xref: /freebsd/contrib/tcpdump/CHANGES (revision 5521ff5a4d1929056e7ffc982fac3341ca54df7c) 
1$Header: /tcpdump/master/tcpdump/CHANGES,v 1.79 2001/01/10 20:13:58 mcr Exp $
2
3Tuesday January 9, 2001. mcr@sandelman.ottawa.on.ca. Summary for 3.6 release
4	Cleaned up documentation.
5	Promisc mode fixes for Linux
6	IPsec changes/cleanups.
7	Alignment fixes for picky architectures
8
9	Removed dependency on native headers for packet dissectors.
10	Removed Linux specific headers that were shipped
11
12	libpcap changes provide for exchanging capture files between
13	  systems. Save files now have well known PACKET_ values instead of
14	  depending upon system dependant mappings of DLT_* types.
15
16	Support for computing/checking IP and UDP/TCP checksums.
17
18	Updated autoconf stock files.
19
20	IPv6 improvements: dhcp (draft-15), mobile-ip6, ppp, ospf6,
21
22	Added dissector support for: ISOCLNS, Token Ring, IGMPv3, bxxp,
23		timed, vrrp, radius, chdlc, cnfp, cdp, IEEE802.1d, raw-AppleTalk
24
25	Added filtering support for: VLANs, ESIS, ISIS
26
27	Improvements to: print-telnet, IPTalk, bootp/dhcp, ECN, PPP,
28		L2TP, PPPoE
29
30	HP-UX 11.0 -- find the right dlpi device.
31	Solaris 8 - IPv6 works
32	Linux - Added support for an "any" device to capture on all interfaces
33
34	Security fixes: buffer overrun audit done. Strcpy replaced with
35		strlcpy, sprintf replaced with snprintf.
36	Look for lex problems, and warn about them.
37
38
39v3.5 Fri Jan 28 18:00:00 PST 2000
40
41Bill Fenner <fenner@research.att.com>
42- switch to config.h for autoconf
43- unify RCSID strings
44- Updated PIMv1, PIMv2, DVMRP, IGMP parsers, add Cisco Auto-RP parser
45- Really fix the RIP printer
46- Fix MAC address -> name translation.
47- some -Wall -Wformat fixes
48- update makemib to parse much of SMIv2
49- Print TCP sequence # with -vv even if you normally wouldn't
50- Print as much of IP/TCP/UDP headers as possible even if truncated.
51
52itojun@iijlab.net
53- -X will make a ascii dump.  from netbsd.
54- telnet command sequence decoder (ff xx xx).  from netbsd.
55- print-bgp.c: improve options printing.  ugly code exists for
56  unaligned option parsing (need some fix).
57- const poisoning in SMB decoder.
58- -Wall -Werror clean checks.
59- bring in KAME IPv6/IPsec decoding code.
60
61Assar Westerlund  <assar@sics.se>
62- SNMPv2 and SNMPv3 printer
63- If compiled with libsmi, tcpdump can load MIBs on the fly to decode
64  SNMP packets.
65- Incorporate NFS parsing code from NetBSD.  Adds support for nfsv3.
66- portability fixes
67- permit building in different directories.
68
69Ken Hornstein <kenh@cmf.nrl.navy.mil>
70- bring in code at
71  /afs/transarc.com/public/afs-contrib/tools/tcpdump for parsing
72  AFS3 packets
73
74Andrew Tridgell <tridge@linuxcare.com>
75- SMB printing code
76
77Love <lha@stacken.kth.se>
78- print-rx.c: add code for printing MakeDir and StoreStatus.  Also
79  change date format to the right one.
80
81Michael C. Richardson  <mcr@sandelman.ottawa.on.ca>
82- Created tcpdump.org repository
83
84v3.4 Sat Jul 25 12:40:55 PDT 1998
85
86- Hardwire Linux slip support since it's too hard to detect.
87
88- Redo configuration of "network" libraries (-lsocket and -lnsl) to
89  deal with IRIX. Thanks to John Hawkinson (jhawk@mit.edu)
90
91- Added -a which tries to translate network and broadcast addresses to
92  names. Suggested by Rob van Nieuwkerk (robn@verdi.et.tudelft.nl)
93
94- Added a configure option to disable gcc.
