xref: /freebsd/contrib/tcpdump/CHANGES (revision 3f0164abf32b9b761e0a2cb4bdca3a8b84f156d4)

Thursday  February 19, 2013 guy@alum.mit.edu.
  Summary for 4.4.0 tcpdump release
	RPKI-RTR (RFC6810) is now official (TCP Port 323)
	Fix detection of OpenSSL libcrypto.
	Add DNSSL (RFC6106) support.
	Add "radius" as an option for -T.
	Update Action codes for handle_action function according to
	    802.11s amendment.
	Decode DHCPv6 AFTR-Name option (RFC6334).
	Updates for Babel.
	Fix printing of infinite lifetime in ICMPv6.
	Added support for SPB, SPBM Service Identifier, and Unicast
	    Address sub-TLV in ISIS.
	Decode RIPv2 authentication up to RFC4822.
	Fix RIP Request/full table decoding issues.
	On Linux systems with cap-ng.h, drop root privileges
	    using Linux Capabilities.
	Add support for reading multiple files.

Wednesday  November 28, 2012 guy@alum.mit.edu.
  Summary for 4.3.1 tcpdump release
	Print "LLDP, length N" for LLDP packets even when not in verbose
	    mode, so something is printed even if only the timestamp is
	    present
	Document "-T carp"
	Print NTP poll interval correctly (it's an exponent, so print
	    both its raw value and 2^value)
	Document that "-e" is used to get MAC addresses
	More clearly document that you need to escape or quote
	    backslashes in filter expressions on the command line
	Fix some "the the" in the man page
	Use the right maximum path length
	Don't treat 192_1_2, when passed to -i, as an interface number

Friday  April 3, 2011.  mcr@sandelman.ca.
  Summary for 4.3.0 tcpdump release
        fixes for forces: SPARSE data (per RFC 5810)
        some more test cases added
        updates to documentation on -l, -U and -w flags.
        Fix printing of BGP optional headers.
        Tried to include DLT_PFSYNC support, failed due to headers required.
        added TIPC support.
        Fix LLDP Network Policy bit definitions.
        fixes for IGMPv3's Max Response Time: it is in units of 0.1 second.
        SIGUSR1 can be used rather than SIGINFO for stats
        permit -n flag to affect print-ip for protocol numbers
        ND_OPT_ADVINTERVAL is in milliseconds, not seconds
        Teach PPPoE parser about RFC 4638


Friday  December 9, 2011.  guy@alum.mit.edu.
  Summary for 4.2.1 tcpdump release
	Only build the Babel printer if IPv6 is enabled.
	Support Babel on port 6696 as well as 6697.
	Include ppi.h in release tarball.
	Include all the test files in the release tarball, and don't
	 "include" test files that no longer exist.
	Don't assume we have <rpc/rpc.h> - check for it.
	Support "-T carp" as a way of dissecting IP protocol 112 as CARP
	 rather than VRRP.
	Support Hilscher NetAnalyzer link-layer header format.
	Constify some pointers and fix compiler warnings.
	Get rid of never-true test.
	Fix an unintended fall-through in a case statement in the ARP
	 printer.
	Fix several cases where sizeof(sizeof(XXX)) was used when just
	 sizeof(XXX) was intended.
	Make stricter sanity checks in the ES-IS printer.
	Get rid of some GCCisms that caused builds to fai with compilers
	 that don't support them.
	Fix typo in man page.
	Added length checks to Babel printer.

Sunday  July 24, 2011.  mcr@sandelman.ca.
  Summary for 4.2.+
	merged 802.15.4 decoder from Dmitry Eremin-Solenikov <dbaryshkov
	  at gmail dot com>
        updates to forces for new port numbers
        Use "-H", not "-h", for the 802.11s option. (-h always help)
        Better ICMPv6 checksum handling.
        add support for the RPKI/Router Protocol, per -ietf-sidr-rpki-rtr-12
        get rid of uuencoded pcap test files, git can do binary.
        sFlow changes for 64-bit counters.
        fixes for PPI packet header handling and printing.
        Add DCB Exchange protocol (DCBX) version 1.01.
        Babel dissector, from Juliusz Chroboczek and Grégoire Henry.
        improvements to radiotap for rate values > 127.
        Many improvements to ForCES decode, including fix SCTP TML port
        updated RPL type code to RPL-17 draft
        Improve printout of DHCPv6 options.
        added support and test case for QinQ (802.1q VLAN) packets
        Handle DLT_IEEE802_15_4_NOFCS like DLT_IEEE802_15_4.
        Build fixes for Sparc and other machines with alignment restrictions.
        Merged changes from Debian package.
        PGM: Add ACK decoding and add PGMCC DATA and FEEDBACK options.
        Build fixes for OSX (Snow Leopard and others)
        Add support for IEEE 802.15.4 packets

Tue.    July 20, 2010.  guy@alum.mit.edu.
  Summary for 4.1.2 tcpdump release
	If -U is specified, flush the file after creating it, so it's
	  not zero-length
	Fix TCP flags output description, and some typoes, in the man
	  page
	Add a -h flag, and only attempt to recognize 802.11s mesh
	  headers if it's set
	When printing the link-layer type list, send *all* output to
	  stderr
	Include the CFLAGS setting when configure was run in the
	  compiler flags

Thu.	April 1, 2010.  guy@alum.mit.edu.
  Summary for 4.1.1 tcpdump release
	Fix build on systems with PF, such as FreeBSD and OpenBSD.
	Don't blow up if a zero-length link-layer address is passed to
	  linkaddr_string().

