xref: /freebsd/contrib/tcpdump/CHANGES (revision 7bd6fde3) 
1$Header: /tcpdump/master/tcpdump/CHANGES,v 1.87.2.11 2005/09/20 06:05:34 guy Exp $
2
3Mon. 	September 19, 2005.  ken@xelerance.com. Summary for 3.9.4 tcpdump release
4	Decoder support for more Juniper link-layer types
5	Fix a potential buffer overflow (although it can't occur in
6		practice).
7	Fix the handling of unknown management frame types in the 802.11
8		printer.
9	Add FRF.16 support, fix various Frame Relay bugs.
10	Add support for RSVP integrity objects, update fast-reroute
11		object printer to latest spec.
12	Clean up documentation of vlan filter expression, document mpls
13		filter expression.
14	Document new pppoed and pppoes filter expressions.
15	Update diffserver-TE codepoints as per RFC 4124.
16	Spelling fixes in ICMPv6.
17	Don't require any fields other than flags to be present in IS-IS
18		restart signaling TLVs, and only print the system ID in
19		those TLVs as system IDs, not as node IDs.
20	Support for DCCP.
21
22Tue. 	July 5, 2005.  ken@xelerance.com. Summary for 3.9.3 tcpdump release
23
24	Option to chroot() when dropping privs
25	Fixes for compiling on nearly every platform,
26		including improved 64bit support
27	Many new testcases
28	Support for sending packets
29	Many compliation fixes on most platforms
30	Fixes for recent version of GCC to eliminate warnings
31	Improved Unicode support
32
33	Decoders & DLT Changes, Updates and New:
34		AES ESP support
35		Juniper ATM, FRF.15, FRF.16, PPPoE,
36			ML-FR, ML-PIC, ML-PPP, PL-PPP, LS-PIC
37			GGSN,ES,MONITOR,SERVICES
38		L2VPN
39		Axent Raptor/Symantec Firewall
40		TCP-MD5 (RFC 2385)
41		ESP-in-UDP (RFC 3948)
42		ATM OAM
43		LMP, LMP Service Discovery
44		IP over FC
45		IP over IEEE 1394
46		BACnet MS/TP
47		SS7
48		LDP over TCP
49		LACP, MARKER as per 802.3ad
50		PGM (RFC 3208)
51		LSP-PING
52		G.7041/Y.1303 Generic Framing Procedure
53		EIGRP-IP, EIGRP-IPX
54		ICMP6
55		Radio - via radiotap
56		DHCPv6
57		HDLC over PPP
58
59Tue.   March 30, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.3 release
60
61	No changes from 3.8.2. Version bumped only to maintain consistency
62	with libpcap 0.8.3.
63
64Mon.   March 29, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.2 release
65
66	Fixes for print-isakmp.c      CVE:    CAN-2004-0183, CAN-2004-0184
67	  		     http://www.rapid7.com/advisories/R7-0017.html
68	IP-over-IEEE1394 printing.
69	some MINGW32 changes.
70	updates for autoconf 2.5
71	fixes for print-aodv.c - check for too short packets
72	formatting changes to print-ascii for hex output.
73	check for too short packets: print-bgp.c, print-bootp.c, print-cdp.c,
74		print-chdlc.c, print-domain.c, print-icmp.c, print-icmp6.c,
75		print-ip.c, print-lwres.c, print-ospf.c, print-pim.c,
76		print-ppp.c,print-pppoe.c, print-rsvp.c, print-wb.c
77	print-ether.c - better handling of unknown types.
78	print-isoclns.c - additional decoding of types.
79	print-llc.c - strings for LLC names added.
80	print-pfloc.c - various enhancements
81	print-radius.c - better decoding to strings.
82
83Wed.   November 12, 2003. mcr@sandelman.ottawa.on.ca. Summary for 3.8 release
84
85	changed syntax of -E argument so that multiple SAs can be decrypted
86	fixes for Digital Unix headers and Documentation
87	__attribute__ fixes
88	CDP changes from Terry Kennedy <terry@tmk.com>.
89	IPv6 mobility updates from Kazushi Sugyo <sugyo@pb.jp.nec.com>
90	Fixes for ASN.1 decoder for 2.100.3 forms.
91	Added a count of packets received and processed to clarify numbers.
92	Incorporated WinDUMP patches for Win32 builds.
93	PPPoE payload length headers.
94	Fixes for HP C compiler builds.
95	Use new pcap_breakloop() and pcap_findalldevs() if we can.
96	BGP output split into multiple lines.
97	Fixes to 802.11 decoding.
98	Fixes to PIM decoder.
99	SuperH is a CPU that can't handle unaligned access. Many fixes for
100		unaligned access work.
