xref: /freebsd/contrib/tcpdump/CHANGES (revision d37ea99837e6ad50837fd9fe1771ddf1c3ba6002) 
1$Header: /tcpdump/master/tcpdump/CHANGES,v 1.84.2.3 2004/03/30 14:36:24 mcr Exp $
2
3Tue.   March 30, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.3 release
4
5	No changes from 3.8.2. Version bumped only to maintain consistency
6	with libpcap 0.8.3.
7
8Mon.   March 29, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.2 release
9
10	Fixes for print-isakmp.c      CVE:    CAN-2004-0183, CAN-2004-0184
11	  		     http://www.rapid7.com/advisories/R7-0017.html
12	IP-over-IEEE1394 printing.
13	some MINGW32 changes.
14	updates for autoconf 2.5
15	fixes for print-aodv.c - check for too short packets
16	formatting changes to print-ascii for hex output.
17	check for too short packets: print-bgp.c, print-bootp.c, print-cdp.c,
18		print-chdlc.c, print-domain.c, print-icmp.c, print-icmp6.c,
19		print-ip.c, print-lwres.c, print-ospf.c, print-pim.c,
20		print-ppp.c,print-pppoe.c, print-rsvp.c, print-wb.c
21	print-ether.c - better handling of unknown types.
22	print-isoclns.c - additional decoding of types.
23	print-llc.c - strings for LLC names added.
24	print-pfloc.c - various enhancements
25	print-radius.c - better decoding to strings.
26
27Wed.   November 12, 2003. mcr@sandelman.ottawa.on.ca. Summary for 3.8 release
28
29	changed syntax of -E argument so that multiple SAs can be decrypted
30	fixes for Digital Unix headers and Documentation
31	__attribute__ fixes
32	CDP changes from Terry Kennedy <terry@tmk.com>.
33	IPv6 mobility updates from Kazushi Sugyo <sugyo@pb.jp.nec.com>
34	Fixes for ASN.1 decoder for 2.100.3 forms.
35	Added a count of packets received and processed to clarify numbers.
36	Incorporated WinDUMP patches for Win32 builds.
37	PPPoE payload length headers.
38	Fixes for HP C compiler builds.
39	Use new pcap_breakloop() and pcap_findalldevs() if we can.
40	BGP output split into multiple lines.
41	Fixes to 802.11 decoding.
42	Fixes to PIM decoder.
43	SuperH is a CPU that can't handle unaligned access. Many fixes for
44		unaligned access work.
45	Fixes to Frame-Relay decoder for Q.933/922 frames.
46	Clarified when Solaris can do captures as non-root.
47	Added tests/ subdir for examples/regression tests.
48	New -U flag.	-flush stdout after every packet
49	New -A flag	-print ascii only
50	support for decoding IS-IS inside Cisco HDLC Frames
51	more verbosity for tftp decoder
52	mDNS decoder
53	new BFD decoder
54	cross compilation patches
55	RFC 3561 AODV support.
56	UDP/TCP pseudo-checksum properly for source-route options.
57	sanitized all files to modified BSD license
58	Add support for RFC 2625 IP-over-Fibre Channel.
59	fixes for DECnet support.
60	Support RFC 2684 bridging of Ethernet, 802.5 Token Ring, and FDDI.
61	RFC 2684 encapsulation of BPDUs.
62
63Tuesday, February 25, 2003. fenner@research.att.com.  3.7.2 release
64
65	Fixed infinite loop when parsing malformed isakmp packets.
66	 (reported by iDefense; already fixed in CVS)
67	Fixed infinite loop when parsing malformed BGP packets.
68	Fixed buffer overflow with certain malformed NFS packets.
69	Pretty-print unprintable network names in 802.11 printer.
70	Handle truncated nbp (appletalk) packets.
71	Updated DHCPv6 printer to match draft-ietf-dhc-dhcpv6-22.txt
72	Print IP protocol name even if we don't have a printer for it.
73	Print IP protocol name or number for fragments.
74	Print the whole MPLS label stack, not just the top label.
75	Print request header and file handle for NFS v3 FSINFO and PATHCONF
76	 requests.
