xref: /freebsd/contrib/tcpdump/CHANGES (revision 5ca8e32633c4ffbbcd6762e5888b6a4ba0708c6c)
1Friday, April 7, 2023 / The Tcpdump Group
2  Summary for 4.99.4 tcpdump release
3    Source code:
4      Fix spaces before tabs in indentation.
5    Updated printers:
6      LSP ping: Fix "Unused value" warnings from Coverity.
7      CVE-2023-1801: Fix an out-of-bounds write in the SMB printer.
8      DNS: sync resource types with IANA.
9      ICMPv6: Update the output to show a RPL DAO field name.
10      Geneve: Fix the Geneve UDP port test.
11    Building and testing:
12      Require at least autoconf 2.69.
13      Don't check for strftime(), as it's in C90 and beyond.
14      Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21.
15    Documentation:
16      man: Document TCP flag names better.
17
18Thursday, January 12, 2023 / The Tcpdump Group
19  Summary for 4.99.3 tcpdump release
20    Updated printers:
21      PTP: Use the proper values for the control field and print un-allocated
22        values for the message field as "Reserved" instead of "none".
23    Source code:
24      smbutil.c: Replace obsolete function call (asctime)
25    Building and testing:
26      cmake: Update the minimum required version to 2.8.12 (except Windows).
27      CI: Introduce and use TCPDUMP_CMAKE_TAINTED.
28      Makefile.in: Add the releasecheck target.
29      Makefile.in: Add "make -s install" in the releasecheck target.
30      Cirrus CI: Run the "make releasecheck" command in the Linux task.
31      Makefile.in: Add the whitespacecheck target.
32      Cirrus CI: Run the "make whitespacecheck" command in the Linux task.
33      Address all shellcheck warnings in update-test.sh.
34      Makefile.in: Get rid of a remain of gnuc.h.
35    Documentation:
36      Reformat the installation notes (INSTALL.txt) in Markdown.
37      Convert CONTRIBUTING to Markdown.
38      CONTRIBUTING.md: Document the use of "protocol: " in a commit summary.
39      Add a README file for NetBSD.
40      Fix CMake build to set man page section numbers in tcpdump.1
41
42Saturday, December 31, 2022 / The Tcpdump Group
43  Summary for 4.99.2 tcpdump release
44    Updated printers:
45      BGP: Update cease notification decoding to RFC 9003.
46      BGP: decode BGP link-bandwidth extended community properly.
47      BGP: Fix parsing the AIGP attribute
48      BGP: make sure the path attributes don't go past the end of the packet.
49      BGP: Shutdown message can be up to 255 bytes length according to rfc9003
50      DSA: correctly determine VID.
51      EAP: fix some length checks and output issues.
52      802.11: Fix the misleading comment regarding "From DS", "To DS" Frame
53        Control Flags.
54      802.11: Fetch the CF and TIM IEs a field at a time.
55      802.15.4, BGP, LISP: fix some length checks, compiler warnings,
56        and undefined behavior warnings.
57      PFLOG: handle LINKTYPE_PFLOG/DLT_PFLOG files from all OSes on all
58        OSes.
59      RRCP: support more Realtek protocols than just RRCP.
60      MPLS: show the EXP field as TC, as per RFC 5462.
61      ICMP: redo MPLS Extension code as general ICMP Extension code.
62      VQP: Do not print unknown error codes twice.
63      Juniper: Add some bounds checks.
64      Juniper: Don't treat known DLT_ types as "Unknown".
65      lwres: Fix a length check, update a variable type.
66      EAP: Fix some undefined behaviors at runtime.
67      Ethernet: Rework the length checks, add a length check.
68      IPX: Add two length checks.
69      Zephyr: Avoid printing non-ASCII characters.
70      VRRP: Print the protocol name before any GET_().
71      DCCP: Get rid of trailing commas in lists.
72      Juniper: Report invalid packets as invalid, not truncated.
73      IPv6: Remove an obsolete code in an always-false #if wrapper.
74      ISAKMP: Use GET_U_1() to replace a direct dereference.
75      RADIUS: Use GET_U_1() to replace a direct dereference.
76      TCP: Fix an invalid check.
77      RESP: Fix an invalid check.
78      RESP: Remove an unnecessary test.
79      Arista: Refine the output format and print HwInfo.
80      sFlow: add support for IPv6 agent, add a length check.
81      VRRP: add support for IPv6.
82      OSPF: Update to match the Router Properties registry.
83      OSPF: Remove two unnecessary dereferences.
84      OSPF: Add support bit Nt RFC3101.
85      OSPFv3: Remove two unnecessary dereferences.
86      ICMPv6: Fix output for Router Renumbering messages.
87      ICMPv6: Fix the Node Information flags.
88      ICMPv6: Remove an unused macro and extra blank lines.
89      ICMPv6: Add a length check in the rpl_dio_print() function.
90      ICMPv6: Use GET_IP6ADDR_STRING() in the rpl_dio_print() function.
91      IPv6: Add some checks for the Hop-by-Hop Options header
92      IPv6: Add a check for the Jumbo Payload Hop-by-Hop option.
93      NFS: Fix the format for printing an unsigned int
94      PTP: fix printing of the correction fields
95      PTP: Use ND_LCHECK_U for checking invalid length.
96      WHOIS: Add its own printer source file and printer function
97      MPTCP: print length before subtype inside MPTCP options
98      ESP: Add a workaround to a "use-of-uninitialized-value".
99      PPP: Add tests to avoid incorrectly re-entering ppp_hdlc().
100      PPP: Don't process further if protocol is unknown (-e option).
101      PPP: Change the pointer to packet data.
102      ZEP: Add three length checks.
103      Add some const qualifiers.
104    Building and testing:
105      Update config.guess and config.sub.
106      Use AS_HELP_STRING macro instead of AC_HELP_STRING.
107      Handle some Autoconf/make errors better.
108      Fix an error when cross-compiling.
109      Use "git archive" for the "make releasetar" process.
110      Remove the release candidate rcX targets.
111      Mend "make check" on Solaris 9 with Autoconf.
112      Address assorted compiler warnings.
113      Fix auto-enabling of Capsicum on FreeBSD with Autoconf.
114      Treat "msys" as Windows for test exit statuses.
115      Clean up some help messages in configure.
116      Use unified diff by default.
117      Remove awk code from mkdep.
118      Fix configure test errors with Clang 15
119      CMake: Prevent stripping of the RPATH on installation.
120      AppVeyor CI: update Npcap site, update to 1.12 SDK.
121      Cirrus CI: Use the same configuration as for the main branch.
122      CI: Add back running tcpdump -J/-L and capture, now with Cirrus VMs.
123      Remove four test files (They are now in the libpcap tests directory).
124      On Solaris, for 64-bit builds, use the 64-bit pcap-config.
125      Tell CMake not to check for a C++ compiler.
126      CMake: Add a way to request -Werror and equivalents.
127      configure: Special-case macOS /usr/bin/pcap-config as we do in CMake.
128      configure: Use pcap-config --static-pcap-only if available.
129      configure: Use ac_c_werror_flag to force unknown compiler flags to fail.
130      configure: Use AC_COMPILE_IFELSE() and AC_LANG_SOURCE() for testing
131        flags.
132      Run the test that fails on OpenBSD only if we're not on OpenBSD.
133    Source code:
134      Fix some snapend-changing routines to protect against pointer
135        underflow.
136      Use __func__ from C99 in some function calls.
137      Memory allocator: Update nd_add_alloc_list() to a static function.
138      addrtoname.c: Fix two invalid tests.
139      Use more S_SUCCESS and S_ERR_HOST_PROGRAM in main().
140      Add some comments about "don't use GET_IP6ADDR_STRING()".
141      Assign ndo->ndo_packetp in pretty_print_packet().
142      Add ND_LCHECKMSG_U, ND_LCHECK_U, ND_LCHECKMSG_ZU and ND_LCHECK_ZU macros.
143      Update tok2strbuf() to a static function.
144      netdissect.h: Keep the link-layer dissectors names sorted.
145      setsignal(): Set SA_RESTART on non-lethal signals (REQ_INFO, FLUSH_PCAP)
146        to avoid corrupting binary pcap output.
147      Use __builtin_unreachable().
148      Fail if nd_push_buffer() or nd_push_snaplen() fails.
149      Improve code style and fix many typos.
150    Documentation:
151      Some man page cleanups.
152      Update the print interface for the packet count to stdout.
153      Note that we require compilers to support at least some of C99.
154      Update AIX and Solaris-related specifics.
155      INSTALL.txt: Add doc/README.*, delete the deleted win32 directory.
156      Update README.md and README.Win32.md.
157      Update some comments with new RFC numbers.
158
159Wednesday, June 9, 2021 by gharris
160  Summary for 4.99.1 tcpdump release
161    Source code:
162      Squelch some compiler warnings
163      ICMP: Update the snapend for some nested IP packets.
164      MACsec: Update the snapend thus the ICV field is not payload
165        for the caller.
166      EIGRP: Fix packet header fields
167      SMB: Disable printer by default in CMake builds
168      OLSR: Print the protocol name even if the packet is invalid
169      MSDP: Print ": " before the protocol name
170      ESP: Remove padding, padding length and next header from the buffer
171      DHCPv6: Update the snapend for nested DHCPv6 packets
172      OpenFlow 1.0: Get snapend right for nested frames.
173      TCP: Update the snapend before decoding a MPTCP option
174      Ethernet, IEEE 802.15.4, IP, L2TP, TCP, ZEP: Add bounds checks
175      ForCES: Refine SPARSEDATA-TLV length check.
176      ASCII/hex: Use nd_trunc_longjmp() in truncation cases
177      GeoNet: Add a ND_TCHECK_LEN() call
178      Replace ND_TCHECK_/memcpy() pairs with GET_CPY_BYTES().
179      BGP: Fix overwrites of global 'astostr' temporary buffer
180      ARP: fix overwrites of static buffer in q922_string().
181      Frame Relay: have q922_string() handle errors better.
182    Building and testing:
183      Rebuild configure script when building release
184      Fix "make clean" for out-of-tree autotools builds
185      CMake: add stuff from CMAKE_PREFIX_PATH to PKG_CONFIG_PATH.
186    Documentation:
187      man: Update a reference as www.cifs.org is gone. [skip ci]
188      man: Update DNS sections
189    Solaris:
190      Fix a compile error with Sun C
191
192Wednesday, December 30, 2020, by mcr@sandelman.ca, denis and fxl.