101	Fixes to Frame-Relay decoder for Q.933/922 frames.
102	Clarified when Solaris can do captures as non-root.
103	Added tests/ subdir for examples/regression tests.
104	New -U flag.	-flush stdout after every packet
105	New -A flag	-print ascii only
106	support for decoding IS-IS inside Cisco HDLC Frames
107	more verbosity for tftp decoder
108	mDNS decoder
109	new BFD decoder
110	cross compilation patches
111	RFC 3561 AODV support.
112	UDP/TCP pseudo-checksum properly for source-route options.
113	sanitized all files to modified BSD license
114	Add support for RFC 2625 IP-over-Fibre Channel.
115	fixes for DECnet support.
116	Support RFC 2684 bridging of Ethernet, 802.5 Token Ring, and FDDI.
117	RFC 2684 encapsulation of BPDUs.
118
119Tuesday, February 25, 2003. fenner@research.att.com.  3.7.2 release
120
121	Fixed infinite loop when parsing malformed isakmp packets.
122	 (reported by iDefense; already fixed in CVS)
123	Fixed infinite loop when parsing malformed BGP packets.
124	Fixed buffer overflow with certain malformed NFS packets.
125	Pretty-print unprintable network names in 802.11 printer.
126	Handle truncated nbp (appletalk) packets.
127	Updated DHCPv6 printer to match draft-ietf-dhc-dhcpv6-22.txt
128	Print IP protocol name even if we don't have a printer for it.
129	Print IP protocol name or number for fragments.
130	Print the whole MPLS label stack, not just the top label.
131	Print request header and file handle for NFS v3 FSINFO and PATHCONF
132	 requests.
133	Fix NFS packet truncation checks.
134	Handle "old" DR-Priority and Bidir-Capable PIM HELLO options.
135	Handle unknown RADIUS attributes properly.
136	Fix an ASN.1 parsing error that would cause e.g. the OID
137	 2.100.3 to be misrepresented as 4.20.3 .
138
139Monday, January 21, 2002. mcr@sandelman.ottawa.on.ca. Summary for 3.7 release
140see http://www.tcpdump.org/cvs-log/2002-01-21.10:16:48.html for commit log.
141	keyword "ipx" added.
142	Better OSI/802.2 support on Linux.
143	IEEE 802.11 support, from clenahan@fortresstech.com, achirica@ttd.net.
144	LLC SAP support for FDDI/token ring/RFC-1483 style ATM
145	BXXP protocol was replaced by the BEEP protocol;
146	improvements to SNAP demux.
147	Changes to "any" interface documentation.
148	Documentation on pcap_stats() counters.
149	Fix a memory leak found by Miklos Szeredi - pcap_ether_aton().
150	Added MPLS encapsulation decoding per RFC3032.
151	DNS dissector handles TKEY, TSIG and IXFR.
152	adaptive SLIP interface patch from Igor Khristophorov <igor@atdot.org>
153	SMB printing has much improved bounds checks
154	OUI 0x0000f8 decoded as encapsulated ethernet for Cisco-custom bridging
155	Zephyr support, from Nickolai Zeldovich <kolya@MIT.EDU>.
156	Solaris - devices with digits in them. Stefan Hudson <hudson@mbay.net>
157	IPX socket 0x85be is for Cisco EIGRP over IPX.
158	Improvements to fragmented ESP handling.
159	SCTP support from Armando L. Caro Jr. <acaro@mail.eecis.udel.edu>
160	Linux ARPHDR_ATM support fixed.
161	Added a "netbeui" keyword, which selects NetBEUI packets.
162	IPv6 ND improvements, MobileIP dissector, 2292bis-02 for RA option.
163	Handle ARPHDR_HDLC from Marcus Felipe Pereira <marcus@task.com.br>.
164	Handle IPX socket 0x553 -> NetBIOS-over-IPX socket, "nwlink-dgm"
165	Better Linux libc5 compat.
166	BIND9 lwres dissector added.
167	MIPS and SPARC get strict alignment macros (affects print-bgp.c)
168	Apple LocalTalk LINKTYPE_ reserved.
169	New time stamp formats documented.
170	DHCP6 updated to draft-22.txt spec.
171	ICMP types/codes now accept symbolic names.
172	Add SIGINFO handler from LBL
173	encrypted CIPE tunnels in IRIX, from Franz Schaefer <schaefer@mond.at>.
