CHANGES revision 17680
1@(#) $Header: CHANGES,v 1.42 96/07/23 14:36:37 leres Exp $ (LBL) 2 3v3.2.1 Sun Jul 14 03:02:26 PDT 1996 4 5- Added rfc1716 icmp codes as suggested by Martin Fredriksson 6 (martin@msp.se) 7 8- Print mtu for icmp unreach need frag packets. Thanks to John 9 Hawkinson (jhawk@mit.edu) 10 11- Decode icmp router discovery messages. Thanks to Jeffrey Honig 12 (jch@bsdi.com) 13 14- Added a printer entry for DLT_IEEE802 as suggested by Tak Kushida 15 (kushida@trl.ibm.co.jp) 16 17- Check igmp checksum if possible. Thanks to John Hawkinson. 18 19- Made changes for SINIX. Thanks to Andrej Borsenkow 20 (borsenkow.msk@sni.de) 21 22- Use autoconf's idea of the top level directory in install targets. 23 Thanks to John Hawkinson. 24 25- Avoid infinite loop in tcp options printing code. Thanks to Jeffrey 26 Mogul (mogul@pa.dec.com) 27 28- Avoid using -lsocket in IRIX 5.2 and earlier since it breaks snoop. 29 Thanks to John Hawkinson. 30 31- Added some more packet truncation checks. 32 33- On systems that have it, use sigset() instead of signal() since 34 signal() has different semantics on these systems. 35 36- Fixed some more alignment problems on the alpha. 37 38- Add code to massage unprintable characters in the domain and ipx 39 printers. Thanks to John Hawkinson. 40 41- Added explicit netmask support. Thanks to Steve Nuchia 42 (steve@research.oknet.com) 43 44- Add "sca" keyword (for DEC cluster services) as suggested by Terry 45 Kennedy (terry@spcvxa.spc.edu) 46 47- Add "atalk" keyword as suggested by John Hawkinson. 48 49- Added an igrp printer. Thanks to Francis Dupont 50 (francis.dupont@inria.fr) 51 52- Print IPX net numbers in hex a la Novell Netware. Thanks to Terry 53 Kennedy (terry@spcvxa.spc.edu) 54 55- Fixed snmp extended tag field parsing bug. Thanks to Pascal Hennequin 56 (pascal.hennequin@hugo.int-evry.fr) 57 58- Added some ETHERTYPEs missing on some systems. 59 60- Added truncated packet macros and various checks. 61 62- Fixed endian problems with the DECnet printer. 63 64- Use $CC when checking gcc version. Thanks to Carl Lindberg 65 (carl_lindberg@blacksmith.com) 66 67- Fixes for AIX (although this system is not yet supported). Thanks to 68 John Hawkinson. 69 70- Fix bugs in the autoconf misaligned accesses code fragment. 71 72- Include sys/param.h to get BYTE_ORDER in a few places. Thanks to 73 Pavlin Ivanov Radoslavov (pavlin@cs.titech.ac.jp) 74 75v3.2 Sun Jun 23 02:28:10 PDT 1996 76 77- Print new icmp unreachable codes as suggested by Martin Fredriksson 78 (martin@msp.se). Also print code value when unknown for icmp redirect 79 and time exceeded. 80 81- Fix an alignment endian bug in getname(). Thanks to John Hawkinson. 82 83- Define "new" domain record types if not found in arpa/nameserv.h. 84 Resulted from a suggestion from John Hawkinson (jhawk@mit.edu). Also 85 fixed an endian bug when printing mx record and added some new record 86 types. 87 88- Added RIP V2 support. Thanks to Jeffrey Honig (jch@bsdi.com) 89 90- Added T/TCP options printing. As suggested by Richard Stevens 91 (rstevens@noao.edu) 92 93- Use autoconf to detect architectures that can't handle misaligned 94 accesses. 95 96v3.1 Thu Jun 13 20:59:32 PDT 1996 97 98- Changed u_int32/int32 to u_int32_t/int32_t to be consistent with bsd 99 and bind (as suggested by Charles Hannum). 100 101- Port to GNU autoconf. 102 103- Add support for printing DVMRP and PIM traffic thanks to 104 Havard Eidnes (Havard.Eidnes@runit.sintef.no). 105 106- Fix AppleTalk, IPX and DECnet byte order problems due to wrong endian 107 define being referenced. Reported by Terry Kennedy. 108 109- Minor fixes to the man page thanks to Mark Andrews. 