1$Header: /tcpdump/master/tcpdump/CHANGES,v 1.87.2.11 2005/09/20 06:05:34 guy Exp $ 2 3Mon. September 19, 2005. ken@xelerance.com. Summary for 3.9.4 tcpdump release 4 Decoder support for more Juniper link-layer types 5 Fix a potential buffer overflow (although it can't occur in 6 practice). 7 Fix the handling of unknown management frame types in the 802.11 8 printer. 9 Add FRF.16 support, fix various Frame Relay bugs. 10 Add support for RSVP integrity objects, update fast-reroute 11 object printer to latest spec. 12 Clean up documentation of vlan filter expression, document mpls 13 filter expression. 14 Document new pppoed and pppoes filter expressions. 15 Update diffserver-TE codepoints as per RFC 4124. 16 Spelling fixes in ICMPv6. 17 Don't require any fields other than flags to be present in IS-IS 18 restart signaling TLVs, and only print the system ID in 19 those TLVs as system IDs, not as node IDs. 20 Support for DCCP. 21 22Tue. July 5, 2005. ken@xelerance.com. Summary for 3.9.3 tcpdump release 23 24 Option to chroot() when dropping privs 25 Fixes for compiling on nearly every platform, 26 including improved 64bit support 27 Many new testcases 28 Support for sending packets 29 Many compliation fixes on most platforms 30 Fixes for recent version of GCC to eliminate warnings 31 Improved Unicode support 32 33 Decoders & DLT Changes, Updates and New: 34 AES ESP support 35 Juniper ATM, FRF.15, FRF.16, PPPoE, 36 ML-FR, ML-PIC, ML-PPP, PL-PPP, LS-PIC 37 GGSN,ES,MONITOR,SERVICES 38 L2VPN 39 Axent Raptor/Symantec Firewall 40 TCP-MD5 (RFC 2385) 41 ESP-in-UDP (RFC 3948) 42 ATM OAM 43 LMP, LMP Service Discovery 44 IP over FC 45 IP over IEEE 1394 46 BACnet MS/TP 47 SS7 48 LDP over TCP 49 LACP, MARKER as per 802.3ad 50 PGM (RFC 3208) 51 LSP-PING 52 G.7041/Y.1303 Generic Framing Procedure 53 EIGRP-IP, EIGRP-IPX 54 ICMP6 55 Radio - via radiotap 56 DHCPv6 57 HDLC over PPP 58 59Tue. March 30, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.3 release 60 61 No changes from 3.8.2. Version bumped only to maintain consistency 62 with libpcap 0.8.3. 63 64Mon. March 29, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.2 release 65 66 Fixes for print-isakmp.c CVE: CAN-2004-0183, CAN-2004-0184 67 http://www.rapid7.com/advisories/R7-0017.html 68 IP-over-IEEE1394 printing. 69 some MINGW32 changes. 70 updates for autoconf 2.5 71 fixes for print-aodv.c - check for too short packets 72 formatting changes to print-ascii for hex output. 73 check for too short packets: print-bgp.c, print-bootp.c, print-cdp.c, 74 print-chdlc.c, print-domain.c, print-icmp.c, print-icmp6.c, 75 print-ip.c, print-lwres.c, print-ospf.c, print-pim.c, 76 print-ppp.c,print-pppoe.c, print-rsvp.c, print-wb.c 77 print-ether.c - better handling of unknown types. 78 print-isoclns.c - additional decoding of types. 79 print-llc.c - strings for LLC names added. 80 print-pfloc.c - various enhancements 81 print-radius.c - better decoding to strings. 82 83Wed. November 12, 2003. mcr@sandelman.ottawa.on.ca. Summary for 3.8 release 84 85 changed syntax of -E argument so that multiple SAs can be decrypted 86 fixes for Digital Unix headers and Documentation 87 __attribute__ fixes 88 CDP changes from Terry Kennedy <terry@tmk.com>. 89 IPv6 mobility updates from Kazushi Sugyo <sugyo@pb.jp.nec.com> 90 Fixes for ASN.1 decoder for 2.100.3 forms. 91 Added a count of packets received and processed to clarify numbers. 92 Incorporated WinDUMP patches for Win32 builds. 93 PPPoE payload length headers. 94 Fixes for HP C compiler builds. 95 Use new pcap_breakloop() and pcap_findalldevs() if we can. 96 BGP output split into multiple lines. 97 Fixes to 802.11 decoding. 98 Fixes to PIM decoder. 99 SuperH is a CPU that can't handle unaligned access. Many fixes for 100 unaligned access work. 101 Fixes to Frame-Relay decoder for Q.933/922 frames. 