Thu.	March 11, 2010.  ken@netfunctional.ca/guy@alum.mit.edu.
  Summary for 4.1.0 tcpdump release
	Fix printing of MAC addresses for VLAN frames with a length
	  field
	Add some additional bounds checks and use the EXTRACT_ macros
	  more
	Add a -b flag to print the AS number in BGP packets in ASDOT
	  notation rather than ASPLAIN notation
	Add ICMPv6 RFC 5006 support
	Decode the access flags in NFS access requests
	Handle the new DLT_ for memory-mapped USB captures on Linux
	Make the default snapshot (-s) the maximum
	Print name of device (when -L is used)
	Support for OpenSolaris (and SXCE build 125 and later)
	Print new TCP flags
	Add support for RPL DIO
	Add support for TCP User Timeout (UTO)
	Add support for non-standard Ethertypes used by 3com PPPoE gear
	Add support for 802.11n and 802.11s
	Add support for Transparent Ethernet Bridge ethertype in GRE
	Add 4 byte AS support for BGP printer
	Add support for the MDT SAFI 66 BG printer
	Add basic IPv6 support to print-olsr
	Add USB printer
	Add printer for ForCES
	Handle frames with an FCS
	Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames
	Fix TCP sequence number printing
	Report 802.2 packets as 802.2 instead of 802.3
	Don't include -L/usr/lib in LDFLAGS
	On x86_64 Linux, look in lib64 directory too
	Lots of code clean ups
	Autoconf clean ups
	Update testcases to make output changes
	Fix compiling with/out smi (--with{,out}-smi)
	Fix compiling without IPv6 support (--disable-ipv6)

Mon.    October 27, 2008.  ken@netfunctional.ca.  Summary for 4.0.0 tcpdump release
        Add support for Bluetooth Sniffing
        Add support for Realtek Remote Control Protocol (openrrcp.org.ru)
        Add support for 802.11 AVS
        Add support for SMB over TCP
        Add support for 4 byte BGP AS printing
        Add support for compiling on case-insensitive file systems
        Add support for ikev2 printing
        Update support for decoding AFS
        Update DHCPv6 printer
        Use newer libpcap API's (allows -B option on all platforms)
        Add -I to turn on monitor mode
        Bugfixes in lldp, lspping, dccp, ESP, NFS printers
        Cleanup unused files and various cruft

Mon.    September 10, 2007.  ken@xelerance.com.  Summary for 3.9.8 tcpdump release
        Rework ARP printer
        Rework OSPFv3 printer
        Add support for Frame-Relay ARP
        Decode DHCP Option 121 (RFC 3442 Classless Static Route)
        Decode DHCP Option 249 (MS Classless Static Route) the same as Option 121
        TLV: Add support for Juniper .pcap extensions
        Print EGP header in new-world-order style
        Converted print-isakmp.c to NETDISSECT
        Moved AF specific stuff into af.h
        Test subsystem now table driven, and saves outputs and diffs to one place
        Require <net/pfvar.h> for pf definitions - allows reading of pflog formatted
         libpcap files on an OS other than where the file was generated


Wed.	July 23, 2007.  mcr@xelerance.com.  Summary for 3.9.7 libpcap release

    	NFS: Print unsigned values as such.
	RX: parse safely.
	BGP: fixes for IPv6-less builds.
	801.1ag: use standard codepoint.
	use /dev/bpf on systems with such a device.
	802.11: print QoS data, avoid dissect of no-data frame, ignore padding.
	smb: make sure that we haven't gone past the end of the captured data.
	smb: squelch an uninitialized complaint from coverity.
	NFS: from NetBSD; don't interpret the reply as a possible NFS reply
		if it got MSG_DENIED.
	BGP: don't print TLV values that didn't fit, from www.digit-labs.org.
	revised INSTALL.txt about libpcap dependancy.

Wed.	April 25, 2007. ken@xelerance.com.  Summary for 3.9.6 tcpdump release
	Update man page to reflect changes to libpcap
	Changes to both TCP and IP Printer Output
	Fix a potential buffer overflow in the 802.11 printer
	Print basic info about a few more Cisco LAN protocols.
	mDNS cleanup
	ICMP MPLS rework of the extension code
	bugfix: use the correct codepoint for the OSPF simple text auth token
	 entry, and use safeputs to print the password.
	Add support in pflog for additional values
	Add support for OIF RSVP Extensions UNI 1.0 Rev. 2 and additional RSVP objects
	Add support for the Message-id NACK c-type.
	Add support for 802.3ah loopback ctrl msg
	Add support for Multiple-STP as per 802.1s
	Add support for rapid-SPT as per 802.1w
	Add support for CFM Link-trace msg, Link-trace-Reply msg,
	 Sender-ID tlv, private tlv, port, interface status
	Add support for unidirectional link detection as per
	 http://www.ietf.org/internet-drafts/draft-foschiano-udld-02.txt
	Add support for the olsr protocol as per RFC 3626 plus the LQ
	 extensions from olsr.org
	Add support for variable-length checksum in DCCP, as per section 9 of
	 RFC 4340.
	Add support for per-VLAN spanning tree and per-VLAN rapid spanning tree
	Add support for Multiple-STP as per 802.1s
	Add support for the cisco propriatry 'dynamic trunking protocol'
	Add support for the cisco proprietary VTP protocol
	Update dhcp6 options table as per IETF standardization activities