77	Fix NFS packet truncation checks.
78	Handle "old" DR-Priority and Bidir-Capable PIM HELLO options.
79	Handle unknown RADIUS attributes properly.
80	Fix an ASN.1 parsing error that would cause e.g. the OID
81	 2.100.3 to be misrepresented as 4.20.3 .
82
83Monday, January 21, 2002. mcr@sandelman.ottawa.on.ca. Summary for 3.7 release
84see http://www.tcpdump.org/cvs-log/2002-01-21.10:16:48.html for commit log.
85	keyword "ipx" added.
86	Better OSI/802.2 support on Linux.
87	IEEE 802.11 support, from clenahan@fortresstech.com, achirica@ttd.net.
88	LLC SAP support for FDDI/token ring/RFC-1483 style ATM
89	BXXP protocol was replaced by the BEEP protocol;
90	improvements to SNAP demux.
91	Changes to "any" interface documentation.
92	Documentation on pcap_stats() counters.
93	Fix a memory leak found by Miklos Szeredi - pcap_ether_aton().
94	Added MPLS encapsulation decoding per RFC3032.
95	DNS dissector handles TKEY, TSIG and IXFR.
96	adaptive SLIP interface patch from Igor Khristophorov <igor@atdot.org>
97	SMB printing has much improved bounds checks
98	OUI 0x0000f8 decoded as encapsulated ethernet for Cisco-custom bridging
99	Zephyr support, from Nickolai Zeldovich <kolya@MIT.EDU>.
100	Solaris - devices with digits in them. Stefan Hudson <hudson@mbay.net>
101	IPX socket 0x85be is for Cisco EIGRP over IPX.
102	Improvements to fragmented ESP handling.
103	SCTP support from Armando L. Caro Jr. <acaro@mail.eecis.udel.edu>
104	Linux ARPHDR_ATM support fixed.
105	Added a "netbeui" keyword, which selects NetBEUI packets.
106	IPv6 ND improvements, MobileIP dissector, 2292bis-02 for RA option.
107	Handle ARPHDR_HDLC from Marcus Felipe Pereira <marcus@task.com.br>.
108	Handle IPX socket 0x553 -> NetBIOS-over-IPX socket, "nwlink-dgm"
109	Better Linux libc5 compat.
110	BIND9 lwres dissector added.
111	MIPS and SPARC get strict alignment macros (affects print-bgp.c)
112	Apple LocalTalk LINKTYPE_ reserved.
113	New time stamp formats documented.
114	DHCP6 updated to draft-22.txt spec.
115	ICMP types/codes now accept symbolic names.
116	Add SIGINFO handler from LBL
117	encrypted CIPE tunnels in IRIX, from Franz Schaefer <schaefer@mond.at>.
118	now we are -Wstrict-prototype clean.
119	NetBSD DLT_PPP_ETHER; adapted from Martin Husemann <martin@netbsd.org>.
120	PPPoE dissector cleaned up.
121	Support for LocalTalk hardware, from Uns Lider <unslider@miranda.org>.
122	In dissector, now the caller prints the IP addresses rather than proto.
123	cjclark@alum.mit.edu: print the IP proto for non-initial fragments.
124	LLC frames with a DSAP and LSAP of 0xe0 are IPX frames.
125	Linux cooked frames with a type value of LINUX_SLL_P_802_3 are IPX.
126	captures on the "any" device won't be done in promiscuous mode
127	Token Ring support on DLPI - Onno van der Linden <onno@simplex.nl>
128	ARCNet support, from NetBSD.
129	HSRP dissector, from Julian Cowley <julian@lava.net>.
130	Handle (GRE-encapsulated) PPTP
131	added -C option to rotate save file every optarg * 1,000,000 bytes.
132	support for "vrrp" name - NetBSD, by Klaus Klein <kleink@netbsd.org>.