174	now we are -Wstrict-prototype clean.
175	NetBSD DLT_PPP_ETHER; adapted from Martin Husemann <martin@netbsd.org>.
176	PPPoE dissector cleaned up.
177	Support for LocalTalk hardware, from Uns Lider <unslider@miranda.org>.
178	In dissector, now the caller prints the IP addresses rather than proto.
179	cjclark@alum.mit.edu: print the IP proto for non-initial fragments.
180	LLC frames with a DSAP and LSAP of 0xe0 are IPX frames.
181	Linux cooked frames with a type value of LINUX_SLL_P_802_3 are IPX.
182	captures on the "any" device won't be done in promiscuous mode
183	Token Ring support on DLPI - Onno van der Linden <onno@simplex.nl>
184	ARCNet support, from NetBSD.
185	HSRP dissector, from Julian Cowley <julian@lava.net>.
186	Handle (GRE-encapsulated) PPTP
187	added -C option to rotate save file every optarg * 1,000,000 bytes.
188	support for "vrrp" name - NetBSD, by Klaus Klein <kleink@netbsd.org>.
189	PPTP support, from Motonori Shindo <mshindo@mshindo.net>.
190	IS-IS over PPP support, from Hannes Gredler <hannes@juniper.net>.
191	CNFP support for IPv6,format. Harry Raaymakers <harryr@connect.com.au>.
192	ESP printing updated to RFC2406.
193	HP-UX can now handle large number of PPAs.
194	MSDP printer added.
195	L2TP dissector improvements from Motonori Shindo.
196
197Tuesday January 9, 2001. mcr@sandelman.ottawa.on.ca. Summary for 3.6 release
198	Cleaned up documentation.
199	Promisc mode fixes for Linux
200	IPsec changes/cleanups.
201	Alignment fixes for picky architectures
202
203	Removed dependency on native headers for packet dissectors.
204	Removed Linux specific headers that were shipped
205
206	libpcap changes provide for exchanging capture files between
207	  systems. Save files now have well known PACKET_ values instead of
208	  depending upon system dependant mappings of DLT_* types.
209
210	Support for computing/checking IP and UDP/TCP checksums.
211
212	Updated autoconf stock files.
213
214	IPv6 improvements: dhcp (draft-15), mobile-ip6, ppp, ospf6,
215
216	Added dissector support for: ISOCLNS, Token Ring, IGMPv3, bxxp,
217		timed, vrrp, radius, chdlc, cnfp, cdp, IEEE802.1d, raw-AppleTalk
218
219	Added filtering support for: VLANs, ESIS, ISIS
220
221	Improvements to: print-telnet, IPTalk, bootp/dhcp, ECN, PPP,
222		L2TP, PPPoE
223
224	HP-UX 11.0 -- find the right dlpi device.
225	Solaris 8 - IPv6 works
226	Linux - Added support for an "any" device to capture on all interfaces
227
228	Security fixes: buffer overrun audit done. Strcpy replaced with
229		strlcpy, sprintf replaced with snprintf.
230	Look for lex problems, and warn about them.
231
232
233v3.5 Fri Jan 28 18:00:00 PST 2000
234
235Bill Fenner <fenner@research.att.com>
236- switch to config.h for autoconf
237- unify RCSID strings
238- Updated PIMv1, PIMv2, DVMRP, IGMP parsers, add Cisco Auto-RP parser
239- Really fix the RIP printer
240- Fix MAC address -> name translation.
241- some -Wall -Wformat fixes
242- update makemib to parse much of SMIv2
243- Print TCP sequence # with -vv even if you normally wouldn't
244- Print as much of IP/TCP/UDP headers as possible even if truncated.
245
246itojun@iijlab.net
247- -X will make a ascii dump.  from netbsd.
248- telnet command sequence decoder (ff xx xx).  from netbsd.
249- print-bgp.c: improve options printing.  ugly code exists for
250  unaligned option parsing (need some fix).
251- const poisoning in SMB decoder.
252- -Wall -Werror clean checks.
253- bring in KAME IPv6/IPsec decoding code.