Tue.	September 19, 2006. ken@xelerance.com. Summary for 3.9.5 tcpdump release

	Fix compiling on AIX (, at end of ENUM)
	Updated list of DNS RR typecodes
	Use local Ethernet defs on WIN32
	Add support for Frame-Relay ARP
	Fixes for compiling under MSVC++
	Add support for parsing Juniper .pcap files
	Add support for FRF.16 Multilink Frame-Relay (DLT_MFR)
	Rework the OSPFv3 printer
	Fix printing for 4.4BSD/NetBSD NFS Filehandles
	Add support for Cisco style NLPID encapsulation
	Add cisco prop. eigrp related, extended communities
	Add support for BGP signaled VPLS
	Cleanup the bootp printer
	Add support for PPP over Frame-Relay
	Add some bounds checking to the IP options code, and clean up
	 the options output a bit.
	Add additional modp groups to ISAKMP printer
	Add support for Address-Withdraw and Label-Withdraw Msgs
	Add support for the BFD Discriminator TLV
	Fixes for 64bit compiling
	Add support for PIMv2 checksum verification
	Add support for further dissection of the IPCP Compression Option
	Add support for Cisco's proposed VQP protocol
	Add basic support for keyed authentication TCP option
	Lots of minor cosmetic changes to output printers


Mon. 	September 19, 2005.  ken@xelerance.com. Summary for 3.9.4 tcpdump release
	Decoder support for more Juniper link-layer types
	Fix a potential buffer overflow (although it can't occur in
		practice).
	Fix the handling of unknown management frame types in the 802.11
		printer.
	Add FRF.16 support, fix various Frame Relay bugs.
	Add support for RSVP integrity objects, update fast-reroute
		object printer to latest spec.
	Clean up documentation of vlan filter expression, document mpls
		filter expression.
	Document new pppoed and pppoes filter expressions.
	Update diffserver-TE codepoints as per RFC 4124.
	Spelling fixes in ICMPv6.
	Don't require any fields other than flags to be present in IS-IS
		restart signaling TLVs, and only print the system ID in
		those TLVs as system IDs, not as node IDs.
	Support for DCCP.

Tue. 	July 5, 2005.  ken@xelerance.com. Summary for 3.9.3 tcpdump release

	Option to chroot() when dropping privs
	Fixes for compiling on nearly every platform,
		including improved 64bit support
	Many new testcases
	Support for sending packets
	Many compliation fixes on most platforms
	Fixes for recent version of GCC to eliminate warnings
	Improved Unicode support

	Decoders & DLT Changes, Updates and New:
		AES ESP support
		Juniper ATM, FRF.15, FRF.16, PPPoE,
			ML-FR, ML-PIC, ML-PPP, PL-PPP, LS-PIC
			GGSN,ES,MONITOR,SERVICES
		L2VPN
		Axent Raptor/Symantec Firewall
		TCP-MD5 (RFC 2385)
		ESP-in-UDP (RFC 3948)
		ATM OAM
		LMP, LMP Service Discovery
		IP over FC
		IP over IEEE 1394
		BACnet MS/TP
		SS7
		LDP over TCP
		LACP, MARKER as per 802.3ad
		PGM (RFC 3208)
		LSP-PING
		G.7041/Y.1303 Generic Framing Procedure
		EIGRP-IP, EIGRP-IPX
		ICMP6
		Radio - via radiotap
		DHCPv6
		HDLC over PPP

Tue.   March 30, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.3 release

	No changes from 3.8.2. Version bumped only to maintain consistency
	with libpcap 0.8.3.

Mon.   March 29, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.2 release

	Fixes for print-isakmp.c      CVE:    CAN-2004-0183, CAN-2004-0184
	  		     http://www.rapid7.com/advisories/R7-0017.html
	IP-over-IEEE1394 printing.
	some MINGW32 changes.
	updates for autoconf 2.5
	fixes for print-aodv.c - check for too short packets
	formatting changes to print-ascii for hex output.
	check for too short packets: print-bgp.c, print-bootp.c, print-cdp.c,
		print-chdlc.c, print-domain.c, print-icmp.c, print-icmp6.c,
		print-ip.c, print-lwres.c, print-ospf.c, print-pim.c,
		print-ppp.c,print-pppoe.c, print-rsvp.c, print-wb.c
	print-ether.c - better handling of unknown types.
	print-isoclns.c - additional decoding of types.
	print-llc.c - strings for LLC names added.
	print-pfloc.c - various enhancements
	print-radius.c - better decoding to strings.

Wed.   November 12, 2003. mcr@sandelman.ottawa.on.ca. Summary for 3.8 release

	changed syntax of -E argument so that multiple SAs can be decrypted
	fixes for Digital Unix headers and Documentation
	__attribute__ fixes
	CDP changes from Terry Kennedy <terry@tmk.com>.
	IPv6 mobility updates from Kazushi Sugyo <sugyo@pb.jp.nec.com>
	Fixes for ASN.1 decoder for 2.100.3 forms.
	Added a count of packets received and processed to clarify numbers.
	Incorporated WinDUMP patches for Win32 builds.
	PPPoE payload length headers.
	Fixes for HP C compiler builds.
	Use new pcap_breakloop() and pcap_findalldevs() if we can.
	BGP output split into multiple lines.
	Fixes to 802.11 decoding.
	Fixes to PIM decoder.
	SuperH is a CPU that can't handle unaligned access. Many fixes for
		unaligned access work.
	Fixes to Frame-Relay decoder for Q.933/922 frames.
	Clarified when Solaris can do captures as non-root.
	Added tests/ subdir for examples/regression tests.
	New -U flag.	-flush stdout after every packet
	New -A flag	-print ascii only
	support for decoding IS-IS inside Cisco HDLC Frames
	more verbosity for tftp decoder
	mDNS decoder
	new BFD decoder
	cross compilation patches
	RFC 3561 AODV support.
	UDP/TCP pseudo-checksum properly for source-route options.
	sanitized all files to modified BSD license
	Add support for RFC 2625 IP-over-Fibre Channel.
	fixes for DECnet support.
	Support RFC 2684 bridging of Ethernet, 802.5 Token Ring, and FDDI.
	RFC 2684 encapsulation of BPDUs.

