CHANGES revision 147899 
1$Header: /tcpdump/master/tcpdump/CHANGES,v 1.87.2.1 2005/07/05 21:08:01 mcr Exp $
2
3Tue. 	July 5, 2005.  ken@xelerance.com. Summary for 3.9.x tcpdump
4
5	Option to chroot() when dropping privs  
6	Fixes for compiling on nearly every platform,
7		including improved 64bit support
8	Many new testcases
9	Support for sending packets
10	Many compliation fixes on most platforms
11	Fixes for recent version of GCC to eliminate warnings
12	Improved Unicode support
13
14	Decoders & DLT Changes, Updates and New:
15		AES ESP support
16		Juniper ATM, FRF.15, FRF.16, PPPoE, 
17			ML-FR, ML-PIC, ML-PPP, PL-PPP, LS-PIC 
18			GGSN,ES,MONITOR,SERVICES
19		L2VPN
20		Axent Raptor/Symantec Firewall
21		TCP-MD5 (RFC 2385)
22		ESP-in-UDP (RFC 3948)
23		ATM OAM
24		LMP, LMP Service Discovery
25		IP over FC
26		IP over IEEE 1394
27		BACnet MS/TP
28		SS7
29		LDP over TCP
30		PGM (RFC 3208)
31		LSP-PING
32		G.7041/Y.1303 Generic Framing Procedure
33		EIGRP-IP, EIGRP-IPX
34		ICMP6
35		Radio - via radiotap
36		DHCPv6
37		HDLC over PPP
38
39Tue.   March 30, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.3 release
40
41	No changes from 3.8.2. Version bumped only to maintain consistency
42	with libpcap 0.8.3.
43
44Mon.   March 29, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.2 release
45
46	Fixes for print-isakmp.c      CVE:    CAN-2004-0183, CAN-2004-0184
47	  		     http://www.rapid7.com/advisories/R7-0017.html
48	IP-over-IEEE1394 printing.
49	some MINGW32 changes.
50	updates for autoconf 2.5
51	fixes for print-aodv.c - check for too short packets
52	formatting changes to print-ascii for hex output.
53	check for too short packets: print-bgp.c, print-bootp.c, print-cdp.c,
54		print-chdlc.c, print-domain.c, print-icmp.c, print-icmp6.c,
55		print-ip.c, print-lwres.c, print-ospf.c, print-pim.c,
56		print-ppp.c,print-pppoe.c, print-rsvp.c, print-wb.c
57	print-ether.c - better handling of unknown types.
58	print-isoclns.c - additional decoding of types.
59	print-llc.c - strings for LLC names added.
60	print-pfloc.c - various enhancements
61	print-radius.c - better decoding to strings.
62
63Wed.   November 12, 2003. mcr@sandelman.ottawa.on.ca. Summary for 3.8 release
64
65	changed syntax of -E argument so that multiple SAs can be decrypted
66	fixes for Digital Unix headers and Documentation
67	__attribute__ fixes
68	CDP changes from Terry Kennedy <terry@tmk.com>.	
69	IPv6 mobility updates from Kazushi Sugyo <sugyo@pb.jp.nec.com> 
70	Fixes for ASN.1 decoder for 2.100.3 forms.
71	Added a count of packets received and processed to clarify numbers.
72	Incorporated WinDUMP patches for Win32 builds.
73	PPPoE payload length headers.
74	Fixes for HP C compiler builds.
75	Use new pcap_breakloop() and pcap_findalldevs() if we can.
76	BGP output split into multiple lines.	
77	Fixes to 802.11 decoding.
78	Fixes to PIM decoder.
79	SuperH is a CPU that can't handle unaligned access. Many fixes for
80		unaligned access work.
81	Fixes to Frame-Relay decoder for Q.933/922 frames.
82	Clarified when Solaris can do captures as non-root.
83	Added tests/ subdir for examples/regression tests.	
84	New -U flag.	-flush stdout after every packet
85	New -A flag	-print ascii only
86	support for decoding IS-IS inside Cisco HDLC Frames	
87	more verbosity for tftp decoder
88	mDNS decoder
89	new BFD decoder
90	cross compilation patches
91	RFC 3561 AODV support.
92	UDP/TCP pseudo-checksum properly for source-route options.
93	sanitized all files to modified BSD license
94	Add support for RFC 2625 IP-over-Fibre Channel.	
95	fixes for DECnet support.