254
255Assar Westerlund  <assar@sics.se>
256- SNMPv2 and SNMPv3 printer
257- If compiled with libsmi, tcpdump can load MIBs on the fly to decode
258  SNMP packets.
259- Incorporate NFS parsing code from NetBSD.  Adds support for nfsv3.
260- portability fixes
261- permit building in different directories.
262
263Ken Hornstein <kenh@cmf.nrl.navy.mil>
264- bring in code at
265  /afs/transarc.com/public/afs-contrib/tools/tcpdump for parsing
266  AFS3 packets
267
268Andrew Tridgell <tridge@linuxcare.com>
269- SMB printing code
270
271Love <lha@stacken.kth.se>
272- print-rx.c: add code for printing MakeDir and StoreStatus.  Also
273  change date format to the right one.
274
275Michael C. Richardson  <mcr@sandelman.ottawa.on.ca>
276- Created tcpdump.org repository
277
278v3.4 Sat Jul 25 12:40:55 PDT 1998
279
280- Hardwire Linux slip support since it's too hard to detect.
281
282- Redo configuration of "network" libraries (-lsocket and -lnsl) to
283  deal with IRIX. Thanks to John Hawkinson (jhawk@mit.edu)
284
285- Added -a which tries to translate network and broadcast addresses to
286  names. Suggested by Rob van Nieuwkerk (robn@verdi.et.tudelft.nl)
287
288- Added a configure option to disable gcc.
289
290- Added a "raw" packet printer.
291
292- Not having an interface address is no longer fatal. Requested by John
293  Hawkinson.
294
295- Rework signal setup to accommodate Linux.
296
297- OSPF truncation check fix. Also display the type of OSPF packets
298  using MD5 authentication. Thanks to Brian Wellington
299  (bwelling@tis.com)
300
301- Fix truncation check bugs in the Kerberos printer. Reported by Ezra
302  Peisach (epeisach@mit.edu)
303
304- Don't catch SIGHUP when invoked with nohup(1). Thanks to Dave Plonka
305  (plonka@mfa.com)
306
307- Specify full install target as a way of detecting if install
308  directory does not exist. Thanks to Dave Plonka.
309
310- Bit-swap FDDI addresses for BSD/OS too. Thanks to Paul Vixie
311  (paul@vix.com)
312
313- Fix off-by-one bug when testing size of ethernet packets. Thanks to
314  Marty Leisner (leisner@sdsp.mc.xerox.com)
315
316- Add a local autoconf macro to check for routines in libraries; the
317  autoconf version is broken (it only puts the library name in the
318  cache variable name). Thanks to John Hawkinson.
319
320- Add a local autoconf macro to check for types; the autoconf version
321  is broken (it uses grep instead of actually compiling a code fragment).
322
323- Modified to support the new BSD/OS 2.1 PPP and SLIP link layer header
324  formats.
325
326- Extend OSF ip header workaround to versions 1 and 2.
327
328- Fix some signed problems in the nfs printer. As reported by David
329  Sacerdote (davids@silence.secnet.com)
330
331- Detect group wheel and use it as the default since BSD/OS' install
332  can't hack numeric groups. Reported by David Sacerdote.
333
334- AIX needs special loader options. Thanks to Jonathan I. Kamens
335  (jik@cam.ov.com)
336
337- Fixed the nfs printer to print port numbers in decimal. Thanks to
338  Kent Vander Velden (graphix@iastate.edu)
339
340- Find installed libpcap in /usr/local/lib when not using gcc.
341
342- Disallow network masks with non-network bits set.
343
344- Attempt to detect "egcs" versions of gcc.
345
346- Add missing closing double quotes when displaying bootp strings.
347  Reported by Viet-Trung Luu (vluu@picard.math.uwaterloo.ca)
348
349v3.3 Sat Nov 30 20:56:27 PST 1996
350
351- Added Linux support.
352
353- GRE encapsulated packet printer thanks to John Hawkinson
354  (jhawk@mit.edu)
355
356- Rewrite gmt2local() to avoid problematic os dependencies.
357
358- Suppress nfs truncation message on errors.
359
360- Add missing m4 quoting in AC_LBL_UNALIGNED_ACCESS autoconf macro.
361  Reported by Joachim Ott (ott@ardala.han.de)
362
363- Enable "ip_hl vs. ip_vhl" workaround for OSF4 too.