193  Summary for 4.99.0 tcpdump release
194    CVE-2018-16301: For the -F option handle large input files safely.
195    Improve the contents, wording and formatting of the man page.
196    Print unsupported link-layer protocol packets in hex.
197    Add support for new network protocols and DLTs: Arista, Autosar SOME/IP,
198      Broadcom LI and Ethernet switches tag, IEEE 802.15.9, IP-over-InfiniBand
199      (IPoIB), Linux SLL2, Linux vsockmon, MACsec, Marvell Distributed Switch
200      Architecture, OpenFlow 1.3, Precision Time Protocol (PTP), SSH, WHOIS,
201      ZigBee Encapsulation Protocol (ZEP).
202    Make protocol-specific updates for: AH, DHCP, DNS, ESP, FRF.16, HNCP,
203      ICMP6, IEEE 802.15.4, IPv6, IS-IS, Linux SLL, LLDP, LSP ping, MPTCP, NFS,
204      NSH, NTP, OSPF, OSPF6, PGM, PIM, PPTP, RADIUS, RSVP, Rx, SMB, UDLD,
205      VXLAN-GPE.
206    User interface:
207      Make SLL2 the default for Linux "any" pseudo-device.
208      Add --micro and --nano shorthands.
209      Add --count to print a counter only instead of decoding.
210      Add --print, to cause packet printing even with -w.
211      Add support for remote capture if libpcap supports it.
212      Display the "wireless" flag and connection status.
213      Flush the output packet buffer on a SIGUSR2.
214      Add the snapshot length to the "reading from file ..." message.
215      Fix local time printing (DST offset in timestamps).
216      Allow -C arguments > 2^31-1 GB if they can fit into a long.
217      Handle very large -f files by rejecting them.
218      Report periodic stats only when safe to do so.
219      Print the number of packets captured only as often as necessary.
220      With no -s, or with -s 0, don't specify the snapshot length with newer
221        versions of libpcap.
222      Improve version and usage message printing.
223    Building and testing:
224      Install into bindir, not sbindir.
225      autoconf: replace --with-system-libpcap with --disable-local-libpcap.
226      Require the compiler to support C99.
227      Better detect and use various C compilers and their features.
228      Add CMake as the second build system.
229      Make out-of-tree builds more reliable.
230      Use pkg-config to detect libpcap if available.
231      Improve Windows support.
232      Add more tests and improve the scripts that run them.
233      Test both with "normal" and "x87" floating-point.
234      Eliminate dependency on libdnet.
235    FreeBSD:
236      Print a proper error message about monitor mode VAP.
237      Use libcasper if available.
238      Fix failure to capture on RDMA device.
239      Include the correct capsicum header.
240    Source code:
241      Start the transition to longjmp() for packet truncation handling.
242      Introduce new helper functions, including GET_*(), nd_print_protocol(),
243        nd_print_invalid(), nd_print_trunc(), nd_trunc_longjmp() and others.
244      Put integer signedness right in many cases.
245      Introduce nd_uint*, nd_mac_addr, nd_ipv4 and nd_ipv6 types to fix
246        alignment issues, especially on SPARC.
247      Fix many C compiler, Coverity, UBSan and cppcheck warnings.
248      Fix issues detected with AddressSanitizer.
249      Remove many workarounds for older compilers and OSes.
250      Add a sanity check on packet header length.
251      Add and remove plenty of bounds checks.
252      Clean up pcap_findalldevs() call to find the first interface.
253      Use a short timeout, rather than immediate mode, for text output.
254      Handle DLT_ENC files *not* written on the same OS and byte-order host.
255      Add, and use, macros to do locale-independent case mapping.
256      Use a table instead of getprotobynumber().
257      Get rid of ND_UNALIGNED and ND_TCHECK().
258      Make roundup2() generally available.
259      Resync SMI list against Wireshark.
260      Fix many typos.
261
262Friday, September 20, 2019, by mcr@sandelman.ca
263  A huge thank you to Denis, Francois-Xavier and Guy who did much of the heavy lifting.
264  Summary for 4.9.3 tcpdump release
265    Fix buffer overflow/overread vulnerabilities:
266      CVE-2017-16808 (AoE)
267      CVE-2018-14468 (FrameRelay)
268      CVE-2018-14469 (IKEv1)
269      CVE-2018-14470 (BABEL)
270      CVE-2018-14466 (AFS/RX)
271      CVE-2018-14461 (LDP)
272      CVE-2018-14462 (ICMP)
273      CVE-2018-14465 (RSVP)
274      CVE-2018-14881 (BGP)
275      CVE-2018-14464 (LMP)
276      CVE-2018-14463 (VRRP)
277      CVE-2018-14467 (BGP)
278      CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled)
279      CVE-2018-10105 (SMB - too unreliably reproduced, SMB printing disabled)
280      CVE-2018-14880 (OSPF6)
281      CVE-2018-16451 (SMB)
282      CVE-2018-14882 (RPL)
283      CVE-2018-16227 (802.11)
284      CVE-2018-16229 (DCCP)
285      CVE-2018-16230 (BGP)
286      CVE-2018-16452 (SMB)
287      CVE-2018-16300 (BGP)
288      CVE-2018-16228 (HNCP)
289      CVE-2019-15166 (LMP)
290      CVE-2019-15167 (VRRP)
291    Fix for cmdline argument/local issues:
292      CVE-2018-14879 (tcpdump -V)
293
294Sunday September 3, 2017 denis@ovsienko.info
295  Summary for 4.9.2 tcpdump release
296    Do not use getprotobynumber() for protocol name resolution.  Do not do
297      any protocol name resolution if -n is specified.