96	Support RFC 2684 bridging of Ethernet, 802.5 Token Ring, and FDDI.
97	RFC 2684 encapsulation of BPDUs.
98
99Tuesday, February 25, 2003. fenner@research.att.com.  3.7.2 release
100
101	Fixed infinite loop when parsing malformed isakmp packets.
102	 (reported by iDefense; already fixed in CVS)
103	Fixed infinite loop when parsing malformed BGP packets.
104	Fixed buffer overflow with certain malformed NFS packets.
105	Pretty-print unprintable network names in 802.11 printer.
106	Handle truncated nbp (appletalk) packets.
107	Updated DHCPv6 printer to match draft-ietf-dhc-dhcpv6-22.txt
108	Print IP protocol name even if we don't have a printer for it.
109	Print IP protocol name or number for fragments.
110	Print the whole MPLS label stack, not just the top label.
111	Print request header and file handle for NFS v3 FSINFO and PATHCONF
112	 requests.
113	Fix NFS packet truncation checks.
114	Handle "old" DR-Priority and Bidir-Capable PIM HELLO options.
115	Handle unknown RADIUS attributes properly.
116	Fix an ASN.1 parsing error that would cause e.g. the OID
117	 2.100.3 to be misrepresented as 4.20.3 .
118
119Monday, January 21, 2002. mcr@sandelman.ottawa.on.ca. Summary for 3.7 release
120see http://www.tcpdump.org/cvs-log/2002-01-21.10:16:48.html for commit log.
121	keyword "ipx" added.
122	Better OSI/802.2 support on Linux.
123	IEEE 802.11 support, from clenahan@fortresstech.com, achirica@ttd.net.
124	LLC SAP support for FDDI/token ring/RFC-1483 style ATM
125	BXXP protocol was replaced by the BEEP protocol; 
126	improvements to SNAP demux.
127	Changes to "any" interface documentation.
128	Documentation on pcap_stats() counters.
129	Fix a memory leak found by Miklos Szeredi - pcap_ether_aton().
130	Added MPLS encapsulation decoding per RFC3032.
131	DNS dissector handles TKEY, TSIG and IXFR.
132	adaptive SLIP interface patch from Igor Khristophorov <igor@atdot.org> 
133	SMB printing has much improved bounds checks 
134	OUI 0x0000f8 decoded as encapsulated ethernet for Cisco-custom bridging
135	Zephyr support, from Nickolai Zeldovich <kolya@MIT.EDU>.
136	Solaris - devices with digits in them. Stefan Hudson <hudson@mbay.net> 
137	IPX socket 0x85be is for Cisco EIGRP over IPX.
138	Improvements to fragmented ESP handling.
139	SCTP support from Armando L. Caro Jr. <acaro@mail.eecis.udel.edu>
140	Linux ARPHDR_ATM support fixed.
141	Added a "netbeui" keyword, which selects NetBEUI packets.
142	IPv6 ND improvements, MobileIP dissector, 2292bis-02 for RA option.
143	Handle ARPHDR_HDLC from Marcus Felipe Pereira <marcus@task.com.br>.
144	Handle IPX socket 0x553 -> NetBIOS-over-IPX socket, "nwlink-dgm" 
145	Better Linux libc5 compat.
146	BIND9 lwres dissector added.
147	MIPS and SPARC get strict alignment macros (affects print-bgp.c)
148	Apple LocalTalk LINKTYPE_ reserved.
149	New time stamp formats documented.
150	DHCP6 updated to draft-22.txt spec.
151	ICMP types/codes now accept symbolic names.
152	Add SIGINFO handler from LBL
153	encrypted CIPE tunnels in IRIX, from Franz Schaefer <schaefer@mond.at>.
154	now we are -Wstrict-prototype clean.
155	NetBSD DLT_PPP_ETHER; adapted from Martin Husemann <martin@netbsd.org>.
156	PPPoE dissector cleaned up.
157	Support for LocalTalk hardware, from Uns Lider <unslider@miranda.org>.
158	In dissector, now the caller prints the IP addresses rather than proto.
159	cjclark@alum.mit.edu: print the IP proto for non-initial fragments.
