xref: /freebsd/contrib/tcpdump/CHANGES (revision 145992504973bd16cf3518af9ba5ce185fefa82a)
1Friday  April 3, 2011.  mcr@sandelman.ca.
2  Summary for 4.3.0 tcpdump release
3        fixes for forces: SPARSE data (per RFC 5810)
4        some more test cases added
5        updates to documentation on -l, -U and -w flags.
6        Fix printing of BGP optional headers.
7        Tried to include DLT_PFSYNC support, failed due to headers required.
8        added TIPC support.
9        Fix LLDP Network Policy bit definitions.
10        fixes for IGMPv3's Max Response Time: it is in units of 0.1 second.
11        SIGUSR1 can be used rather than SIGINFO for stats
12        permit -n flag to affect print-ip for protocol numbers
13        ND_OPT_ADVINTERVAL is in milliseconds, not seconds
14        Teach PPPoE parser about RFC 4638
15
16
17Friday  December 9, 2011.  guy@alum.mit.edu.
18  Summary for 4.2.1 tcpdump release
19	Only build the Babel printer if IPv6 is enabled.
20	Support Babel on port 6696 as well as 6697.
21	Include ppi.h in release tarball.
22	Include all the test files in the release tarball, and don't
23	 "include" test files that no longer exist.
24	Don't assume we have <rpc/rpc.h> - check for it.
25	Support "-T carp" as a way of dissecting IP protocol 112 as CARP
26	 rather than VRRP.
27	Support Hilscher NetAnalyzer link-layer header format.
28	Constify some pointers and fix compiler warnings.
29	Get rid of never-true test.
30	Fix an unintended fall-through in a case statement in the ARP
31	 printer.
32	Fix several cases where sizeof(sizeof(XXX)) was used when just
33	 sizeof(XXX) was intended.
34	Make stricter sanity checks in the ES-IS printer.
35	Get rid of some GCCisms that caused builds to fai with compilers
36	 that don't support them.
37	Fix typo in man page.
38	Added length checks to Babel printer.
39
40Sunday  July 24, 2011.  mcr@sandelman.ca.
41  Summary for 4.2.+
42	merged 802.15.4 decoder from Dmitry Eremin-Solenikov <dbaryshkov
43	  at gmail dot com>
44        updates to forces for new port numbers
45        Use "-H", not "-h", for the 802.11s option. (-h always help)
46        Better ICMPv6 checksum handling.
47        add support for the RPKI/Router Protocol, per -ietf-sidr-rpki-rtr-12
48        get rid of uuencoded pcap test files, git can do binary.
49        sFlow changes for 64-bit counters.
50        fixes for PPI packet header handling and printing.
51        Add DCB Exchange protocol (DCBX) version 1.01.
52        Babel dissector, from Juliusz Chroboczek and Grégoire Henry.
53        improvements to radiotap for rate values > 127.
54        Many improvements to ForCES decode, including fix SCTP TML port
55        updated RPL type code to RPL-17 draft
56        Improve printout of DHCPv6 options.
57        added support and test case for QinQ (802.1q VLAN) packets
58        Handle DLT_IEEE802_15_4_NOFCS like DLT_IEEE802_15_4.
59        Build fixes for Sparc and other machines with alignment restrictions.
60        Merged changes from Debian package.
61        PGM: Add ACK decoding and add PGMCC DATA and FEEDBACK options.
62        Build fixes for OSX (Snow Leopard and others)
63        Add support for IEEE 802.15.4 packets
64
65Tue.    July 20, 2010.  guy@alum.mit.edu.
66  Summary for 4.1.2 tcpdump release
67	If -U is specified, flush the file after creating it, so it's
68	  not zero-length
69	Fix TCP flags output description, and some typoes, in the man
70	  page
71	Add a -h flag, and only attempt to recognize 802.11s mesh
72	  headers if it's set
73	When printing the link-layer type list, send *all* output to
74	  stderr
75	Include the CFLAGS setting when configure was run in the
76	  compiler flags
77
78Thu.	April 1, 2010.  guy@alum.mit.edu.
79  Summary for 4.1.1 tcpdump release
80	Fix build on systems with PF, such as FreeBSD and OpenBSD.
81	Don't blow up if a zero-length link-layer address is passed to
82	  linkaddr_string().
83
84Thu.	March 11, 2010.  ken@netfunctional.ca/guy@alum.mit.edu.