Tuesday, February 25, 2003. fenner@research.att.com.  3.7.2 release

	Fixed infinite loop when parsing malformed isakmp packets.
	 (reported by iDefense; already fixed in CVS)
	Fixed infinite loop when parsing malformed BGP packets.
	Fixed buffer overflow with certain malformed NFS packets.
	Pretty-print unprintable network names in 802.11 printer.
	Handle truncated nbp (appletalk) packets.
	Updated DHCPv6 printer to match draft-ietf-dhc-dhcpv6-22.txt
	Print IP protocol name even if we don't have a printer for it.
	Print IP protocol name or number for fragments.
	Print the whole MPLS label stack, not just the top label.
	Print request header and file handle for NFS v3 FSINFO and PATHCONF
	 requests.
	Fix NFS packet truncation checks.
	Handle "old" DR-Priority and Bidir-Capable PIM HELLO options.
	Handle unknown RADIUS attributes properly.
	Fix an ASN.1 parsing error that would cause e.g. the OID
	 2.100.3 to be misrepresented as 4.20.3 .

Monday, January 21, 2002. mcr@sandelman.ottawa.on.ca. Summary for 3.7 release
see http://www.tcpdump.org/cvs-log/2002-01-21.10:16:48.html for commit log.
	keyword "ipx" added.
	Better OSI/802.2 support on Linux.
	IEEE 802.11 support, from clenahan@fortresstech.com, achirica@ttd.net.
	LLC SAP support for FDDI/token ring/RFC-1483 style ATM
	BXXP protocol was replaced by the BEEP protocol;
	improvements to SNAP demux.
	Changes to "any" interface documentation.
	Documentation on pcap_stats() counters.
	Fix a memory leak found by Miklos Szeredi - pcap_ether_aton().
	Added MPLS encapsulation decoding per RFC3032.
	DNS dissector handles TKEY, TSIG and IXFR.
	adaptive SLIP interface patch from Igor Khristophorov <igor@atdot.org>
	SMB printing has much improved bounds checks
	OUI 0x0000f8 decoded as encapsulated ethernet for Cisco-custom bridging
	Zephyr support, from Nickolai Zeldovich <kolya@MIT.EDU>.
	Solaris - devices with digits in them. Stefan Hudson <hudson@mbay.net>
	IPX socket 0x85be is for Cisco EIGRP over IPX.
	Improvements to fragmented ESP handling.
	SCTP support from Armando L. Caro Jr. <acaro@mail.eecis.udel.edu>
	Linux ARPHDR_ATM support fixed.
	Added a "netbeui" keyword, which selects NetBEUI packets.
	IPv6 ND improvements, MobileIP dissector, 2292bis-02 for RA option.
	Handle ARPHDR_HDLC from Marcus Felipe Pereira <marcus@task.com.br>.
	Handle IPX socket 0x553 -> NetBIOS-over-IPX socket, "nwlink-dgm"
	Better Linux libc5 compat.
	BIND9 lwres dissector added.
	MIPS and SPARC get strict alignment macros (affects print-bgp.c)
	Apple LocalTalk LINKTYPE_ reserved.
	New time stamp formats documented.
	DHCP6 updated to draft-22.txt spec.
	ICMP types/codes now accept symbolic names.
	Add SIGINFO handler from LBL
	encrypted CIPE tunnels in IRIX, from Franz Schaefer <schaefer@mond.at>.
	now we are -Wstrict-prototype clean.
	NetBSD DLT_PPP_ETHER; adapted from Martin Husemann <martin@netbsd.org>.
	PPPoE dissector cleaned up.
	Support for LocalTalk hardware, from Uns Lider <unslider@miranda.org>.
	In dissector, now the caller prints the IP addresses rather than proto.
	cjclark@alum.mit.edu: print the IP proto for non-initial fragments.
	LLC frames with a DSAP and LSAP of 0xe0 are IPX frames.
	Linux cooked frames with a type value of LINUX_SLL_P_802_3 are IPX.
	captures on the "any" device won't be done in promiscuous mode
	Token Ring support on DLPI - Onno van der Linden <onno@simplex.nl>
	ARCNet support, from NetBSD.
	HSRP dissector, from Julian Cowley <julian@lava.net>.
	Handle (GRE-encapsulated) PPTP
	added -C option to rotate save file every optarg * 1,000,000 bytes.
	support for "vrrp" name - NetBSD, by Klaus Klein <kleink@netbsd.org>.
	PPTP support, from Motonori Shindo <mshindo@mshindo.net>.
	IS-IS over PPP support, from Hannes Gredler <hannes@juniper.net>.
	CNFP support for IPv6,format. Harry Raaymakers <harryr@connect.com.au>.
	ESP printing updated to RFC2406.
	HP-UX can now handle large number of PPAs.
	MSDP printer added.
	L2TP dissector improvements from Motonori Shindo.

Tuesday January 9, 2001. mcr@sandelman.ottawa.on.ca. Summary for 3.6 release
	Cleaned up documentation.
	Promisc mode fixes for Linux
	IPsec changes/cleanups.
	Alignment fixes for picky architectures

	Removed dependency on native headers for packet dissectors.
	Removed Linux specific headers that were shipped

	libpcap changes provide for exchanging capture files between
	  systems. Save files now have well known PACKET_ values instead of
	  depending upon system dependant mappings of DLT_* types.