298    Improve errors detection in the test scripts.
299    Fix a segfault with OpenSSL 1.1 and improve OpenSSL usage.
300    Clean up IS-IS printing.
301    Fix buffer overflow vulnerabilities:
302      CVE-2017-11543 (SLIP)
303      CVE-2017-13011 (bittok2str_internal)
304    Fix infinite loop vulnerabilities:
305      CVE-2017-12989 (RESP)
306      CVE-2017-12990 (ISAKMP)
307      CVE-2017-12995 (DNS)
308      CVE-2017-12997 (LLDP)
309    Fix buffer over-read vulnerabilities:
310      CVE-2017-11541 (safeputs)
311      CVE-2017-11542 (PIMv1)
312      CVE-2017-12893 (SMB/CIFS)
313      CVE-2017-12894 (lookup_bytestring)
314      CVE-2017-12895 (ICMP)
315      CVE-2017-12896 (ISAKMP)
316      CVE-2017-12897 (ISO CLNS)
317      CVE-2017-12898 (NFS)
318      CVE-2017-12899 (DECnet)
319      CVE-2017-12900 (tok2strbuf)
320      CVE-2017-12901 (EIGRP)
321      CVE-2017-12902 (Zephyr)
322      CVE-2017-12985 (IPv6)
323      CVE-2017-12986 (IPv6 routing headers)
324      CVE-2017-12987 (IEEE 802.11)
325      CVE-2017-12988 (telnet)
326      CVE-2017-12991 (BGP)
327      CVE-2017-12992 (RIPng)
328      CVE-2017-12993 (Juniper)
329      CVE-2017-12994 (BGP)
330      CVE-2017-12996 (PIMv2)
331      CVE-2017-12998 (ISO IS-IS)
332      CVE-2017-12999 (ISO IS-IS)
333      CVE-2017-13000 (IEEE 802.15.4)
334      CVE-2017-13001 (NFS)
335      CVE-2017-13002 (AODV)
336      CVE-2017-13003 (LMP)
337      CVE-2017-13004 (Juniper)
338      CVE-2017-13005 (NFS)
339      CVE-2017-13006 (L2TP)
340      CVE-2017-13007 (Apple PKTAP)
341      CVE-2017-13008 (IEEE 802.11)
342      CVE-2017-13009 (IPv6 mobility)
343      CVE-2017-13010 (BEEP)
344      CVE-2017-13012 (ICMP)
345      CVE-2017-13013 (ARP)
346      CVE-2017-13014 (White Board)
347      CVE-2017-13015 (EAP)
348      CVE-2017-11543 (SLIP)
349      CVE-2017-13016 (ISO ES-IS)
350      CVE-2017-13017 (DHCPv6)
351      CVE-2017-13018 (PGM)
352      CVE-2017-13019 (PGM)
353      CVE-2017-13020 (VTP)
354      CVE-2017-13021 (ICMPv6)
355      CVE-2017-13022 (IP)
356      CVE-2017-13023 (IPv6 mobility)
357      CVE-2017-13024 (IPv6 mobility)
358      CVE-2017-13025 (IPv6 mobility)
359      CVE-2017-13026 (ISO IS-IS)
360      CVE-2017-13027 (LLDP)
361      CVE-2017-13028 (BOOTP)
362      CVE-2017-13029 (PPP)
363      CVE-2017-13030 (PIM)
364      CVE-2017-13031 (IPv6 fragmentation header)
365      CVE-2017-13032 (RADIUS)
366      CVE-2017-13033 (VTP)
367      CVE-2017-13034 (PGM)
368      CVE-2017-13035 (ISO IS-IS)
369      CVE-2017-13036 (OSPFv3)
370      CVE-2017-13037 (IP)
371      CVE-2017-13038 (PPP)
372      CVE-2017-13039 (ISAKMP)
373      CVE-2017-13040 (MPTCP)
374      CVE-2017-13041 (ICMPv6)
375      CVE-2017-13042 (HNCP)
376      CVE-2017-13043 (BGP)
377      CVE-2017-13044 (HNCP)
378      CVE-2017-13045 (VQP)
379      CVE-2017-13046 (BGP)
380      CVE-2017-13047 (ISO ES-IS)
381      CVE-2017-13048 (RSVP)
382      CVE-2017-13049 (Rx)
383      CVE-2017-13050 (RPKI-Router)
384      CVE-2017-13051 (RSVP)
385      CVE-2017-13052 (CFM)
386      CVE-2017-13053 (BGP)
387      CVE-2017-13054 (LLDP)
388      CVE-2017-13055 (ISO IS-IS)
389      CVE-2017-13687 (Cisco HDLC)
390      CVE-2017-13688 (OLSR)
391      CVE-2017-13689 (IKEv1)
392      CVE-2017-13690 (IKEv2)
393      CVE-2017-13725 (IPv6 routing headers)
394
395Sunday July 23, 2017 denis@ovsienko.info
396  Summary for 4.9.1 tcpdump release
397    CVE-2017-11108/Fix bounds checking for STP.
398    Make assorted documentation updates and fix a few typos in tcpdump output.
399    Fixup -C for file size >2GB (GH #488).
400    Show AddressSanitizer presence in version output.
401    Fix a bug in test scripts (exposed in GH #613).
402    On FreeBSD adjust Capsicum capabilities for netmap.
403    On Linux fix a use-after-free when the requested interface does not exist.
404
405Wednesday January 18, 2017 devel.fx.lebail@orange.fr
406  Summary for 4.9.0 tcpdump release
407    General updates:
408    Fix some heap overflows found with American Fuzzy Lop by Hanno Boeck and others
409        (More information in the log with CVE-2016-* and CVE-2017-*)
410    Change the way protocols print link-layer addresses (Fix heap overflows
411        in CALM-FAST and GeoNetworking printers)
412    Pass correct caplen value to ether_print() and some other functions
413    Fix lookup_nsap() to match what isonsap_string() expects
414    Clean up relative time stamp printing (Fix an array overflow)
415    Fix some alignment issues with GCC on Solaris 10 SPARC
416    Add some ND_TTEST_/ND_TCHECK_ macros to simplify writing bounds checks
417    Add a fn_printztn() which returns the number of bytes processed
418    Add nd_init() and nd_cleanup() functions. Improve libsmi support
419    Add CONTRIBUTING file
420    Add a summary comment in all printers
421    Compile with more warning options in devel mode if supported (-Wcast-qual, ...)
422    Fix some leaks found by Valgrind/Memcheck
423    Fix a bunch of de-constifications
424    Squelch some Coverity warnings and some compiler warnings
425    Update Coverity and Travis-CI setup
426    Update Visual Studio files
427
428    Frontend:
429    Fix capsicum support to work with zerocopy buffers in bpf
430    Try opening interfaces by name first, then by name-as-index
431    Work around pcap_create() failures fetching time stamp type lists
432    Fix a segmentation fault with 'tcpdump -J'
433    Improve addrtostr6() bounds checking
434    Add exit_tcpdump() function
435    Don't drop CAP_SYS_CHROOT before chrooting
436    Fixes issue where statistics not reported when -G and -W options used
437
438    Updated printers:
439    802.11: Beginnings of 11ac radiotap support
440    802.11: Check the Protected bit for management frames
441    802.11: Do bounds checking on last_presentp before dereferencing it (Fix a heap overflow)
442    802.11: Fix the radiotap printer to handle the special bits correctly
443    802.11: If we have the MCS field, it's 11n
444    802.11: Only print unknown frame type or subtype messages once
445    802.11: Radiotap dBm values get printed as dB; Update a test output accordingly
446    802.11: Source and destination addresses were backwards
447    AH: Add a bounds check
448    AH: Report to our caller that dissection failed if a bounds check fails
449    AP1394: Print src > dst, not dst > src
450    ARP: Don't assume the target hardware address is <= 6 octets long (Fix a heap overflow)
451    ATALK: Add bounds and length checks (Fix heap overflows)
452    ATM: Add some bounds checks (Fix a heap overflow)
453    ATM: Fix an incorrect bounds check
454    BFD: Update specification from draft to RFC 5880
455    BFD: Update to print optional authentication field
456    BGP: Add support for the AIGP attribute (RFC7311)
457    BGP: Print LARGE_COMMUNITY Path Attribute
458    BGP: Update BGP numbers from IANA; Print minor values for FSM notification
459    BOOTP: Add a bounds check
460    Babel: Add decoder for source-specific extension
461    CDP: Filter out non-printable characters
462    CFM: Fixes to match the IEEE standard, additional bounds and length checks
463    CSLIP: Add more bounds checks (Fix a heap overflow)
464    ClassicalIPoATM: Add a bounds check on LLC+SNAP header (Fix a heap overflow)
465    DHCP: Fix MUDURL and TZ options
466    DHCPv6: Process MUDURL and TZ options
467    DHCPv6: Update Status Codes with RFCs/IANA names
468    DNS: Represent the "DNSSEC OK" bit as "DO" instead of "OK". Add a test case
469    DTP: Improve packet integrity checks
470    EGP: Fix bounds checks
471    ESP: Don't use OpenSSL_add_all_algorithms() in OpenSSL 1.1.0 or later
472    Ethernet: Add some bounds checking before calling isoclns_print (Fix a heap overflow)
473    Ethernet: Print the Length/Type field as length when needed
474    FDDI: Fix -e output for FDDI
475    FR: Add some packet-length checks and improve Q.933 printing (Fix heap overflows)
476    GRE: Add some bounds checks (Fix heap overflows)
477    Geneve: Fix error message with invalid option length; Update list option classes
478    HNCP: Fix incorrect time interval format. Fix handling of IPv4 prefixes
479    ICMP6: Fetch a 32-bit big-endian quantity with EXTRACT_32BITS()
480    IGMP: Add a length check
481    IP: Add a bounds check (Fix a heap overflow)
482    IP: Check before fetching the protocol version (Fix a heap overflow)
483    IP: Don't try to dissect if IP version != 4 (Fix a heap overflow)
484    IP: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP
485    IPComp: Check whether we have the CPI before we fetch it (Fix a heap overflow)
486    IPoFC: Fix -e output (IP-over-Fibre Channel)
487    IPv6: Don't overwrite the destination IPv6 address for routing headers
488    IPv6: Fix header printing
489    IPv6: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP
490    ISAKMP: Clean up parsing of IKEv2 Security Associations
491    ISOCLNS/IS-IS: Add support for Purge Originator Identifier (RFC6232) and test cases
492    ISOCLNS/IS-IS: Don't overwrite packet data when checking the signature
493    ISOCLNS/IS-IS: Filter out non-printable characters
494    ISOCLNS/IS-IS: Fix segmentation faults
495    ISOCLNS/IS-IS: Have signature_verify() do the copying and clearing
496    ISOCLNS: Add some bounds checks
497    Juniper: Make sure a Juniper header TLV isn't bigger than what's left in the packet (Fix a heap overflow)
498    LLC/SNAP: With -e, print the LLC header before the SNAP header; without it, cut the SNAP header
499    LLC: Add a bounds check (Fix a heap overflow)
500    LLC: Clean up printing of LLC packets
501    LLC: Fix the printing of RFC 948-style IP packets
502    LLC: Skip the LLC and SNAP headers with -x for 802.11 and some other protocols
503    LLDP: Implement IANA OUI and LLDP MUD option
504    MPLS LSP ping: Update printing for RFC 4379, bug fixes, more bounds checks
505    MPLS: "length" is now the *remaining* packet length
506    MPLS: Add bounds and length checks (Fix a heap overflow)
507    NFS: Don't assume the ONC RPC header is nicely aligned
508    NFS: Don't overflow the Opaque_Handle buffer (Fix a segmentation fault)
509    NFS: Don't run past the end of an NFSv3 file handle
510    OLSR: Add a test to cover a HNA sgw case
511    OLSR: Fix 'Advertised networks' count
512    OLSR: Fix printing of smart-gateway HNAs in IPv4
513    OSPF: Add a bounds check for the Hello packet options
514    OSPF: Do more bounds checking
515    OSPF: Fix a segmentation fault
516    OSPF: Fix printing 'ospf_topology_values' default
517    OTV: Add missing bounds checks
518    PGM: Print the formatted IP address, not the raw binary address, as a string
519    PIM: Add some bounds checking (Fix a heap overflow)
520    PIMv2: Fix checksumming of Register messages
521    PPP: Add some bounds checks (Fix a heap overflow)
522    PPP: Report invalid PAP AACK/ANAK packets
523    Q.933: Add a missing bounds check
524    RADIUS: Add Value 13 "VLAN" to Tunnel-Type attribute
525    RADIUS: Filter out non-printable characters
526    RADIUS: Translate UDP/1700 as RADIUS
527    RESP: Do better checking of RESP packets
528    RPKI-RTR: Add a return value check for "fn_printn" call
529    RPKI-RTR: Remove printing when truncated condition already detected
530    RPL: Fix 'Consistency Check' control code
531    RPL: Fix suboption print
532    RSVP: An INTEGRITY object in a submessage covers only the submessage
533    RSVP: Fix an infinite loop; Add bounds and length checks
534    RSVP: Fix some if statements missing brackets
535    RSVP: Have signature_verify() do the copying and clearing
536    RTCP: Add some bounds checks
537    RTP: Add some bounds checks, fix two segmentation faults
538    SCTP: Do more bounds checking
539    SFLOW: Fix bounds checking
540    SLOW: Fix bugs, add checks
541    SMB: Before fetching the flags2 field, make sure we have it
542    SMB: Do bounds checks on NBNS resource types and resource data lengths
543    SNMP: Clean up the "have libsmi but no modules loaded" case
544    SNMP: Clean up the object abbreviation list and fix the code to match them
545    SNMP: Do bounds checks when printing character and octet strings
546    SNMP: Improve ASN.1 bounds checks
547    SNMP: More bounds and length checks
548    STP: Add a bunch of bounds checks, and fix some printing (Fix heap overflows)
549    STP: Filter out non-printable characters
550    TCP: Add bounds and length checks for packets with TCP option 20
551    TCP: Correct TCP option Kind value for TCP Auth and add SCPS-TP
552    TCP: Fix two bounds checks (Fix heap overflows)
553    TCP: Make sure we have the data offset field before fetching it (Fix a heap overflow)
554    TCP: Put TCP-AO option decoding right
555    TFTP: Don't use strchr() to scan packet data (Fix a heap overflow)
556    Telnet: Add some bounds checks
557    TokenRing: Fix -e output
558    UDLD: Fix an infinite loop
559    UDP: Add a bounds check (Fix a heap overflow)
560    UDP: Check against the packet length first
561    VAT: Add some bounds checks
562    VTP: Add a test on Mgmt Domain Name length
563    VTP: Add bounds checks and filter out non-printable characters
564    VXLAN: Add a bound check and a test case
565    ZeroMQ: Fix an infinite loop
566
567Tuesday October 25, 2016 mcr@sandelman.ca
568  Summary for 4.8.1 tcpdump release
569	Fix "-x" for Apple PKTAP and PPI packets
570        Improve separation frontend/backend (tcpdump/libnetdissect)
571        Fix display of timestamps with -tt, -ttt and -ttttt options
572        Add support for the Marvell Extended Distributed Switch Architecture header
573        Use PRIx64 to print a 64-bit number in hex.
574        Printer for HNCP (RFCs 7787 and 7788).
575        dagid is always an IPv6 address, not an opaque 128-bit string, and other fixes to RPL printer.
576        RSVP: Add bounds and length checks
577        OSPF: Do more bounds checking
578        Handle OpenSSL 1.1.x.
579        Initial support for the REdis Serialization Protocol known as RESP.
580        Add printing function for Generic Protocol Extension for VXLAN
581            draft-ietf-nvo3-vxlan-gpe-01
582        Network Service Header: draft-ietf-sfc-nsh-01
583        Don't recompile the filter if the new file has the same DLT.
584        Pass an adjusted struct pcap_pkthdr to the sub-printer.
585        Add three test cases for already fixed CVEs
586           CVE-2014-8767: OLSR
587           CVE-2014-8768: Geonet
588           CVE-2014-8769: AODV
589        Don't do the DDP-over-UDP heuristic first: GitHub issue #499.
590        Use the new debugging routines in libpcap.
591        Harmonize TCP source or destination ports tests with UDP ones
592        Introduce data types to use for integral values in packet structures.
593        RSVP: Fix an infinite loop
594        Support of Type 3 and Type 4 LISP packets.
595        Don't require IPv6 library support in order to support IPv6 addresses.
596        Many many changes to support libnetdissect usage.
597        Add a test that makes unaligned accesses: GitHub issue #478.
598        add a DNSSEC test case: GH #445 and GH #467.