133	PPTP support, from Motonori Shindo <mshindo@mshindo.net>.
134	IS-IS over PPP support, from Hannes Gredler <hannes@juniper.net>.
135	CNFP support for IPv6,format. Harry Raaymakers <harryr@connect.com.au>.
136	ESP printing updated to RFC2406.
137	HP-UX can now handle large number of PPAs.
138	MSDP printer added.
139	L2TP dissector improvements from Motonori Shindo.
140
141Tuesday January 9, 2001. mcr@sandelman.ottawa.on.ca. Summary for 3.6 release
142	Cleaned up documentation.
143	Promisc mode fixes for Linux
144	IPsec changes/cleanups.
145	Alignment fixes for picky architectures
146
147	Removed dependency on native headers for packet dissectors.
148	Removed Linux specific headers that were shipped
149
150	libpcap changes provide for exchanging capture files between
151	  systems. Save files now have well known PACKET_ values instead of
152	  depending upon system dependant mappings of DLT_* types.
153
154	Support for computing/checking IP and UDP/TCP checksums.
155
156	Updated autoconf stock files.
157
158	IPv6 improvements: dhcp (draft-15), mobile-ip6, ppp, ospf6,
159
160	Added dissector support for: ISOCLNS, Token Ring, IGMPv3, bxxp,
161		timed, vrrp, radius, chdlc, cnfp, cdp, IEEE802.1d, raw-AppleTalk
162
163	Added filtering support for: VLANs, ESIS, ISIS
164
165	Improvements to: print-telnet, IPTalk, bootp/dhcp, ECN, PPP,
166		L2TP, PPPoE
167
168	HP-UX 11.0 -- find the right dlpi device.
169	Solaris 8 - IPv6 works
170	Linux - Added support for an "any" device to capture on all interfaces
171
172	Security fixes: buffer overrun audit done. Strcpy replaced with
173		strlcpy, sprintf replaced with snprintf.
174	Look for lex problems, and warn about them.
175
176
177v3.5 Fri Jan 28 18:00:00 PST 2000
178
179Bill Fenner <fenner@research.att.com>
180- switch to config.h for autoconf
181- unify RCSID strings
182- Updated PIMv1, PIMv2, DVMRP, IGMP parsers, add Cisco Auto-RP parser
183- Really fix the RIP printer
184- Fix MAC address -> name translation.
185- some -Wall -Wformat fixes
186- update makemib to parse much of SMIv2
187- Print TCP sequence # with -vv even if you normally wouldn't
188- Print as much of IP/TCP/UDP headers as possible even if truncated.
189
190itojun@iijlab.net
191- -X will make a ascii dump.  from netbsd.
192- telnet command sequence decoder (ff xx xx).  from netbsd.
193- print-bgp.c: improve options printing.  ugly code exists for
194  unaligned option parsing (need some fix).
195- const poisoning in SMB decoder.
196- -Wall -Werror clean checks.
197- bring in KAME IPv6/IPsec decoding code.
198
199Assar Westerlund  <assar@sics.se>
200- SNMPv2 and SNMPv3 printer
201- If compiled with libsmi, tcpdump can load MIBs on the fly to decode
202  SNMP packets.
203- Incorporate NFS parsing code from NetBSD.  Adds support for nfsv3.
204- portability fixes
205- permit building in different directories.
206
207Ken Hornstein <kenh@cmf.nrl.navy.mil>
208- bring in code at
209  /afs/transarc.com/public/afs-contrib/tools/tcpdump for parsing
210  AFS3 packets
211
212Andrew Tridgell <tridge@linuxcare.com>
213- SMB printing code
214
215Love <lha@stacken.kth.se>
216- print-rx.c: add code for printing MakeDir and StoreStatus.  Also
217  change date format to the right one.
218
219Michael C. Richardson  <mcr@sandelman.ottawa.on.ca>
220- Created tcpdump.org repository
221
222v3.4 Sat Jul 25 12:40:55 PDT 1998
223
224- Hardwire Linux slip support since it's too hard to detect.
225
226- Redo configuration of "network" libraries (-lsocket and -lnsl) to
227  deal with IRIX. Thanks to John Hawkinson (jhawk@mit.edu)
228
229- Added -a which tries to translate network and broadcast addresses to
230  names. Suggested by Rob van Nieuwkerk (robn@verdi.et.tudelft.nl)
231
232- Added a configure option to disable gcc.
233
234- Added a "raw" packet printer.