85  Summary for 4.1.0 tcpdump release
86	Fix printing of MAC addresses for VLAN frames with a length
87	  field
88	Add some additional bounds checks and use the EXTRACT_ macros
89	  more
90	Add a -b flag to print the AS number in BGP packets in ASDOT
91	  notation rather than ASPLAIN notation
92	Add ICMPv6 RFC 5006 support
93	Decode the access flags in NFS access requests
94	Handle the new DLT_ for memory-mapped USB captures on Linux
95	Make the default snapshot (-s) the maximum
96	Print name of device (when -L is used)
97	Support for OpenSolaris (and SXCE build 125 and later)
98	Print new TCP flags
99	Add support for RPL DIO
100	Add support for TCP User Timeout (UTO)
101	Add support for non-standard Ethertypes used by 3com PPPoE gear
102	Add support for 802.11n and 802.11s
103	Add support for Transparent Ethernet Bridge ethertype in GRE
104	Add 4 byte AS support for BGP printer
105	Add support for the MDT SAFI 66 BG printer
106	Add basic IPv6 support to print-olsr
107	Add USB printer
108	Add printer for ForCES
109	Handle frames with an FCS
110	Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames
111	Fix TCP sequence number printing
112	Report 802.2 packets as 802.2 instead of 802.3
113	Don't include -L/usr/lib in LDFLAGS
114	On x86_64 Linux, look in lib64 directory too
115	Lots of code clean ups
116	Autoconf clean ups
117	Update testcases to make output changes
118	Fix compiling with/out smi (--with{,out}-smi)
119	Fix compiling without IPv6 support (--disable-ipv6)
120
121Mon.    October 27, 2008.  ken@netfunctional.ca.  Summary for 4.0.0 tcpdump release
122        Add support for Bluetooth Sniffing
123        Add support for Realtek Remote Control Protocol (openrrcp.org.ru)
124        Add support for 802.11 AVS
125        Add support for SMB over TCP
126        Add support for 4 byte BGP AS printing
127        Add support for compiling on case-insensitive file systems
128        Add support for ikev2 printing
129        Update support for decoding AFS
130        Update DHCPv6 printer
131        Use newer libpcap API's (allows -B option on all platforms)
132        Add -I to turn on monitor mode
133        Bugfixes in lldp, lspping, dccp, ESP, NFS printers
134        Cleanup unused files and various cruft
135
136Mon.    September 10, 2007.  ken@xelerance.com.  Summary for 3.9.8 tcpdump release
137        Rework ARP printer
138        Rework OSPFv3 printer
139        Add support for Frame-Relay ARP
140        Decode DHCP Option 121 (RFC 3442 Classless Static Route)
141        Decode DHCP Option 249 (MS Classless Static Route) the same as Option 121
142        TLV: Add support for Juniper .pcap extensions
143        Print EGP header in new-world-order style
144        Converted print-isakmp.c to NETDISSECT
145        Moved AF specific stuff into af.h
146        Test subsystem now table driven, and saves outputs and diffs to one place
147        Require <net/pfvar.h> for pf definitions - allows reading of pflog formatted
148         libpcap files on an OS other than where the file was generated
149
150
151Wed.	July 23, 2007.  mcr@xelerance.com.  Summary for 3.9.7 libpcap release
152
153    	NFS: Print unsigned values as such.
154	RX: parse safely.
155	BGP: fixes for IPv6-less builds.
156	801.1ag: use standard codepoint.
157	use /dev/bpf on systems with such a device.
158	802.11: print QoS data, avoid dissect of no-data frame, ignore padding.
159	smb: make sure that we haven't gone past the end of the captured data.
160	smb: squelch an uninitialized complaint from coverity.
161	NFS: from NetBSD; don't interpret the reply as a possible NFS reply
162		if it got MSG_DENIED.
163	BGP: don't print TLV values that didn't fit, from www.digit-labs.org.
164	revised INSTALL.txt about libpcap dependancy.
165
166Wed.	April 25, 2007. ken@xelerance.com.  Summary for 3.9.6 tcpdump release
167	Update man page to reflect changes to libpcap
168	Changes to both TCP and IP Printer Output
169	Fix a potential buffer overflow in the 802.11 printer
170	Print basic info about a few more Cisco LAN protocols.
171	mDNS cleanup
172	ICMP MPLS rework of the extension code
173	bugfix: use the correct codepoint for the OSPF simple text auth token
174	 entry, and use safeputs to print the password.
175	Add support in pflog for additional values
176	Add support for OIF RSVP Extensions UNI 1.0 Rev. 2 and additional RSVP objects
177	Add support for the Message-id NACK c-type.
178	Add support for 802.3ah loopback ctrl msg
179	Add support for Multiple-STP as per 802.1s
180	Add support for rapid-SPT as per 802.1w
181	Add support for CFM Link-trace msg, Link-trace-Reply msg,
182	 Sender-ID tlv, private tlv, port, interface status
183	Add support for unidirectional link detection as per
184	 http://www.ietf.org/internet-drafts/draft-foschiano-udld-02.txt
185	Add support for the olsr protocol as per RFC 3626 plus the LQ
186	 extensions from olsr.org
187	Add support for variable-length checksum in DCCP, as per section 9 of
188	 RFC 4340.
189	Add support for per-VLAN spanning tree and per-VLAN rapid spanning tree
190	Add support for Multiple-STP as per 802.1s
191	Add support for the cisco propriatry 'dynamic trunking protocol'
192	Add support for the cisco proprietary VTP protocol
193	Update dhcp6 options table as per IETF standardization activities
194
195
196Tue.	September 19, 2006. ken@xelerance.com. Summary for 3.9.5 tcpdump release
197
198	Fix compiling on AIX (, at end of ENUM)
199	Updated list of DNS RR typecodes
200	Use local Ethernet defs on WIN32
201	Add support for Frame-Relay ARP
202	Fixes for compiling under MSVC++
203	Add support for parsing Juniper .pcap files
204	Add support for FRF.16 Multilink Frame-Relay (DLT_MFR)
205	Rework the OSPFv3 printer
206	Fix printing for 4.4BSD/NetBSD NFS Filehandles
207	Add support for Cisco style NLPID encapsulation
208	Add cisco prop. eigrp related, extended communities
209	Add support for BGP signaled VPLS
210	Cleanup the bootp printer
211	Add support for PPP over Frame-Relay
212	Add some bounds checking to the IP options code, and clean up
213	 the options output a bit.
214	Add additional modp groups to ISAKMP printer
215	Add support for Address-Withdraw and Label-Withdraw Msgs
216	Add support for the BFD Discriminator TLV
217	Fixes for 64bit compiling
218	Add support for PIMv2 checksum verification
219	Add support for further dissection of the IPCP Compression Option
220	Add support for Cisco's proposed VQP protocol
221	Add basic support for keyed authentication TCP option
222	Lots of minor cosmetic changes to output printers
223
224
225Mon. 	September 19, 2005.  ken@xelerance.com. Summary for 3.9.4 tcpdump release
226	Decoder support for more Juniper link-layer types
227	Fix a potential buffer overflow (although it can't occur in
228		practice).