599        BGP: add decoding of ADD-PATH capability
600        fixes to LLC header printing, and RFC948-style IP packets
601
602Friday April 10, 2015 guy@alum.mit.edu
603  Summary for 4.7.4 tcpdump release
604	RPKI to Router Protocol: Fix Segmentation Faults and other problems
605	RPKI to Router Protocol: print strings with fn_printn()
606	wb: fix some bounds checks
607
608Wednesday March 11, 2015 mcr@sandelman.ca
609  Summary for 4.7.3 tcpdump release
610	Capsicum fixes for FreeBSD 10
611
612Tuesday March 10, 2015 mcr@sandelman.ca
613  Summary for 4.7.2 tcpdump release
614	DCCP: update Packet Types with RFC4340/IANA names
615        fixes for CVE-2015-0261: IPv6 mobility header check issue
616        fixes for CVE-2015-2153, 2154, 2155: kday packets
617
618Friday Nov. 12, 2014 guy@alum.mit.edu
619  Summary for 4.7.0 tcpdump release
620        changes to hex printing of CDP packets
621	Fix PPI printing
622	Radius: update Packet Type Codes and Attribute Types with RFC/IANA names
623	Add a routine to print "text protocols", and add FTP/HTTP/SMTP/RTSP support.
624	improvements to telnet printer, even if not -v
625	omit length for bcp, print-tcp uses it
626	formatting fixes for a bunch of protocols
627	new bounds checks for a number of protocols
628	split netflow 1,6, and 6 dissector up.
629	added geneve dissector
630        CVE-2014-9140 PPP dissector fixed.
631
632Tuesday  Sep.  2, 2014 mcr@sandelman.ca
633  Summary for 4.6.2 tcpdump release
634	fix out-of-source-tree builds: find libpcap that is out of source
635	better configure check for libsmi
636
637Saturday Jul. 19, 2014 mcr@sandelman.ca
638  Summary for 4.6.1 tcpdump release
639	added FreeBSD capsicum
640	add a short option '#', same as long option '--number'
641
642Wednesday Jul. 2, 2014 mcr@sandelman.ca
643  Summary for 4.6.0 tcpdump release
644        all of tcpdump is now using the new "NDO" code base (Thanks Denis!)
645        nflog, mobile, forces, pptp, AODV, AHCP, IPv6, OSPFv4, RPL, DHCPv6 enhancements/fixes
646        M3UA decode added.
647        many new test cases: 82 in 4.5.1 to 133 in 4.6.0
648        many improvements to travis continuous integration system: OSX, and Coverity options
649        cleaned up some unnecessary header files
650        Added bittok2str().
651        a number of unaligned access faults fixed
652        -A flag does not consider CR to be printable anymore
653        fx.lebail took over coverity baby sitting
654        default snapshot size increased to 256K for accommodate USB captures
655        WARNING: this release contains a lot of very worthwhile code churn.
656
657Wednesday Jan. 15, 2014 guy@alum.mit.edu
658  Summary for 4.5.2 tcpdump release
659	Man page fix
660	Fix crashes on SPARC
661
662Monday Nov. 11, 2013 mcr@sandelman.ca
663  Summary for 4.5.1 tcpdump release
664	CREDITS file fixes
665
666Thursday Nov. 7, 2013  mcr@sandelman.ca and guy@alum.mit.edu.
667  Summary for 4.5.0 tcpdump release
668        some NFSv4 fixes for printing
669        fix printing of unknown TCP options, and tcp fast-open
670        fixes for syslog parser
671        some gcc-version-specific flag tuning
672        adopt MacOS deprecation workarounds for openssl
673        improvements to babel printing
674        add OpenFlow 1.0 (no SSL) and test cases
675        GeoNet printer.
676        added STBC Rx support
677        improvements to DHCPv6 decoder
678        clarify which autoconf is needed
679	Point users to the the-tcpdump-group repository on GitHub rather
680	    than the mcr repository
681	Add MSDP printer.
682	Fixed IPv6 check on Solaris and other OSes requiring extra
683	    networking libraries.
684	Add support for VXLAN (draft-mahalingam-dutt-dcops-vxlan-03),
685	    and add "vxlan" as an option for -T.
686	Add support for OTV (draft-hasmit-otv-04).
687        fixes for DLT_IEEE802_11_RADIO datalink types
688        added MPTCP decoder
689
690Saturday April 6, 2013 guy@alum.mit.edu.
691  Summary for 4.4.0 tcpdump release
692	RPKI-RTR (RFC6810) is now official (TCP Port 323)
693	Fix detection of OpenSSL libcrypto.
694	Add DNSSL (RFC6106) support.
695	Add "radius" as an option for -T.
696	Update Action codes for handle_action function according to
697	    802.11s amendment.
698	Decode DHCPv6 AFTR-Name option (RFC6334).
699	Updates for Babel.
700	Fix printing of infinite lifetime in ICMPv6.
701	Added support for SPB, SPBM Service Identifier, and Unicast
702	    Address sub-TLV in ISIS.
703	Decode RIPv2 authentication up to RFC4822.
704	Fix RIP Request/full table decoding issues.
705	On Linux systems with cap-ng.h, drop root privileges
706	    using Linux Capabilities.
707	Add support for reading multiple files.
708	Add MS NLB heartbeat printer.
709	Separate multiple nexthops in BGP.
710
711Wednesday  November 28, 2012 guy@alum.mit.edu.
712  Summary for 4.3.1 tcpdump release
713	Print "LLDP, length N" for LLDP packets even when not in verbose
714	    mode, so something is printed even if only the timestamp is
715	    present
716	Document "-T carp"
717	Print NTP poll interval correctly (it's an exponent, so print
718	    both its raw value and 2^value)
719	Document that "-e" is used to get MAC addresses
720	More clearly document that you need to escape or quote
721	    backslashes in filter expressions on the command line
722	Fix some "the the" in the man page
723	Use the right maximum path length
724	Don't treat 192_1_2, when passed to -i, as an interface number
725
726Friday  April 3, 2012.  mcr@sandelman.ca.
727  Summary for 4.3.0 tcpdump release
728        fixes for forces: SPARSE data (per RFC 5810)
729        some more test cases added
730        updates to documentation on -l, -U and -w flags.
731        Fix printing of BGP optional headers.
732        Tried to include DLT_PFSYNC support, failed due to headers required.
733        added TIPC support.
734        Fix LLDP Network Policy bit definitions.
735        fixes for IGMPv3's Max Response Time: it is in units of 0.1 second.
736        SIGUSR1 can be used rather than SIGINFO for stats
737        permit -n flag to affect print-ip for protocol numbers
738        ND_OPT_ADVINTERVAL is in milliseconds, not seconds
739        Teach PPPoE parser about RFC 4638
740
741
742Friday  December 9, 2011.  guy@alum.mit.edu.
743  Summary for 4.2.1 tcpdump release
744	Only build the Babel printer if IPv6 is enabled.
745	Support Babel on port 6696 as well as 6697.
746	Include ppi.h in release tarball.
747	Include all the test files in the release tarball, and don't
748	 "include" test files that no longer exist.
749	Don't assume we have <rpc/rpc.h> - check for it.
750	Support "-T carp" as a way of dissecting IP protocol 112 as CARP
751	 rather than VRRP.
752	Support Hilscher NetAnalyzer link-layer header format.
753	Constify some pointers and fix compiler warnings.
754	Get rid of never-true test.
755	Fix an unintended fall-through in a case statement in the ARP
756	 printer.
757	Fix several cases where sizeof(sizeof(XXX)) was used when just
758	 sizeof(XXX) was intended.
759	Make stricter sanity checks in the ES-IS printer.
760	Get rid of some GCCisms that caused builds to fai with compilers
761	 that don't support them.
762	Fix typo in man page.
763	Added length checks to Babel printer.
764
765Sunday  July 24, 2011.  mcr@sandelman.ca.
766  Summary for 4.2.+
767	merged 802.15.4 decoder from Dmitry Eremin-Solenikov <dbaryshkov
768	  at gmail dot com>
769        updates to forces for new port numbers
770        Use "-H", not "-h", for the 802.11s option. (-h always help)
771        Better ICMPv6 checksum handling.
772        add support for the RPKI/Router Protocol, per -ietf-sidr-rpki-rtr-12
773        get rid of uuencoded pcap test files, git can do binary.
774        sFlow changes for 64-bit counters.
775        fixes for PPI packet header handling and printing.
776        Add DCB Exchange protocol (DCBX) version 1.01.
777        Babel dissector, from Juliusz Chroboczek and Grégoire Henry.
778        improvements to radiotap for rate values > 127.
779        Many improvements to ForCES decode, including fix SCTP TML port
780        updated RPL type code to RPL-17 draft
781        Improve printout of DHCPv6 options.
782        added support and test case for QinQ (802.1q VLAN) packets
783        Handle DLT_IEEE802_15_4_NOFCS like DLT_IEEE802_15_4.
784        Build fixes for Sparc and other machines with alignment restrictions.
785        Merged changes from Debian package.
786        PGM: Add ACK decoding and add PGMCC DATA and FEEDBACK options.
787        Build fixes for OSX (Snow Leopard and others)
788        Add support for IEEE 802.15.4 packets
789
790Tue.    July 20, 2010.  guy@alum.mit.edu.
791  Summary for 4.1.2 tcpdump release
792	If -U is specified, flush the file after creating it, so it's
793	  not zero-length
794	Fix TCP flags output description, and some typos, in the man
795	  page
796	Add a -h flag, and only attempt to recognize 802.11s mesh
797	  headers if it's set
798	When printing the link-layer type list, send *all* output to
799	  stderr
800	Include the CFLAGS setting when configure was run in the
801	  compiler flags
802
803Thu.	April 1, 2010.  guy@alum.mit.edu.
804  Summary for 4.1.1 tcpdump release
805	Fix build on systems with PF, such as FreeBSD and OpenBSD.
806	Don't blow up if a zero-length link-layer address is passed to
807	  linkaddr_string().
808
809Thu.	March 11, 2010.  ken@netfunctional.ca/guy@alum.mit.edu.