95
96- Added a "raw" packet printer.
97
98- Not having an interface address is no longer fatal. Requested by John
99  Hawkinson.
100
101- Rework signal setup to accommodate Linux.
102
103- OSPF truncation check fix. Also display the type of OSPF packets
104  using MD5 authentication. Thanks to Brian Wellington
105  (bwelling@tis.com)
106
107- Fix truncation check bugs in the Kerberos printer. Reported by Ezra
108  Peisach (epeisach@mit.edu)
109
110- Don't catch SIGHUP when invoked with nohup(1). Thanks to Dave Plonka
111  (plonka@mfa.com)
112
113- Specify full install target as a way of detecting if install
114  directory does not exist. Thanks to Dave Plonka.
115
116- Bit-swap FDDI addresses for BSD/OS too. Thanks to Paul Vixie
117  (paul@vix.com)
118
119- Fix off-by-one bug when testing size of ethernet packets. Thanks to
120  Marty Leisner (leisner@sdsp.mc.xerox.com)
121
122- Add a local autoconf macro to check for routines in libraries; the
123  autoconf version is broken (it only puts the library name in the
124  cache variable name). Thanks to John Hawkinson.
125
126- Add a local autoconf macro to check for types; the autoconf version
127  is broken (it uses grep instead of actually compiling a code fragment).
128
129- Modified to support the new BSD/OS 2.1 PPP and SLIP link layer header
130  formats.
131
132- Extend OSF ip header workaround to versions 1 and 2.
133
134- Fix some signed problems in the nfs printer. As reported by David
135  Sacerdote (davids@silence.secnet.com)
136
137- Detect group wheel and use it as the default since BSD/OS' install
138  can't hack numeric groups. Reported by David Sacerdote.
139
140- AIX needs special loader options. Thanks to Jonathan I. Kamens
141  (jik@cam.ov.com)
142
143- Fixed the nfs printer to print port numbers in decimal. Thanks to
144  Kent Vander Velden (graphix@iastate.edu)
145
146- Find installed libpcap in /usr/local/lib when not using gcc.
147
148- Disallow network masks with non-network bits set.
149
150- Attempt to detect "egcs" versions of gcc.
151
152- Add missing closing double quotes when displaying bootp strings.
153  Reported by Viet-Trung Luu (vluu@picard.math.uwaterloo.ca)
154
155v3.3 Sat Nov 30 20:56:27 PST 1996
156
157- Added Linux support.
158
159- GRE encapsulated packet printer thanks to John Hawkinson
160  (jhawk@mit.edu)
161
162- Rewrite gmt2local() to avoid problematic os dependencies.
163
164- Suppress nfs truncation message on errors.
165
166- Add missing m4 quoting in AC_LBL_UNALIGNED_ACCESS autoconf macro.
167  Reported by Joachim Ott (ott@ardala.han.de)
168
169- Enable "ip_hl vs. ip_vhl" workaround for OSF4 too.
170
171- Print arp hardware type in host order. Thanks to Onno van der Linden
172  (onno@simplex.nl)
173
174- Avoid solaris compiler warnings. Thanks to Bruce Barnett
175  (barnett@grymoire.crd.ge.com)
176
177- Fix rip printer to not print one more route than is actually in the
178  packet. Thanks to Jean-Luc Richier (Jean-Luc.Richier@imag.fr) and
179  Bill Fenner (fenner@parc.xerox.com)
180
181- Use autoconf endian detection since BYTE_ORDER isn't defined on all systems.
182
183- Fix dvmrp printer truncation checks and add a dvmrp probe printer.
184  Thanks to Danny J. Mitzel (mitzel@ipsilon.com)
185
186- Rewrite ospf printer to improve truncation checks.
187
188- Don't parse tcp options past the EOL. As noted by David Sacerdote
189  (davids@secnet.com). Also, check tcp options to make sure they ar
190  actually in the tcp header (in addition to the normal truncation
191  checks). Fix the SACK code to print the N blocks (instead of the
192  first block N times).
193
194- Don't say really small UDP packets are truncated just because they
195  aren't big enough to be a RPC. As noted by David Sacerdote.