229	Fix the handling of unknown management frame types in the 802.11
230		printer.
231	Add FRF.16 support, fix various Frame Relay bugs.
232	Add support for RSVP integrity objects, update fast-reroute
233		object printer to latest spec.
234	Clean up documentation of vlan filter expression, document mpls
235		filter expression.
236	Document new pppoed and pppoes filter expressions.
237	Update diffserver-TE codepoints as per RFC 4124.
238	Spelling fixes in ICMPv6.
239	Don't require any fields other than flags to be present in IS-IS
240		restart signaling TLVs, and only print the system ID in
241		those TLVs as system IDs, not as node IDs.
242	Support for DCCP.
243
244Tue. 	July 5, 2005.  ken@xelerance.com. Summary for 3.9.3 tcpdump release
245
246	Option to chroot() when dropping privs
247	Fixes for compiling on nearly every platform,
248		including improved 64bit support
249	Many new testcases
250	Support for sending packets
251	Many compliation fixes on most platforms
252	Fixes for recent version of GCC to eliminate warnings
253	Improved Unicode support
254
255	Decoders & DLT Changes, Updates and New:
256		AES ESP support
257		Juniper ATM, FRF.15, FRF.16, PPPoE,
258			ML-FR, ML-PIC, ML-PPP, PL-PPP, LS-PIC
259			GGSN,ES,MONITOR,SERVICES
260		L2VPN
261		Axent Raptor/Symantec Firewall
262		TCP-MD5 (RFC 2385)
263		ESP-in-UDP (RFC 3948)
264		ATM OAM
265		LMP, LMP Service Discovery
266		IP over FC
267		IP over IEEE 1394
268		BACnet MS/TP
269		SS7
270		LDP over TCP
271		LACP, MARKER as per 802.3ad
272		PGM (RFC 3208)
273		LSP-PING
274		G.7041/Y.1303 Generic Framing Procedure
275		EIGRP-IP, EIGRP-IPX
276		ICMP6
277		Radio - via radiotap
278		DHCPv6
279		HDLC over PPP
280
281Tue.   March 30, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.3 release
282
283	No changes from 3.8.2. Version bumped only to maintain consistency
284	with libpcap 0.8.3.
285
286Mon.   March 29, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.2 release
287
288	Fixes for print-isakmp.c      CVE:    CAN-2004-0183, CAN-2004-0184
289	  		     http://www.rapid7.com/advisories/R7-0017.html
290	IP-over-IEEE1394 printing.
291	some MINGW32 changes.
292	updates for autoconf 2.5
293	fixes for print-aodv.c - check for too short packets
294	formatting changes to print-ascii for hex output.
295	check for too short packets: print-bgp.c, print-bootp.c, print-cdp.c,
296		print-chdlc.c, print-domain.c, print-icmp.c, print-icmp6.c,
297		print-ip.c, print-lwres.c, print-ospf.c, print-pim.c,
298		print-ppp.c,print-pppoe.c, print-rsvp.c, print-wb.c
299	print-ether.c - better handling of unknown types.
300	print-isoclns.c - additional decoding of types.
301	print-llc.c - strings for LLC names added.
302	print-pfloc.c - various enhancements
303	print-radius.c - better decoding to strings.
304
305Wed.   November 12, 2003. mcr@sandelman.ottawa.on.ca. Summary for 3.8 release
306
307	changed syntax of -E argument so that multiple SAs can be decrypted
308	fixes for Digital Unix headers and Documentation
309	__attribute__ fixes
310	CDP changes from Terry Kennedy <terry@tmk.com>.
311	IPv6 mobility updates from Kazushi Sugyo <sugyo@pb.jp.nec.com>
312	Fixes for ASN.1 decoder for 2.100.3 forms.
313	Added a count of packets received and processed to clarify numbers.
314	Incorporated WinDUMP patches for Win32 builds.
315	PPPoE payload length headers.
316	Fixes for HP C compiler builds.
317	Use new pcap_breakloop() and pcap_findalldevs() if we can.
318	BGP output split into multiple lines.
319	Fixes to 802.11 decoding.
320	Fixes to PIM decoder.
321	SuperH is a CPU that can't handle unaligned access. Many fixes for
322		unaligned access work.
323	Fixes to Frame-Relay decoder for Q.933/922 frames.
324	Clarified when Solaris can do captures as non-root.
325	Added tests/ subdir for examples/regression tests.
326	New -U flag.	-flush stdout after every packet
327	New -A flag	-print ascii only
328	support for decoding IS-IS inside Cisco HDLC Frames
329	more verbosity for tftp decoder
330	mDNS decoder
331	new BFD decoder
332	cross compilation patches
333	RFC 3561 AODV support.
334	UDP/TCP pseudo-checksum properly for source-route options.
335	sanitized all files to modified BSD license
336	Add support for RFC 2625 IP-over-Fibre Channel.
337	fixes for DECnet support.
338	Support RFC 2684 bridging of Ethernet, 802.5 Token Ring, and FDDI.
339	RFC 2684 encapsulation of BPDUs.
340
341Tuesday, February 25, 2003. fenner@research.att.com.  3.7.2 release
342
343	Fixed infinite loop when parsing malformed isakmp packets.
344	 (reported by iDefense; already fixed in CVS)
345	Fixed infinite loop when parsing malformed BGP packets.
346	Fixed buffer overflow with certain malformed NFS packets.
347	Pretty-print unprintable network names in 802.11 printer.
348	Handle truncated nbp (appletalk) packets.
349	Updated DHCPv6 printer to match draft-ietf-dhc-dhcpv6-22.txt
350	Print IP protocol name even if we don't have a printer for it.
351	Print IP protocol name or number for fragments.
352	Print the whole MPLS label stack, not just the top label.
353	Print request header and file handle for NFS v3 FSINFO and PATHCONF
354	 requests.