810  Summary for 4.1.0 tcpdump release
811	Fix printing of MAC addresses for VLAN frames with a length
812	  field
813	Add some additional bounds checks and use the EXTRACT_ macros
814	  more
815	Add a -b flag to print the AS number in BGP packets in ASDOT
816	  notation rather than ASPLAIN notation
817	Add ICMPv6 RFC 5006 support
818	Decode the access flags in NFS access requests
819	Handle the new DLT_ for memory-mapped USB captures on Linux
820	Make the default snapshot (-s) the maximum
821	Print name of device (when -L is used)
822	Support for OpenSolaris (and SXCE build 125 and later)
823	Print new TCP flags
824	Add support for RPL DIO
825	Add support for TCP User Timeout (UTO)
826	Add support for non-standard Ethertypes used by 3com PPPoE gear
827	Add support for 802.11n and 802.11s
828	Add support for Transparent Ethernet Bridge ethertype in GRE
829	Add 4 byte AS support for BGP printer
830	Add support for the MDT SAFI 66 BG printer
831	Add basic IPv6 support to print-olsr
832	Add USB printer
833	Add printer for ForCES
834	Handle frames with an FCS
835	Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames
836	Fix TCP sequence number printing
837	Report 802.2 packets as 802.2 instead of 802.3
838	Don't include -L/usr/lib in LDFLAGS
839	On x86_64 Linux, look in lib64 directory too
840	Lots of code clean ups
841	Autoconf clean ups
842	Update testcases to make output changes
843	Fix compiling with/out smi (--with{,out}-smi)
844	Fix compiling without IPv6 support (--disable-ipv6)
845
846Mon.    October 27, 2008.  ken@netfunctional.ca.  Summary for 4.0.0 tcpdump release
847        Add support for Bluetooth Sniffing
848        Add support for Realtek Remote Control Protocol (openrrcp.org.ru)
849        Add support for 802.11 AVS
850        Add support for SMB over TCP
851        Add support for 4 byte BGP AS printing
852        Add support for compiling on case-insensitive file systems
853        Add support for ikev2 printing
854        Update support for decoding AFS
855        Update DHCPv6 printer
856        Use newer libpcap API's (allows -B option on all platforms)
857        Add -I to turn on monitor mode
858        Bugfixes in lldp, lspping, dccp, ESP, NFS printers
859        Cleanup unused files and various cruft
860
861Mon.    September 10, 2007.  ken@xelerance.com.  Summary for 3.9.8 tcpdump release
862        Rework ARP printer
863        Rework OSPFv3 printer
864        Add support for Frame-Relay ARP
865        Decode DHCP Option 121 (RFC 3442 Classless Static Route)
866        Decode DHCP Option 249 (MS Classless Static Route) the same as Option 121
867        TLV: Add support for Juniper .pcap extensions
868        Print EGP header in new-world-order style
869        Converted print-isakmp.c to NETDISSECT
870        Moved AF specific stuff into af.h
871        Test subsystem now table driven, and saves outputs and diffs to one place
872        Require <net/pfvar.h> for pf definitions - allows reading of pflog formatted
873         libpcap files on an OS other than where the file was generated
874
875
876Wed.	July 23, 2007.  mcr@xelerance.com.  Summary for 3.9.7 libpcap release
877
878	NFS: Print unsigned values as such.
879	RX: parse safely.
880	BGP: fixes for IPv6-less builds.
881	801.1ag: use standard codepoint.
882	use /dev/bpf on systems with such a device.
883	802.11: print QoS data, avoid dissect of no-data frame, ignore padding.
884	smb: make sure that we haven't gone past the end of the captured data.
885	smb: squelch an uninitialized complaint from coverity.
886	NFS: from NetBSD; don't interpret the reply as a possible NFS reply
887		if it got MSG_DENIED.
888	BGP: don't print TLV values that didn't fit, from www.digit-labs.org.
889	revised INSTALL.txt about libpcap dependency.
890
891Wed.	April 25, 2007. ken@xelerance.com.  Summary for 3.9.6 tcpdump release
892	Update man page to reflect changes to libpcap
893	Changes to both TCP and IP Printer Output
894	Fix a potential buffer overflow in the 802.11 printer
895	Print basic info about a few more Cisco LAN protocols.
896	mDNS cleanup
897	ICMP MPLS rework of the extension code
898	bugfix: use the correct codepoint for the OSPF simple text auth token
899	 entry, and use safeputs to print the password.
900	Add support in pflog for additional values
901	Add support for OIF RSVP Extensions UNI 1.0 Rev. 2 and additional RSVP objects
902	Add support for the Message-id NACK c-type.
903	Add support for 802.3ah loopback ctrl msg
904	Add support for Multiple-STP as per 802.1s
905	Add support for rapid-SPT as per 802.1w
906	Add support for CFM Link-trace msg, Link-trace-Reply msg,
907	 Sender-ID tlv, private tlv, port, interface status
908	Add support for unidirectional link detection as per
909	 https://tools.ietf.org/id/draft-foschiano-udld-02.txt
910	Add support for the olsr protocol as per RFC 3626 plus the LQ
911	 extensions from olsr.org
912	Add support for variable-length checksum in DCCP, as per section 9 of
913	 RFC 4340.
914	Add support for per-VLAN spanning tree and per-VLAN rapid spanning tree
915	Add support for Multiple-STP as per 802.1s
916	Add support for the cisco propriatry 'dynamic trunking protocol'
917	Add support for the cisco proprietary VTP protocol
918	Update dhcp6 options table as per IETF standardization activities
919
920
921Tue.	September 19, 2006. ken@xelerance.com. Summary for 3.9.5 tcpdump release
922
923	Fix compiling on AIX (, at end of ENUM)
924	Updated list of DNS RR typecodes
925	Use local Ethernet defs on WIN32
926	Add support for Frame-Relay ARP
927	Fixes for compiling under MSVC++
928	Add support for parsing Juniper .pcap files
929	Add support for FRF.16 Multilink Frame-Relay (DLT_MFR)
930	Rework the OSPFv3 printer
931	Fix printing for 4.4BSD/NetBSD NFS Filehandles
932	Add support for Cisco style NLPID encapsulation
933	Add cisco prop. eigrp related, extended communities
934	Add support for BGP signaled VPLS
935	Cleanup the bootp printer
936	Add support for PPP over Frame-Relay
937	Add some bounds checking to the IP options code, and clean up
938	 the options output a bit.
939	Add additional modp groups to ISAKMP printer
940	Add support for Address-Withdraw and Label-Withdraw Msgs
941	Add support for the BFD Discriminator TLV
942	Fixes for 64bit compiling
943	Add support for PIMv2 checksum verification
944	Add support for further dissection of the IPCP Compression Option
945	Add support for Cisco's proposed VQP protocol
946	Add basic support for keyed authentication TCP option
947	Lots of minor cosmetic changes to output printers
948
949
950Mon.	September 19, 2005.  ken@xelerance.com. Summary for 3.9.4 tcpdump release
951	Decoder support for more Juniper link-layer types
952	Fix a potential buffer overflow (although it can't occur in
953		practice).
954	Fix the handling of unknown management frame types in the 802.11
955		printer.
956	Add FRF.16 support, fix various Frame Relay bugs.
957	Add support for RSVP integrity objects, update fast-reroute
958		object printer to latest spec.
959	Clean up documentation of vlan filter expression, document mpls
960		filter expression.
961	Document new pppoed and pppoes filter expressions.
962	Update diffserver-TE codepoints as per RFC 4124.
963	Spelling fixes in ICMPv6.
964	Don't require any fields other than flags to be present in IS-IS
965		restart signaling TLVs, and only print the system ID in
966		those TLVs as system IDs, not as node IDs.
967	Support for DCCP.
968
969Tue.	July 5, 2005.  ken@xelerance.com. Summary for 3.9.3 tcpdump release
970
971	Option to chroot() when dropping privs
972	Fixes for compiling on nearly every platform,
973		including improved 64bit support
974	Many new testcases
975	Support for sending packets
976	Many compilation fixes on most platforms
977	Fixes for recent version of GCC to eliminate warnings
978	Improved Unicode support
979
980	Decoders & DLT Changes, Updates and New:
981		AES ESP support
982		Juniper ATM, FRF.15, FRF.16, PPPoE,
983			ML-FR, ML-PIC, ML-PPP, PL-PPP, LS-PIC
984			GGSN,ES,MONITOR,SERVICES
985		L2VPN
986		Axent Raptor/Symantec Firewall
987		TCP-MD5 (RFC 2385)
988		ESP-in-UDP (RFC 3948)
989		ATM OAM
990		LMP, LMP Service Discovery
991		IP over FC
992		IP over IEEE 1394
993		BACnet MS/TP
994		SS7
995		LDP over TCP
996		LACP, MARKER as per 802.3ad
997		PGM (RFC 3208)
998		LSP-PING
999		G.7041/Y.1303 Generic Framing Procedure
1000		EIGRP-IP, EIGRP-IPX
1001		ICMP6
1002		Radio - via radiotap
1003		DHCPv6
1004		HDLC over PPP
1005
1006Tue.   March 30, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.3 release
1007
1008	No changes from 3.8.2. Version bumped only to maintain consistency
1009	with libpcap 0.8.3.
1010
1011Mon.   March 29, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.2 release
1012
1013	Fixes for print-isakmp.c      CVE:    CAN-2004-0183, CAN-2004-0184
1014	https://web.archive.org/web/20160328035955/https://www.rapid7.com/resources/advisories/R7-0017.jsp
1015	IP-over-IEEE1394 printing.
1016	some MINGW32 changes.
1017	updates for autoconf 2.5
1018	fixes for print-aodv.c - check for too short packets
1019	formatting changes to print-ascii for hex output.
1020	check for too short packets: print-bgp.c, print-bootp.c, print-cdp.c,
1021		print-chdlc.c, print-domain.c, print-icmp.c, print-icmp6.c,
1022		print-ip.c, print-lwres.c, print-ospf.c, print-pim.c,
1023		print-ppp.c,print-pppoe.c, print-rsvp.c, print-wb.c
1024	print-ether.c - better handling of unknown types.
1025	print-isoclns.c - additional decoding of types.
1026	print-llc.c - strings for LLC names added.
1027	print-pfloc.c - various enhancements
1028	print-radius.c - better decoding to strings.
