarly-vintage build environment.

  • Fix a bug related to idle timeouts, so that the --rcv-timeout
    option works correctly.

  • Make shutdown of threads more tolerant in the face of various
    orders of operations at the end of tests.

• Developer-visible changes

  • iperf3 requires pthreads and C atomic variables to compile and run.

3.15

---

iperf-3.15 2023-09-14

• Notable user-visible changes

  • Several bugs that could allow the iperf3 server to hang waiting
    for input on the control connection has been fixed. ESnet thanks
    Jorge Sancho Larraz from Canonical for reporting this issue. For
    more information, see:
    https://downloads.es.net/pub/iperf/esnet-secadv-2023-0002.txt.asc

  • A bug that caused garbled output with UDP tests on 32-bit hosts
    has been fixed (PR #1554, PR #1556). This bug was introduced in
    iperf-3.14.

  • A bug in counting UDP messages has been fixed (PR #1367, PR
    #1380).