235
236- Not having an interface address is no longer fatal. Requested by John
237  Hawkinson.
238
239- Rework signal setup to accommodate Linux.
240
241- OSPF truncation check fix. Also display the type of OSPF packets
242  using MD5 authentication. Thanks to Brian Wellington
243  (bwelling@tis.com)
244
245- Fix truncation check bugs in the Kerberos printer. Reported by Ezra
246  Peisach (epeisach@mit.edu)
247
248- Don't catch SIGHUP when invoked with nohup(1). Thanks to Dave Plonka
249  (plonka@mfa.com)
250
251- Specify full install target as a way of detecting if install
252  directory does not exist. Thanks to Dave Plonka.
253
254- Bit-swap FDDI addresses for BSD/OS too. Thanks to Paul Vixie
255  (paul@vix.com)
256
257- Fix off-by-one bug when testing size of ethernet packets. Thanks to
258  Marty Leisner (leisner@sdsp.mc.xerox.com)
259
260- Add a local autoconf macro to check for routines in libraries; the
261  autoconf version is broken (it only puts the library name in the
262  cache variable name). Thanks to John Hawkinson.
263
264- Add a local autoconf macro to check for types; the autoconf version
265  is broken (it uses grep instead of actually compiling a code fragment).
266
267- Modified to support the new BSD/OS 2.1 PPP and SLIP link layer header
268  formats.
269
270- Extend OSF ip header workaround to versions 1 and 2.
271
272- Fix some signed problems in the nfs printer. As reported by David
273  Sacerdote (davids@silence.secnet.com)
274
275- Detect group wheel and use it as the default since BSD/OS' install
276  can't hack numeric groups. Reported by David Sacerdote.
277
278- AIX needs special loader options. Thanks to Jonathan I. Kamens
279  (jik@cam.ov.com)
280
281- Fixed the nfs printer to print port numbers in decimal. Thanks to
282  Kent Vander Velden (graphix@iastate.edu)
283
284- Find installed libpcap in /usr/local/lib when not using gcc.
285
286- Disallow network masks with non-network bits set.
287
288- Attempt to detect "egcs" versions of gcc.
289
290- Add missing closing double quotes when displaying bootp strings.
291  Reported by Viet-Trung Luu (vluu@picard.math.uwaterloo.ca)
292
293v3.3 Sat Nov 30 20:56:27 PST 1996
294
295- Added Linux support.
296
297- GRE encapsulated packet printer thanks to John Hawkinson
298  (jhawk@mit.edu)
299
300- Rewrite gmt2local() to avoid problematic os dependencies.
301
302- Suppress nfs truncation message on errors.
303
304- Add missing m4 quoting in AC_LBL_UNALIGNED_ACCESS autoconf macro.
305  Reported by Joachim Ott (ott@ardala.han.de)
306
307- Enable "ip_hl vs. ip_vhl" workaround for OSF4 too.
308
309- Print arp hardware type in host order. Thanks to Onno van der Linden
310  (onno@simplex.nl)
311
312- Avoid solaris compiler warnings. Thanks to Bruce Barnett
313  (barnett@grymoire.crd.ge.com)
314
315- Fix rip printer to not print one more route than is actually in the
316  packet. Thanks to Jean-Luc Richier (Jean-Luc.Richier@imag.fr) and
317  Bill Fenner (fenner@parc.xerox.com)
318
319- Use autoconf endian detection since BYTE_ORDER isn't defined on all systems.
320
321- Fix dvmrp printer truncation checks and add a dvmrp probe printer.
322  Thanks to Danny J. Mitzel (mitzel@ipsilon.com)
323
324- Rewrite ospf printer to improve truncation checks.
325
326- Don't parse tcp options past the EOL. As noted by David Sacerdote
327  (davids@secnet.com). Also, check tcp options to make sure they ar
328  actually in the tcp header (in addition to the normal truncation
329  checks). Fix the SACK code to print the N blocks (instead of the
330  first block N times).
331
332- Don't say really small UDP packets are truncated just because they
333  aren't big enough to be a RPC. As noted by David Sacerdote.