1029
1030Wed.   November 12, 2003. mcr@sandelman.ottawa.on.ca. Summary for 3.8 release
1031
1032	changed syntax of -E argument so that multiple SAs can be decrypted
1033	fixes for Digital Unix headers and Documentation
1034	__attribute__ fixes
1035	CDP changes from Terry Kennedy <terry@tmk.com>.
1036	IPv6 mobility updates from Kazushi Sugyo <sugyo@pb.jp.nec.com>
1037	Fixes for ASN.1 decoder for 2.100.3 forms.
1038	Added a count of packets received and processed to clarify numbers.
1039	Incorporated WinDUMP patches for Win32 builds.
1040	PPPoE payload length headers.
1041	Fixes for HP C compiler builds.
1042	Use new pcap_breakloop() and pcap_findalldevs() if we can.
1043	BGP output split into multiple lines.
1044	Fixes to 802.11 decoding.
1045	Fixes to PIM decoder.
1046	SuperH is a CPU that can't handle unaligned access. Many fixes for
1047		unaligned access work.
1048	Fixes to Frame-Relay decoder for Q.933/922 frames.
1049	Clarified when Solaris can do captures as non-root.
1050	Added tests/ subdir for examples/regression tests.
1051	New -U flag.	-flush stdout after every packet
1052	New -A flag	-print ascii only
1053	support for decoding IS-IS inside Cisco HDLC Frames
1054	more verbosity for tftp decoder
1055	mDNS decoder
1056	new BFD decoder
1057	cross compilation patches
1058	RFC 3561 AODV support.
1059	UDP/TCP pseudo-checksum properly for source-route options.
1060	sanitized all files to modified BSD license
1061	Add support for RFC 2625 IP-over-Fibre Channel.
1062	fixes for DECnet support.
1063	Support RFC 2684 bridging of Ethernet, 802.5 Token Ring, and FDDI.
1064	RFC 2684 encapsulation of BPDUs.
1065
1066Tuesday, February 25, 2003. fenner@research.att.com.  3.7.2 release
1067
1068	Fixed infinite loop when parsing invalid isakmp packets.
1069	 (reported by iDefense; already fixed in CVS)
1070	Fixed infinite loop when parsing invalid BGP packets.
1071	Fixed buffer overflow with certain invalid NFS packets.
1072	Pretty-print unprintable network names in 802.11 printer.
1073	Handle truncated nbp (appletalk) packets.
1074	Updated DHCPv6 printer to match draft-ietf-dhc-dhcpv6-22.txt
1075	Print IP protocol name even if we don't have a printer for it.
1076	Print IP protocol name or number for fragments.
1077	Print the whole MPLS label stack, not just the top label.
1078	Print request header and file handle for NFS v3 FSINFO and PATHCONF
1079	 requests.
1080	Fix NFS packet truncation checks.
1081	Handle "old" DR-Priority and Bidir-Capable PIM HELLO options.
1082	Handle unknown RADIUS attributes properly.
1083	Fix an ASN.1 parsing error that would cause e.g. the OID
1084	 2.100.3 to be misrepresented as 4.20.3 .
1085
1086Monday, January 21, 2002. mcr@sandelman.ottawa.on.ca. Summary for 3.7 release
1087	keyword "ipx" added.
1088	Better OSI/802.2 support on Linux.
1089	IEEE 802.11 support, from clenahan@fortresstech.com, achirica@ttd.net.
1090	LLC SAP support for FDDI/token ring/RFC-1483 style ATM
1091	BXXP protocol was replaced by the BEEP protocol;
1092	improvements to SNAP demux.
1093	Changes to "any" interface documentation.
1094	Documentation on pcap_stats() counters.
1095	Fix a memory leak found by Miklos Szeredi - pcap_ether_aton().
1096	Added MPLS encapsulation decoding per RFC3032.
1097	DNS dissector handles TKEY, TSIG and IXFR.
1098	adaptive SLIP interface patch from Igor Khristophorov <igor@atdot.org>
1099	SMB printing has much improved bounds checks
1100	OUI 0x0000f8 decoded as encapsulated ethernet for Cisco-custom bridging
1101	Zephyr support, from Nickolai Zeldovich <kolya@MIT.EDU>.
1102	Solaris - devices with digits in them. Stefan Hudson <hudson@mbay.net>
1103	IPX socket 0x85be is for Cisco EIGRP over IPX.
1104	Improvements to fragmented ESP handling.
1105	SCTP support from Armando L. Caro Jr. <acaro@mail.eecis.udel.edu>
1106	Linux ARPHDR_ATM support fixed.
1107	Added a "netbeui" keyword, which selects NetBEUI packets.
1108	IPv6 ND improvements, MobileIP dissector, 2292bis-02 for RA option.
1109	Handle ARPHDR_HDLC from Marcus Felipe Pereira <marcus@task.com.br>.
1110	Handle IPX socket 0x553 -> NetBIOS-over-IPX socket, "nwlink-dgm"
1111	Better Linux libc5 compat.
1112	BIND9 lwres dissector added.
1113	MIPS and SPARC get strict alignment macros (affects print-bgp.c)
1114	Apple LocalTalk LINKTYPE_ reserved.
1115	New time stamp formats documented.
1116	DHCP6 updated to draft-22.txt spec.
1117	ICMP types/codes now accept symbolic names.
1118	Add SIGINFO handler from LBL
1119	encrypted CIPE tunnels in IRIX, from Franz Schaefer <schaefer@mond.at>.
1120	now we are -Wstrict-prototype clean.
1121	NetBSD DLT_PPP_ETHER; adapted from Martin Husemann <martin@netbsd.org>.
1122	PPPoE dissector cleaned up.
1123	Support for LocalTalk hardware, from Uns Lider <unslider@miranda.org>.
1124	In dissector, now the caller prints the IP addresses rather than proto.
1125	cjclark@alum.mit.edu: print the IP proto for non-initial fragments.
1126	LLC frames with a DSAP and LSAP of 0xe0 are IPX frames.
1127	Linux cooked frames with a type value of LINUX_SLL_P_802_3 are IPX.
1128	captures on the "any" device won't be done in promiscuous mode
1129	Token Ring support on DLPI - Onno van der Linden <onno@simplex.nl>
1130	ARCNet support, from NetBSD.
1131	HSRP dissector, from Julian Cowley <julian@lava.net>.
1132	Handle (GRE-encapsulated) PPTP
1133	added -C option to rotate save file every optarg * 1,000,000 bytes.
1134	support for "vrrp" name - NetBSD, by Klaus Klein <kleink@netbsd.org>.
1135	PPTP support, from Motonori Shindo <mshindo@mshindo.net>.
1136	IS-IS over PPP support, from Hannes Gredler <hannes@juniper.net>.
1137	CNFP support for IPv6,format. Harry Raaymakers <harryr@connect.com.au>.
1138	ESP printing updated to RFC2406.
1139	HP-UX can now handle large number of PPAs.
1140	MSDP printer added.
1141	L2TP dissector improvements from Motonori Shindo.
1142
1143Tuesday January 9, 2001. mcr@sandelman.ottawa.on.ca. Summary for 3.6 release
1144	Cleaned up documentation.
1145	Promisc mode fixes for Linux
1146	IPsec changes/cleanups.
1147	Alignment fixes for picky architectures
1148
1149	Removed dependency on native headers for packet dissectors.
1150	Removed Linux specific headers that were shipped
1151
1152	libpcap changes provide for exchanging capture files between
1153	  systems. Save files now have well known PACKET_ values instead of
1154	  depending upon system dependent mappings of DLT_* types.
1155
1156	Support for computing/checking IP and UDP/TCP checksums.
1157
1158	Updated autoconf stock files.
1159
1160	IPv6 improvements: dhcp (draft-15), mobile-ip6, ppp, ospf6,
1161
1162	Added dissector support for: ISOCLNS, Token Ring, IGMPv3, bxxp,
1163		timed, vrrp, radius, chdlc, cnfp, cdp, IEEE802.1d, raw-AppleTalk
1164
1165	Added filtering support for: VLANs, ESIS, ISIS
1166
1167	Improvements to: print-telnet, IPTalk, bootp/dhcp, ECN, PPP,
1168		L2TP, PPPoE
1169
1170	HP-UX 11.0 -- find the right dlpi device.
1171	Solaris 8 - IPv6 works
1172	Linux - Added support for an "any" device to capture on all interfaces
1173
1174	Security fixes: buffer overrun audit done. Strcpy replaced with
1175		strlcpy, sprintf replaced with snprintf.
1176	Look for lex problems, and warn about them.
1177
1178
1179v3.5 Fri Jan 28 18:00:00 PST 2000
1180
1181Bill Fenner <fenner@research.att.com>
1182- switch to config.h for autoconf
1183- unify RCSID strings
1184- Updated PIMv1, PIMv2, DVMRP, IGMP parsers, add Cisco Auto-RP parser
1185- Really fix the RIP printer
1186- Fix MAC address -> name translation.
1187- some -Wall -Wformat fixes
1188- update makemib to parse much of SMIv2
1189- Print TCP sequence # with -vv even if you normally wouldn't
1190- Print as much of IP/TCP/UDP headers as possible even if truncated.
1191
1192itojun@iijlab.net
1193- -X will make a ascii dump.  from netbsd.
1194- telnet command sequence decoder (ff xx xx).  from netbsd.
1195- print-bgp.c: improve options printing.  ugly code exists for
1196  unaligned option parsing (need some fix).
1197- const poisoning in SMB decoder.
1198- -Wall -Werror clean checks.
1199- bring in KAME IPv6/IPsec decoding code.
1200
1201Assar Westerlund  <assar@sics.se>
1202- SNMPv2 and SNMPv3 printer
1203- If compiled with libsmi, tcpdump can load MIBs on the fly to decode
1204  SNMP packets.
1205- Incorporate NFS parsing code from NetBSD.  Adds support for nfsv3.
1206- portability fixes
1207- permit building in different directories.
1208
1209Ken Hornstein <kenh@cmf.nrl.navy.mil>
1210- bring in code at
1211  /afs/transarc.com/public/afs-contrib/tools/tcpdump for parsing
1212  AFS3 packets
1213
1214Andrew Tridgell <tridge@linuxcare.com>
1215- SMB printing code
1216
1217Love <lha@stacken.kth.se>
1218- print-rx.c: add code for printing MakeDir and StoreStatus.  Also
1219  change date format to the right one.
1220
1221Michael C. Richardson  <mcr@sandelman.ottawa.on.ca>
1222- Created tcpdump.org repository
1223
1224v3.4 Sat Jul 25 12:40:55 PDT 1998
1225
1226- Hardwire Linux slip support since it's too hard to detect.
1227
1228- Redo configuration of "network" libraries (-lsocket and -lnsl) to
1229  deal with IRIX. Thanks to John Hawkinson (jhawk@mit.edu)
1230
1231- Added -a which tries to translate network and broadcast addresses to
1232  names. Suggested by Rob van Nieuwkerk (robn@verdi.et.tudelft.nl)
1233
1234- Added a configure option to disable gcc.
1235
1236- Added a "raw" packet printer.