	Support for computing/checking IP and UDP/TCP checksums.

	Updated autoconf stock files.

	IPv6 improvements: dhcp (draft-15), mobile-ip6, ppp, ospf6,

	Added dissector support for: ISOCLNS, Token Ring, IGMPv3, bxxp,
		timed, vrrp, radius, chdlc, cnfp, cdp, IEEE802.1d, raw-AppleTalk

	Added filtering support for: VLANs, ESIS, ISIS

	Improvements to: print-telnet, IPTalk, bootp/dhcp, ECN, PPP,
		L2TP, PPPoE

	HP-UX 11.0 -- find the right dlpi device.
	Solaris 8 - IPv6 works
	Linux - Added support for an "any" device to capture on all interfaces

	Security fixes: buffer overrun audit done. Strcpy replaced with
		strlcpy, sprintf replaced with snprintf.
	Look for lex problems, and warn about them.


v3.5 Fri Jan 28 18:00:00 PST 2000

Bill Fenner <fenner@research.att.com>
- switch to config.h for autoconf
- unify RCSID strings
- Updated PIMv1, PIMv2, DVMRP, IGMP parsers, add Cisco Auto-RP parser
- Really fix the RIP printer
- Fix MAC address -> name translation.
- some -Wall -Wformat fixes
- update makemib to parse much of SMIv2
- Print TCP sequence # with -vv even if you normally wouldn't
- Print as much of IP/TCP/UDP headers as possible even if truncated.

itojun@iijlab.net
- -X will make a ascii dump.  from netbsd.
- telnet command sequence decoder (ff xx xx).  from netbsd.
- print-bgp.c: improve options printing.  ugly code exists for
  unaligned option parsing (need some fix).
- const poisoning in SMB decoder.
- -Wall -Werror clean checks.
- bring in KAME IPv6/IPsec decoding code.

Assar Westerlund  <assar@sics.se>
- SNMPv2 and SNMPv3 printer
- If compiled with libsmi, tcpdump can load MIBs on the fly to decode
  SNMP packets.
- Incorporate NFS parsing code from NetBSD.  Adds support for nfsv3.
- portability fixes
- permit building in different directories.

Ken Hornstein <kenh@cmf.nrl.navy.mil>
- bring in code at
  /afs/transarc.com/public/afs-contrib/tools/tcpdump for parsing
  AFS3 packets

Andrew Tridgell <tridge@linuxcare.com>
- SMB printing code

Love <lha@stacken.kth.se>
- print-rx.c: add code for printing MakeDir and StoreStatus.  Also
  change date format to the right one.

Michael C. Richardson  <mcr@sandelman.ottawa.on.ca>
- Created tcpdump.org repository

v3.4 Sat Jul 25 12:40:55 PDT 1998

- Hardwire Linux slip support since it's too hard to detect.

- Redo configuration of "network" libraries (-lsocket and -lnsl) to
  deal with IRIX. Thanks to John Hawkinson (jhawk@mit.edu)

- Added -a which tries to translate network and broadcast addresses to
  names. Suggested by Rob van Nieuwkerk (robn@verdi.et.tudelft.nl)

- Added a configure option to disable gcc.

- Added a "raw" packet printer.

- Not having an interface address is no longer fatal. Requested by John
  Hawkinson.

- Rework signal setup to accommodate Linux.

- OSPF truncation check fix. Also display the type of OSPF packets
  using MD5 authentication. Thanks to Brian Wellington
  (bwelling@tis.com)

- Fix truncation check bugs in the Kerberos printer. Reported by Ezra
  Peisach (epeisach@mit.edu)

- Don't catch SIGHUP when invoked with nohup(1). Thanks to Dave Plonka
  (plonka@mfa.com)

- Specify full install target as a way of detecting if install
  directory does not exist. Thanks to Dave Plonka.

- Bit-swap FDDI addresses for BSD/OS too. Thanks to Paul Vixie
  (paul@vix.com)

- Fix off-by-one bug when testing size of ethernet packets. Thanks to
  Marty Leisner (leisner@sdsp.mc.xerox.com)

- Add a local autoconf macro to check for routines in libraries; the
  autoconf version is broken (it only puts the library name in the
  cache variable name). Thanks to John Hawkinson.

- Add a local autoconf macro to check for types; the autoconf version
  is broken (it uses grep instead of actually compiling a code fragment).

- Modified to support the new BSD/OS 2.1 PPP and SLIP link layer header
  formats.

- Extend OSF ip header workaround to versions 1 and 2.

- Fix some signed problems in the nfs printer. As reported by David
  Sacerdote (davids@silence.secnet.com)

- Detect group wheel and use it as the default since BSD/OS' install
  can't hack numeric groups. Reported by David Sacerdote.

- AIX needs special loader options. Thanks to Jonathan I. Kamens
  (jik@cam.ov.com)

- Fixed the nfs printer to print port numbers in decimal. Thanks to
  Kent Vander Velden (graphix@iastate.edu)

- Find installed libpcap in /usr/local/lib when not using gcc.

- Disallow network masks with non-network bits set.

- Attempt to detect "egcs" versions of gcc.

- Add missing closing double quotes when displaying bootp strings.
  Reported by Viet-Trung Luu (vluu@picard.math.uwaterloo.ca)

v3.3 Sat Nov 30 20:56:27 PST 1996

- Added Linux support.