334
335v3.2.1 Sun Jul 14 03:02:26 PDT 1996
336
337- Added rfc1716 icmp codes as suggested by Martin Fredriksson
338  (martin@msp.se)
339
340- Print mtu for icmp unreach need frag packets. Thanks to John
341  Hawkinson (jhawk@mit.edu)
342
343- Decode icmp router discovery messages. Thanks to Jeffrey Honig
344  (jch@bsdi.com)
345
346- Added a printer entry for DLT_IEEE802 as suggested by Tak Kushida
347  (kushida@trl.ibm.co.jp)
348
349- Check igmp checksum if possible. Thanks to John Hawkinson.
350
351- Made changes for SINIX. Thanks to Andrej Borsenkow
352  (borsenkow.msk@sni.de)
353
354- Use autoconf's idea of the top level directory in install targets.
355  Thanks to John Hawkinson.
356
357- Avoid infinite loop in tcp options printing code. Thanks to Jeffrey
358  Mogul (mogul@pa.dec.com)
359
360- Avoid using -lsocket in IRIX 5.2 and earlier since it breaks snoop.
361  Thanks to John Hawkinson.
362
363- Added some more packet truncation checks.
364
365- On systems that have it, use sigset() instead of signal() since
366  signal() has different semantics on these systems.
367
368- Fixed some more alignment problems on the alpha.
369
370- Add code to massage unprintable characters in the domain and ipx
371  printers. Thanks to John Hawkinson.
372
373- Added explicit netmask support. Thanks to Steve Nuchia
374  (steve@research.oknet.com)
375
376- Add "sca" keyword (for DEC cluster services) as suggested by Terry
377  Kennedy (terry@spcvxa.spc.edu)
378
379- Add "atalk" keyword as suggested by John Hawkinson.
380
381- Added an igrp printer. Thanks to Francis Dupont
382  (francis.dupont@inria.fr)
383
384- Print IPX net numbers in hex a la Novell Netware. Thanks to Terry
385  Kennedy (terry@spcvxa.spc.edu)
386
387- Fixed snmp extended tag field parsing bug. Thanks to Pascal Hennequin
388  (pascal.hennequin@hugo.int-evry.fr)
389
390- Added some ETHERTYPEs missing on some systems.
391
392- Added truncated packet macros and various checks.
393
394- Fixed endian problems with the DECnet printer.
395
396- Use $CC when checking gcc version. Thanks to Carl Lindberg
397  (carl_lindberg@blacksmith.com)
398
399- Fixes for AIX (although this system is not yet supported). Thanks to
400  John Hawkinson.
401
402- Fix bugs in the autoconf misaligned accesses code fragment.
403
404- Include sys/param.h to get BYTE_ORDER in a few places. Thanks to
405  Pavlin Ivanov Radoslavov (pavlin@cs.titech.ac.jp)
406
407v3.2 Sun Jun 23 02:28:10 PDT 1996
408
409- Print new icmp unreachable codes as suggested by Martin Fredriksson
410  (martin@msp.se). Also print code value when unknown for icmp redirect
411  and time exceeded.
412
413- Fix an alignment endian bug in getname(). Thanks to John Hawkinson.
414
415- Define "new" domain record types if not found in arpa/nameserv.h.
416  Resulted from a suggestion from John Hawkinson (jhawk@mit.edu). Also
417  fixed an endian bug when printing mx record and added some new record
418  types.
419
420- Added RIP V2 support. Thanks to Jeffrey Honig (jch@bsdi.com)
421
422- Added T/TCP options printing. As suggested by Richard Stevens
423  (rstevens@noao.edu)
424
425- Use autoconf to detect architectures that can't handle misaligned
426  accesses.
427
428v3.1 Thu Jun 13 20:59:32 PDT 1996
429
430- Changed u_int32/int32 to u_int32_t/int32_t to be consistent with bsd
431  and bind (as suggested by Charles Hannum).
432
433- Port to GNU autoconf.
434
435- Add support for printing DVMRP and PIM traffic thanks to
436  Havard Eidnes (Havard.Eidnes@runit.sintef.no).
437
438- Fix AppleTalk, IPX and DECnet byte order problems due to wrong endian
439  define being referenced. Reported by Terry Kennedy.