364
365- Print arp hardware type in host order. Thanks to Onno van der Linden
366  (onno@simplex.nl)
367
368- Avoid solaris compiler warnings. Thanks to Bruce Barnett
369  (barnett@grymoire.crd.ge.com)
370
371- Fix rip printer to not print one more route than is actually in the
372  packet. Thanks to Jean-Luc Richier (Jean-Luc.Richier@imag.fr) and
373  Bill Fenner (fenner@parc.xerox.com)
374
375- Use autoconf endian detection since BYTE_ORDER isn't defined on all systems.
376
377- Fix dvmrp printer truncation checks and add a dvmrp probe printer.
378  Thanks to Danny J. Mitzel (mitzel@ipsilon.com)
379
380- Rewrite ospf printer to improve truncation checks.
381
382- Don't parse tcp options past the EOL. As noted by David Sacerdote
383  (davids@secnet.com). Also, check tcp options to make sure they ar
384  actually in the tcp header (in addition to the normal truncation
385  checks). Fix the SACK code to print the N blocks (instead of the
386  first block N times).
387
388- Don't say really small UDP packets are truncated just because they
389  aren't big enough to be a RPC. As noted by David Sacerdote.
390
391v3.2.1 Sun Jul 14 03:02:26 PDT 1996
392
393- Added rfc1716 icmp codes as suggested by Martin Fredriksson
394  (martin@msp.se)
395
396- Print mtu for icmp unreach need frag packets. Thanks to John
397  Hawkinson (jhawk@mit.edu)
398
399- Decode icmp router discovery messages. Thanks to Jeffrey Honig
400  (jch@bsdi.com)
401
402- Added a printer entry for DLT_IEEE802 as suggested by Tak Kushida
403  (kushida@trl.ibm.co.jp)
404
405- Check igmp checksum if possible. Thanks to John Hawkinson.
406
407- Made changes for SINIX. Thanks to Andrej Borsenkow
408  (borsenkow.msk@sni.de)
409
410- Use autoconf's idea of the top level directory in install targets.
411  Thanks to John Hawkinson.
412
413- Avoid infinite loop in tcp options printing code. Thanks to Jeffrey
414  Mogul (mogul@pa.dec.com)
415
416- Avoid using -lsocket in IRIX 5.2 and earlier since it breaks snoop.
417  Thanks to John Hawkinson.
418
419- Added some more packet truncation checks.
420
421- On systems that have it, use sigset() instead of signal() since
422  signal() has different semantics on these systems.
423
424- Fixed some more alignment problems on the alpha.
425
426- Add code to massage unprintable characters in the domain and ipx
427  printers. Thanks to John Hawkinson.
428
429- Added explicit netmask support. Thanks to Steve Nuchia
430  (steve@research.oknet.com)
431
432- Add "sca" keyword (for DEC cluster services) as suggested by Terry
433  Kennedy (terry@spcvxa.spc.edu)
434
435- Add "atalk" keyword as suggested by John Hawkinson.
436
437- Added an igrp printer. Thanks to Francis Dupont
438  (francis.dupont@inria.fr)
439
440- Print IPX net numbers in hex a la Novell Netware. Thanks to Terry
441  Kennedy (terry@spcvxa.spc.edu)
442
443- Fixed snmp extended tag field parsing bug. Thanks to Pascal Hennequin
444  (pascal.hennequin@hugo.int-evry.fr)
445
446- Added some ETHERTYPEs missing on some systems.
447
448- Added truncated packet macros and various checks.
449
450- Fixed endian problems with the DECnet printer.
451
452- Use $CC when checking gcc version. Thanks to Carl Lindberg
453  (carl_lindberg@blacksmith.com)
454
455- Fixes for AIX (although this system is not yet supported). Thanks to
456  John Hawkinson.
457
458- Fix bugs in the autoconf misaligned accesses code fragment.
459
460- Include sys/param.h to get BYTE_ORDER in a few places. Thanks to
461  Pavlin Ivanov Radoslavov (pavlin@cs.titech.ac.jp)
462
463v3.2 Sun Jun 23 02:28:10 PDT 1996
464
465- Print new icmp unreachable codes as suggested by Martin Fredriksson
466  (martin@msp.se). Also print code value when unknown for icmp redirect
467  and time exceeded.
468
469- Fix an alignment endian bug in getname(). Thanks to John Hawkinson.
470
471- Define "new" domain record types if not found in arpa/nameserv.h.
472  Resulted from a suggestion from John Hawkinson (jhawk@mit.edu). Also
473  fixed an endian bug when printing mx record and added some new record
474  types.