110 111- Endian fixes to RTP and vat packet dumpers, thanks to Bruce Mah 112 (bmah@cs.berkeley.edu). 113 114- Added support for new dns types, thanks to Rainer Orth. 115 116- Fixed tftp_print() to print the block number for ACKs. 117 118- Document -dd and -ddd. Resulted from a bug report from Charlie Slater 119 (cslater@imatek.com). 120 121- Check return status from malloc/calloc/etc. 122 123- Check return status from pcap_loop() so we can print an error and 124 exit with a bad status if there were problems. 125 126- Bail if ip option length is <= 0. Resulted from a bug report from 127 Darren Reed (darrenr@vitruvius.arbld.unimelb.edu.au). 128 129- Print out a little more information for sun rpc packets. 130 131- Add suport for Kerberos 4 thanks to John Hawkinson (jhawk@mit.edu). 132 133- Fixed the Fix EXTRACT_SHORT() and EXTRACT_LONG() macros (which were 134 wrong on little endian machines). 135 136- Fixed alignment bug in ipx_decode(). Thanks to Matt Crawford 137 (crawdad@fnal.gov). 138 139- Fix ntp_print() to not print garbage when the stratum is 140 "unspecified." Thanks to Deus Ex Machina (root@belle.bork.com). 141 142- Rewrote tcp options printer code to check for truncation. Added 143 selective acknowledgment case. 144 145- Fixed an endian bug in the ospf printer. Thanks to Jeffrey C Honig 146 (jch@bsdi.com) 147 148- Fix rip printer to handle 4.4 BSD sockaddr struct which only uses one 149 octet for the sa_family member. Thanks to Yoshitaka Tokugawa 150 (toku@dit.co.jp) 151 152- Don't checksum ip header if we don't have all of it. Thanks to John 153 Hawkinson (jhawk@mit.edu). 154 155- Print out hostnames if possible in egp printer. Thanks to Jeffrey 156 Honig (jhc@bsdi.com) 157 158 159v3.1a1 Wed May 3 19:21:11 PDT 1995 160 161- Include time.h when SVR4 is defined to avoid problems under Solaris 162 2.3. 163 164- Fix etheraddr_string() in the ETHER_SERVICE to return the saved 165 strings, not the local buffer. Thanks to Stefan Petri 166 (petri@ibr.cs.tu-bs.de). 167 168- Detect when pcap raises the snaplen (e.g. with snit). Print a warning 169 that the selected value was not used. Thanks to Pascal Hennequin 170 (Pascal.Hennequin@hugo.int-evry.fr). 171 172- Add a truncated packet test to print-nfs.c. Thanks to Pascal Hennequin. 173 174- BYTEORDER -> BYTE_ORDER Thanks to Terry Kennedy (terry@spcvxa.spc.edu). 175 176v3.0.3 Sun Oct 1 18:35:00 GMT 1995 177 178- Although there never was a 3.0.3 release, the linux boys cleverly 179 "released" one in late 1995. 180 181v3.0.2 Thu Apr 20 21:28:16 PDT 1995 182 183- Change configuration to not use gcc v2 flags with gcc v1. 184 185- Redo gmt2local() so that it works under BSDI (which seems to return 186 an empty timezone struct from gettimeofday()). Based on report from 187 Terry Kennedy (terry@spcvxa.spc.edu). 188 189- Change configure to recognize IP[0-9]* as "mips" SGI hardware. Based 190 on report from Mark Andrews (mandrews@alias.com). 191 192- Don't pass cc flags to gcc. Resulted from a bug report from Rainer 193 Orth (ro@techfak.uni-bielefeld.de). 194 195- Fixed printout of connection id for uncompressed tcp slip packets. 196 Resulted from a bug report from Richard Stevens (rstevens@noao.edu). 197 198- Hack around deficiency in Ultrix's make. 199 200- Add ETHERTYPE_TRAIL define which is missing from irix5. 201 202v3.0.1 Wed Aug 31 22:42:26 PDT 1994 203 204- Fix problems with gcc2 vs. malloc() and read() prototypes under SunOS 4. 205 206v3.0 Mon Jun 20 19:23:27 PDT 1994 207 208- Added support for printing tcp option timestamps thanks to 209 Mark Andrews (mandrews@alias.com). 