xref: /freebsd/contrib/tcpdump/CHANGES (revision 09e8dea79366f1e5b3a73e8a271b26e4b6bf2e6a) 
1$Header: /tcpdump/master/tcpdump/CHANGES,v 1.81 2002/01/21 11:03:33 mcr Exp $
2
3Monday, January 21, 2002. mcr@sandelman.ottawa.on.ca. Summary for 3.7 release
4see http://www.tcpdump.org/cvs-log/2002-01-21.10:16:48.html for commit log.
5	keyword "ipx" added.
6	Better OSI/802.2 support on Linux.
7	IEEE 802.11 support, from clenahan@fortresstech.com, achirica@ttd.net.
8	LLC SAP support for FDDI/token ring/RFC-1483 style ATM
9	BXXP protocol was replaced by the BEEP protocol;
10	improvements to SNAP demux.
11	Changes to "any" interface documentation.
12	Documentation on pcap_stats() counters.
13	Fix a memory leak found by Miklos Szeredi - pcap_ether_aton().
14	Added MPLS encapsulation decoding per RFC3032.
15	DNS dissector handles TKEY, TSIG and IXFR.
16	adaptive SLIP interface patch from Igor Khristophorov <igor@atdot.org>
17	SMB printing has much improved bounds checks
18	OUI 0x0000f8 decoded as encapsulated ethernet for Cisco-custom bridging
19	Zephyr support, from Nickolai Zeldovich <kolya@MIT.EDU>.
20	Solaris - devices with digits in them. Stefan Hudson <hudson@mbay.net>
21	IPX socket 0x85be is for Cisco EIGRP over IPX.
22	Improvements to fragmented ESP handling.
23	SCTP support from Armando L. Caro Jr. <acaro@mail.eecis.udel.edu>
24	Linux ARPHDR_ATM support fixed.
25	Added a "netbeui" keyword, which selects NetBEUI packets.
26	IPv6 ND improvements, MobileIP dissector, 2292bis-02 for RA option.
27	Handle ARPHDR_HDLC from Marcus Felipe Pereira <marcus@task.com.br>.
28	Handle IPX socket 0x553 -> NetBIOS-over-IPX socket, "nwlink-dgm"
29	Better Linux libc5 compat.
30	BIND9 lwres dissector added.
31	MIPS and SPARC get strict alignment macros (affects print-bgp.c)
32	Apple LocalTalk LINKTYPE_ reserved.
33	New time stamp formats documented.
34	DHCP6 updated to draft-22.txt spec.
35	ICMP types/codes now accept symbolic names.
36	Add SIGINFO handler from LBL
37	encrypted CIPE tunnels in IRIX, from Franz Schaefer <schaefer@mond.at>.
38	now we are -Wstrict-prototype clean.
39	NetBSD DLT_PPP_ETHER; adapted from Martin Husemann <martin@netbsd.org>.
40	PPPoE dissector cleaned up.
41	Support for LocalTalk hardware, from Uns Lider <unslider@miranda.org>.
42	In dissector, now the caller prints the IP addresses rather than proto.
43	cjclark@alum.mit.edu: print the IP proto for non-initial fragments.
44	LLC frames with a DSAP and LSAP of 0xe0 are IPX frames.
45	Linux cooked frames with a type value of LINUX_SLL_P_802_3 are IPX.
46	captures on the "any" device won't be done in promiscuous mode
47	Token Ring support on DLPI - Onno van der Linden <onno@simplex.nl>
48	ARCNet support, from NetBSD.
49	HSRP dissector, from Julian Cowley <julian@lava.net>.
50	Handle (GRE-encapsulated) PPTP
51	added -C option to rotate save file every optarg * 1,000,000 bytes.
52	support for "vrrp" name - NetBSD, by Klaus Klein <kleink@netbsd.org>.