355	Fix NFS packet truncation checks.
356	Handle "old" DR-Priority and Bidir-Capable PIM HELLO options.
357	Handle unknown RADIUS attributes properly.
358	Fix an ASN.1 parsing error that would cause e.g. the OID
359	 2.100.3 to be misrepresented as 4.20.3 .
360
361Monday, January 21, 2002. mcr@sandelman.ottawa.on.ca. Summary for 3.7 release
362see http://www.tcpdump.org/cvs-log/2002-01-21.10:16:48.html for commit log.
363	keyword "ipx" added.
364	Better OSI/802.2 support on Linux.
365	IEEE 802.11 support, from clenahan@fortresstech.com, achirica@ttd.net.
366	LLC SAP support for FDDI/token ring/RFC-1483 style ATM
367	BXXP protocol was replaced by the BEEP protocol;
368	improvements to SNAP demux.
369	Changes to "any" interface documentation.
370	Documentation on pcap_stats() counters.
371	Fix a memory leak found by Miklos Szeredi - pcap_ether_aton().
372	Added MPLS encapsulation decoding per RFC3032.
373	DNS dissector handles TKEY, TSIG and IXFR.
374	adaptive SLIP interface patch from Igor Khristophorov <igor@atdot.org>
375	SMB printing has much improved bounds checks
376	OUI 0x0000f8 decoded as encapsulated ethernet for Cisco-custom bridging
377	Zephyr support, from Nickolai Zeldovich <kolya@MIT.EDU>.
378	Solaris - devices with digits in them. Stefan Hudson <hudson@mbay.net>
379	IPX socket 0x85be is for Cisco EIGRP over IPX.
380	Improvements to fragmented ESP handling.
381	SCTP support from Armando L. Caro Jr. <acaro@mail.eecis.udel.edu>
382	Linux ARPHDR_ATM support fixed.
383	Added a "netbeui" keyword, which selects NetBEUI packets.
384	IPv6 ND improvements, MobileIP dissector, 2292bis-02 for RA option.
385	Handle ARPHDR_HDLC from Marcus Felipe Pereira <marcus@task.com.br>.
386	Handle IPX socket 0x553 -> NetBIOS-over-IPX socket, "nwlink-dgm"
387	Better Linux libc5 compat.
388	BIND9 lwres dissector added.
389	MIPS and SPARC get strict alignment macros (affects print-bgp.c)
390	Apple LocalTalk LINKTYPE_ reserved.
391	New time stamp formats documented.
392	DHCP6 updated to draft-22.txt spec.
393	ICMP types/codes now accept symbolic names.
394	Add SIGINFO handler from LBL
395	encrypted CIPE tunnels in IRIX, from Franz Schaefer <schaefer@mond.at>.
396	now we are -Wstrict-prototype clean.
397	NetBSD DLT_PPP_ETHER; adapted from Martin Husemann <martin@netbsd.org>.
398	PPPoE dissector cleaned up.
399	Support for LocalTalk hardware, from Uns Lider <unslider@miranda.org>.
400	In dissector, now the caller prints the IP addresses rather than proto.
401	cjclark@alum.mit.edu: print the IP proto for non-initial fragments.
402	LLC frames with a DSAP and LSAP of 0xe0 are IPX frames.
403	Linux cooked frames with a type value of LINUX_SLL_P_802_3 are IPX.
404	captures on the "any" device won't be done in promiscuous mode
405	Token Ring support on DLPI - Onno van der Linden <onno@simplex.nl>
406	ARCNet support, from NetBSD.
407	HSRP dissector, from Julian Cowley <julian@lava.net>.
408	Handle (GRE-encapsulated) PPTP
409	added -C option to rotate save file every optarg * 1,000,000 bytes.
410	support for "vrrp" name - NetBSD, by Klaus Klein <kleink@netbsd.org>.
411	PPTP support, from Motonori Shindo <mshindo@mshindo.net>.
412	IS-IS over PPP support, from Hannes Gredler <hannes@juniper.net>.
413	CNFP support for IPv6,format. Harry Raaymakers <harryr@connect.com.au>.
414	ESP printing updated to RFC2406.
415	HP-UX can now handle large number of PPAs.
416	MSDP printer added.
417	L2TP dissector improvements from Motonori Shindo.
418
419Tuesday January 9, 2001. mcr@sandelman.ottawa.on.ca. Summary for 3.6 release
420	Cleaned up documentation.
421	Promisc mode fixes for Linux
422	IPsec changes/cleanups.
423	Alignment fixes for picky architectures
424
425	Removed dependency on native headers for packet dissectors.
426	Removed Linux specific headers that were shipped
427
428	libpcap changes provide for exchanging capture files between
429	  systems. Save files now have well known PACKET_ values instead of
430	  depending upon system dependant mappings of DLT_* types.
431
432	Support for computing/checking IP and UDP/TCP checksums.
433
434	Updated autoconf stock files.
435
436	IPv6 improvements: dhcp (draft-15), mobile-ip6, ppp, ospf6,
437
438	Added dissector support for: ISOCLNS, Token Ring, IGMPv3, bxxp,
439		timed, vrrp, radius, chdlc, cnfp, cdp, IEEE802.1d, raw-AppleTalk
440
441	Added filtering support for: VLANs, ESIS, ISIS
442
443	Improvements to: print-telnet, IPTalk, bootp/dhcp, ECN, PPP,
444		L2TP, PPPoE
445
446	HP-UX 11.0 -- find the right dlpi device.
447	Solaris 8 - IPv6 works
448	Linux - Added support for an "any" device to capture on all interfaces
449
450	Security fixes: buffer overrun audit done. Strcpy replaced with
451		strlcpy, sprintf replaced with snprintf.