102 Clarified when Solaris can do captures as non-root. 103 Added tests/ subdir for examples/regression tests. 104 New -U flag. -flush stdout after every packet 105 New -A flag -print ascii only 106 support for decoding IS-IS inside Cisco HDLC Frames 107 more verbosity for tftp decoder 108 mDNS decoder 109 new BFD decoder 110 cross compilation patches 111 RFC 3561 AODV support. 112 UDP/TCP pseudo-checksum properly for source-route options. 113 sanitized all files to modified BSD license 114 Add support for RFC 2625 IP-over-Fibre Channel. 115 fixes for DECnet support. 116 Support RFC 2684 bridging of Ethernet, 802.5 Token Ring, and FDDI. 117 RFC 2684 encapsulation of BPDUs. 118 119Tuesday, February 25, 2003. fenner@research.att.com. 3.7.2 release 120 121 Fixed infinite loop when parsing malformed isakmp packets. 122 (reported by iDefense; already fixed in CVS) 123 Fixed infinite loop when parsing malformed BGP packets. 124 Fixed buffer overflow with certain malformed NFS packets. 125 Pretty-print unprintable network names in 802.11 printer. 126 Handle truncated nbp (appletalk) packets. 127 Updated DHCPv6 printer to match draft-ietf-dhc-dhcpv6-22.txt 128 Print IP protocol name even if we don't have a printer for it. 129 Print IP protocol name or number for fragments. 130 Print the whole MPLS label stack, not just the top label. 131 Print request header and file handle for NFS v3 FSINFO and PATHCONF 132 requests. 133 Fix NFS packet truncation checks. 134 Handle "old" DR-Priority and Bidir-Capable PIM HELLO options. 135 Handle unknown RADIUS attributes properly. 136 Fix an ASN.1 parsing error that would cause e.g. the OID 137 2.100.3 to be misrepresented as 4.20.3 . 138 139Monday, January 21, 2002. mcr@sandelman.ottawa.on.ca. Summary for 3.7 release 140see http://www.tcpdump.org/cvs-log/2002-01-21.10:16:48.html for commit log. 141 keyword "ipx" added. 142 Better OSI/802.2 support on Linux. 143 IEEE 802.11 support, from clenahan@fortresstech.com, achirica@ttd.net. 144 LLC SAP support for FDDI/token ring/RFC-1483 style ATM 145 BXXP protocol was replaced by the BEEP protocol; 146 improvements to SNAP demux. 147 Changes to "any" interface documentation. 148 Documentation on pcap_stats() counters. 149 Fix a memory leak found by Miklos Szeredi - pcap_ether_aton(). 150 Added MPLS encapsulation decoding per RFC3032. 151 DNS dissector handles TKEY, TSIG and IXFR. 152 adaptive SLIP interface patch from Igor Khristophorov <igor@atdot.org> 153 SMB printing has much improved bounds checks 154 OUI 0x0000f8 decoded as encapsulated ethernet for Cisco-custom bridging 155 Zephyr support, from Nickolai Zeldovich <kolya@MIT.EDU>. 156 Solaris - devices with digits in them. Stefan Hudson <hudson@mbay.net> 157 IPX socket 0x85be is for Cisco EIGRP over IPX. 158 Improvements to fragmented ESP handling. 159 SCTP support from Armando L. Caro Jr. <acaro@mail.eecis.udel.edu> 160 Linux ARPHDR_ATM support fixed. 161 Added a "netbeui" keyword, which selects NetBEUI packets. 162 IPv6 ND improvements, MobileIP dissector, 2292bis-02 for RA option. 163 Handle ARPHDR_HDLC from Marcus Felipe Pereira <marcus@task.com.br>. 164 Handle IPX socket 0x553 -> NetBIOS-over-IPX socket, "nwlink-dgm" 165 Better Linux libc5 compat. 166 BIND9 lwres dissector added. 167 MIPS and SPARC get strict alignment macros (affects print-bgp.c) 168 Apple LocalTalk LINKTYPE_ reserved. 169 New time stamp formats documented. 170 DHCP6 updated to draft-22.txt spec. 171 ICMP types/codes now accept symbolic names. 172 Add SIGINFO handler from LBL 173 encrypted CIPE tunnels in IRIX, from Franz Schaefer <schaefer@mond.at>. 174 now we are -Wstrict-prototype clean. 175 NetBSD DLT_PPP_ETHER; adapted from Martin Husemann <martin@netbsd.org>. 176 PPPoE dissector cleaned up. 177 Support for LocalTalk hardware, from Uns Lider <unslider@miranda.org>. 