- GRE encapsulated packet printer thanks to John Hawkinson
  (jhawk@mit.edu)

- Rewrite gmt2local() to avoid problematic os dependencies.

- Suppress nfs truncation message on errors.

- Add missing m4 quoting in AC_LBL_UNALIGNED_ACCESS autoconf macro.
  Reported by Joachim Ott (ott@ardala.han.de)

- Enable "ip_hl vs. ip_vhl" workaround for OSF4 too.

- Print arp hardware type in host order. Thanks to Onno van der Linden
  (onno@simplex.nl)

- Avoid solaris compiler warnings. Thanks to Bruce Barnett
  (barnett@grymoire.crd.ge.com)

- Fix rip printer to not print one more route than is actually in the
  packet. Thanks to Jean-Luc Richier (Jean-Luc.Richier@imag.fr) and
  Bill Fenner (fenner@parc.xerox.com)

- Use autoconf endian detection since BYTE_ORDER isn't defined on all systems.

- Fix dvmrp printer truncation checks and add a dvmrp probe printer.
  Thanks to Danny J. Mitzel (mitzel@ipsilon.com)

- Rewrite ospf printer to improve truncation checks.

- Don't parse tcp options past the EOL. As noted by David Sacerdote
  (davids@secnet.com). Also, check tcp options to make sure they ar
  actually in the tcp header (in addition to the normal truncation
  checks). Fix the SACK code to print the N blocks (instead of the
  first block N times).

- Don't say really small UDP packets are truncated just because they
  aren't big enough to be a RPC. As noted by David Sacerdote.

v3.2.1 Sun Jul 14 03:02:26 PDT 1996

- Added rfc1716 icmp codes as suggested by Martin Fredriksson
  (martin@msp.se)

- Print mtu for icmp unreach need frag packets. Thanks to John
  Hawkinson (jhawk@mit.edu)

- Decode icmp router discovery messages. Thanks to Jeffrey Honig
  (jch@bsdi.com)

- Added a printer entry for DLT_IEEE802 as suggested by Tak Kushida
  (kushida@trl.ibm.co.jp)

- Check igmp checksum if possible. Thanks to John Hawkinson.

- Made changes for SINIX. Thanks to Andrej Borsenkow
  (borsenkow.msk@sni.de)

- Use autoconf's idea of the top level directory in install targets.
  Thanks to John Hawkinson.

- Avoid infinite loop in tcp options printing code. Thanks to Jeffrey
  Mogul (mogul@pa.dec.com)

- Avoid using -lsocket in IRIX 5.2 and earlier since it breaks snoop.
  Thanks to John Hawkinson.

- Added some more packet truncation checks.

- On systems that have it, use sigset() instead of signal() since
  signal() has different semantics on these systems.

- Fixed some more alignment problems on the alpha.

- Add code to massage unprintable characters in the domain and ipx
  printers. Thanks to John Hawkinson.

- Added explicit netmask support. Thanks to Steve Nuchia
  (steve@research.oknet.com)

- Add "sca" keyword (for DEC cluster services) as suggested by Terry
  Kennedy (terry@spcvxa.spc.edu)

- Add "atalk" keyword as suggested by John Hawkinson.

- Added an igrp printer. Thanks to Francis Dupont
  (francis.dupont@inria.fr)

- Print IPX net numbers in hex a la Novell Netware. Thanks to Terry
  Kennedy (terry@spcvxa.spc.edu)

- Fixed snmp extended tag field parsing bug. Thanks to Pascal Hennequin
  (pascal.hennequin@hugo.int-evry.fr)

- Added some ETHERTYPEs missing on some systems.

- Added truncated packet macros and various checks.

- Fixed endian problems with the DECnet printer.

- Use $CC when checking gcc version. Thanks to Carl Lindberg
  (carl_lindberg@blacksmith.com)

- Fixes for AIX (although this system is not yet supported). Thanks to
  John Hawkinson.

- Fix bugs in the autoconf misaligned accesses code fragment.

- Include sys/param.h to get BYTE_ORDER in a few places. Thanks to
  Pavlin Ivanov Radoslavov (pavlin@cs.titech.ac.jp)

v3.2 Sun Jun 23 02:28:10 PDT 1996

- Print new icmp unreachable codes as suggested by Martin Fredriksson
  (martin@msp.se). Also print code value when unknown for icmp redirect
  and time exceeded.

- Fix an alignment endian bug in getname(). Thanks to John Hawkinson.

- Define "new" domain record types if not found in arpa/nameserv.h.
  Resulted from a suggestion from John Hawkinson (jhawk@mit.edu). Also
  fixed an endian bug when printing mx record and added some new record
  types.

- Added RIP V2 support. Thanks to Jeffrey Honig (jch@bsdi.com)

- Added T/TCP options printing. As suggested by Richard Stevens
  (rstevens@noao.edu)

- Use autoconf to detect architectures that can't handle misaligned
  accesses.

v3.1 Thu Jun 13 20:59:32 PDT 1996

- Changed u_int32/int32 to u_int32_t/int32_t to be consistent with bsd
  and bind (as suggested by Charles Hannum).

- Port to GNU autoconf.

- Add support for printing DVMRP and PIM traffic thanks to
  Havard Eidnes (Havard.Eidnes@runit.sintef.no).

- Fix AppleTalk, IPX and DECnet byte order problems due to wrong endian
  define being referenced. Reported by Terry Kennedy.

- Minor fixes to the man page thanks to Mark Andrews.

- Endian fixes to RTP and vat packet dumpers, thanks to Bruce Mah
  (bmah@cs.berkeley.edu).