452	Look for lex problems, and warn about them.
453
454
455v3.5 Fri Jan 28 18:00:00 PST 2000
456
457Bill Fenner <fenner@research.att.com>
458- switch to config.h for autoconf
459- unify RCSID strings
460- Updated PIMv1, PIMv2, DVMRP, IGMP parsers, add Cisco Auto-RP parser
461- Really fix the RIP printer
462- Fix MAC address -> name translation.
463- some -Wall -Wformat fixes
464- update makemib to parse much of SMIv2
465- Print TCP sequence # with -vv even if you normally wouldn't
466- Print as much of IP/TCP/UDP headers as possible even if truncated.
467
468itojun@iijlab.net
469- -X will make a ascii dump.  from netbsd.
470- telnet command sequence decoder (ff xx xx).  from netbsd.
471- print-bgp.c: improve options printing.  ugly code exists for
472  unaligned option parsing (need some fix).
473- const poisoning in SMB decoder.
474- -Wall -Werror clean checks.
475- bring in KAME IPv6/IPsec decoding code.
476
477Assar Westerlund  <assar@sics.se>
478- SNMPv2 and SNMPv3 printer
479- If compiled with libsmi, tcpdump can load MIBs on the fly to decode
480  SNMP packets.
481- Incorporate NFS parsing code from NetBSD.  Adds support for nfsv3.
482- portability fixes
483- permit building in different directories.
484
485Ken Hornstein <kenh@cmf.nrl.navy.mil>
486- bring in code at
487  /afs/transarc.com/public/afs-contrib/tools/tcpdump for parsing
488  AFS3 packets
489
490Andrew Tridgell <tridge@linuxcare.com>
491- SMB printing code
492
493Love <lha@stacken.kth.se>
494- print-rx.c: add code for printing MakeDir and StoreStatus.  Also
495  change date format to the right one.
496
497Michael C. Richardson  <mcr@sandelman.ottawa.on.ca>
498- Created tcpdump.org repository
499
500v3.4 Sat Jul 25 12:40:55 PDT 1998
501
502- Hardwire Linux slip support since it's too hard to detect.
503
504- Redo configuration of "network" libraries (-lsocket and -lnsl) to
505  deal with IRIX. Thanks to John Hawkinson (jhawk@mit.edu)
506
507- Added -a which tries to translate network and broadcast addresses to
508  names. Suggested by Rob van Nieuwkerk (robn@verdi.et.tudelft.nl)
509
510- Added a configure option to disable gcc.
511
512- Added a "raw" packet printer.
513
514- Not having an interface address is no longer fatal. Requested by John
515  Hawkinson.
516
517- Rework signal setup to accommodate Linux.
518
519- OSPF truncation check fix. Also display the type of OSPF packets
520  using MD5 authentication. Thanks to Brian Wellington
521  (bwelling@tis.com)
522
523- Fix truncation check bugs in the Kerberos printer. Reported by Ezra
524  Peisach (epeisach@mit.edu)
525
526- Don't catch SIGHUP when invoked with nohup(1). Thanks to Dave Plonka
527  (plonka@mfa.com)
528
529- Specify full install target as a way of detecting if install
530  directory does not exist. Thanks to Dave Plonka.
531
532- Bit-swap FDDI addresses for BSD/OS too. Thanks to Paul Vixie
533  (paul@vix.com)
534
535- Fix off-by-one bug when testing size of ethernet packets. Thanks to
536  Marty Leisner (leisner@sdsp.mc.xerox.com)
537
538- Add a local autoconf macro to check for routines in libraries; the
539  autoconf version is broken (it only puts the library name in the
540  cache variable name). Thanks to John Hawkinson.
541
542- Add a local autoconf macro to check for types; the autoconf version
543  is broken (it uses grep instead of actually compiling a code fragment).
544
545- Modified to support the new BSD/OS 2.1 PPP and SLIP link layer header
546  formats.
547
548- Extend OSF ip header workaround to versions 1 and 2.
549
550- Fix some signed problems in the nfs printer. As reported by David
551  Sacerdote (davids@silence.secnet.com)
552
553- Detect group wheel and use it as the default since BSD/OS' install
554  can't hack numeric groups. Reported by David Sacerdote.
555
556- AIX needs special loader options. Thanks to Jonathan I. Kamens
557  (jik@cam.ov.com)
558
559- Fixed the nfs printer to print port numbers in decimal. Thanks to
560  Kent Vander Velden (graphix@iastate.edu)
561
562- Find installed libpcap in /usr/local/lib when not using gcc.
563
564- Disallow network masks with non-network bits set.
565
566- Attempt to detect "egcs" versions of gcc.
567
568- Add missing closing double quotes when displaying bootp strings.
569  Reported by Viet-Trung Luu (vluu@picard.math.uwaterloo.ca)
570
571v3.3 Sat Nov 30 20:56:27 PST 1996
572
573- Added Linux support.
574
575- GRE encapsulated packet printer thanks to John Hawkinson
576  (jhawk@mit.edu)
577
578- Rewrite gmt2local() to avoid problematic os dependencies.
579
580- Suppress nfs truncation message on errors.
581
582- Add missing m4 quoting in AC_LBL_UNALIGNED_ACCESS autoconf macro.
583  Reported by Joachim Ott (ott@ardala.han.de)
584
585- Enable "ip_hl vs. ip_vhl" workaround for OSF4 too.
586
587- Print arp hardware type in host order. Thanks to Onno van der Linden
588  (onno@simplex.nl)
589
590- Avoid solaris compiler warnings. Thanks to Bruce Barnett
591  (barnett@grymoire.crd.ge.com)
592
593- Fix rip printer to not print one more route than is actually in the
594  packet. Thanks to Jean-Luc Richier (Jean-Luc.Richier@imag.fr) and
595  Bill Fenner (fenner@parc.xerox.com)
596
597- Use autoconf endian detection since BYTE_ORDER isn't defined on all systems.