196
197v3.2.1 Sun Jul 14 03:02:26 PDT 1996
198
199- Added rfc1716 icmp codes as suggested by Martin Fredriksson
200  (martin@msp.se)
201
202- Print mtu for icmp unreach need frag packets. Thanks to John
203  Hawkinson (jhawk@mit.edu)
204
205- Decode icmp router discovery messages. Thanks to Jeffrey Honig
206  (jch@bsdi.com)
207
208- Added a printer entry for DLT_IEEE802 as suggested by Tak Kushida
209  (kushida@trl.ibm.co.jp)
210
211- Check igmp checksum if possible. Thanks to John Hawkinson.
212
213- Made changes for SINIX. Thanks to Andrej Borsenkow
214  (borsenkow.msk@sni.de)
215
216- Use autoconf's idea of the top level directory in install targets.
217  Thanks to John Hawkinson.
218
219- Avoid infinite loop in tcp options printing code. Thanks to Jeffrey
220  Mogul (mogul@pa.dec.com)
221
222- Avoid using -lsocket in IRIX 5.2 and earlier since it breaks snoop.
223  Thanks to John Hawkinson.
224
225- Added some more packet truncation checks.
226
227- On systems that have it, use sigset() instead of signal() since
228  signal() has different semantics on these systems.
229
230- Fixed some more alignment problems on the alpha.
231
232- Add code to massage unprintable characters in the domain and ipx
233  printers. Thanks to John Hawkinson.
234
235- Added explicit netmask support. Thanks to Steve Nuchia
236  (steve@research.oknet.com)
237
238- Add "sca" keyword (for DEC cluster services) as suggested by Terry
239  Kennedy (terry@spcvxa.spc.edu)
240
241- Add "atalk" keyword as suggested by John Hawkinson.
242
243- Added an igrp printer. Thanks to Francis Dupont
244  (francis.dupont@inria.fr)
245
246- Print IPX net numbers in hex a la Novell Netware. Thanks to Terry
247  Kennedy (terry@spcvxa.spc.edu)
248
249- Fixed snmp extended tag field parsing bug. Thanks to Pascal Hennequin
250  (pascal.hennequin@hugo.int-evry.fr)
251
252- Added some ETHERTYPEs missing on some systems.
253
254- Added truncated packet macros and various checks.
255
256- Fixed endian problems with the DECnet printer.
257
258- Use $CC when checking gcc version. Thanks to Carl Lindberg
259  (carl_lindberg@blacksmith.com)
260
261- Fixes for AIX (although this system is not yet supported). Thanks to
262  John Hawkinson.
263
264- Fix bugs in the autoconf misaligned accesses code fragment.
265
266- Include sys/param.h to get BYTE_ORDER in a few places. Thanks to
267  Pavlin Ivanov Radoslavov (pavlin@cs.titech.ac.jp)
268
269v3.2 Sun Jun 23 02:28:10 PDT 1996
270
271- Print new icmp unreachable codes as suggested by Martin Fredriksson
272  (martin@msp.se). Also print code value when unknown for icmp redirect
273  and time exceeded.
274
275- Fix an alignment endian bug in getname(). Thanks to John Hawkinson.
276
277- Define "new" domain record types if not found in arpa/nameserv.h.
278  Resulted from a suggestion from John Hawkinson (jhawk@mit.edu). Also
279  fixed an endian bug when printing mx record and added some new record
280  types.
281
282- Added RIP V2 support. Thanks to Jeffrey Honig (jch@bsdi.com)
283
284- Added T/TCP options printing. As suggested by Richard Stevens
285  (rstevens@noao.edu)
286
287- Use autoconf to detect architectures that can't handle misaligned
288  accesses.
289
290v3.1 Thu Jun 13 20:59:32 PDT 1996
291
292- Changed u_int32/int32 to u_int32_t/int32_t to be consistent with bsd
293  and bind (as suggested by Charles Hannum).
294
295- Port to GNU autoconf.
296
297- Add support for printing DVMRP and PIM traffic thanks to
298  Havard Eidnes (Havard.Eidnes@runit.sintef.no).
299
300- Fix AppleTalk, IPX and DECnet byte order problems due to wrong endian
301  define being referenced. Reported by Terry Kennedy.