53	PPTP support, from Motonori Shindo <mshindo@mshindo.net>.
54	IS-IS over PPP support, from Hannes Gredler <hannes@juniper.net>.
55	CNFP support for IPv6,format. Harry Raaymakers <harryr@connect.com.au>.
56	ESP printing updated to RFC2406.
57	HP-UX can now handle large number of PPAs.
58	MSDP printer added.
59	L2TP dissector improvements from Motonori Shindo.
60
61Tuesday January 9, 2001. mcr@sandelman.ottawa.on.ca. Summary for 3.6 release
62	Cleaned up documentation.
63	Promisc mode fixes for Linux
64	IPsec changes/cleanups.
65	Alignment fixes for picky architectures
66
67	Removed dependency on native headers for packet dissectors.
68	Removed Linux specific headers that were shipped
69
70	libpcap changes provide for exchanging capture files between
71	  systems. Save files now have well known PACKET_ values instead of
72	  depending upon system dependant mappings of DLT_* types.
73
74	Support for computing/checking IP and UDP/TCP checksums.
75
76	Updated autoconf stock files.
77
78	IPv6 improvements: dhcp (draft-15), mobile-ip6, ppp, ospf6,
79
80	Added dissector support for: ISOCLNS, Token Ring, IGMPv3, bxxp,
81		timed, vrrp, radius, chdlc, cnfp, cdp, IEEE802.1d, raw-AppleTalk
82
83	Added filtering support for: VLANs, ESIS, ISIS
84
85	Improvements to: print-telnet, IPTalk, bootp/dhcp, ECN, PPP,
86		L2TP, PPPoE
87
88	HP-UX 11.0 -- find the right dlpi device.
89	Solaris 8 - IPv6 works
90	Linux - Added support for an "any" device to capture on all interfaces
91
92	Security fixes: buffer overrun audit done. Strcpy replaced with
93		strlcpy, sprintf replaced with snprintf.
94	Look for lex problems, and warn about them.
95
96
97v3.5 Fri Jan 28 18:00:00 PST 2000
98
99Bill Fenner <fenner@research.att.com>
100- switch to config.h for autoconf
101- unify RCSID strings
102- Updated PIMv1, PIMv2, DVMRP, IGMP parsers, add Cisco Auto-RP parser
103- Really fix the RIP printer
104- Fix MAC address -> name translation.
105- some -Wall -Wformat fixes
106- update makemib to parse much of SMIv2
107- Print TCP sequence # with -vv even if you normally wouldn't
108- Print as much of IP/TCP/UDP headers as possible even if truncated.
109
110itojun@iijlab.net
111- -X will make a ascii dump.  from netbsd.
112- telnet command sequence decoder (ff xx xx).  from netbsd.
113- print-bgp.c: improve options printing.  ugly code exists for
114  unaligned option parsing (need some fix).
115- const poisoning in SMB decoder.
116- -Wall -Werror clean checks.
117- bring in KAME IPv6/IPsec decoding code.
118
119Assar Westerlund  <assar@sics.se>
120- SNMPv2 and SNMPv3 printer
121- If compiled with libsmi, tcpdump can load MIBs on the fly to decode
122  SNMP packets.
123- Incorporate NFS parsing code from NetBSD.  Adds support for nfsv3.
124- portability fixes
125- permit building in different directories.
126
127Ken Hornstein <kenh@cmf.nrl.navy.mil>
128- bring in code at
129  /afs/transarc.com/public/afs-contrib/tools/tcpdump for parsing
130  AFS3 packets
131
132Andrew Tridgell <tridge@linuxcare.com>
133- SMB printing code
134
135Love <lha@stacken.kth.se>
136- print-rx.c: add code for printing MakeDir and StoreStatus.  Also
137  change date format to the right one.
138
139Michael C. Richardson  <mcr@sandelman.ottawa.on.ca>
140- Created tcpdump.org repository
141
142v3.4 Sat Jul 25 12:40:55 PDT 1998
143
144- Hardwire Linux slip support since it's too hard to detect.
145
146- Redo configuration of "network" libraries (-lsocket and -lnsl) to
147  deal with IRIX. Thanks to John Hawkinson (jhawk@mit.edu)
148
149- Added -a which tries to translate network and broadcast addresses to
150  names. Suggested by Rob van Nieuwkerk (robn@verdi.et.tudelft.nl)
151
152- Added a configure option to disable gcc.
153
154- Added a "raw" packet printer.