178 In dissector, now the caller prints the IP addresses rather than proto. 179 cjclark@alum.mit.edu: print the IP proto for non-initial fragments. 180 LLC frames with a DSAP and LSAP of 0xe0 are IPX frames. 181 Linux cooked frames with a type value of LINUX_SLL_P_802_3 are IPX. 182 captures on the "any" device won't be done in promiscuous mode 183 Token Ring support on DLPI - Onno van der Linden <onno@simplex.nl> 184 ARCNet support, from NetBSD. 185 HSRP dissector, from Julian Cowley <julian@lava.net>. 186 Handle (GRE-encapsulated) PPTP 187 added -C option to rotate save file every optarg * 1,000,000 bytes. 188 support for "vrrp" name - NetBSD, by Klaus Klein <kleink@netbsd.org>. 189 PPTP support, from Motonori Shindo <mshindo@mshindo.net>. 190 IS-IS over PPP support, from Hannes Gredler <hannes@juniper.net>. 191 CNFP support for IPv6,format. Harry Raaymakers <harryr@connect.com.au>. 192 ESP printing updated to RFC2406. 193 HP-UX can now handle large number of PPAs. 194 MSDP printer added. 195 L2TP dissector improvements from Motonori Shindo. 196 197Tuesday January 9, 2001. mcr@sandelman.ottawa.on.ca. Summary for 3.6 release 198 Cleaned up documentation. 199 Promisc mode fixes for Linux 200 IPsec changes/cleanups. 201 Alignment fixes for picky architectures 202 203 Removed dependency on native headers for packet dissectors. 204 Removed Linux specific headers that were shipped 205 206 libpcap changes provide for exchanging capture files between 207 systems. Save files now have well known PACKET_ values instead of 208 depending upon system dependant mappings of DLT_* types. 209 210 Support for computing/checking IP and UDP/TCP checksums. 211 212 Updated autoconf stock files. 213 214 IPv6 improvements: dhcp (draft-15), mobile-ip6, ppp, ospf6, 215 216 Added dissector support for: ISOCLNS, Token Ring, IGMPv3, bxxp, 217 timed, vrrp, radius, chdlc, cnfp, cdp, IEEE802.1d, raw-AppleTalk 218 219 Added filtering support for: VLANs, ESIS, ISIS 220 221 Improvements to: print-telnet, IPTalk, bootp/dhcp, ECN, PPP, 222 L2TP, PPPoE 223 224 HP-UX 11.0 -- find the right dlpi device. 225 Solaris 8 - IPv6 works 226 Linux - Added support for an "any" device to capture on all interfaces 227 228 Security fixes: buffer overrun audit done. Strcpy replaced with 229 strlcpy, sprintf replaced with snprintf. 230 Look for lex problems, and warn about them. 231 232 233v3.5 Fri Jan 28 18:00:00 PST 2000 234 235Bill Fenner <fenner@research.att.com> 236- switch to config.h for autoconf 237- unify RCSID strings 238- Updated PIMv1, PIMv2, DVMRP, IGMP parsers, add Cisco Auto-RP parser 239- Really fix the RIP printer 240- Fix MAC address -> name translation. 241- some -Wall -Wformat fixes 242- update makemib to parse much of SMIv2 243- Print TCP sequence # with -vv even if you normally wouldn't 244- Print as much of IP/TCP/UDP headers as possible even if truncated. 245 246itojun@iijlab.net 247- -X will make a ascii dump. from netbsd. 248- telnet command sequence decoder (ff xx xx). from netbsd. 249- print-bgp.c: improve options printing. ugly code exists for 250 unaligned option parsing (need some fix). 251- const poisoning in SMB decoder. 252- -Wall -Werror clean checks. 253- bring in KAME IPv6/IPsec decoding code. 254 255Assar Westerlund <assar@sics.se> 256- SNMPv2 and SNMPv3 printer 257- If compiled with libsmi, tcpdump can load MIBs on the fly to decode 258 SNMP packets. 259- Incorporate NFS parsing code from NetBSD. Adds support for nfsv3. 260- portability fixes 261- permit building in different directories. 262 263Ken Hornstein <kenh@cmf.nrl.navy.mil> 264- bring in code at 265 /afs/transarc.com/public/afs-contrib/tools/tcpdump for parsing 266 AFS3 packets 267 268Andrew Tridgell <tridge@linuxcare.com> 269- SMB printing code 270 271Love <lha@stacken.kth.se> 272- print-rx.c: add code for printing MakeDir and StoreStatus. Also 273 change date format to the right one. 274 275Michael C. Richardson <mcr@sandelman.ottawa.on.ca> 276- Created tcpdump.org repository 277 278v3.4 Sat Jul 25 12:40:55 PDT 1998 279 280- Hardwire Linux slip support since it's too hard to detect. 