302
303- Minor fixes to the man page thanks to Mark Andrews.
304
305- Endian fixes to RTP and vat packet dumpers, thanks to Bruce Mah
306  (bmah@cs.berkeley.edu).
307
308- Added support for new dns types, thanks to Rainer Orth.
309
310- Fixed tftp_print() to print the block number for ACKs.
311
312- Document -dd and -ddd. Resulted from a bug report from Charlie Slater
313  (cslater@imatek.com).
314
315- Check return status from malloc/calloc/etc.
316
317- Check return status from pcap_loop() so we can print an error and
318  exit with a bad status if there were problems.
319
320- Bail if ip option length is <= 0. Resulted from a bug report from
321  Darren Reed (darrenr@vitruvius.arbld.unimelb.edu.au).
322
323- Print out a little more information for sun rpc packets.
324
325- Add suport for Kerberos 4 thanks to John Hawkinson (jhawk@mit.edu).
326
327- Fixed the Fix EXTRACT_SHORT() and EXTRACT_LONG() macros (which were
328  wrong on little endian machines).
329
330- Fixed alignment bug in ipx_decode(). Thanks to Matt Crawford
331  (crawdad@fnal.gov).
332
333- Fix ntp_print() to not print garbage when the stratum is
334  "unspecified." Thanks to Deus Ex Machina (root@belle.bork.com).
335
336- Rewrote tcp options printer code to check for truncation. Added
337  selective acknowledgment case.
338
339- Fixed an endian bug in the ospf printer. Thanks to Jeffrey C Honig
340  (jch@bsdi.com)
341
342- Fix rip printer to handle 4.4 BSD sockaddr struct which only uses one
343  octet for the sa_family member. Thanks to Yoshitaka Tokugawa
344  (toku@dit.co.jp)
345
346- Don't checksum ip header if we don't have all of it. Thanks to John
347  Hawkinson (jhawk@mit.edu).
348
349- Print out hostnames if possible in egp printer. Thanks to Jeffrey
350  Honig (jhc@bsdi.com)
351
352
353v3.1a1 Wed May  3 19:21:11 PDT 1995
354
355- Include time.h when SVR4 is defined to avoid problems under Solaris
356  2.3.
357
358- Fix etheraddr_string() in the ETHER_SERVICE to return the saved
359  strings, not the local buffer. Thanks to Stefan Petri
360  (petri@ibr.cs.tu-bs.de).
361
362- Detect when pcap raises the snaplen (e.g. with snit). Print a warning
363  that the selected value was not used. Thanks to Pascal Hennequin
364  (Pascal.Hennequin@hugo.int-evry.fr).
365
366- Add a truncated packet test to print-nfs.c. Thanks to Pascal Hennequin.
367
368- BYTEORDER -> BYTE_ORDER Thanks to Terry Kennedy (terry@spcvxa.spc.edu).
369
370v3.0.3 Sun Oct  1 18:35:00 GMT 1995
371
372- Although there never was a 3.0.3 release, the linux boys cleverly
373  "released" one in late 1995.
374
375v3.0.2 Thu Apr 20 21:28:16 PDT 1995
376
377- Change configuration to not use gcc v2 flags with gcc v1.
378
379- Redo gmt2local() so that it works under BSDI (which seems to return
380  an empty timezone struct from gettimeofday()). Based on report from
381  Terry Kennedy (terry@spcvxa.spc.edu).
382
383- Change configure to recognize IP[0-9]* as "mips" SGI hardware. Based
384  on report from Mark Andrews (mandrews@alias.com).
385
386- Don't pass cc flags to gcc. Resulted from a bug report from Rainer
387  Orth (ro@techfak.uni-bielefeld.de).
388
389- Fixed printout of connection id for uncompressed tcp slip packets.
390  Resulted from a bug report from Richard Stevens (rstevens@noao.edu).
391
392- Hack around deficiency in Ultrix's make.
393
394- Add ETHERTYPE_TRAIL define which is missing from irix5.
395
396v3.0.1 Wed Aug 31 22:42:26 PDT 1994
397
398- Fix problems with gcc2 vs. malloc() and read() prototypes under SunOS 4.