475
476- Added RIP V2 support. Thanks to Jeffrey Honig (jch@bsdi.com)
477
478- Added T/TCP options printing. As suggested by Richard Stevens
479  (rstevens@noao.edu)
480
481- Use autoconf to detect architectures that can't handle misaligned
482  accesses.
483
484v3.1 Thu Jun 13 20:59:32 PDT 1996
485
486- Changed u_int32/int32 to u_int32_t/int32_t to be consistent with bsd
487  and bind (as suggested by Charles Hannum).
488
489- Port to GNU autoconf.
490
491- Add support for printing DVMRP and PIM traffic thanks to
492  Havard Eidnes (Havard.Eidnes@runit.sintef.no).
493
494- Fix AppleTalk, IPX and DECnet byte order problems due to wrong endian
495  define being referenced. Reported by Terry Kennedy.
496
497- Minor fixes to the man page thanks to Mark Andrews.
498
499- Endian fixes to RTP and vat packet dumpers, thanks to Bruce Mah
500  (bmah@cs.berkeley.edu).
501
502- Added support for new dns types, thanks to Rainer Orth.
503
504- Fixed tftp_print() to print the block number for ACKs.
505
506- Document -dd and -ddd. Resulted from a bug report from Charlie Slater
507  (cslater@imatek.com).
508
509- Check return status from malloc/calloc/etc.
510
511- Check return status from pcap_loop() so we can print an error and
512  exit with a bad status if there were problems.
513
514- Bail if ip option length is <= 0. Resulted from a bug report from
515  Darren Reed (darrenr@vitruvius.arbld.unimelb.edu.au).
516
517- Print out a little more information for sun rpc packets.
518
519- Add suport for Kerberos 4 thanks to John Hawkinson (jhawk@mit.edu).
520
521- Fixed the Fix EXTRACT_SHORT() and EXTRACT_LONG() macros (which were
522  wrong on little endian machines).
523
524- Fixed alignment bug in ipx_decode(). Thanks to Matt Crawford
525  (crawdad@fnal.gov).
526
527- Fix ntp_print() to not print garbage when the stratum is
528  "unspecified." Thanks to Deus Ex Machina (root@belle.bork.com).
529
530- Rewrote tcp options printer code to check for truncation. Added
531  selective acknowledgment case.
532
533- Fixed an endian bug in the ospf printer. Thanks to Jeffrey C Honig
534  (jch@bsdi.com)
535
536- Fix rip printer to handle 4.4 BSD sockaddr struct which only uses one
537  octet for the sa_family member. Thanks to Yoshitaka Tokugawa
538  (toku@dit.co.jp)
539
540- Don't checksum ip header if we don't have all of it. Thanks to John
541  Hawkinson (jhawk@mit.edu).
542
543- Print out hostnames if possible in egp printer. Thanks to Jeffrey
544  Honig (jhc@bsdi.com)
545
546
547v3.1a1 Wed May  3 19:21:11 PDT 1995
548
549- Include time.h when SVR4 is defined to avoid problems under Solaris
550  2.3.
551
552- Fix etheraddr_string() in the ETHER_SERVICE to return the saved
553  strings, not the local buffer. Thanks to Stefan Petri
554  (petri@ibr.cs.tu-bs.de).
555
556- Detect when pcap raises the snaplen (e.g. with snit). Print a warning
557  that the selected value was not used. Thanks to Pascal Hennequin
558  (Pascal.Hennequin@hugo.int-evry.fr).
559
560- Add a truncated packet test to print-nfs.c. Thanks to Pascal Hennequin.
561
562- BYTEORDER -> BYTE_ORDER Thanks to Terry Kennedy (terry@spcvxa.spc.edu).
563
564v3.0.3 Sun Oct  1 18:35:00 GMT 1995
565
566- Although there never was a 3.0.3 release, the linux boys cleverly
567  "released" one in late 1995.
568
569v3.0.2 Thu Apr 20 21:28:16 PDT 1995
570
571- Change configuration to not use gcc v2 flags with gcc v1.
572
573- Redo gmt2local() so that it works under BSDI (which seems to return
574  an empty timezone struct from gettimeofday()). Based on report from
575  Terry Kennedy (terry@spcvxa.spc.edu).
576
577- Change configure to recognize IP[0-9]* as "mips" SGI hardware. Based
578  on report from Mark Andrews (mandrews@alias.com).