- Added support for new dns types, thanks to Rainer Orth.

- Fixed tftp_print() to print the block number for ACKs.

- Document -dd and -ddd. Resulted from a bug report from Charlie Slater
  (cslater@imatek.com).

- Check return status from malloc/calloc/etc.

- Check return status from pcap_loop() so we can print an error and
  exit with a bad status if there were problems.

- Bail if ip option length is <= 0. Resulted from a bug report from
  Darren Reed (darrenr@vitruvius.arbld.unimelb.edu.au).

- Print out a little more information for sun rpc packets.

- Add suport for Kerberos 4 thanks to John Hawkinson (jhawk@mit.edu).

- Fixed the Fix EXTRACT_SHORT() and EXTRACT_LONG() macros (which were
  wrong on little endian machines).

- Fixed alignment bug in ipx_decode(). Thanks to Matt Crawford
  (crawdad@fnal.gov).

- Fix ntp_print() to not print garbage when the stratum is
  "unspecified." Thanks to Deus Ex Machina (root@belle.bork.com).

- Rewrote tcp options printer code to check for truncation. Added
  selective acknowledgment case.

- Fixed an endian bug in the ospf printer. Thanks to Jeffrey C Honig
  (jch@bsdi.com)

- Fix rip printer to handle 4.4 BSD sockaddr struct which only uses one
  octet for the sa_family member. Thanks to Yoshitaka Tokugawa
  (toku@dit.co.jp)

- Don't checksum ip header if we don't have all of it. Thanks to John
  Hawkinson (jhawk@mit.edu).

- Print out hostnames if possible in egp printer. Thanks to Jeffrey
  Honig (jhc@bsdi.com)


v3.1a1 Wed May  3 19:21:11 PDT 1995

- Include time.h when SVR4 is defined to avoid problems under Solaris
  2.3.

- Fix etheraddr_string() in the ETHER_SERVICE to return the saved
  strings, not the local buffer. Thanks to Stefan Petri
  (petri@ibr.cs.tu-bs.de).

- Detect when pcap raises the snaplen (e.g. with snit). Print a warning
  that the selected value was not used. Thanks to Pascal Hennequin
  (Pascal.Hennequin@hugo.int-evry.fr).

- Add a truncated packet test to print-nfs.c. Thanks to Pascal Hennequin.

- BYTEORDER -> BYTE_ORDER Thanks to Terry Kennedy (terry@spcvxa.spc.edu).

v3.0.3 Sun Oct  1 18:35:00 GMT 1995

- Although there never was a 3.0.3 release, the linux boys cleverly
  "released" one in late 1995.

v3.0.2 Thu Apr 20 21:28:16 PDT 1995

- Change configuration to not use gcc v2 flags with gcc v1.

- Redo gmt2local() so that it works under BSDI (which seems to return
  an empty timezone struct from gettimeofday()). Based on report from
  Terry Kennedy (terry@spcvxa.spc.edu).

- Change configure to recognize IP[0-9]* as "mips" SGI hardware. Based
  on report from Mark Andrews (mandrews@alias.com).

- Don't pass cc flags to gcc. Resulted from a bug report from Rainer
  Orth (ro@techfak.uni-bielefeld.de).

- Fixed printout of connection id for uncompressed tcp slip packets.
  Resulted from a bug report from Richard Stevens (rstevens@noao.edu).

- Hack around deficiency in Ultrix's make.

- Add ETHERTYPE_TRAIL define which is missing from irix5.

v3.0.1 Wed Aug 31 22:42:26 PDT 1994

- Fix problems with gcc2 vs. malloc() and read() prototypes under SunOS 4.

v3.0 Mon Jun 20 19:23:27 PDT 1994

- Added support for printing tcp option timestamps thanks to
  Mark Andrews (mandrews@alias.com).

- Reorganize protocol dumpers to take const pointers to packets so they
  never change the contents (i.e., they used to do endian conversions
  in place).  Previously, whenever more than one pass was taken over
  the packet, the packet contents would be dumped incorrectly (i.e.,
  the output form -x would be wrong on little endian machines because
  the protocol dumpers would modify the data).  Thanks to Charles Hannum
  (mycroft@gnu.ai.mit.edu) for reporting this problem.

- Added support for decnet protocol dumping thanks to Jeff Mogul
  (mogul@pa.dec.com).

- Fix bug that caused length of packet to be incorrectly printed
  (off by ether header size) for unknown ethernet types thanks
  to Greg Miller (gmiller@kayak.mitre.org).

- Added support for IPX protocol dumping thanks to Brad Parker
  (brad@fcr.com).

- Added check to verify IP header checksum under -v thanks to
  Brad Parker (brad@fcr.com).

- Move packet capture code to new libpcap library (which is
  packaged separately).

- Prototype everything and assume an ansi compiler.

- print-arp.c: Print hardware ethernet addresses if they're not
  what we expect.

- print-bootp.c: Decode the cmu vendor field. Add RFC1497 tags.
  Many helpful suggestions from Gordon Ross (gwr@jericho.mc.com).

- print-fddi.c: Improvements. Thanks to Jeffrey Mogul
  (mogul@pa.dec.com).

- print-icmp.c: Byte swap netmask before printing. Thanks to
  Richard Stevens (rstevens@noao.edu). Print icmp type when unknown.