281 282- Redo configuration of "network" libraries (-lsocket and -lnsl) to 283 deal with IRIX. Thanks to John Hawkinson (jhawk@mit.edu) 284 285- Added -a which tries to translate network and broadcast addresses to 286 names. Suggested by Rob van Nieuwkerk (robn@verdi.et.tudelft.nl) 287 288- Added a configure option to disable gcc. 289 290- Added a "raw" packet printer. 291 292- Not having an interface address is no longer fatal. Requested by John 293 Hawkinson. 294 295- Rework signal setup to accommodate Linux. 296 297- OSPF truncation check fix. Also display the type of OSPF packets 298 using MD5 authentication. Thanks to Brian Wellington 299 (bwelling@tis.com) 300 301- Fix truncation check bugs in the Kerberos printer. Reported by Ezra 302 Peisach (epeisach@mit.edu) 303 304- Don't catch SIGHUP when invoked with nohup(1). Thanks to Dave Plonka 305 (plonka@mfa.com) 306 307- Specify full install target as a way of detecting if install 308 directory does not exist. Thanks to Dave Plonka. 309 310- Bit-swap FDDI addresses for BSD/OS too. Thanks to Paul Vixie 311 (paul@vix.com) 312 313- Fix off-by-one bug when testing size of ethernet packets. Thanks to 314 Marty Leisner (leisner@sdsp.mc.xerox.com) 315 316- Add a local autoconf macro to check for routines in libraries; the 317 autoconf version is broken (it only puts the library name in the 318 cache variable name). Thanks to John Hawkinson. 319 320- Add a local autoconf macro to check for types; the autoconf version 321 is broken (it uses grep instead of actually compiling a code fragment). 322 323- Modified to support the new BSD/OS 2.1 PPP and SLIP link layer header 324 formats. 325 326- Extend OSF ip header workaround to versions 1 and 2. 327 328- Fix some signed problems in the nfs printer. As reported by David 329 Sacerdote (davids@silence.secnet.com) 330 331- Detect group wheel and use it as the default since BSD/OS' install 332 can't hack numeric groups. Reported by David Sacerdote. 333 334- AIX needs special loader options. Thanks to Jonathan I. Kamens 335 (jik@cam.ov.com) 336 337- Fixed the nfs printer to print port numbers in decimal. Thanks to 338 Kent Vander Velden (graphix@iastate.edu) 339 340- Find installed libpcap in /usr/local/lib when not using gcc. 341 342- Disallow network masks with non-network bits set. 343 344- Attempt to detect "egcs" versions of gcc. 345 346- Add missing closing double quotes when displaying bootp strings. 347 Reported by Viet-Trung Luu (vluu@picard.math.uwaterloo.ca) 348 349v3.3 Sat Nov 30 20:56:27 PST 1996 350 351- Added Linux support. 352 353- GRE encapsulated packet printer thanks to John Hawkinson 354 (jhawk@mit.edu) 355 356- Rewrite gmt2local() to avoid problematic os dependencies. 357 358- Suppress nfs truncation message on errors. 359 360- Add missing m4 quoting in AC_LBL_UNALIGNED_ACCESS autoconf macro. 361 Reported by Joachim Ott (ott@ardala.han.de) 362 363- Enable "ip_hl vs. ip_vhl" workaround for OSF4 too. 364 365- Print arp hardware type in host order. Thanks to Onno van der Linden 366 (onno@simplex.nl) 367 368- Avoid solaris compiler warnings. Thanks to Bruce Barnett 369 (barnett@grymoire.crd.ge.com) 370 371- Fix rip printer to not print one more route than is actually in the 372 packet. Thanks to Jean-Luc Richier (Jean-Luc.Richier@imag.fr) and 373 Bill Fenner (fenner@parc.xerox.com) 374 375- Use autoconf endian detection since BYTE_ORDER isn't defined on all systems. 376 377- Fix dvmrp printer truncation checks and add a dvmrp probe printer. 378 Thanks to Danny J. Mitzel (mitzel@ipsilon.com) 379 380- Rewrite ospf printer to improve truncation checks. 