598
599- Fix dvmrp printer truncation checks and add a dvmrp probe printer.
600  Thanks to Danny J. Mitzel (mitzel@ipsilon.com)
601
602- Rewrite ospf printer to improve truncation checks.
603
604- Don't parse tcp options past the EOL. As noted by David Sacerdote
605  (davids@secnet.com). Also, check tcp options to make sure they ar
606  actually in the tcp header (in addition to the normal truncation
607  checks). Fix the SACK code to print the N blocks (instead of the
608  first block N times).
609
610- Don't say really small UDP packets are truncated just because they
611  aren't big enough to be a RPC. As noted by David Sacerdote.
612
613v3.2.1 Sun Jul 14 03:02:26 PDT 1996
614
615- Added rfc1716 icmp codes as suggested by Martin Fredriksson
616  (martin@msp.se)
617
618- Print mtu for icmp unreach need frag packets. Thanks to John
619  Hawkinson (jhawk@mit.edu)
620
621- Decode icmp router discovery messages. Thanks to Jeffrey Honig
622  (jch@bsdi.com)
623
624- Added a printer entry for DLT_IEEE802 as suggested by Tak Kushida
625  (kushida@trl.ibm.co.jp)
626
627- Check igmp checksum if possible. Thanks to John Hawkinson.
628
629- Made changes for SINIX. Thanks to Andrej Borsenkow
630  (borsenkow.msk@sni.de)
631
632- Use autoconf's idea of the top level directory in install targets.
633  Thanks to John Hawkinson.
634
635- Avoid infinite loop in tcp options printing code. Thanks to Jeffrey
636  Mogul (mogul@pa.dec.com)
637
638- Avoid using -lsocket in IRIX 5.2 and earlier since it breaks snoop.
639  Thanks to John Hawkinson.
640
641- Added some more packet truncation checks.
642
643- On systems that have it, use sigset() instead of signal() since
644  signal() has different semantics on these systems.
645
646- Fixed some more alignment problems on the alpha.
647
648- Add code to massage unprintable characters in the domain and ipx
649  printers. Thanks to John Hawkinson.
650
651- Added explicit netmask support. Thanks to Steve Nuchia
652  (steve@research.oknet.com)
653
654- Add "sca" keyword (for DEC cluster services) as suggested by Terry
655  Kennedy (terry@spcvxa.spc.edu)
656
657- Add "atalk" keyword as suggested by John Hawkinson.
658
659- Added an igrp printer. Thanks to Francis Dupont
660  (francis.dupont@inria.fr)
661
662- Print IPX net numbers in hex a la Novell Netware. Thanks to Terry
663  Kennedy (terry@spcvxa.spc.edu)
664
665- Fixed snmp extended tag field parsing bug. Thanks to Pascal Hennequin
666  (pascal.hennequin@hugo.int-evry.fr)
667
668- Added some ETHERTYPEs missing on some systems.
669
670- Added truncated packet macros and various checks.
671
672- Fixed endian problems with the DECnet printer.
673
674- Use $CC when checking gcc version. Thanks to Carl Lindberg
675  (carl_lindberg@blacksmith.com)
676
677- Fixes for AIX (although this system is not yet supported). Thanks to
678  John Hawkinson.
679
680- Fix bugs in the autoconf misaligned accesses code fragment.
681
682- Include sys/param.h to get BYTE_ORDER in a few places. Thanks to
683  Pavlin Ivanov Radoslavov (pavlin@cs.titech.ac.jp)
684
685v3.2 Sun Jun 23 02:28:10 PDT 1996
686
687- Print new icmp unreachable codes as suggested by Martin Fredriksson
688  (martin@msp.se). Also print code value when unknown for icmp redirect
689  and time exceeded.
690
691- Fix an alignment endian bug in getname(). Thanks to John Hawkinson.
692
693- Define "new" domain record types if not found in arpa/nameserv.h.
694  Resulted from a suggestion from John Hawkinson (jhawk@mit.edu). Also
695  fixed an endian bug when printing mx record and added some new record
696  types.
697
698- Added RIP V2 support. Thanks to Jeffrey Honig (jch@bsdi.com)
699
700- Added T/TCP options printing. As suggested by Richard Stevens
701  (rstevens@noao.edu)
702
703- Use autoconf to detect architectures that can't handle misaligned
704  accesses.
705
706v3.1 Thu Jun 13 20:59:32 PDT 1996
707
708- Changed u_int32/int32 to u_int32_t/int32_t to be consistent with bsd
709  and bind (as suggested by Charles Hannum).
710
711- Port to GNU autoconf.
712
713- Add support for printing DVMRP and PIM traffic thanks to
714  Havard Eidnes (Havard.Eidnes@runit.sintef.no).
715
716- Fix AppleTalk, IPX and DECnet byte order problems due to wrong endian
717  define being referenced. Reported by Terry Kennedy.
718
719- Minor fixes to the man page thanks to Mark Andrews.
720
721- Endian fixes to RTP and vat packet dumpers, thanks to Bruce Mah
722  (bmah@cs.berkeley.edu).
723
724- Added support for new dns types, thanks to Rainer Orth.
725
726- Fixed tftp_print() to print the block number for ACKs.
727
728- Document -dd and -ddd. Resulted from a bug report from Charlie Slater
729  (cslater@imatek.com).
730
731- Check return status from malloc/calloc/etc.
732
733- Check return status from pcap_loop() so we can print an error and
734  exit with a bad status if there were problems.
735
736- Bail if ip option length is <= 0. Resulted from a bug report from
737  Darren Reed (darrenr@vitruvius.arbld.unimelb.edu.au).
738
739- Print out a little more information for sun rpc packets.