155
156- Not having an interface address is no longer fatal. Requested by John
157  Hawkinson.
158
159- Rework signal setup to accommodate Linux.
160
161- OSPF truncation check fix. Also display the type of OSPF packets
162  using MD5 authentication. Thanks to Brian Wellington
163  (bwelling@tis.com)
164
165- Fix truncation check bugs in the Kerberos printer. Reported by Ezra
166  Peisach (epeisach@mit.edu)
167
168- Don't catch SIGHUP when invoked with nohup(1). Thanks to Dave Plonka
169  (plonka@mfa.com)
170
171- Specify full install target as a way of detecting if install
172  directory does not exist. Thanks to Dave Plonka.
173
174- Bit-swap FDDI addresses for BSD/OS too. Thanks to Paul Vixie
175  (paul@vix.com)
176
177- Fix off-by-one bug when testing size of ethernet packets. Thanks to
178  Marty Leisner (leisner@sdsp.mc.xerox.com)
179
180- Add a local autoconf macro to check for routines in libraries; the
181  autoconf version is broken (it only puts the library name in the
182  cache variable name). Thanks to John Hawkinson.
183
184- Add a local autoconf macro to check for types; the autoconf version
185  is broken (it uses grep instead of actually compiling a code fragment).
186
187- Modified to support the new BSD/OS 2.1 PPP and SLIP link layer header
188  formats.
189
190- Extend OSF ip header workaround to versions 1 and 2.
191
192- Fix some signed problems in the nfs printer. As reported by David
193  Sacerdote (davids@silence.secnet.com)
194
195- Detect group wheel and use it as the default since BSD/OS' install
196  can't hack numeric groups. Reported by David Sacerdote.
197
198- AIX needs special loader options. Thanks to Jonathan I. Kamens
199  (jik@cam.ov.com)
200
201- Fixed the nfs printer to print port numbers in decimal. Thanks to
202  Kent Vander Velden (graphix@iastate.edu)
203
204- Find installed libpcap in /usr/local/lib when not using gcc.
205
206- Disallow network masks with non-network bits set.
207
208- Attempt to detect "egcs" versions of gcc.
209
210- Add missing closing double quotes when displaying bootp strings.
211  Reported by Viet-Trung Luu (vluu@picard.math.uwaterloo.ca)
212
213v3.3 Sat Nov 30 20:56:27 PST 1996
214
215- Added Linux support.
216
217- GRE encapsulated packet printer thanks to John Hawkinson
218  (jhawk@mit.edu)
219
220- Rewrite gmt2local() to avoid problematic os dependencies.
221
222- Suppress nfs truncation message on errors.
223
224- Add missing m4 quoting in AC_LBL_UNALIGNED_ACCESS autoconf macro.
225  Reported by Joachim Ott (ott@ardala.han.de)
226
227- Enable "ip_hl vs. ip_vhl" workaround for OSF4 too.
228
229- Print arp hardware type in host order. Thanks to Onno van der Linden
230  (onno@simplex.nl)
231
232- Avoid solaris compiler warnings. Thanks to Bruce Barnett
233  (barnett@grymoire.crd.ge.com)
234
235- Fix rip printer to not print one more route than is actually in the
236  packet. Thanks to Jean-Luc Richier (Jean-Luc.Richier@imag.fr) and
237  Bill Fenner (fenner@parc.xerox.com)
238
239- Use autoconf endian detection since BYTE_ORDER isn't defined on all systems.
240
241- Fix dvmrp printer truncation checks and add a dvmrp probe printer.
242  Thanks to Danny J. Mitzel (mitzel@ipsilon.com)
243
244- Rewrite ospf printer to improve truncation checks.
245
246- Don't parse tcp options past the EOL. As noted by David Sacerdote
247  (davids@secnet.com). Also, check tcp options to make sure they ar
248  actually in the tcp header (in addition to the normal truncation
249  checks). Fix the SACK code to print the N blocks (instead of the
250  first block N times).
251
252- Don't say really small UDP packets are truncated just because they
253  aren't big enough to be a RPC. As noted by David Sacerdote.