381 382- Don't parse tcp options past the EOL. As noted by David Sacerdote 383 (davids@secnet.com). Also, check tcp options to make sure they ar 384 actually in the tcp header (in addition to the normal truncation 385 checks). Fix the SACK code to print the N blocks (instead of the 386 first block N times). 387 388- Don't say really small UDP packets are truncated just because they 389 aren't big enough to be a RPC. As noted by David Sacerdote. 390 391v3.2.1 Sun Jul 14 03:02:26 PDT 1996 392 393- Added rfc1716 icmp codes as suggested by Martin Fredriksson 394 (martin@msp.se) 395 396- Print mtu for icmp unreach need frag packets. Thanks to John 397 Hawkinson (jhawk@mit.edu) 398 399- Decode icmp router discovery messages. Thanks to Jeffrey Honig 400 (jch@bsdi.com) 401 402- Added a printer entry for DLT_IEEE802 as suggested by Tak Kushida 403 (kushida@trl.ibm.co.jp) 404 405- Check igmp checksum if possible. Thanks to John Hawkinson. 406 407- Made changes for SINIX. Thanks to Andrej Borsenkow 408 (borsenkow.msk@sni.de) 409 410- Use autoconf's idea of the top level directory in install targets. 411 Thanks to John Hawkinson. 412 413- Avoid infinite loop in tcp options printing code. Thanks to Jeffrey 414 Mogul (mogul@pa.dec.com) 415 416- Avoid using -lsocket in IRIX 5.2 and earlier since it breaks snoop. 417 Thanks to John Hawkinson. 418 419- Added some more packet truncation checks. 420 421- On systems that have it, use sigset() instead of signal() since 422 signal() has different semantics on these systems. 423 424- Fixed some more alignment problems on the alpha. 425 426- Add code to massage unprintable characters in the domain and ipx 427 printers. Thanks to John Hawkinson. 428 429- Added explicit netmask support. Thanks to Steve Nuchia 430 (steve@research.oknet.com) 431 432- Add "sca" keyword (for DEC cluster services) as suggested by Terry 433 Kennedy (terry@spcvxa.spc.edu) 434 435- Add "atalk" keyword as suggested by John Hawkinson. 436 437- Added an igrp printer. Thanks to Francis Dupont 438 (francis.dupont@inria.fr) 439 440- Print IPX net numbers in hex a la Novell Netware. Thanks to Terry 441 Kennedy (terry@spcvxa.spc.edu) 442 443- Fixed snmp extended tag field parsing bug. Thanks to Pascal Hennequin 444 (pascal.hennequin@hugo.int-evry.fr) 445 446- Added some ETHERTYPEs missing on some systems. 447 448- Added truncated packet macros and various checks. 449 450- Fixed endian problems with the DECnet printer. 451 452- Use $CC when checking gcc version. Thanks to Carl Lindberg 453 (carl_lindberg@blacksmith.com) 454 455- Fixes for AIX (although this system is not yet supported). Thanks to 456 John Hawkinson. 457 458- Fix bugs in the autoconf misaligned accesses code fragment. 459 460- Include sys/param.h to get BYTE_ORDER in a few places. Thanks to 461 Pavlin Ivanov Radoslavov (pavlin@cs.titech.ac.jp) 462 463v3.2 Sun Jun 23 02:28:10 PDT 1996 464 465- Print new icmp unreachable codes as suggested by Martin Fredriksson 466 (martin@msp.se). Also print code value when unknown for icmp redirect 467 and time exceeded. 468 469- Fix an alignment endian bug in getname(). Thanks to John Hawkinson. 470 471- Define "new" domain record types if not found in arpa/nameserv.h. 472 Resulted from a suggestion from John Hawkinson (jhawk@mit.edu). Also 473 fixed an endian bug when printing mx record and added some new record 474 types. 475 476- Added RIP V2 support. Thanks to Jeffrey Honig (jch@bsdi.com) 477 478- Added T/TCP options printing. As suggested by Richard Stevens 479 (rstevens@noao.edu) 480 481- Use autoconf to detect architectures that can't handle misaligned 482 accesses. 483 484v3.1 Thu Jun 13 20:59:32 PDT 1996 485 486- Changed u_int32/int32 to u_int32_t/int32_t to be consistent with bsd 487 and bind (as suggested by Charles Hannum). 488 489- Port to GNU autoconf. 