160	LLC frames with a DSAP and LSAP of 0xe0 are IPX frames.
161	Linux cooked frames with a type value of LINUX_SLL_P_802_3 are IPX.
162	captures on the "any" device won't be done in promiscuous mode	
163	Token Ring support on DLPI - Onno van der Linden <onno@simplex.nl> 
164	ARCNet support, from NetBSD.
165	HSRP dissector, from Julian Cowley <julian@lava.net>.
166	Handle (GRE-encapsulated) PPTP
167	added -C option to rotate save file every optarg * 1,000,000 bytes.
168	support for "vrrp" name - NetBSD, by Klaus Klein <kleink@netbsd.org>.
169	PPTP support, from Motonori Shindo <mshindo@mshindo.net>.
170	IS-IS over PPP support, from Hannes Gredler <hannes@juniper.net>.
171	CNFP support for IPv6,format. Harry Raaymakers <harryr@connect.com.au>.
172	ESP printing updated to RFC2406.
173	HP-UX can now handle large number of PPAs.
174	MSDP printer added.
175	L2TP dissector improvements from Motonori Shindo.
176
177Tuesday January 9, 2001. mcr@sandelman.ottawa.on.ca. Summary for 3.6 release
178	Cleaned up documentation.
179	Promisc mode fixes for Linux
180	IPsec changes/cleanups.
181	Alignment fixes for picky architectures
182
183	Removed dependency on native headers for packet dissectors.
184	Removed Linux specific headers that were shipped
185
186	libpcap changes provide for exchanging capture files between
187	  systems. Save files now have well known PACKET_ values instead of
188	  depending upon system dependant mappings of DLT_* types.
189
190	Support for computing/checking IP and UDP/TCP checksums.
191
192	Updated autoconf stock files.
193
194	IPv6 improvements: dhcp (draft-15), mobile-ip6, ppp, ospf6, 
195
196	Added dissector support for: ISOCLNS, Token Ring, IGMPv3, bxxp,
197		timed, vrrp, radius, chdlc, cnfp, cdp, IEEE802.1d, raw-AppleTalk
198
199	Added filtering support for: VLANs, ESIS, ISIS
200
201	Improvements to: print-telnet, IPTalk, bootp/dhcp, ECN, PPP,
202		L2TP, PPPoE
203
204	HP-UX 11.0 -- find the right dlpi device.
205	Solaris 8 - IPv6 works
206	Linux - Added support for an "any" device to capture on all interfaces
207	
208	Security fixes: buffer overrun audit done. Strcpy replaced with
209		strlcpy, sprintf replaced with snprintf.
210	Look for lex problems, and warn about them.
211
212
213v3.5 Fri Jan 28 18:00:00 PST 2000
214
215Bill Fenner <fenner@research.att.com>
216- switch to config.h for autoconf
217- unify RCSID strings
218- Updated PIMv1, PIMv2, DVMRP, IGMP parsers, add Cisco Auto-RP parser
219- Really fix the RIP printer
220- Fix MAC address -> name translation.
221- some -Wall -Wformat fixes
222- update makemib to parse much of SMIv2
223- Print TCP sequence # with -vv even if you normally wouldn't
224- Print as much of IP/TCP/UDP headers as possible even if truncated.
225
226itojun@iijlab.net
227- -X will make a ascii dump.  from netbsd.
228- telnet command sequence decoder (ff xx xx).  from netbsd.
229- print-bgp.c: improve options printing.  ugly code exists for
230  unaligned option parsing (need some fix).
231- const poisoning in SMB decoder.
232- -Wall -Werror clean checks.
233- bring in KAME IPv6/IPsec decoding code.
234
235Assar Westerlund  <assar@sics.se>
236- SNMPv2 and SNMPv3 printer
237- If compiled with libsmi, tcpdump can load MIBs on the fly to decode
238  SNMP packets.
239- Incorporate NFS parsing code from NetBSD.  Adds support for nfsv3.
240- portability fixes
241- permit building in different directories.
242
243Ken Hornstein <kenh@cmf.nrl.navy.mil>
244- bring in code at
245  /afs/transarc.com/public/afs-contrib/tools/tcpdump for parsing
246  AFS3 packets
247
248Andrew Tridgell <tridge@linuxcare.com>
249- SMB printing code
250
251Love <lha@stacken.kth.se>
252- print-rx.c: add code for printing MakeDir and StoreStatus.  Also
253  change date format to the right one.