1237
1238- Not having an interface address is no longer fatal. Requested by John
1239  Hawkinson.
1240
1241- Rework signal setup to accommodate Linux.
1242
1243- OSPF truncation check fix. Also display the type of OSPF packets
1244  using MD5 authentication. Thanks to Brian Wellington
1245  (bwelling@tis.com)
1246
1247- Fix truncation check bugs in the Kerberos printer. Reported by Ezra
1248  Peisach (epeisach@mit.edu)
1249
1250- Don't catch SIGHUP when invoked with nohup(1). Thanks to Dave Plonka
1251  (plonka@mfa.com)
1252
1253- Specify full install target as a way of detecting if install
1254  directory does not exist. Thanks to Dave Plonka.
1255
1256- Bit-swap FDDI addresses for BSD/OS too. Thanks to Paul Vixie
1257  (paul@vix.com)
1258
1259- Fix off-by-one bug when testing size of ethernet packets. Thanks to
1260  Marty Leisner (leisner@sdsp.mc.xerox.com)
1261
1262- Add a local autoconf macro to check for routines in libraries; the
1263  autoconf version is broken (it only puts the library name in the
1264  cache variable name). Thanks to John Hawkinson.
1265
1266- Add a local autoconf macro to check for types; the autoconf version
1267  is broken (it uses grep instead of actually compiling a code fragment).
1268
1269- Modified to support the new BSD/OS 2.1 PPP and SLIP link layer header
1270  formats.
1271
1272- Extend OSF ip header workaround to versions 1 and 2.
1273
1274- Fix some signed problems in the nfs printer. As reported by David
1275  Sacerdote (davids@silence.secnet.com)
1276
1277- Detect group wheel and use it as the default since BSD/OS' install
1278  can't hack numeric groups. Reported by David Sacerdote.
1279
1280- AIX needs special loader options. Thanks to Jonathan I. Kamens
1281  (jik@cam.ov.com)
1282
1283- Fixed the nfs printer to print port numbers in decimal. Thanks to
1284  Kent Vander Velden (graphix@iastate.edu)
1285
1286- Find installed libpcap in /usr/local/lib when not using gcc.
1287
1288- Disallow network masks with non-network bits set.
1289
1290- Attempt to detect "egcs" versions of gcc.
1291
1292- Add missing closing double quotes when displaying bootp strings.
1293  Reported by Viet-Trung Luu (vluu@picard.math.uwaterloo.ca)
1294
1295v3.3 Sat Nov 30 20:56:27 PST 1996
1296
1297- Added Linux support.
1298
1299- GRE encapsulated packet printer thanks to John Hawkinson
1300  (jhawk@mit.edu)
1301
1302- Rewrite gmt2local() to avoid problematic os dependencies.
1303
1304- Suppress nfs truncation message on errors.
1305
1306- Add missing m4 quoting in AC_LBL_UNALIGNED_ACCESS autoconf macro.
1307  Reported by Joachim Ott (ott@ardala.han.de)
1308
1309- Enable "ip_hl vs. ip_vhl" workaround for OSF4 too.
1310
1311- Print arp hardware type in host order. Thanks to Onno van der Linden
1312  (onno@simplex.nl)
1313
1314- Avoid solaris compiler warnings. Thanks to Bruce Barnett
1315  (barnett@grymoire.crd.ge.com)
1316
1317- Fix rip printer to not print one more route than is actually in the
1318  packet. Thanks to Jean-Luc Richier (Jean-Luc.Richier@imag.fr) and
1319  Bill Fenner (fenner@parc.xerox.com)
1320
1321- Use autoconf endian detection since BYTE_ORDER isn't defined on all systems.
1322
1323- Fix dvmrp printer truncation checks and add a dvmrp probe printer.
1324  Thanks to Danny J. Mitzel (mitzel@ipsilon.com)
1325
1326- Rewrite ospf printer to improve truncation checks.
1327
1328- Don't parse tcp options past the EOL. As noted by David Sacerdote
1329  (davids@secnet.com). Also, check tcp options to make sure they ar
1330  actually in the tcp header (in addition to the normal truncation
1331  checks). Fix the SACK code to print the N blocks (instead of the
1332  first block N times).
1333
1334- Don't say really small UDP packets are truncated just because they
1335  aren't big enough to be a RPC. As noted by David Sacerdote.
1336
1337v3.2.1 Sun Jul 14 03:02:26 PDT 1996
1338
1339- Added rfc1716 icmp codes as suggested by Martin Fredriksson
1340  (martin@msp.se)
1341
1342- Print mtu for icmp unreach need frag packets. Thanks to John
1343  Hawkinson (jhawk@mit.edu)
1344
1345- Decode icmp router discovery messages. Thanks to Jeffrey Honig
1346  (jch@bsdi.com)
1347
1348- Added a printer entry for DLT_IEEE802 as suggested by Tak Kushida
1349  (kushida@trl.ibm.co.jp)
1350
1351- Check igmp checksum if possible. Thanks to John Hawkinson.
1352
1353- Made changes for SINIX. Thanks to Andrej Borsenkow
1354  (borsenkow.msk@sni.de)
1355
1356- Use autoconf's idea of the top level directory in install targets.
1357  Thanks to John Hawkinson.
1358
1359- Avoid infinite loop in tcp options printing code. Thanks to Jeffrey
1360  Mogul (mogul@pa.dec.com)
1361
1362- Avoid using -lsocket in IRIX 5.2 and earlier since it breaks snoop.
1363  Thanks to John Hawkinson.
1364
1365- Added some more packet truncation checks.
1366
1367- On systems that have it, use sigset() instead of signal() since
1368  signal() has different semantics on these systems.
1369
1370- Fixed some more alignment problems on the alpha.
1371
1372- Add code to massage unprintable characters in the domain and ipx
1373  printers. Thanks to John Hawkinson.
1374
1375- Added explicit netmask support. Thanks to Steve Nuchia
1376  (steve@research.oknet.com)
1377
1378- Add "sca" keyword (for DEC cluster services) as suggested by Terry
1379  Kennedy (terry@spcvxa.spc.edu)
1380
1381- Add "atalk" keyword as suggested by John Hawkinson.
1382
1383- Added an igrp printer. Thanks to Francis Dupont
1384  (francis.dupont@inria.fr)
1385
1386- Print IPX net numbers in hex a la Novell Netware. Thanks to Terry
1387  Kennedy (terry@spcvxa.spc.edu)
1388
1389- Fixed snmp extended tag field parsing bug. Thanks to Pascal Hennequin
1390  (pascal.hennequin@hugo.int-evry.fr)
1391
1392- Added some ETHERTYPEs missing on some systems.
1393
1394- Added truncated packet macros and various checks.
1395
1396- Fixed endian problems with the DECnet printer.
1397
1398- Use $CC when checking gcc version. Thanks to Carl Lindberg
1399  (carl_lindberg@blacksmith.com)
1400
1401- Fixes for AIX (although this system is not yet supported). Thanks to
1402  John Hawkinson.
1403
1404- Fix bugs in the autoconf misaligned accesses code fragment.
1405
1406- Include sys/param.h to get BYTE_ORDER in a few places. Thanks to
1407  Pavlin Ivanov Radoslavov (pavlin@cs.titech.ac.jp)
1408
1409v3.2 Sun Jun 23 02:28:10 PDT 1996
1410
1411- Print new icmp unreachable codes as suggested by Martin Fredriksson
1412  (martin@msp.se). Also print code value when unknown for icmp redirect
1413  and time exceeded.
1414
1415- Fix an alignment endian bug in getname(). Thanks to John Hawkinson.
1416
1417- Define "new" domain record types if not found in arpa/nameserv.h.
1418  Resulted from a suggestion from John Hawkinson (jhawk@mit.edu). Also
1419  fixed an endian bug when printing mx record and added some new record
1420  types.
1421
1422- Added RIP V2 support. Thanks to Jeffrey Honig (jch@bsdi.com)
1423
1424- Added T/TCP options printing. As suggested by Richard Stevens
1425  (rstevens@noao.edu)
1426
1427- Use autoconf to detect architectures that can't handle misaligned
1428  accesses.
1429
1430v3.1 Thu Jun 13 20:59:32 PDT 1996
1431
1432- Changed u_int32/int32 to u_int32_t/int32_t to be consistent with bsd
1433  and bind (as suggested by Charles Hannum).
1434
1435- Port to GNU autoconf.
1436
1437- Add support for printing DVMRP and PIM traffic thanks to
1438  Havard Eidnes (Havard.Eidnes@runit.sintef.no).
1439
1440- Fix AppleTalk, IPX and DECnet byte order problems due to wrong endian
1441  define being referenced. Reported by Terry Kennedy.
1442
1443- Minor fixes to the man page thanks to Mark Andrews.
1444
1445- Endian fixes to RTP and vat packet dumpers, thanks to Bruce Mah
1446  (bmah@cs.berkeley.edu).
1447
1448- Added support for new dns types, thanks to Rainer Orth.
1449
1450- Fixed tftp_print() to print the block number for ACKs.
1451
1452- Document -dd and -ddd. Resulted from a bug report from Charlie Slater
1453  (cslater@imatek.com).
1454
1455- Check return status from malloc/calloc/etc.
1456
1457- Check return status from pcap_loop() so we can print an error and
1458  exit with a bad status if there were problems.
1459
1460- Bail if ip option length is <= 0. Resulted from a bug report from
1461  Darren Reed (darrenr@vitruvius.arbld.unimelb.edu.au).
1462
1463- Print out a little more information for sun rpc packets.
1464
1465- Add support for Kerberos 4 thanks to John Hawkinson (jhawk@mit.edu).
1466
1467- Fixed the Fix EXTRACT_SHORT() and EXTRACT_LONG() macros (which were
1468  wrong on little endian machines).
1469
1470- Fixed alignment bug in ipx_decode(). Thanks to Matt Crawford
1471  (crawdad@fnal.gov).
1472
1473- Fix ntp_print() to not print garbage when the stratum is
1474  "unspecified." Thanks to Deus Ex Machina (root@belle.bork.com).
1475
1476- Rewrote tcp options printer code to check for truncation. Added
1477  selective acknowledgment case.
1478
1479- Fixed an endian bug in the ospf printer. Thanks to Jeffrey C Honig
1480  (jch@bsdi.com)
1481
1482- Fix rip printer to handle 4.4 BSD sockaddr struct which only uses one
1483  octet for the sa_family member. Thanks to Yoshitaka Tokugawa
1484  (toku@dit.co.jp)
1485
1486- Don't checksum ip header if we don't have all of it. Thanks to John
1487  Hawkinson (jhawk@mit.edu).
1488
1489- Print out hostnames if possible in egp printer. Thanks to Jeffrey
1490  Honig (jhc@bsdi.com)
1491
1492
1493v3.1a1 Wed May  3 19:21:11 PDT 1995
1494
1495- Include time.h when SVR4 is defined to avoid problems under Solaris
1496  2.3.