440
441- Minor fixes to the man page thanks to Mark Andrews.
442
443- Endian fixes to RTP and vat packet dumpers, thanks to Bruce Mah
444  (bmah@cs.berkeley.edu).
445
446- Added support for new dns types, thanks to Rainer Orth.
447
448- Fixed tftp_print() to print the block number for ACKs.
449
450- Document -dd and -ddd. Resulted from a bug report from Charlie Slater
451  (cslater@imatek.com).
452
453- Check return status from malloc/calloc/etc.
454
455- Check return status from pcap_loop() so we can print an error and
456  exit with a bad status if there were problems.
457
458- Bail if ip option length is <= 0. Resulted from a bug report from
459  Darren Reed (darrenr@vitruvius.arbld.unimelb.edu.au).
460
461- Print out a little more information for sun rpc packets.
462
463- Add suport for Kerberos 4 thanks to John Hawkinson (jhawk@mit.edu).
464
465- Fixed the Fix EXTRACT_SHORT() and EXTRACT_LONG() macros (which were
466  wrong on little endian machines).
467
468- Fixed alignment bug in ipx_decode(). Thanks to Matt Crawford
469  (crawdad@fnal.gov).
470
471- Fix ntp_print() to not print garbage when the stratum is
472  "unspecified." Thanks to Deus Ex Machina (root@belle.bork.com).
473
474- Rewrote tcp options printer code to check for truncation. Added
475  selective acknowledgment case.
476
477- Fixed an endian bug in the ospf printer. Thanks to Jeffrey C Honig
478  (jch@bsdi.com)
479
480- Fix rip printer to handle 4.4 BSD sockaddr struct which only uses one
481  octet for the sa_family member. Thanks to Yoshitaka Tokugawa
482  (toku@dit.co.jp)
483
484- Don't checksum ip header if we don't have all of it. Thanks to John
485  Hawkinson (jhawk@mit.edu).
486
487- Print out hostnames if possible in egp printer. Thanks to Jeffrey
488  Honig (jhc@bsdi.com)
489
490
491v3.1a1 Wed May  3 19:21:11 PDT 1995
492
493- Include time.h when SVR4 is defined to avoid problems under Solaris
494  2.3.
495
496- Fix etheraddr_string() in the ETHER_SERVICE to return the saved
497  strings, not the local buffer. Thanks to Stefan Petri
498  (petri@ibr.cs.tu-bs.de).
499
500- Detect when pcap raises the snaplen (e.g. with snit). Print a warning
501  that the selected value was not used. Thanks to Pascal Hennequin
502  (Pascal.Hennequin@hugo.int-evry.fr).
503
504- Add a truncated packet test to print-nfs.c. Thanks to Pascal Hennequin.
505
506- BYTEORDER -> BYTE_ORDER Thanks to Terry Kennedy (terry@spcvxa.spc.edu).
507
508v3.0.3 Sun Oct  1 18:35:00 GMT 1995
509
510- Although there never was a 3.0.3 release, the linux boys cleverly
511  "released" one in late 1995.
512
513v3.0.2 Thu Apr 20 21:28:16 PDT 1995
514
515- Change configuration to not use gcc v2 flags with gcc v1.
516
517- Redo gmt2local() so that it works under BSDI (which seems to return
518  an empty timezone struct from gettimeofday()). Based on report from
519  Terry Kennedy (terry@spcvxa.spc.edu).
520
521- Change configure to recognize IP[0-9]* as "mips" SGI hardware. Based
522  on report from Mark Andrews (mandrews@alias.com).
523
524- Don't pass cc flags to gcc. Resulted from a bug report from Rainer
525  Orth (ro@techfak.uni-bielefeld.de).
526
527- Fixed printout of connection id for uncompressed tcp slip packets.
528  Resulted from a bug report from Richard Stevens (rstevens@noao.edu).
529
530- Hack around deficiency in Ultrix's make.
531
532- Add ETHERTYPE_TRAIL define which is missing from irix5.
533
534v3.0.1 Wed Aug 31 22:42:26 PDT 1994
535
536- Fix problems with gcc2 vs. malloc() and read() prototypes under SunOS 4.