399
400v3.0 Mon Jun 20 19:23:27 PDT 1994
401
402- Added support for printing tcp option timestamps thanks to
403  Mark Andrews (mandrews@alias.com).
404
405- Reorganize protocol dumpers to take const pointers to packets so they
406  never change the contents (i.e., they used to do endian conversions
407  in place).  Previously, whenever more than one pass was taken over
408  the packet, the packet contents would be dumped incorrectly (i.e.,
409  the output form -x would be wrong on little endian machines because
410  the protocol dumpers would modify the data).  Thanks to Charles Hannum
411  (mycroft@gnu.ai.mit.edu) for reporting this problem.
412
413- Added support for decnet protocol dumping thanks to Jeff Mogul
414  (mogul@pa.dec.com).
415
416- Fix bug that caused length of packet to be incorrectly printed
417  (off by ether header size) for unknown ethernet types thanks
418  to Greg Miller (gmiller@kayak.mitre.org).
419
420- Added support for IPX protocol dumping thanks to Brad Parker
421  (brad@fcr.com).
422
423- Added check to verify IP header checksum under -v thanks to
424  Brad Parker (brad@fcr.com).
425
426- Move packet capture code to new libpcap library (which is
427  packaged separately).
428
429- Prototype everything and assume an ansi compiler.
430
431- print-arp.c: Print hardware ethernet addresses if they're not
432  what we expect.
433
434- print-bootp.c: Decode the cmu vendor field. Add RFC1497 tags.
435  Many helpful suggestions from Gordon Ross (gwr@jericho.mc.com).
436
437- print-fddi.c: Improvements. Thanks to Jeffrey Mogul
438  (mogul@pa.dec.com).
439
440- print-icmp.c: Byte swap netmask before printing. Thanks to
441  Richard Stevens (rstevens@noao.edu). Print icmp type when unknown.
442
443- print-ip.c: Print the inner ip datagram of ip-in-ip encapsulated packets.
444  By default, only the inner packet is dumped, appended with the token
445  "(encap)".  Under -v, both the inner and output packets are dumped
446  (on the same line).  Note that the filter applies to the original packet,
447  not the encapsulated packet.  So if you run tcpdump on a net with an
448  IP Multicast tunnel, you cannot filter out the datagrams using the
449  conventional syntax.  (You can filter away all the ip-in-ip traffic
450  with "not ip proto 4".)
451
452- print-nfs.c: Keep pending rpc's in circular table. Add generic
453  nfs header and remove os dependences. Thanks to Jeffrey Mogul.
454
455- print-ospf.c: Improvements. Thanks to Jeffrey Mogul.
456
457- tcpdump.c: Add -T flag allows interpretation of "vat", "wb", "rpc"
458  (sunrpc) and rtp packets. Added "inbound" and "outbound" keywords
459  Add && and || operators
460
461v2.2.1 Tue Jun 6 17:57:22 PDT 1992
462
463- Fix bug with -c flag.
464
465v2.2 Fri May 22 17:19:41 PDT 1992
466
467- savefile.c: Remove hack that shouldn't have been exported. Add
468  truncate checks.
469
470- Added the 'icmp' keyword.  For example, 'icmp[0] != 8 and icmp[0] != 0'
471  matches non-echo/reply ICMP packets.
472
473- Many improvements to filter code optimizer.
474
475- Added 'multicast' keyword and extended the 'broadcast' keyword can now be
476  so that protocol qualifications are allowed. For example, "ip broadcast"
477  and "ether multicast" are valid filters.
478
479- Added support for monitoring the loopback interface (i.e. 'tcpdump -i lo').
480  Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) contributed the kernel
481  patches to netinet/if_loop.c.
482
483- Added support for the Ungermann-Bass Ethernet on IBM/PC-RTs running AOS.
484  Contact Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) for the diffs.
485
486- Added EGP and OSPF printers, thanks to Jeffrey Honig.
487
488v2.1 Tue Jan 28 11:00:14 PST 1992
489
490- Internal release (never publically exported).
491
492v2.0.1 Sun Jan 26 21:10:10 PDT
493
494- Various byte ordering fixes.
495
496- Add truncation checks.
497
498- inet.c: Support BSD style SIOCGIFCONF.