254
255Michael C. Richardson  <mcr@sandelman.ottawa.on.ca>
256- Created tcpdump.org repository
257
258v3.4 Sat Jul 25 12:40:55 PDT 1998
259
260- Hardwire Linux slip support since it's too hard to detect.
261
262- Redo configuration of "network" libraries (-lsocket and -lnsl) to
263  deal with IRIX. Thanks to John Hawkinson (jhawk@mit.edu)
264
265- Added -a which tries to translate network and broadcast addresses to
266  names. Suggested by Rob van Nieuwkerk (robn@verdi.et.tudelft.nl)
267
268- Added a configure option to disable gcc.
269
270- Added a "raw" packet printer.
271
272- Not having an interface address is no longer fatal. Requested by John
273  Hawkinson.
274
275- Rework signal setup to accommodate Linux.
276
277- OSPF truncation check fix. Also display the type of OSPF packets
278  using MD5 authentication. Thanks to Brian Wellington
279  (bwelling@tis.com)
280
281- Fix truncation check bugs in the Kerberos printer. Reported by Ezra
282  Peisach (epeisach@mit.edu)
283
284- Don't catch SIGHUP when invoked with nohup(1). Thanks to Dave Plonka
285  (plonka@mfa.com)
286
287- Specify full install target as a way of detecting if install
288  directory does not exist. Thanks to Dave Plonka.
289
290- Bit-swap FDDI addresses for BSD/OS too. Thanks to Paul Vixie
291  (paul@vix.com)
292
293- Fix off-by-one bug when testing size of ethernet packets. Thanks to
294  Marty Leisner (leisner@sdsp.mc.xerox.com)
295
296- Add a local autoconf macro to check for routines in libraries; the
297  autoconf version is broken (it only puts the library name in the
298  cache variable name). Thanks to John Hawkinson.
299
300- Add a local autoconf macro to check for types; the autoconf version
301  is broken (it uses grep instead of actually compiling a code fragment).
302
303- Modified to support the new BSD/OS 2.1 PPP and SLIP link layer header
304  formats.
305
306- Extend OSF ip header workaround to versions 1 and 2.
307
308- Fix some signed problems in the nfs printer. As reported by David
309  Sacerdote (davids@silence.secnet.com)
310
311- Detect group wheel and use it as the default since BSD/OS' install
312  can't hack numeric groups. Reported by David Sacerdote.
313
314- AIX needs special loader options. Thanks to Jonathan I. Kamens
315  (jik@cam.ov.com)
316
317- Fixed the nfs printer to print port numbers in decimal. Thanks to
318  Kent Vander Velden (graphix@iastate.edu)
319
320- Find installed libpcap in /usr/local/lib when not using gcc.
321
322- Disallow network masks with non-network bits set.
323
324- Attempt to detect "egcs" versions of gcc.
325
326- Add missing closing double quotes when displaying bootp strings.
327  Reported by Viet-Trung Luu (vluu@picard.math.uwaterloo.ca)
328
329v3.3 Sat Nov 30 20:56:27 PST 1996
330
331- Added Linux support.
332
333- GRE encapsulated packet printer thanks to John Hawkinson
334  (jhawk@mit.edu)
335
336- Rewrite gmt2local() to avoid problematic os dependencies.
337
338- Suppress nfs truncation message on errors.
339
340- Add missing m4 quoting in AC_LBL_UNALIGNED_ACCESS autoconf macro.
341  Reported by Joachim Ott (ott@ardala.han.de)
342
343- Enable "ip_hl vs. ip_vhl" workaround for OSF4 too.
344
345- Print arp hardware type in host order. Thanks to Onno van der Linden
346  (onno@simplex.nl)
347
348- Avoid solaris compiler warnings. Thanks to Bruce Barnett
349  (barnett@grymoire.crd.ge.com)
350
351- Fix rip printer to not print one more route than is actually in the
352  packet. Thanks to Jean-Luc Richier (Jean-Luc.Richier@imag.fr) and
353  Bill Fenner (fenner@parc.xerox.com)
354
355- Use autoconf endian detection since BYTE_ORDER isn't defined on all systems.
356
357- Fix dvmrp printer truncation checks and add a dvmrp probe printer.