537
538v3.0 Mon Jun 20 19:23:27 PDT 1994
539
540- Added support for printing tcp option timestamps thanks to
541  Mark Andrews (mandrews@alias.com).
542
543- Reorganize protocol dumpers to take const pointers to packets so they
544  never change the contents (i.e., they used to do endian conversions
545  in place).  Previously, whenever more than one pass was taken over
546  the packet, the packet contents would be dumped incorrectly (i.e.,
547  the output form -x would be wrong on little endian machines because
548  the protocol dumpers would modify the data).  Thanks to Charles Hannum
549  (mycroft@gnu.ai.mit.edu) for reporting this problem.
550
551- Added support for decnet protocol dumping thanks to Jeff Mogul
552  (mogul@pa.dec.com).
553
554- Fix bug that caused length of packet to be incorrectly printed
555  (off by ether header size) for unknown ethernet types thanks
556  to Greg Miller (gmiller@kayak.mitre.org).
557
558- Added support for IPX protocol dumping thanks to Brad Parker
559  (brad@fcr.com).
560
561- Added check to verify IP header checksum under -v thanks to
562  Brad Parker (brad@fcr.com).
563
564- Move packet capture code to new libpcap library (which is
565  packaged separately).
566
567- Prototype everything and assume an ansi compiler.
568
569- print-arp.c: Print hardware ethernet addresses if they're not
570  what we expect.
571
572- print-bootp.c: Decode the cmu vendor field. Add RFC1497 tags.
573  Many helpful suggestions from Gordon Ross (gwr@jericho.mc.com).
574
575- print-fddi.c: Improvements. Thanks to Jeffrey Mogul
576  (mogul@pa.dec.com).
577
578- print-icmp.c: Byte swap netmask before printing. Thanks to
579  Richard Stevens (rstevens@noao.edu). Print icmp type when unknown.
580
581- print-ip.c: Print the inner ip datagram of ip-in-ip encapsulated packets.
582  By default, only the inner packet is dumped, appended with the token
583  "(encap)".  Under -v, both the inner and output packets are dumped
584  (on the same line).  Note that the filter applies to the original packet,
585  not the encapsulated packet.  So if you run tcpdump on a net with an
586  IP Multicast tunnel, you cannot filter out the datagrams using the
587  conventional syntax.  (You can filter away all the ip-in-ip traffic
588  with "not ip proto 4".)
589
590- print-nfs.c: Keep pending rpc's in circular table. Add generic
591  nfs header and remove os dependences. Thanks to Jeffrey Mogul.
592
593- print-ospf.c: Improvements. Thanks to Jeffrey Mogul.
594
595- tcpdump.c: Add -T flag allows interpretation of "vat", "wb", "rpc"
596  (sunrpc) and rtp packets. Added "inbound" and "outbound" keywords
597  Add && and || operators
598
599v2.2.1 Tue Jun 6 17:57:22 PDT 1992
600
601- Fix bug with -c flag.
602
603v2.2 Fri May 22 17:19:41 PDT 1992
604
605- savefile.c: Remove hack that shouldn't have been exported. Add
606  truncate checks.
607
608- Added the 'icmp' keyword.  For example, 'icmp[0] != 8 and icmp[0] != 0'
609  matches non-echo/reply ICMP packets.
610
611- Many improvements to filter code optimizer.
612
613- Added 'multicast' keyword and extended the 'broadcast' keyword can now be
614  so that protocol qualifications are allowed. For example, "ip broadcast"
615  and "ether multicast" are valid filters.
616
617- Added support for monitoring the loopback interface (i.e. 'tcpdump -i lo').
618  Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) contributed the kernel
619  patches to netinet/if_loop.c.
620
621- Added support for the Ungermann-Bass Ethernet on IBM/PC-RTs running AOS.
622  Contact Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) for the diffs.
623
624- Added EGP and OSPF printers, thanks to Jeffrey Honig.
625
626v2.1 Tue Jan 28 11:00:14 PST 1992
627
628- Internal release (never publically exported).
629
630v2.0.1 Sun Jan 26 21:10:10 PDT
631
632- Various byte ordering fixes.