254
255v3.2.1 Sun Jul 14 03:02:26 PDT 1996
256
257- Added rfc1716 icmp codes as suggested by Martin Fredriksson
258  (martin@msp.se)
259
260- Print mtu for icmp unreach need frag packets. Thanks to John
261  Hawkinson (jhawk@mit.edu)
262
263- Decode icmp router discovery messages. Thanks to Jeffrey Honig
264  (jch@bsdi.com)
265
266- Added a printer entry for DLT_IEEE802 as suggested by Tak Kushida
267  (kushida@trl.ibm.co.jp)
268
269- Check igmp checksum if possible. Thanks to John Hawkinson.
270
271- Made changes for SINIX. Thanks to Andrej Borsenkow
272  (borsenkow.msk@sni.de)
273
274- Use autoconf's idea of the top level directory in install targets.
275  Thanks to John Hawkinson.
276
277- Avoid infinite loop in tcp options printing code. Thanks to Jeffrey
278  Mogul (mogul@pa.dec.com)
279
280- Avoid using -lsocket in IRIX 5.2 and earlier since it breaks snoop.
281  Thanks to John Hawkinson.
282
283- Added some more packet truncation checks.
284
285- On systems that have it, use sigset() instead of signal() since
286  signal() has different semantics on these systems.
287
288- Fixed some more alignment problems on the alpha.
289
290- Add code to massage unprintable characters in the domain and ipx
291  printers. Thanks to John Hawkinson.
292
293- Added explicit netmask support. Thanks to Steve Nuchia
294  (steve@research.oknet.com)
295
296- Add "sca" keyword (for DEC cluster services) as suggested by Terry
297  Kennedy (terry@spcvxa.spc.edu)
298
299- Add "atalk" keyword as suggested by John Hawkinson.
300
301- Added an igrp printer. Thanks to Francis Dupont
302  (francis.dupont@inria.fr)
303
304- Print IPX net numbers in hex a la Novell Netware. Thanks to Terry
305  Kennedy (terry@spcvxa.spc.edu)
306
307- Fixed snmp extended tag field parsing bug. Thanks to Pascal Hennequin
308  (pascal.hennequin@hugo.int-evry.fr)
309
310- Added some ETHERTYPEs missing on some systems.
311
312- Added truncated packet macros and various checks.
313
314- Fixed endian problems with the DECnet printer.
315
316- Use $CC when checking gcc version. Thanks to Carl Lindberg
317  (carl_lindberg@blacksmith.com)
318
319- Fixes for AIX (although this system is not yet supported). Thanks to
320  John Hawkinson.
321
322- Fix bugs in the autoconf misaligned accesses code fragment.
323
324- Include sys/param.h to get BYTE_ORDER in a few places. Thanks to
325  Pavlin Ivanov Radoslavov (pavlin@cs.titech.ac.jp)
326
327v3.2 Sun Jun 23 02:28:10 PDT 1996
328
329- Print new icmp unreachable codes as suggested by Martin Fredriksson
330  (martin@msp.se). Also print code value when unknown for icmp redirect
331  and time exceeded.
332
333- Fix an alignment endian bug in getname(). Thanks to John Hawkinson.
334
335- Define "new" domain record types if not found in arpa/nameserv.h.
336  Resulted from a suggestion from John Hawkinson (jhawk@mit.edu). Also
337  fixed an endian bug when printing mx record and added some new record
338  types.
339
340- Added RIP V2 support. Thanks to Jeffrey Honig (jch@bsdi.com)
341
342- Added T/TCP options printing. As suggested by Richard Stevens
343  (rstevens@noao.edu)
344
345- Use autoconf to detect architectures that can't handle misaligned
346  accesses.
347
348v3.1 Thu Jun 13 20:59:32 PDT 1996
349
350- Changed u_int32/int32 to u_int32_t/int32_t to be consistent with bsd
351  and bind (as suggested by Charles Hannum).
352
353- Port to GNU autoconf.
354
355- Add support for printing DVMRP and PIM traffic thanks to
356  Havard Eidnes (Havard.Eidnes@runit.sintef.no).
357
358- Fix AppleTalk, IPX and DECnet byte order problems due to wrong endian
359  define being referenced. Reported by Terry Kennedy.
360
361- Minor fixes to the man page thanks to Mark Andrews.