358  Thanks to Danny J. Mitzel (mitzel@ipsilon.com)
359
360- Rewrite ospf printer to improve truncation checks.
361
362- Don't parse tcp options past the EOL. As noted by David Sacerdote
363  (davids@secnet.com). Also, check tcp options to make sure they ar
364  actually in the tcp header (in addition to the normal truncation
365  checks). Fix the SACK code to print the N blocks (instead of the
366  first block N times).
367
368- Don't say really small UDP packets are truncated just because they
369  aren't big enough to be a RPC. As noted by David Sacerdote.
370
371v3.2.1 Sun Jul 14 03:02:26 PDT 1996
372
373- Added rfc1716 icmp codes as suggested by Martin Fredriksson
374  (martin@msp.se)
375
376- Print mtu for icmp unreach need frag packets. Thanks to John
377  Hawkinson (jhawk@mit.edu)
378
379- Decode icmp router discovery messages. Thanks to Jeffrey Honig
380  (jch@bsdi.com)
381
382- Added a printer entry for DLT_IEEE802 as suggested by Tak Kushida
383  (kushida@trl.ibm.co.jp)
384
385- Check igmp checksum if possible. Thanks to John Hawkinson.
386
387- Made changes for SINIX. Thanks to Andrej Borsenkow
388  (borsenkow.msk@sni.de)
389
390- Use autoconf's idea of the top level directory in install targets.
391  Thanks to John Hawkinson.
392
393- Avoid infinite loop in tcp options printing code. Thanks to Jeffrey
394  Mogul (mogul@pa.dec.com)
395
396- Avoid using -lsocket in IRIX 5.2 and earlier since it breaks snoop.
397  Thanks to John Hawkinson.
398
399- Added some more packet truncation checks.
400
401- On systems that have it, use sigset() instead of signal() since
402  signal() has different semantics on these systems.
403
404- Fixed some more alignment problems on the alpha.
405
406- Add code to massage unprintable characters in the domain and ipx
407  printers. Thanks to John Hawkinson.
408
409- Added explicit netmask support. Thanks to Steve Nuchia
410  (steve@research.oknet.com)
411
412- Add "sca" keyword (for DEC cluster services) as suggested by Terry
413  Kennedy (terry@spcvxa.spc.edu)
414
415- Add "atalk" keyword as suggested by John Hawkinson.
416
417- Added an igrp printer. Thanks to Francis Dupont
418  (francis.dupont@inria.fr)
419
420- Print IPX net numbers in hex a la Novell Netware. Thanks to Terry
421  Kennedy (terry@spcvxa.spc.edu)
422
423- Fixed snmp extended tag field parsing bug. Thanks to Pascal Hennequin
424  (pascal.hennequin@hugo.int-evry.fr)
425
426- Added some ETHERTYPEs missing on some systems.
427
428- Added truncated packet macros and various checks.
429
430- Fixed endian problems with the DECnet printer.
431
432- Use $CC when checking gcc version. Thanks to Carl Lindberg
433  (carl_lindberg@blacksmith.com)
434
435- Fixes for AIX (although this system is not yet supported). Thanks to
436  John Hawkinson.
437
438- Fix bugs in the autoconf misaligned accesses code fragment.
439
440- Include sys/param.h to get BYTE_ORDER in a few places. Thanks to
441  Pavlin Ivanov Radoslavov (pavlin@cs.titech.ac.jp)
442
443v3.2 Sun Jun 23 02:28:10 PDT 1996
444
445- Print new icmp unreachable codes as suggested by Martin Fredriksson
446  (martin@msp.se). Also print code value when unknown for icmp redirect
447  and time exceeded.
448
449- Fix an alignment endian bug in getname(). Thanks to John Hawkinson.
450
451- Define "new" domain record types if not found in arpa/nameserv.h.
452  Resulted from a suggestion from John Hawkinson (jhawk@mit.edu). Also
453  fixed an endian bug when printing mx record and added some new record
454  types.
455
456- Added RIP V2 support. Thanks to Jeffrey Honig (jch@bsdi.com)
457
458- Added T/TCP options printing. As suggested by Richard Stevens
459  (rstevens@noao.edu)
460
461- Use autoconf to detect architectures that can't handle misaligned
462  accesses.