490 491- Add support for printing DVMRP and PIM traffic thanks to 492 Havard Eidnes (Havard.Eidnes@runit.sintef.no). 493 494- Fix AppleTalk, IPX and DECnet byte order problems due to wrong endian 495 define being referenced. Reported by Terry Kennedy. 496 497- Minor fixes to the man page thanks to Mark Andrews. 498 499- Endian fixes to RTP and vat packet dumpers, thanks to Bruce Mah 500 (bmah@cs.berkeley.edu). 501 502- Added support for new dns types, thanks to Rainer Orth. 503 504- Fixed tftp_print() to print the block number for ACKs. 505 506- Document -dd and -ddd. Resulted from a bug report from Charlie Slater 507 (cslater@imatek.com). 508 509- Check return status from malloc/calloc/etc. 510 511- Check return status from pcap_loop() so we can print an error and 512 exit with a bad status if there were problems. 513 514- Bail if ip option length is <= 0. Resulted from a bug report from 515 Darren Reed (darrenr@vitruvius.arbld.unimelb.edu.au). 516 517- Print out a little more information for sun rpc packets. 518 519- Add suport for Kerberos 4 thanks to John Hawkinson (jhawk@mit.edu). 520 521- Fixed the Fix EXTRACT_SHORT() and EXTRACT_LONG() macros (which were 522 wrong on little endian machines). 523 524- Fixed alignment bug in ipx_decode(). Thanks to Matt Crawford 525 (crawdad@fnal.gov). 526 527- Fix ntp_print() to not print garbage when the stratum is 528 "unspecified." Thanks to Deus Ex Machina (root@belle.bork.com). 529 530- Rewrote tcp options printer code to check for truncation. Added 531 selective acknowledgment case. 532 533- Fixed an endian bug in the ospf printer. Thanks to Jeffrey C Honig 534 (jch@bsdi.com) 535 536- Fix rip printer to handle 4.4 BSD sockaddr struct which only uses one 537 octet for the sa_family member. Thanks to Yoshitaka Tokugawa 538 (toku@dit.co.jp) 539 540- Don't checksum ip header if we don't have all of it. Thanks to John 541 Hawkinson (jhawk@mit.edu). 542 543- Print out hostnames if possible in egp printer. Thanks to Jeffrey 544 Honig (jhc@bsdi.com) 545 546 547v3.1a1 Wed May 3 19:21:11 PDT 1995 548 549- Include time.h when SVR4 is defined to avoid problems under Solaris 550 2.3. 551 552- Fix etheraddr_string() in the ETHER_SERVICE to return the saved 553 strings, not the local buffer. Thanks to Stefan Petri 554 (petri@ibr.cs.tu-bs.de). 555 556- Detect when pcap raises the snaplen (e.g. with snit). Print a warning 557 that the selected value was not used. Thanks to Pascal Hennequin 558 (Pascal.Hennequin@hugo.int-evry.fr). 559 560- Add a truncated packet test to print-nfs.c. Thanks to Pascal Hennequin. 561 562- BYTEORDER -> BYTE_ORDER Thanks to Terry Kennedy (terry@spcvxa.spc.edu). 563 564v3.0.3 Sun Oct 1 18:35:00 GMT 1995 565 566- Although there never was a 3.0.3 release, the linux boys cleverly 567 "released" one in late 1995. 568 569v3.0.2 Thu Apr 20 21:28:16 PDT 1995 570 571- Change configuration to not use gcc v2 flags with gcc v1. 572 573- Redo gmt2local() so that it works under BSDI (which seems to return 574 an empty timezone struct from gettimeofday()). Based on report from 575 Terry Kennedy (terry@spcvxa.spc.edu). 576 577- Change configure to recognize IP[0-9]* as "mips" SGI hardware. Based 578 on report from Mark Andrews (mandrews@alias.com). 579 580- Don't pass cc flags to gcc. Resulted from a bug report from Rainer 581 Orth (ro@techfak.uni-bielefeld.de). 582 583- Fixed printout of connection id for uncompressed tcp slip packets. 584 Resulted from a bug report from Richard Stevens (rstevens@noao.edu). 585 586- Hack around deficiency in Ultrix's make. 587 588- Add ETHERTYPE_TRAIL define which is missing from irix5. 589 590v3.0.1 Wed Aug 31 22:42:26 PDT 1994 591 592- Fix problems with gcc2 vs. malloc() and read() prototypes under SunOS 4. 593 594v3.0 Mon Jun 20 19:23:27 PDT 1994 595 596- Added support for printing tcp option timestamps thanks to 597 Mark Andrews (mandrews@alias.com). 