362
363- Endian fixes to RTP and vat packet dumpers, thanks to Bruce Mah
364  (bmah@cs.berkeley.edu).
365
366- Added support for new dns types, thanks to Rainer Orth.
367
368- Fixed tftp_print() to print the block number for ACKs.
369
370- Document -dd and -ddd. Resulted from a bug report from Charlie Slater
371  (cslater@imatek.com).
372
373- Check return status from malloc/calloc/etc.
374
375- Check return status from pcap_loop() so we can print an error and
376  exit with a bad status if there were problems.
377
378- Bail if ip option length is <= 0. Resulted from a bug report from
379  Darren Reed (darrenr@vitruvius.arbld.unimelb.edu.au).
380
381- Print out a little more information for sun rpc packets.
382
383- Add suport for Kerberos 4 thanks to John Hawkinson (jhawk@mit.edu).
384
385- Fixed the Fix EXTRACT_SHORT() and EXTRACT_LONG() macros (which were
386  wrong on little endian machines).
387
388- Fixed alignment bug in ipx_decode(). Thanks to Matt Crawford
389  (crawdad@fnal.gov).
390
391- Fix ntp_print() to not print garbage when the stratum is
392  "unspecified." Thanks to Deus Ex Machina (root@belle.bork.com).
393
394- Rewrote tcp options printer code to check for truncation. Added
395  selective acknowledgment case.
396
397- Fixed an endian bug in the ospf printer. Thanks to Jeffrey C Honig
398  (jch@bsdi.com)
399
400- Fix rip printer to handle 4.4 BSD sockaddr struct which only uses one
401  octet for the sa_family member. Thanks to Yoshitaka Tokugawa
402  (toku@dit.co.jp)
403
404- Don't checksum ip header if we don't have all of it. Thanks to John
405  Hawkinson (jhawk@mit.edu).
406
407- Print out hostnames if possible in egp printer. Thanks to Jeffrey
408  Honig (jhc@bsdi.com)
409
410
411v3.1a1 Wed May  3 19:21:11 PDT 1995
412
413- Include time.h when SVR4 is defined to avoid problems under Solaris
414  2.3.
415
416- Fix etheraddr_string() in the ETHER_SERVICE to return the saved
417  strings, not the local buffer. Thanks to Stefan Petri
418  (petri@ibr.cs.tu-bs.de).
419
420- Detect when pcap raises the snaplen (e.g. with snit). Print a warning
421  that the selected value was not used. Thanks to Pascal Hennequin
422  (Pascal.Hennequin@hugo.int-evry.fr).
423
424- Add a truncated packet test to print-nfs.c. Thanks to Pascal Hennequin.
425
426- BYTEORDER -> BYTE_ORDER Thanks to Terry Kennedy (terry@spcvxa.spc.edu).
427
428v3.0.3 Sun Oct  1 18:35:00 GMT 1995
429
430- Although there never was a 3.0.3 release, the linux boys cleverly
431  "released" one in late 1995.
432
433v3.0.2 Thu Apr 20 21:28:16 PDT 1995
434
435- Change configuration to not use gcc v2 flags with gcc v1.
436
437- Redo gmt2local() so that it works under BSDI (which seems to return
438  an empty timezone struct from gettimeofday()). Based on report from
439  Terry Kennedy (terry@spcvxa.spc.edu).
440
441- Change configure to recognize IP[0-9]* as "mips" SGI hardware. Based
442  on report from Mark Andrews (mandrews@alias.com).
443
444- Don't pass cc flags to gcc. Resulted from a bug report from Rainer
445  Orth (ro@techfak.uni-bielefeld.de).
446
447- Fixed printout of connection id for uncompressed tcp slip packets.
448  Resulted from a bug report from Richard Stevens (rstevens@noao.edu).
449
450- Hack around deficiency in Ultrix's make.
451
452- Add ETHERTYPE_TRAIL define which is missing from irix5.
453
454v3.0.1 Wed Aug 31 22:42:26 PDT 1994
455
456- Fix problems with gcc2 vs. malloc() and read() prototypes under SunOS 4.