463
464v3.1 Thu Jun 13 20:59:32 PDT 1996
465
466- Changed u_int32/int32 to u_int32_t/int32_t to be consistent with bsd
467  and bind (as suggested by Charles Hannum).
468
469- Port to GNU autoconf.
470
471- Add support for printing DVMRP and PIM traffic thanks to
472  Havard Eidnes (Havard.Eidnes@runit.sintef.no).
473
474- Fix AppleTalk, IPX and DECnet byte order problems due to wrong endian
475  define being referenced. Reported by Terry Kennedy.
476
477- Minor fixes to the man page thanks to Mark Andrews.
478
479- Endian fixes to RTP and vat packet dumpers, thanks to Bruce Mah
480  (bmah@cs.berkeley.edu).
481
482- Added support for new dns types, thanks to Rainer Orth.
483
484- Fixed tftp_print() to print the block number for ACKs.
485
486- Document -dd and -ddd. Resulted from a bug report from Charlie Slater
487  (cslater@imatek.com).
488
489- Check return status from malloc/calloc/etc.
490
491- Check return status from pcap_loop() so we can print an error and
492  exit with a bad status if there were problems.
493
494- Bail if ip option length is <= 0. Resulted from a bug report from
495  Darren Reed (darrenr@vitruvius.arbld.unimelb.edu.au).
496
497- Print out a little more information for sun rpc packets.
498
499- Add suport for Kerberos 4 thanks to John Hawkinson (jhawk@mit.edu).
500
501- Fixed the Fix EXTRACT_SHORT() and EXTRACT_LONG() macros (which were
502  wrong on little endian machines).
503
504- Fixed alignment bug in ipx_decode(). Thanks to Matt Crawford
505  (crawdad@fnal.gov).
506
507- Fix ntp_print() to not print garbage when the stratum is
508  "unspecified." Thanks to Deus Ex Machina (root@belle.bork.com).
509
510- Rewrote tcp options printer code to check for truncation. Added
511  selective acknowledgment case.
512
513- Fixed an endian bug in the ospf printer. Thanks to Jeffrey C Honig
514  (jch@bsdi.com)
515
516- Fix rip printer to handle 4.4 BSD sockaddr struct which only uses one
517  octet for the sa_family member. Thanks to Yoshitaka Tokugawa
518  (toku@dit.co.jp)
519
520- Don't checksum ip header if we don't have all of it. Thanks to John
521  Hawkinson (jhawk@mit.edu).
522 
523- Print out hostnames if possible in egp printer. Thanks to Jeffrey
524  Honig (jhc@bsdi.com)
525
526
527v3.1a1 Wed May  3 19:21:11 PDT 1995
528
529- Include time.h when SVR4 is defined to avoid problems under Solaris
530  2.3.
531
532- Fix etheraddr_string() in the ETHER_SERVICE to return the saved
533  strings, not the local buffer. Thanks to Stefan Petri
534  (petri@ibr.cs.tu-bs.de).
535
536- Detect when pcap raises the snaplen (e.g. with snit). Print a warning
537  that the selected value was not used. Thanks to Pascal Hennequin
538  (Pascal.Hennequin@hugo.int-evry.fr).
539
540- Add a truncated packet test to print-nfs.c. Thanks to Pascal Hennequin.
541
542- BYTEORDER -> BYTE_ORDER Thanks to Terry Kennedy (terry@spcvxa.spc.edu).
543
544v3.0.3 Sun Oct  1 18:35:00 GMT 1995
545
546- Although there never was a 3.0.3 release, the linux boys cleverly
547  "released" one in late 1995.
548
549v3.0.2 Thu Apr 20 21:28:16 PDT 1995
550
551- Change configuration to not use gcc v2 flags with gcc v1.
552
553- Redo gmt2local() so that it works under BSDI (which seems to return
554  an empty timezone struct from gettimeofday()). Based on report from
555  Terry Kennedy (terry@spcvxa.spc.edu).
556
557- Change configure to recognize IP[0-9]* as "mips" SGI hardware. Based
558  on report from Mark Andrews (mandrews@alias.com).
559
560- Don't pass cc flags to gcc. Resulted from a bug report from Rainer
561  Orth (ro@techfak.uni-bielefeld.de).
562
563- Fixed printout of connection id for uncompressed tcp slip packets.