499
500- nametoaddr.c: Handle multi addresses for single host.
501
502- optimize.c: Rewritten.
503
504- pcap-bpf.c: don't choke when we get ptraced. only set promiscuous
505  for broadcast nets.
506
507- print-atal.c: Fix an alignment bug (thanks to
508  stanonik@nprdc.navy.mil) Add missing printf() argument.
509
510- print-bootp.c: First attempt at decoding the vendor buffer.
511
512- print-domain.c: Fix truncation checks.
513
514- print-icmp.c: Calculate length of packets from the ip header.
515
516- print-ip.c: Print frag id in decimal (so it's easier to match up
517  with non-frags). Add support for ospf, egp and igmp.
518
519- print-nfs.c: Lots of changes.
520
521- print-ntp.c: Make some verbose output depend on -v.
522
523- print-snmp.c: New version from John LoVerso.
524
525- print-tcp.c: Print rfc1072 tcp options.
526
527- tcpdump.c: Print "0x" prefix for %x formats. Always print 6 digits
528  (microseconds) worth of precision. Fix uid bugs.
529
530- A packet dumper has been added (thanks to Jeff Mogul of DECWRL).
531  With this option, you can create an architecture independent binary
532  trace file in real time, without the overhead of the packet printer.
533  At a later time, the packets can be filtered (again) and printed.
534
535- BSD is supported.  You must have BPF in your kernel.
536  Since the filtering is now done in the kernel, fewer packets are
537  dropped.  In fact, with BPF and the packet dumper option, a measly
538  Sun 3/50 can keep up with a busy network.
539
540- Compressed SLIP packets can now be dumped, provided you use our
541  SLIP software and BPF.  These packets are dumped as any other IP
542  packet; the compressed headers are dumped with the '-e' option.
543
544- Machines with little-endian byte ordering are supported (thanks to
545  Jeff Mogul).
546
547- Ultrix 4.0 is supported (also thanks to Jeff Mogul).
548
549- IBM RT and Stanford Enetfilter support has been added by
550  Rayan Zachariassen <rayan@canet.ca>.  Tcpdump has been tested under
551  both the vanilla Enetfilter interface, and the extended interface
552  (#ifdef'd by IBMRTPC) present in the MERIT version of the Enetfilter.
553
554- TFTP packets are now printed (requests only).
555
556- BOOTP packets are now printed.
557
558- SNMP packets are now printed. (thanks to John LoVerso of Xylogics).
559
560- Sparc architectures, including the Sparcstation-1, are now
561  supported thanks to Steve McCanne and Craig Leres.
562
563- SunOS 4 is now supported thanks to Micky Liu of Columbia
564  University (micky@cunixc.cc.columbia.edu).
565
566- IP options are now printed.
567
568- RIP packets are now printed.
569
570- There's a -v flag that prints out more information than the
571  default (e.g., it will enable printing of IP ttl, tos and id)
572  and -q flag that prints out less (e.g., it will disable
573  interpretation of AppleTalk-in-UDP).
574
575- The grammar has undergone substantial changes (if you have an
576  earlier version of tcpdump, you should re-read the manual
577  entry).
578
579  The most useful change is the addition of an expression
580  syntax that lets you filter on arbitrary fields or values in the
581  packet.  E.g., "ip[0] > 0x45" would print only packets with IP
582  options, "tcp[13] & 3 != 0" would print only TCP SYN and FIN
583  packets.
584
585  The most painful change is that concatenation no longer means
586  "and" -- e.g., you have to say "host foo and port bar" instead
587  of "host foo port bar".  The up side to this down is that
588  repeated qualifiers can be omitted, making most filter
589  expressions shorter.  E.g., you can now say "ip host foo and
590  (bar or baz)" to look at ip traffic between hosts foo and bar or
591  between hosts foo and baz.  [The old way of saying this was "ip
592  host foo and (ip host bar or ip host baz)".]
593
594v2.0 Sun Jan 13 12:20:40 PST 1991
595
596- Initial public release.
597
598@(#) $Header: /tcpdump/master/tcpdump/CHANGES,v 1.79 2001/01/10 20:13:58 mcr Exp $ (LBL)
599