- print-ip.c: Print the inner ip datagram of ip-in-ip encapsulated packets.
  By default, only the inner packet is dumped, appended with the token
  "(encap)".  Under -v, both the inner and output packets are dumped
  (on the same line).  Note that the filter applies to the original packet,
  not the encapsulated packet.  So if you run tcpdump on a net with an
  IP Multicast tunnel, you cannot filter out the datagrams using the
  conventional syntax.  (You can filter away all the ip-in-ip traffic
  with "not ip proto 4".)

- print-nfs.c: Keep pending rpc's in circular table. Add generic
  nfs header and remove os dependences. Thanks to Jeffrey Mogul.

- print-ospf.c: Improvements. Thanks to Jeffrey Mogul.

- tcpdump.c: Add -T flag allows interpretation of "vat", "wb", "rpc"
  (sunrpc) and rtp packets. Added "inbound" and "outbound" keywords
  Add && and || operators

v2.2.1 Tue Jun 6 17:57:22 PDT 1992

- Fix bug with -c flag.

v2.2 Fri May 22 17:19:41 PDT 1992

- savefile.c: Remove hack that shouldn't have been exported. Add
  truncate checks.

- Added the 'icmp' keyword.  For example, 'icmp[0] != 8 and icmp[0] != 0'
  matches non-echo/reply ICMP packets.

- Many improvements to filter code optimizer.

- Added 'multicast' keyword and extended the 'broadcast' keyword can now be
  so that protocol qualifications are allowed. For example, "ip broadcast"
  and "ether multicast" are valid filters.

- Added support for monitoring the loopback interface (i.e. 'tcpdump -i lo').
  Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) contributed the kernel
  patches to netinet/if_loop.c.

- Added support for the Ungermann-Bass Ethernet on IBM/PC-RTs running AOS.
  Contact Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) for the diffs.

- Added EGP and OSPF printers, thanks to Jeffrey Honig.

v2.1 Tue Jan 28 11:00:14 PST 1992

- Internal release (never publically exported).

v2.0.1 Sun Jan 26 21:10:10 PDT

- Various byte ordering fixes.

- Add truncation checks.

- inet.c: Support BSD style SIOCGIFCONF.

- nametoaddr.c: Handle multi addresses for single host.

- optimize.c: Rewritten.

- pcap-bpf.c: don't choke when we get ptraced. only set promiscuous
  for broadcast nets.

- print-atal.c: Fix an alignment bug (thanks to
  stanonik@nprdc.navy.mil) Add missing printf() argument.

- print-bootp.c: First attempt at decoding the vendor buffer.

- print-domain.c: Fix truncation checks.

- print-icmp.c: Calculate length of packets from the ip header.

- print-ip.c: Print frag id in decimal (so it's easier to match up
  with non-frags). Add support for ospf, egp and igmp.

- print-nfs.c: Lots of changes.

- print-ntp.c: Make some verbose output depend on -v.

- print-snmp.c: New version from John LoVerso.

- print-tcp.c: Print rfc1072 tcp options.

- tcpdump.c: Print "0x" prefix for %x formats. Always print 6 digits
  (microseconds) worth of precision. Fix uid bugs.

- A packet dumper has been added (thanks to Jeff Mogul of DECWRL).
  With this option, you can create an architecture independent binary
  trace file in real time, without the overhead of the packet printer.
  At a later time, the packets can be filtered (again) and printed.

- BSD is supported.  You must have BPF in your kernel.
  Since the filtering is now done in the kernel, fewer packets are
  dropped.  In fact, with BPF and the packet dumper option, a measly
  Sun 3/50 can keep up with a busy network.

- Compressed SLIP packets can now be dumped, provided you use our
  SLIP software and BPF.  These packets are dumped as any other IP
  packet; the compressed headers are dumped with the '-e' option.

- Machines with little-endian byte ordering are supported (thanks to
  Jeff Mogul).

- Ultrix 4.0 is supported (also thanks to Jeff Mogul).

- IBM RT and Stanford Enetfilter support has been added by
  Rayan Zachariassen <rayan@canet.ca>.  Tcpdump has been tested under
  both the vanilla Enetfilter interface, and the extended interface
  (#ifdef'd by IBMRTPC) present in the MERIT version of the Enetfilter.

- TFTP packets are now printed (requests only).

- BOOTP packets are now printed.

- SNMP packets are now printed. (thanks to John LoVerso of Xylogics).

- Sparc architectures, including the Sparcstation-1, are now
  supported thanks to Steve McCanne and Craig Leres.

- SunOS 4 is now supported thanks to Micky Liu of Columbia
  University (micky@cunixc.cc.columbia.edu).

- IP options are now printed.

- RIP packets are now printed.

- There's a -v flag that prints out more information than the
  default (e.g., it will enable printing of IP ttl, tos and id)
  and -q flag that prints out less (e.g., it will disable
  interpretation of AppleTalk-in-UDP).

- The grammar has undergone substantial changes (if you have an
  earlier version of tcpdump, you should re-read the manual
  entry).

  The most useful change is the addition of an expression
  syntax that lets you filter on arbitrary fields or values in the
  packet.  E.g., "ip[0] > 0x45" would print only packets with IP
  options, "tcp[13] & 3 != 0" would print only TCP SYN and FIN
  packets.

  The most painful change is that concatenation no longer means
  "and" -- e.g., you have to say "host foo and port bar" instead
  of "host foo port bar".  The up side to this down is that
  repeated qualifiers can be omitted, making most filter
  expressions shorter.  E.g., you can now say "ip host foo and
  (bar or baz)" to look at ip traffic between hosts foo and bar or
  between hosts foo and baz.  [The old way of saying this was "ip
  host foo and (ip host bar or ip host baz)".]

v2.0 Sun Jan 13 12:20:40 PST 1991

- Initial public release.