740
741- Add suport for Kerberos 4 thanks to John Hawkinson (jhawk@mit.edu).
742
743- Fixed the Fix EXTRACT_SHORT() and EXTRACT_LONG() macros (which were
744  wrong on little endian machines).
745
746- Fixed alignment bug in ipx_decode(). Thanks to Matt Crawford
747  (crawdad@fnal.gov).
748
749- Fix ntp_print() to not print garbage when the stratum is
750  "unspecified." Thanks to Deus Ex Machina (root@belle.bork.com).
751
752- Rewrote tcp options printer code to check for truncation. Added
753  selective acknowledgment case.
754
755- Fixed an endian bug in the ospf printer. Thanks to Jeffrey C Honig
756  (jch@bsdi.com)
757
758- Fix rip printer to handle 4.4 BSD sockaddr struct which only uses one
759  octet for the sa_family member. Thanks to Yoshitaka Tokugawa
760  (toku@dit.co.jp)
761
762- Don't checksum ip header if we don't have all of it. Thanks to John
763  Hawkinson (jhawk@mit.edu).
764
765- Print out hostnames if possible in egp printer. Thanks to Jeffrey
766  Honig (jhc@bsdi.com)
767
768
769v3.1a1 Wed May  3 19:21:11 PDT 1995
770
771- Include time.h when SVR4 is defined to avoid problems under Solaris
772  2.3.
773
774- Fix etheraddr_string() in the ETHER_SERVICE to return the saved
775  strings, not the local buffer. Thanks to Stefan Petri
776  (petri@ibr.cs.tu-bs.de).
777
778- Detect when pcap raises the snaplen (e.g. with snit). Print a warning
779  that the selected value was not used. Thanks to Pascal Hennequin
780  (Pascal.Hennequin@hugo.int-evry.fr).
781
782- Add a truncated packet test to print-nfs.c. Thanks to Pascal Hennequin.
783
784- BYTEORDER -> BYTE_ORDER Thanks to Terry Kennedy (terry@spcvxa.spc.edu).
785
786v3.0.3 Sun Oct  1 18:35:00 GMT 1995
787
788- Although there never was a 3.0.3 release, the linux boys cleverly
789  "released" one in late 1995.
790
791v3.0.2 Thu Apr 20 21:28:16 PDT 1995
792
793- Change configuration to not use gcc v2 flags with gcc v1.
794
795- Redo gmt2local() so that it works under BSDI (which seems to return
796  an empty timezone struct from gettimeofday()). Based on report from
797  Terry Kennedy (terry@spcvxa.spc.edu).
798
799- Change configure to recognize IP[0-9]* as "mips" SGI hardware. Based
800  on report from Mark Andrews (mandrews@alias.com).
801
802- Don't pass cc flags to gcc. Resulted from a bug report from Rainer
803  Orth (ro@techfak.uni-bielefeld.de).
804
805- Fixed printout of connection id for uncompressed tcp slip packets.
806  Resulted from a bug report from Richard Stevens (rstevens@noao.edu).
807
808- Hack around deficiency in Ultrix's make.
809
810- Add ETHERTYPE_TRAIL define which is missing from irix5.
811
812v3.0.1 Wed Aug 31 22:42:26 PDT 1994
813
814- Fix problems with gcc2 vs. malloc() and read() prototypes under SunOS 4.
815
816v3.0 Mon Jun 20 19:23:27 PDT 1994
817
818- Added support for printing tcp option timestamps thanks to
819  Mark Andrews (mandrews@alias.com).
820
821- Reorganize protocol dumpers to take const pointers to packets so they
822  never change the contents (i.e., they used to do endian conversions
823  in place).  Previously, whenever more than one pass was taken over
824  the packet, the packet contents would be dumped incorrectly (i.e.,
825  the output form -x would be wrong on little endian machines because
826  the protocol dumpers would modify the data).  Thanks to Charles Hannum
827  (mycroft@gnu.ai.mit.edu) for reporting this problem.
828
829- Added support for decnet protocol dumping thanks to Jeff Mogul
830  (mogul@pa.dec.com).
831
832- Fix bug that caused length of packet to be incorrectly printed
833  (off by ether header size) for unknown ethernet types thanks
834  to Greg Miller (gmiller@kayak.mitre.org).
835
836- Added support for IPX protocol dumping thanks to Brad Parker
837  (brad@fcr.com).
838
839- Added check to verify IP header checksum under -v thanks to
840  Brad Parker (brad@fcr.com).
841
842- Move packet capture code to new libpcap library (which is
843  packaged separately).
844
845- Prototype everything and assume an ansi compiler.
846
847- print-arp.c: Print hardware ethernet addresses if they're not
848  what we expect.
849
850- print-bootp.c: Decode the cmu vendor field. Add RFC1497 tags.
851  Many helpful suggestions from Gordon Ross (gwr@jericho.mc.com).
852
853- print-fddi.c: Improvements. Thanks to Jeffrey Mogul
854  (mogul@pa.dec.com).
855
856- print-icmp.c: Byte swap netmask before printing. Thanks to
857  Richard Stevens (rstevens@noao.edu). Print icmp type when unknown.
858
859- print-ip.c: Print the inner ip datagram of ip-in-ip encapsulated packets.
860  By default, only the inner packet is dumped, appended with the token
861  "(encap)".  Under -v, both the inner and output packets are dumped
862  (on the same line).  Note that the filter applies to the original packet,
863  not the encapsulated packet.  So if you run tcpdump on a net with an
864  IP Multicast tunnel, you cannot filter out the datagrams using the
865  conventional syntax.  (You can filter away all the ip-in-ip traffic
866  with "not ip proto 4".)