598 599- Reorganize protocol dumpers to take const pointers to packets so they 600 never change the contents (i.e., they used to do endian conversions 601 in place). Previously, whenever more than one pass was taken over 602 the packet, the packet contents would be dumped incorrectly (i.e., 603 the output form -x would be wrong on little endian machines because 604 the protocol dumpers would modify the data). Thanks to Charles Hannum 605 (mycroft@gnu.ai.mit.edu) for reporting this problem. 606 607- Added support for decnet protocol dumping thanks to Jeff Mogul 608 (mogul@pa.dec.com). 609 610- Fix bug that caused length of packet to be incorrectly printed 611 (off by ether header size) for unknown ethernet types thanks 612 to Greg Miller (gmiller@kayak.mitre.org). 613 614- Added support for IPX protocol dumping thanks to Brad Parker 615 (brad@fcr.com). 616 617- Added check to verify IP header checksum under -v thanks to 618 Brad Parker (brad@fcr.com). 619 620- Move packet capture code to new libpcap library (which is 621 packaged separately). 622 623- Prototype everything and assume an ansi compiler. 624 625- print-arp.c: Print hardware ethernet addresses if they're not 626 what we expect. 627 628- print-bootp.c: Decode the cmu vendor field. Add RFC1497 tags. 629 Many helpful suggestions from Gordon Ross (gwr@jericho.mc.com). 630 631- print-fddi.c: Improvements. Thanks to Jeffrey Mogul 632 (mogul@pa.dec.com). 633 634- print-icmp.c: Byte swap netmask before printing. Thanks to 635 Richard Stevens (rstevens@noao.edu). Print icmp type when unknown. 636 637- print-ip.c: Print the inner ip datagram of ip-in-ip encapsulated packets. 638 By default, only the inner packet is dumped, appended with the token 639 "(encap)". Under -v, both the inner and output packets are dumped 640 (on the same line). Note that the filter applies to the original packet, 641 not the encapsulated packet. So if you run tcpdump on a net with an 642 IP Multicast tunnel, you cannot filter out the datagrams using the 643 conventional syntax. (You can filter away all the ip-in-ip traffic 644 with "not ip proto 4".) 645 646- print-nfs.c: Keep pending rpc's in circular table. Add generic 647 nfs header and remove os dependences. Thanks to Jeffrey Mogul. 648 649- print-ospf.c: Improvements. Thanks to Jeffrey Mogul. 650 651- tcpdump.c: Add -T flag allows interpretation of "vat", "wb", "rpc" 652 (sunrpc) and rtp packets. Added "inbound" and "outbound" keywords 653 Add && and || operators 654 655v2.2.1 Tue Jun 6 17:57:22 PDT 1992 656 657- Fix bug with -c flag. 658 659v2.2 Fri May 22 17:19:41 PDT 1992 660 661- savefile.c: Remove hack that shouldn't have been exported. Add 662 truncate checks. 663 664- Added the 'icmp' keyword. For example, 'icmp[0] != 8 and icmp[0] != 0' 665 matches non-echo/reply ICMP packets. 666 667- Many improvements to filter code optimizer. 668 669- Added 'multicast' keyword and extended the 'broadcast' keyword can now be 670 so that protocol qualifications are allowed. For example, "ip broadcast" 671 and "ether multicast" are valid filters. 672 673- Added support for monitoring the loopback interface (i.e. 'tcpdump -i lo'). 674 Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) contributed the kernel 675 patches to netinet/if_loop.c. 676 677- Added support for the Ungermann-Bass Ethernet on IBM/PC-RTs running AOS. 678 Contact Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) for the diffs. 679 680- Added EGP and OSPF printers, thanks to Jeffrey Honig. 681 682v2.1 Tue Jan 28 11:00:14 PST 1992 683 684- Internal release (never publically exported). 685 686v2.0.1 Sun Jan 26 21:10:10 PDT 687 688- Various byte ordering fixes. 689 690- Add truncation checks. 691 692- inet.c: Support BSD style SIOCGIFCONF. 