579
580- Don't pass cc flags to gcc. Resulted from a bug report from Rainer
581  Orth (ro@techfak.uni-bielefeld.de).
582
583- Fixed printout of connection id for uncompressed tcp slip packets.
584  Resulted from a bug report from Richard Stevens (rstevens@noao.edu).
585
586- Hack around deficiency in Ultrix's make.
587
588- Add ETHERTYPE_TRAIL define which is missing from irix5.
589
590v3.0.1 Wed Aug 31 22:42:26 PDT 1994
591
592- Fix problems with gcc2 vs. malloc() and read() prototypes under SunOS 4.
593
594v3.0 Mon Jun 20 19:23:27 PDT 1994
595
596- Added support for printing tcp option timestamps thanks to
597  Mark Andrews (mandrews@alias.com).
598
599- Reorganize protocol dumpers to take const pointers to packets so they
600  never change the contents (i.e., they used to do endian conversions
601  in place).  Previously, whenever more than one pass was taken over
602  the packet, the packet contents would be dumped incorrectly (i.e.,
603  the output form -x would be wrong on little endian machines because
604  the protocol dumpers would modify the data).  Thanks to Charles Hannum
605  (mycroft@gnu.ai.mit.edu) for reporting this problem.
606
607- Added support for decnet protocol dumping thanks to Jeff Mogul
608  (mogul@pa.dec.com).
609
610- Fix bug that caused length of packet to be incorrectly printed
611  (off by ether header size) for unknown ethernet types thanks
612  to Greg Miller (gmiller@kayak.mitre.org).
613
614- Added support for IPX protocol dumping thanks to Brad Parker
615  (brad@fcr.com).
616
617- Added check to verify IP header checksum under -v thanks to
618  Brad Parker (brad@fcr.com).
619
620- Move packet capture code to new libpcap library (which is
621  packaged separately).
622
623- Prototype everything and assume an ansi compiler.
624
625- print-arp.c: Print hardware ethernet addresses if they're not
626  what we expect.
627
628- print-bootp.c: Decode the cmu vendor field. Add RFC1497 tags.
629  Many helpful suggestions from Gordon Ross (gwr@jericho.mc.com).
630
631- print-fddi.c: Improvements. Thanks to Jeffrey Mogul
632  (mogul@pa.dec.com).
633
634- print-icmp.c: Byte swap netmask before printing. Thanks to
635  Richard Stevens (rstevens@noao.edu). Print icmp type when unknown.
636
637- print-ip.c: Print the inner ip datagram of ip-in-ip encapsulated packets.
638  By default, only the inner packet is dumped, appended with the token
639  "(encap)".  Under -v, both the inner and output packets are dumped
640  (on the same line).  Note that the filter applies to the original packet,
641  not the encapsulated packet.  So if you run tcpdump on a net with an
642  IP Multicast tunnel, you cannot filter out the datagrams using the
643  conventional syntax.  (You can filter away all the ip-in-ip traffic
644  with "not ip proto 4".)
645
646- print-nfs.c: Keep pending rpc's in circular table. Add generic
647  nfs header and remove os dependences. Thanks to Jeffrey Mogul.
648
649- print-ospf.c: Improvements. Thanks to Jeffrey Mogul.
650
651- tcpdump.c: Add -T flag allows interpretation of "vat", "wb", "rpc"
652  (sunrpc) and rtp packets. Added "inbound" and "outbound" keywords
653  Add && and || operators
654
655v2.2.1 Tue Jun 6 17:57:22 PDT 1992
656
657- Fix bug with -c flag.
658
659v2.2 Fri May 22 17:19:41 PDT 1992
660
661- savefile.c: Remove hack that shouldn't have been exported. Add
662  truncate checks.
663
664- Added the 'icmp' keyword.  For example, 'icmp[0] != 8 and icmp[0] != 0'
665  matches non-echo/reply ICMP packets.
666
667- Many improvements to filter code optimizer.
668
669- Added 'multicast' keyword and extended the 'broadcast' keyword can now be
670  so that protocol qualifications are allowed. For example, "ip broadcast"
671  and "ether multicast" are valid filters.
672
673- Added support for monitoring the loopback interface (i.e. 'tcpdump -i lo').
674  Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) contributed the kernel
675  patches to netinet/if_loop.c.
676
677- Added support for the Ungermann-Bass Ethernet on IBM/PC-RTs running AOS.