457
458v3.0 Mon Jun 20 19:23:27 PDT 1994
459
460- Added support for printing tcp option timestamps thanks to
461  Mark Andrews (mandrews@alias.com).
462
463- Reorganize protocol dumpers to take const pointers to packets so they
464  never change the contents (i.e., they used to do endian conversions
465  in place).  Previously, whenever more than one pass was taken over
466  the packet, the packet contents would be dumped incorrectly (i.e.,
467  the output form -x would be wrong on little endian machines because
468  the protocol dumpers would modify the data).  Thanks to Charles Hannum
469  (mycroft@gnu.ai.mit.edu) for reporting this problem.
470
471- Added support for decnet protocol dumping thanks to Jeff Mogul
472  (mogul@pa.dec.com).
473
474- Fix bug that caused length of packet to be incorrectly printed
475  (off by ether header size) for unknown ethernet types thanks
476  to Greg Miller (gmiller@kayak.mitre.org).
477
478- Added support for IPX protocol dumping thanks to Brad Parker
479  (brad@fcr.com).
480
481- Added check to verify IP header checksum under -v thanks to
482  Brad Parker (brad@fcr.com).
483
484- Move packet capture code to new libpcap library (which is
485  packaged separately).
486
487- Prototype everything and assume an ansi compiler.
488
489- print-arp.c: Print hardware ethernet addresses if they're not
490  what we expect.
491
492- print-bootp.c: Decode the cmu vendor field. Add RFC1497 tags.
493  Many helpful suggestions from Gordon Ross (gwr@jericho.mc.com).
494
495- print-fddi.c: Improvements. Thanks to Jeffrey Mogul
496  (mogul@pa.dec.com).
497
498- print-icmp.c: Byte swap netmask before printing. Thanks to
499  Richard Stevens (rstevens@noao.edu). Print icmp type when unknown.
500
501- print-ip.c: Print the inner ip datagram of ip-in-ip encapsulated packets.
502  By default, only the inner packet is dumped, appended with the token
503  "(encap)".  Under -v, both the inner and output packets are dumped
504  (on the same line).  Note that the filter applies to the original packet,
505  not the encapsulated packet.  So if you run tcpdump on a net with an
506  IP Multicast tunnel, you cannot filter out the datagrams using the
507  conventional syntax.  (You can filter away all the ip-in-ip traffic
508  with "not ip proto 4".)
509
510- print-nfs.c: Keep pending rpc's in circular table. Add generic
511  nfs header and remove os dependences. Thanks to Jeffrey Mogul.
512
513- print-ospf.c: Improvements. Thanks to Jeffrey Mogul.
514
515- tcpdump.c: Add -T flag allows interpretation of "vat", "wb", "rpc"
516  (sunrpc) and rtp packets. Added "inbound" and "outbound" keywords
517  Add && and || operators
518
519v2.2.1 Tue Jun 6 17:57:22 PDT 1992
520
521- Fix bug with -c flag.
522
523v2.2 Fri May 22 17:19:41 PDT 1992
524
525- savefile.c: Remove hack that shouldn't have been exported. Add
526  truncate checks.
527
528- Added the 'icmp' keyword.  For example, 'icmp[0] != 8 and icmp[0] != 0'
529  matches non-echo/reply ICMP packets.
530
531- Many improvements to filter code optimizer.
532
533- Added 'multicast' keyword and extended the 'broadcast' keyword can now be
534  so that protocol qualifications are allowed. For example, "ip broadcast"
535  and "ether multicast" are valid filters.
536
537- Added support for monitoring the loopback interface (i.e. 'tcpdump -i lo').
538  Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) contributed the kernel
539  patches to netinet/if_loop.c.
540
541- Added support for the Ungermann-Bass Ethernet on IBM/PC-RTs running AOS.
542  Contact Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) for the diffs.
543
544- Added EGP and OSPF printers, thanks to Jeffrey Honig.
545
546v2.1 Tue Jan 28 11:00:14 PST 1992
547
548- Internal release (never publically exported).
549
550v2.0.1 Sun Jan 26 21:10:10 PDT
551
552- Various byte ordering fixes.
553
554- Add truncation checks.
555
556- inet.c: Support BSD style SIOCGIFCONF.