693 694- nametoaddr.c: Handle multi addresses for single host. 695 696- optimize.c: Rewritten. 697 698- pcap-bpf.c: don't choke when we get ptraced. only set promiscuous 699 for broadcast nets. 700 701- print-atal.c: Fix an alignment bug (thanks to 702 stanonik@nprdc.navy.mil) Add missing printf() argument. 703 704- print-bootp.c: First attempt at decoding the vendor buffer. 705 706- print-domain.c: Fix truncation checks. 707 708- print-icmp.c: Calculate length of packets from the ip header. 709 710- print-ip.c: Print frag id in decimal (so it's easier to match up 711 with non-frags). Add support for ospf, egp and igmp. 712 713- print-nfs.c: Lots of changes. 714 715- print-ntp.c: Make some verbose output depend on -v. 716 717- print-snmp.c: New version from John LoVerso. 718 719- print-tcp.c: Print rfc1072 tcp options. 720 721- tcpdump.c: Print "0x" prefix for %x formats. Always print 6 digits 722 (microseconds) worth of precision. Fix uid bugs. 723 724- A packet dumper has been added (thanks to Jeff Mogul of DECWRL). 725 With this option, you can create an architecture independent binary 726 trace file in real time, without the overhead of the packet printer. 727 At a later time, the packets can be filtered (again) and printed. 728 729- BSD is supported. You must have BPF in your kernel. 730 Since the filtering is now done in the kernel, fewer packets are 731 dropped. In fact, with BPF and the packet dumper option, a measly 732 Sun 3/50 can keep up with a busy network. 733 734- Compressed SLIP packets can now be dumped, provided you use our 735 SLIP software and BPF. These packets are dumped as any other IP 736 packet; the compressed headers are dumped with the '-e' option. 737 738- Machines with little-endian byte ordering are supported (thanks to 739 Jeff Mogul). 740 741- Ultrix 4.0 is supported (also thanks to Jeff Mogul). 742 743- IBM RT and Stanford Enetfilter support has been added by 744 Rayan Zachariassen <rayan@canet.ca>. Tcpdump has been tested under 745 both the vanilla Enetfilter interface, and the extended interface 746 (#ifdef'd by IBMRTPC) present in the MERIT version of the Enetfilter. 747 748- TFTP packets are now printed (requests only). 749 750- BOOTP packets are now printed. 751 752- SNMP packets are now printed. (thanks to John LoVerso of Xylogics). 753 754- Sparc architectures, including the Sparcstation-1, are now 755 supported thanks to Steve McCanne and Craig Leres. 756 757- SunOS 4 is now supported thanks to Micky Liu of Columbia 758 University (micky@cunixc.cc.columbia.edu). 759 760- IP options are now printed. 761 762- RIP packets are now printed. 763 764- There's a -v flag that prints out more information than the 765 default (e.g., it will enable printing of IP ttl, tos and id) 766 and -q flag that prints out less (e.g., it will disable 767 interpretation of AppleTalk-in-UDP). 768 769- The grammar has undergone substantial changes (if you have an 770 earlier version of tcpdump, you should re-read the manual 771 entry). 772 773 The most useful change is the addition of an expression 774 syntax that lets you filter on arbitrary fields or values in the 775 packet. E.g., "ip[0] > 0x45" would print only packets with IP 776 options, "tcp[13] & 3 != 0" would print only TCP SYN and FIN 777 packets. 778 779 The most painful change is that concatenation no longer means 780 "and" -- e.g., you have to say "host foo and port bar" instead 781 of "host foo port bar". The up side to this down is that 782 repeated qualifiers can be omitted, making most filter 783 expressions shorter. E.g., you can now say "ip host foo and 784 (bar or baz)" to look at ip traffic between hosts foo and bar or 785 between hosts foo and baz. [The old way of saying this was "ip 786 host foo and (ip host bar or ip host baz)".] 787 788v2.0 Sun Jan 13 12:20:40 PST 1991 789 790- Initial public release. 791