564  Resulted from a bug report from Richard Stevens (rstevens@noao.edu).
565
566- Hack around deficiency in Ultrix's make.
567
568- Add ETHERTYPE_TRAIL define which is missing from irix5.
569
570v3.0.1 Wed Aug 31 22:42:26 PDT 1994
571
572- Fix problems with gcc2 vs. malloc() and read() prototypes under SunOS 4.
573
574v3.0 Mon Jun 20 19:23:27 PDT 1994
575
576- Added support for printing tcp option timestamps thanks to
577  Mark Andrews (mandrews@alias.com).
578
579- Reorganize protocol dumpers to take const pointers to packets so they
580  never change the contents (i.e., they used to do endian conversions
581  in place).  Previously, whenever more than one pass was taken over
582  the packet, the packet contents would be dumped incorrectly (i.e.,
583  the output form -x would be wrong on little endian machines because
584  the protocol dumpers would modify the data).  Thanks to Charles Hannum
585  (mycroft@gnu.ai.mit.edu) for reporting this problem.
586
587- Added support for decnet protocol dumping thanks to Jeff Mogul
588  (mogul@pa.dec.com).
589
590- Fix bug that caused length of packet to be incorrectly printed
591  (off by ether header size) for unknown ethernet types thanks
592  to Greg Miller (gmiller@kayak.mitre.org).
593
594- Added support for IPX protocol dumping thanks to Brad Parker
595  (brad@fcr.com).
596
597- Added check to verify IP header checksum under -v thanks to
598  Brad Parker (brad@fcr.com).
599
600- Move packet capture code to new libpcap library (which is
601  packaged separately).
602
603- Prototype everything and assume an ansi compiler.
604
605- print-arp.c: Print hardware ethernet addresses if they're not
606  what we expect.
607
608- print-bootp.c: Decode the cmu vendor field. Add RFC1497 tags.
609  Many helpful suggestions from Gordon Ross (gwr@jericho.mc.com).
610
611- print-fddi.c: Improvements. Thanks to Jeffrey Mogul
612  (mogul@pa.dec.com).
613
614- print-icmp.c: Byte swap netmask before printing. Thanks to
615  Richard Stevens (rstevens@noao.edu). Print icmp type when unknown.
616
617- print-ip.c: Print the inner ip datagram of ip-in-ip encapsulated packets.
618  By default, only the inner packet is dumped, appended with the token
619  "(encap)".  Under -v, both the inner and output packets are dumped
620  (on the same line).  Note that the filter applies to the original packet,
621  not the encapsulated packet.  So if you run tcpdump on a net with an
622  IP Multicast tunnel, you cannot filter out the datagrams using the
623  conventional syntax.  (You can filter away all the ip-in-ip traffic
624  with "not ip proto 4".)
625
626- print-nfs.c: Keep pending rpc's in circular table. Add generic
627  nfs header and remove os dependences. Thanks to Jeffrey Mogul.
628
629- print-ospf.c: Improvements. Thanks to Jeffrey Mogul.
630
631- tcpdump.c: Add -T flag allows interpretation of "vat", "wb", "rpc"
632  (sunrpc) and rtp packets. Added "inbound" and "outbound" keywords
633  Add && and || operators
634
635v2.2.1 Tue Jun 6 17:57:22 PDT 1992
636
637- Fix bug with -c flag.
638
639v2.2 Fri May 22 17:19:41 PDT 1992
640
641- savefile.c: Remove hack that shouldn't have been exported. Add
642  truncate checks.
643
644- Added the 'icmp' keyword.  For example, 'icmp[0] != 8 and icmp[0] != 0'
645  matches non-echo/reply ICMP packets.
646
647- Many improvements to filter code optimizer.
648
649- Added 'multicast' keyword and extended the 'broadcast' keyword can now be
650  so that protocol qualifications are allowed. For example, "ip broadcast"
651  and "ether multicast" are valid filters.
652
653- Added support for monitoring the loopback interface (i.e. 'tcpdump -i lo').
654  Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) contributed the kernel
655  patches to netinet/if_loop.c.
656
657- Added support for the Ungermann-Bass Ethernet on IBM/PC-RTs running AOS.
658  Contact Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) for the diffs.
659
660- Added EGP and OSPF printers, thanks to Jeffrey Honig.