1497
1498- Fix etheraddr_string() in the ETHER_SERVICE to return the saved
1499  strings, not the local buffer. Thanks to Stefan Petri
1500  (petri@ibr.cs.tu-bs.de).
1501
1502- Detect when pcap raises the snaplen (e.g. with snit). Print a warning
1503  that the selected value was not used. Thanks to Pascal Hennequin
1504  (Pascal.Hennequin@hugo.int-evry.fr).
1505
1506- Add a truncated packet test to print-nfs.c. Thanks to Pascal Hennequin.
1507
1508- BYTEORDER -> BYTE_ORDER Thanks to Terry Kennedy (terry@spcvxa.spc.edu).
1509
1510v3.0.3 Sun Oct  1 18:35:00 GMT 1995
1511
1512- Although there never was a 3.0.3 release, the linux boys cleverly
1513  "released" one in late 1995.
1514
1515v3.0.2 Thu Apr 20 21:28:16 PDT 1995
1516
1517- Change configuration to not use gcc v2 flags with gcc v1.
1518
1519- Redo gmt2local() so that it works under BSDI (which seems to return
1520  an empty timezone struct from gettimeofday()). Based on report from
1521  Terry Kennedy (terry@spcvxa.spc.edu).
1522
1523- Change configure to recognize IP[0-9]* as "mips" SGI hardware. Based
1524  on report from Mark Andrews (mandrews@alias.com).
1525
1526- Don't pass cc flags to gcc. Resulted from a bug report from Rainer
1527  Orth (ro@techfak.uni-bielefeld.de).
1528
1529- Fixed printout of connection id for uncompressed tcp slip packets.
1530  Resulted from a bug report from Richard Stevens (rstevens@noao.edu).
1531
1532- Hack around deficiency in Ultrix's make.
1533
1534- Add ETHERTYPE_TRAIL define which is missing from irix5.
1535
1536v3.0.1 Wed Aug 31 22:42:26 PDT 1994
1537
1538- Fix problems with gcc2 vs. malloc() and read() prototypes under SunOS 4.
1539
1540v3.0 Mon Jun 20 19:23:27 PDT 1994
1541
1542- Added support for printing tcp option timestamps thanks to
1543  Mark Andrews (mandrews@alias.com).
1544
1545- Reorganize protocol dumpers to take const pointers to packets so they
1546  never change the contents (i.e., they used to do endian conversions
1547  in place).  Previously, whenever more than one pass was taken over
1548  the packet, the packet contents would be dumped incorrectly (i.e.,
1549  the output form -x would be wrong on little endian machines because
1550  the protocol dumpers would modify the data).  Thanks to Charles Hannum
1551  (mycroft@gnu.ai.mit.edu) for reporting this problem.
1552
1553- Added support for decnet protocol dumping thanks to Jeff Mogul
1554  (mogul@pa.dec.com).
1555
1556- Fix bug that caused length of packet to be incorrectly printed
1557  (off by ether header size) for unknown ethernet types thanks
1558  to Greg Miller (gmiller@kayak.mitre.org).
1559
1560- Added support for IPX protocol dumping thanks to Brad Parker
1561  (brad@fcr.com).
1562
1563- Added check to verify IP header checksum under -v thanks to
1564  Brad Parker (brad@fcr.com).
1565
1566- Move packet capture code to new libpcap library (which is
1567  packaged separately).
1568
1569- Prototype everything and assume an ansi compiler.
1570
1571- print-arp.c: Print hardware ethernet addresses if they're not
1572  what we expect.
1573
1574- print-bootp.c: Decode the cmu vendor field. Add RFC1497 tags.
1575  Many helpful suggestions from Gordon Ross (gwr@jericho.mc.com).
1576
1577- print-fddi.c: Improvements. Thanks to Jeffrey Mogul
1578  (mogul@pa.dec.com).
1579
1580- print-icmp.c: Byte swap netmask before printing. Thanks to
1581  Richard Stevens (rstevens@noao.edu). Print icmp type when unknown.
1582
1583- print-ip.c: Print the inner ip datagram of ip-in-ip encapsulated packets.
1584  By default, only the inner packet is dumped, appended with the token
1585  "(encap)".  Under -v, both the inner and output packets are dumped
1586  (on the same line).  Note that the filter applies to the original packet,
1587  not the encapsulated packet.  So if you run tcpdump on a net with an
1588  IP Multicast tunnel, you cannot filter out the datagrams using the
1589  conventional syntax.  (You can filter away all the ip-in-ip traffic
1590  with "not ip proto 4".)
1591
1592- print-nfs.c: Keep pending rpc's in circular table. Add generic
1593  nfs header and remove os dependences. Thanks to Jeffrey Mogul.
1594
1595- print-ospf.c: Improvements. Thanks to Jeffrey Mogul.
1596
1597- tcpdump.c: Add -T flag allows interpretation of "vat", "wb", "rpc"
1598  (sunrpc) and rtp packets. Added "inbound" and "outbound" keywords
1599  Add && and || operators
1600
1601v2.2.1 Tue Jun 6 17:57:22 PDT 1992
1602
1603- Fix bug with -c flag.
1604
1605v2.2 Fri May 22 17:19:41 PDT 1992
1606
1607- savefile.c: Remove hack that shouldn't have been exported. Add
1608  truncate checks.
1609
1610- Added the 'icmp' keyword.  For example, 'icmp[0] != 8 and icmp[0] != 0'
1611  matches non-echo/reply ICMP packets.
1612
1613- Many improvements to filter code optimizer.
1614
1615- Added 'multicast' keyword and extended the 'broadcast' keyword can now be
1616  so that protocol qualifications are allowed. For example, "ip broadcast"
1617  and "ether multicast" are valid filters.
1618
1619- Added support for monitoring the loopback interface (i.e. 'tcpdump -i lo').
1620  Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) contributed the kernel
1621  patches to netinet/if_loop.c.
1622
1623- Added support for the Ungermann-Bass Ethernet on IBM/PC-RTs running AOS.
1624  Contact Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) for the diffs.
1625
1626- Added EGP and OSPF printers, thanks to Jeffrey Honig.
1627
1628v2.1 Tue Jan 28 11:00:14 PST 1992
1629
1630- Internal release (never publicly exported).
1631
1632v2.0.1 Sun Jan 26 21:10:10 PDT
1633
1634- Various byte ordering fixes.
1635
1636- Add truncation checks.
1637
1638- inet.c: Support BSD style SIOCGIFCONF.
1639
1640- nametoaddr.c: Handle multi addresses for single host.
1641
1642- optimize.c: Rewritten.
1643
1644- pcap-bpf.c: don't choke when we get ptraced. only set promiscuous
1645  for broadcast nets.
1646
1647- print-atal.c: Fix an alignment bug (thanks to
1648  stanonik@nprdc.navy.mil) Add missing printf() argument.
1649
1650- print-bootp.c: First attempt at decoding the vendor buffer.
1651
1652- print-domain.c: Fix truncation checks.
1653
1654- print-icmp.c: Calculate length of packets from the ip header.
1655
1656- print-ip.c: Print frag id in decimal (so it's easier to match up
1657  with non-frags). Add support for ospf, egp and igmp.
1658
1659- print-nfs.c: Lots of changes.
1660
1661- print-ntp.c: Make some verbose output depend on -v.
1662
1663- print-snmp.c: New version from John LoVerso.
1664
1665- print-tcp.c: Print rfc1072 tcp options.
1666
1667- tcpdump.c: Print "0x" prefix for %x formats. Always print 6 digits
1668  (microseconds) worth of precision. Fix uid bugs.
1669
1670- A packet dumper has been added (thanks to Jeff Mogul of DECWRL).
1671  With this option, you can create an architecture independent binary
1672  trace file in real time, without the overhead of the packet printer.
1673  At a later time, the packets can be filtered (again) and printed.
1674
1675- BSD is supported.  You must have BPF in your kernel.
1676  Since the filtering is now done in the kernel, fewer packets are
1677  dropped.  In fact, with BPF and the packet dumper option, a measly
1678  Sun 3/50 can keep up with a busy network.
1679
1680- Compressed SLIP packets can now be dumped, provided you use our
1681  SLIP software and BPF.  These packets are dumped as any other IP
1682  packet; the compressed headers are dumped with the '-e' option.
1683
1684- Machines with little-endian byte ordering are supported (thanks to
1685  Jeff Mogul).
1686
1687- Ultrix 4.0 is supported (also thanks to Jeff Mogul).
1688
1689- IBM RT and Stanford Enetfilter support has been added by
1690  Rayan Zachariassen <rayan@canet.ca>.  Tcpdump has been tested under
1691  both the vanilla Enetfilter interface, and the extended interface
1692  (#ifdef'd by IBMRTPC) present in the MERIT version of the Enetfilter.
1693
1694- TFTP packets are now printed (requests only).
1695
1696- BOOTP packets are now printed.
1697
1698- SNMP packets are now printed. (thanks to John LoVerso of Xylogics).
1699
1700- Sparc architectures, including the Sparcstation-1, are now
1701  supported thanks to Steve McCanne and Craig Leres.
1702
1703- SunOS 4 is now supported thanks to Micky Liu of Columbia
1704  University (micky@cunixc.cc.columbia.edu).
1705
1706- IP options are now printed.
1707
1708- RIP packets are now printed.
1709
1710- There's a -v flag that prints out more information than the
1711  default (e.g., it will enable printing of IP ttl, tos and id)
1712  and -q flag that prints out less (e.g., it will disable
1713  interpretation of AppleTalk-in-UDP).
1714
1715- The grammar has undergone substantial changes (if you have an
1716  earlier version of tcpdump, you should re-read the manual
1717  entry).
1718
1719  The most useful change is the addition of an expression
1720  syntax that lets you filter on arbitrary fields or values in the
1721  packet.  E.g., "ip[0] > 0x45" would print only packets with IP
1722  options, "tcp[13] & 3 != 0" would print only TCP SYN and FIN
1723  packets.
1724
1725  The most painful change is that concatenation no longer means
1726  "and" -- e.g., you have to say "host foo and port bar" instead
1727  of "host foo port bar".  The up side to this down is that
1728  repeated qualifiers can be omitted, making most filter
1729  expressions shorter.  E.g., you can now say "ip host foo and
1730  (bar or baz)" to look at ip traffic between hosts foo and bar or
1731  between hosts foo and baz.  [The old way of saying this was "ip
1732  host foo and (ip host bar or ip host baz)".]
1733
1734v2.0 Sun Jan 13 12:20:40 PST 1991
1735
1736- Initial public release.
1737