633
634- Add truncation checks.
635
636- inet.c: Support BSD style SIOCGIFCONF.
637
638- nametoaddr.c: Handle multi addresses for single host.
639
640- optimize.c: Rewritten.
641
642- pcap-bpf.c: don't choke when we get ptraced. only set promiscuous
643  for broadcast nets.
644
645- print-atal.c: Fix an alignment bug (thanks to
646  stanonik@nprdc.navy.mil) Add missing printf() argument.
647
648- print-bootp.c: First attempt at decoding the vendor buffer.
649
650- print-domain.c: Fix truncation checks.
651
652- print-icmp.c: Calculate length of packets from the ip header.
653
654- print-ip.c: Print frag id in decimal (so it's easier to match up
655  with non-frags). Add support for ospf, egp and igmp.
656
657- print-nfs.c: Lots of changes.
658
659- print-ntp.c: Make some verbose output depend on -v.
660
661- print-snmp.c: New version from John LoVerso.
662
663- print-tcp.c: Print rfc1072 tcp options.
664
665- tcpdump.c: Print "0x" prefix for %x formats. Always print 6 digits
666  (microseconds) worth of precision. Fix uid bugs.
667
668- A packet dumper has been added (thanks to Jeff Mogul of DECWRL).
669  With this option, you can create an architecture independent binary
670  trace file in real time, without the overhead of the packet printer.
671  At a later time, the packets can be filtered (again) and printed.
672
673- BSD is supported.  You must have BPF in your kernel.
674  Since the filtering is now done in the kernel, fewer packets are
675  dropped.  In fact, with BPF and the packet dumper option, a measly
676  Sun 3/50 can keep up with a busy network.
677
678- Compressed SLIP packets can now be dumped, provided you use our
679  SLIP software and BPF.  These packets are dumped as any other IP
680  packet; the compressed headers are dumped with the '-e' option.
681
682- Machines with little-endian byte ordering are supported (thanks to
683  Jeff Mogul).
684
685- Ultrix 4.0 is supported (also thanks to Jeff Mogul).
686
687- IBM RT and Stanford Enetfilter support has been added by
688  Rayan Zachariassen <rayan@canet.ca>.  Tcpdump has been tested under
689  both the vanilla Enetfilter interface, and the extended interface
690  (#ifdef'd by IBMRTPC) present in the MERIT version of the Enetfilter.
691
692- TFTP packets are now printed (requests only).
693
694- BOOTP packets are now printed.
695
696- SNMP packets are now printed. (thanks to John LoVerso of Xylogics).
697
698- Sparc architectures, including the Sparcstation-1, are now
699  supported thanks to Steve McCanne and Craig Leres.
700
701- SunOS 4 is now supported thanks to Micky Liu of Columbia
702  University (micky@cunixc.cc.columbia.edu).
703
704- IP options are now printed.
705
706- RIP packets are now printed.
707
708- There's a -v flag that prints out more information than the
709  default (e.g., it will enable printing of IP ttl, tos and id)
710  and -q flag that prints out less (e.g., it will disable
711  interpretation of AppleTalk-in-UDP).
712
713- The grammar has undergone substantial changes (if you have an
714  earlier version of tcpdump, you should re-read the manual
715  entry).
716
717  The most useful change is the addition of an expression
718  syntax that lets you filter on arbitrary fields or values in the
719  packet.  E.g., "ip[0] > 0x45" would print only packets with IP
720  options, "tcp[13] & 3 != 0" would print only TCP SYN and FIN
721  packets.
722
723  The most painful change is that concatenation no longer means
724  "and" -- e.g., you have to say "host foo and port bar" instead
725  of "host foo port bar".  The up side to this down is that
726  repeated qualifiers can be omitted, making most filter
727  expressions shorter.  E.g., you can now say "ip host foo and
728  (bar or baz)" to look at ip traffic between hosts foo and bar or
729  between hosts foo and baz.  [The old way of saying this was "ip
730  host foo and (ip host bar or ip host baz)".]
731
732v2.0 Sun Jan 13 12:20:40 PST 1991
733
734- Initial public release.
735