678  Contact Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) for the diffs.
679
680- Added EGP and OSPF printers, thanks to Jeffrey Honig.
681
682v2.1 Tue Jan 28 11:00:14 PST 1992
683
684- Internal release (never publically exported).
685
686v2.0.1 Sun Jan 26 21:10:10 PDT
687
688- Various byte ordering fixes.
689
690- Add truncation checks.
691
692- inet.c: Support BSD style SIOCGIFCONF.
693
694- nametoaddr.c: Handle multi addresses for single host.
695
696- optimize.c: Rewritten.
697
698- pcap-bpf.c: don't choke when we get ptraced. only set promiscuous
699  for broadcast nets.
700
701- print-atal.c: Fix an alignment bug (thanks to
702  stanonik@nprdc.navy.mil) Add missing printf() argument.
703
704- print-bootp.c: First attempt at decoding the vendor buffer.
705
706- print-domain.c: Fix truncation checks.
707
708- print-icmp.c: Calculate length of packets from the ip header.
709
710- print-ip.c: Print frag id in decimal (so it's easier to match up
711  with non-frags). Add support for ospf, egp and igmp.
712
713- print-nfs.c: Lots of changes.
714
715- print-ntp.c: Make some verbose output depend on -v.
716
717- print-snmp.c: New version from John LoVerso.
718
719- print-tcp.c: Print rfc1072 tcp options.
720
721- tcpdump.c: Print "0x" prefix for %x formats. Always print 6 digits
722  (microseconds) worth of precision. Fix uid bugs.
723
724- A packet dumper has been added (thanks to Jeff Mogul of DECWRL).
725  With this option, you can create an architecture independent binary
726  trace file in real time, without the overhead of the packet printer.
727  At a later time, the packets can be filtered (again) and printed.
728
729- BSD is supported.  You must have BPF in your kernel.
730  Since the filtering is now done in the kernel, fewer packets are
731  dropped.  In fact, with BPF and the packet dumper option, a measly
732  Sun 3/50 can keep up with a busy network.
733
734- Compressed SLIP packets can now be dumped, provided you use our
735  SLIP software and BPF.  These packets are dumped as any other IP
736  packet; the compressed headers are dumped with the '-e' option.
737
738- Machines with little-endian byte ordering are supported (thanks to
739  Jeff Mogul).
740
741- Ultrix 4.0 is supported (also thanks to Jeff Mogul).
742
743- IBM RT and Stanford Enetfilter support has been added by
744  Rayan Zachariassen <rayan@canet.ca>.  Tcpdump has been tested under
745  both the vanilla Enetfilter interface, and the extended interface
746  (#ifdef'd by IBMRTPC) present in the MERIT version of the Enetfilter.
747
748- TFTP packets are now printed (requests only).
749
750- BOOTP packets are now printed.
751
752- SNMP packets are now printed. (thanks to John LoVerso of Xylogics).
753
754- Sparc architectures, including the Sparcstation-1, are now
755  supported thanks to Steve McCanne and Craig Leres.
756
757- SunOS 4 is now supported thanks to Micky Liu of Columbia
758  University (micky@cunixc.cc.columbia.edu).
759
760- IP options are now printed.
761
762- RIP packets are now printed.
763
764- There's a -v flag that prints out more information than the
765  default (e.g., it will enable printing of IP ttl, tos and id)
766  and -q flag that prints out less (e.g., it will disable
767  interpretation of AppleTalk-in-UDP).
768
769- The grammar has undergone substantial changes (if you have an
770  earlier version of tcpdump, you should re-read the manual
771  entry).
772
773  The most useful change is the addition of an expression
774  syntax that lets you filter on arbitrary fields or values in the
775  packet.  E.g., "ip[0] > 0x45" would print only packets with IP
776  options, "tcp[13] & 3 != 0" would print only TCP SYN and FIN
777  packets.
778
779  The most painful change is that concatenation no longer means
780  "and" -- e.g., you have to say "host foo and port bar" instead
781  of "host foo port bar".  The up side to this down is that
782  repeated qualifiers can be omitted, making most filter
783  expressions shorter.  E.g., you can now say "ip host foo and
784  (bar or baz)" to look at ip traffic between hosts foo and bar or
785  between hosts foo and baz.  [The old way of saying this was "ip
786  host foo and (ip host bar or ip host baz)".]
787
788v2.0 Sun Jan 13 12:20:40 PST 1991
789
790- Initial public release.
791