557
558- nametoaddr.c: Handle multi addresses for single host.
559
560- optimize.c: Rewritten.
561
562- pcap-bpf.c: don't choke when we get ptraced. only set promiscuous
563  for broadcast nets.
564
565- print-atal.c: Fix an alignment bug (thanks to
566  stanonik@nprdc.navy.mil) Add missing printf() argument.
567
568- print-bootp.c: First attempt at decoding the vendor buffer.
569
570- print-domain.c: Fix truncation checks.
571
572- print-icmp.c: Calculate length of packets from the ip header.
573
574- print-ip.c: Print frag id in decimal (so it's easier to match up
575  with non-frags). Add support for ospf, egp and igmp.
576
577- print-nfs.c: Lots of changes.
578
579- print-ntp.c: Make some verbose output depend on -v.
580
581- print-snmp.c: New version from John LoVerso.
582
583- print-tcp.c: Print rfc1072 tcp options.
584
585- tcpdump.c: Print "0x" prefix for %x formats. Always print 6 digits
586  (microseconds) worth of precision. Fix uid bugs.
587
588- A packet dumper has been added (thanks to Jeff Mogul of DECWRL).
589  With this option, you can create an architecture independent binary
590  trace file in real time, without the overhead of the packet printer.
591  At a later time, the packets can be filtered (again) and printed.
592
593- BSD is supported.  You must have BPF in your kernel.
594  Since the filtering is now done in the kernel, fewer packets are
595  dropped.  In fact, with BPF and the packet dumper option, a measly
596  Sun 3/50 can keep up with a busy network.
597
598- Compressed SLIP packets can now be dumped, provided you use our
599  SLIP software and BPF.  These packets are dumped as any other IP
600  packet; the compressed headers are dumped with the '-e' option.
601
602- Machines with little-endian byte ordering are supported (thanks to
603  Jeff Mogul).
604
605- Ultrix 4.0 is supported (also thanks to Jeff Mogul).
606
607- IBM RT and Stanford Enetfilter support has been added by
608  Rayan Zachariassen <rayan@canet.ca>.  Tcpdump has been tested under
609  both the vanilla Enetfilter interface, and the extended interface
610  (#ifdef'd by IBMRTPC) present in the MERIT version of the Enetfilter.
611
612- TFTP packets are now printed (requests only).
613
614- BOOTP packets are now printed.
615
616- SNMP packets are now printed. (thanks to John LoVerso of Xylogics).
617
618- Sparc architectures, including the Sparcstation-1, are now
619  supported thanks to Steve McCanne and Craig Leres.
620
621- SunOS 4 is now supported thanks to Micky Liu of Columbia
622  University (micky@cunixc.cc.columbia.edu).
623
624- IP options are now printed.
625
626- RIP packets are now printed.
627
628- There's a -v flag that prints out more information than the
629  default (e.g., it will enable printing of IP ttl, tos and id)
630  and -q flag that prints out less (e.g., it will disable
631  interpretation of AppleTalk-in-UDP).
632
633- The grammar has undergone substantial changes (if you have an
634  earlier version of tcpdump, you should re-read the manual
635  entry).
636
637  The most useful change is the addition of an expression
638  syntax that lets you filter on arbitrary fields or values in the
639  packet.  E.g., "ip[0] > 0x45" would print only packets with IP
640  options, "tcp[13] & 3 != 0" would print only TCP SYN and FIN
641  packets.
642
643  The most painful change is that concatenation no longer means
644  "and" -- e.g., you have to say "host foo and port bar" instead
645  of "host foo port bar".  The up side to this down is that
646  repeated qualifiers can be omitted, making most filter
647  expressions shorter.  E.g., you can now say "ip host foo and
648  (bar or baz)" to look at ip traffic between hosts foo and bar or
649  between hosts foo and baz.  [The old way of saying this was "ip
650  host foo and (ip host bar or ip host baz)".]
651
652v2.0 Sun Jan 13 12:20:40 PST 1991
653
654- Initial public release.
655
656@(#) $Header: /tcpdump/master/tcpdump/CHANGES,v 1.81 2002/01/21 11:03:33 mcr Exp $ (LBL)
657