867
868- print-nfs.c: Keep pending rpc's in circular table. Add generic
869  nfs header and remove os dependences. Thanks to Jeffrey Mogul.
870
871- print-ospf.c: Improvements. Thanks to Jeffrey Mogul.
872
873- tcpdump.c: Add -T flag allows interpretation of "vat", "wb", "rpc"
874  (sunrpc) and rtp packets. Added "inbound" and "outbound" keywords
875  Add && and || operators
876
877v2.2.1 Tue Jun 6 17:57:22 PDT 1992
878
879- Fix bug with -c flag.
880
881v2.2 Fri May 22 17:19:41 PDT 1992
882
883- savefile.c: Remove hack that shouldn't have been exported. Add
884  truncate checks.
885
886- Added the 'icmp' keyword.  For example, 'icmp[0] != 8 and icmp[0] != 0'
887  matches non-echo/reply ICMP packets.
888
889- Many improvements to filter code optimizer.
890
891- Added 'multicast' keyword and extended the 'broadcast' keyword can now be
892  so that protocol qualifications are allowed. For example, "ip broadcast"
893  and "ether multicast" are valid filters.
894
895- Added support for monitoring the loopback interface (i.e. 'tcpdump -i lo').
896  Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) contributed the kernel
897  patches to netinet/if_loop.c.
898
899- Added support for the Ungermann-Bass Ethernet on IBM/PC-RTs running AOS.
900  Contact Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) for the diffs.
901
902- Added EGP and OSPF printers, thanks to Jeffrey Honig.
903
904v2.1 Tue Jan 28 11:00:14 PST 1992
905
906- Internal release (never publically exported).
907
908v2.0.1 Sun Jan 26 21:10:10 PDT
909
910- Various byte ordering fixes.
911
912- Add truncation checks.
913
914- inet.c: Support BSD style SIOCGIFCONF.
915
916- nametoaddr.c: Handle multi addresses for single host.
917
918- optimize.c: Rewritten.
919
920- pcap-bpf.c: don't choke when we get ptraced. only set promiscuous
921  for broadcast nets.
922
923- print-atal.c: Fix an alignment bug (thanks to
924  stanonik@nprdc.navy.mil) Add missing printf() argument.
925
926- print-bootp.c: First attempt at decoding the vendor buffer.
927
928- print-domain.c: Fix truncation checks.
929
930- print-icmp.c: Calculate length of packets from the ip header.
931
932- print-ip.c: Print frag id in decimal (so it's easier to match up
933  with non-frags). Add support for ospf, egp and igmp.
934
935- print-nfs.c: Lots of changes.
936
937- print-ntp.c: Make some verbose output depend on -v.
938
939- print-snmp.c: New version from John LoVerso.
940
941- print-tcp.c: Print rfc1072 tcp options.
942
943- tcpdump.c: Print "0x" prefix for %x formats. Always print 6 digits
944  (microseconds) worth of precision. Fix uid bugs.
945
946- A packet dumper has been added (thanks to Jeff Mogul of DECWRL).
947  With this option, you can create an architecture independent binary
948  trace file in real time, without the overhead of the packet printer.
949  At a later time, the packets can be filtered (again) and printed.
950
951- BSD is supported.  You must have BPF in your kernel.
952  Since the filtering is now done in the kernel, fewer packets are
953  dropped.  In fact, with BPF and the packet dumper option, a measly
954  Sun 3/50 can keep up with a busy network.
955
956- Compressed SLIP packets can now be dumped, provided you use our
957  SLIP software and BPF.  These packets are dumped as any other IP
958  packet; the compressed headers are dumped with the '-e' option.
959
960- Machines with little-endian byte ordering are supported (thanks to
961  Jeff Mogul).
962
963- Ultrix 4.0 is supported (also thanks to Jeff Mogul).
964
965- IBM RT and Stanford Enetfilter support has been added by
966  Rayan Zachariassen <rayan@canet.ca>.  Tcpdump has been tested under
967  both the vanilla Enetfilter interface, and the extended interface
968  (#ifdef'd by IBMRTPC) present in the MERIT version of the Enetfilter.
969
970- TFTP packets are now printed (requests only).
971
972- BOOTP packets are now printed.
973
974- SNMP packets are now printed. (thanks to John LoVerso of Xylogics).
975
976- Sparc architectures, including the Sparcstation-1, are now
977  supported thanks to Steve McCanne and Craig Leres.
978
979- SunOS 4 is now supported thanks to Micky Liu of Columbia
980  University (micky@cunixc.cc.columbia.edu).
981
982- IP options are now printed.
983
984- RIP packets are now printed.
985
986- There's a -v flag that prints out more information than the
987  default (e.g., it will enable printing of IP ttl, tos and id)
988  and -q flag that prints out less (e.g., it will disable
989  interpretation of AppleTalk-in-UDP).
990
991- The grammar has undergone substantial changes (if you have an
992  earlier version of tcpdump, you should re-read the manual
993  entry).
994
995  The most useful change is the addition of an expression
996  syntax that lets you filter on arbitrary fields or values in the
997  packet.  E.g., "ip[0] > 0x45" would print only packets with IP
998  options, "tcp[13] & 3 != 0" would print only TCP SYN and FIN
999  packets.
1000
1001  The most painful change is that concatenation no longer means
1002  "and" -- e.g., you have to say "host foo and port bar" instead
1003  of "host foo port bar".  The up side to this down is that
1004  repeated qualifiers can be omitted, making most filter
1005  expressions shorter.  E.g., you can now say "ip host foo and
1006  (bar or baz)" to look at ip traffic between hosts foo and bar or
1007  between hosts foo and baz.  [The old way of saying this was "ip
1008  host foo and (ip host bar or ip host baz)".]
1009
1010v2.0 Sun Jan 13 12:20:40 PST 1991
1011
1012- Initial public release.
1013