661
662v2.1 Tue Jan 28 11:00:14 PST 1992
663
664- Internal release (never publically exported).
665
666v2.0.1 Sun Jan 26 21:10:10 PDT
667
668- Various byte ordering fixes.
669
670- Add truncation checks.
671
672- inet.c: Support BSD style SIOCGIFCONF.
673
674- nametoaddr.c: Handle multi addresses for single host.
675
676- optimize.c: Rewritten.
677
678- pcap-bpf.c: don't choke when we get ptraced. only set promiscuous
679  for broadcast nets.
680
681- print-atal.c: Fix an alignment bug (thanks to
682  stanonik@nprdc.navy.mil) Add missing printf() argument.
683
684- print-bootp.c: First attempt at decoding the vendor buffer.
685
686- print-domain.c: Fix truncation checks.
687
688- print-icmp.c: Calculate length of packets from the ip header.
689
690- print-ip.c: Print frag id in decimal (so it's easier to match up
691  with non-frags). Add support for ospf, egp and igmp.
692
693- print-nfs.c: Lots of changes.
694
695- print-ntp.c: Make some verbose output depend on -v.
696
697- print-snmp.c: New version from John LoVerso.
698
699- print-tcp.c: Print rfc1072 tcp options.
700
701- tcpdump.c: Print "0x" prefix for %x formats. Always print 6 digits
702  (microseconds) worth of precision. Fix uid bugs.
703
704- A packet dumper has been added (thanks to Jeff Mogul of DECWRL).
705  With this option, you can create an architecture independent binary
706  trace file in real time, without the overhead of the packet printer.
707  At a later time, the packets can be filtered (again) and printed.
708
709- BSD is supported.  You must have BPF in your kernel.
710  Since the filtering is now done in the kernel, fewer packets are
711  dropped.  In fact, with BPF and the packet dumper option, a measly
712  Sun 3/50 can keep up with a busy network.
713
714- Compressed SLIP packets can now be dumped, provided you use our
715  SLIP software and BPF.  These packets are dumped as any other IP
716  packet; the compressed headers are dumped with the '-e' option.
717
718- Machines with little-endian byte ordering are supported (thanks to
719  Jeff Mogul).
720
721- Ultrix 4.0 is supported (also thanks to Jeff Mogul).
722
723- IBM RT and Stanford Enetfilter support has been added by
724  Rayan Zachariassen <rayan@canet.ca>.  Tcpdump has been tested under
725  both the vanilla Enetfilter interface, and the extended interface
726  (#ifdef'd by IBMRTPC) present in the MERIT version of the Enetfilter.
727
728- TFTP packets are now printed (requests only).
729
730- BOOTP packets are now printed.
731
732- SNMP packets are now printed. (thanks to John LoVerso of Xylogics).
733
734- Sparc architectures, including the Sparcstation-1, are now
735  supported thanks to Steve McCanne and Craig Leres.
736
737- SunOS 4 is now supported thanks to Micky Liu of Columbia
738  University (micky@cunixc.cc.columbia.edu).
739
740- IP options are now printed.
741
742- RIP packets are now printed.
743
744- There's a -v flag that prints out more information than the
745  default (e.g., it will enable printing of IP ttl, tos and id)
746  and -q flag that prints out less (e.g., it will disable
747  interpretation of AppleTalk-in-UDP).
748
749- The grammar has undergone substantial changes (if you have an
750  earlier version of tcpdump, you should re-read the manual
751  entry).
752
753  The most useful change is the addition of an expression
754  syntax that lets you filter on arbitrary fields or values in the
755  packet.  E.g., "ip[0] > 0x45" would print only packets with IP
756  options, "tcp[13] & 3 != 0" would print only TCP SYN and FIN
757  packets.
758
759  The most painful change is that concatenation no longer means
760  "and" -- e.g., you have to say "host foo and port bar" instead
761  of "host foo port bar".  The up side to this down is that
762  repeated qualifiers can be omitted, making most filter
763  expressions shorter.  E.g., you can now say "ip host foo and
764  (bar or baz)" to look at ip traffic between hosts foo and bar or
765  between hosts foo and baz.  [The old way of saying this was "ip
766  host foo and (ip host bar or ip host baz)".]
767
768v2.0 Sun Jan 13 12:20:40 PST 1991
769
770- Initial public release.
771