210 211- Reorganize protocol dumpers to take const pointers to packets so they 212 never change the contents (i.e., they used to do endian conversions 213 in place). Previously, whenever more than one pass was taken over 214 the packet, the packet contents would be dumped incorrectly (i.e., 215 the output form -x would be wrong on little endian machines because 216 the protocol dumpers would modify the data). Thanks to Charles Hannum 217 (mycroft@gnu.ai.mit.edu) for reporting this problem. 218 219- Added support for decnet protocol dumping thanks to Jeff Mogul 220 (mogul@pa.dec.com). 221 222- Fix bug that caused length of packet to be incorrectly printed 223 (off by ether header size) for unknown ethernet types thanks 224 to Greg Miller (gmiller@kayak.mitre.org). 225 226- Added support for IPX protocol dumping thanks to Brad Parker 227 (brad@fcr.com). 228 229- Added check to verify IP header checksum under -v thanks to 230 Brad Parker (brad@fcr.com). 231 232- Move packet capture code to new libpcap library (which is 233 packaged separately). 234 235- Prototype everything and assume an ansi compiler. 236 237- print-arp.c: Print hardware ethernet addresses if they're not 238 what we expect. 239 240- print-bootp.c: Decode the cmu vendor field. Add RFC1497 tags. 241 Many helpful suggestions from Gordon Ross (gwr@jericho.mc.com). 242 243- print-fddi.c: Improvements. Thanks to Jeffrey Mogul 244 (mogul@pa.dec.com). 245 246- print-icmp.c: Byte swap netmask before printing. Thanks to 247 Richard Stevens (rstevens@noao.edu). Print icmp type when unknown. 248 249- print-ip.c: Print the inner ip datagram of ip-in-ip encapsulated packets. 250 By default, only the inner packet is dumped, appended with the token 251 "(encap)". Under -v, both the inner and output packets are dumped 252 (on the same line). Note that the filter applies to the original packet, 253 not the encapsulated packet. So if you run tcpdump on a net with an 254 IP Multicast tunnel, you cannot filter out the datagrams using the 255 conventional syntax. (You can filter away all the ip-in-ip traffic 256 with "not ip proto 4".) 257 258- print-nfs.c: Keep pending rpc's in circular table. Add generic 259 nfs header and remove os dependences. Thanks to Jeffrey Mogul. 260 261- print-ospf.c: Improvements. Thanks to Jeffrey Mogul. 262 263- tcpdump.c: Add -T flag allows interpretation of "vat", "wb", "rpc" 264 (sunrpc) and rtp packets. Added "inbound" and "outbound" keywords 265 Add && and || operators 266 267v2.2.1 Tue Jun 6 17:57:22 PDT 1992 268 269- Fix bug with -c flag. 270 271v2.2 Fri May 22 17:19:41 PDT 1992 272 273- savefile.c: Remove hack that shouldn't have been exported. Add 274 truncate checks. 275 276- Added the 'icmp' keyword. For example, 'icmp[0] != 8 and icmp[0] != 0' 277 matches non-echo/reply ICMP packets. 278 279- Many improvements to filter code optimizer. 280 281- Added 'multicast' keyword and extended the 'broadcast' keyword can now be 282 so that protocol qualifications are allowed. For example, "ip broadcast" 283 and "ether multicast" are valid filters. 284 285- Added support for monitoring the loopback interface (i.e. 'tcpdump -i lo'). 286 Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) contributed the kernel 287 patches to netinet/if_loop.c. 288 289- Added support for the Ungermann-Bass Ethernet on IBM/PC-RTs running AOS. 290 Contact Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) for the diffs. 291 292- Added EGP and OSPF printers, thanks to Jeffrey Honig. 293 294v2.1 Tue Jan 28 11:00:14 PST 1992 295 296- Internal release (never publically exported). 297 298v2.0.1 Sun Jan 26 21:10:10 PDT 299 300- Various byte ordering fixes. 301 302- Add truncation checks. 303 304- inet.c: Support BSD style SIOCGIFCONF. 305 306- nametoaddr.c: Handle multi addresses for single host. 307 308- optimize.c: Rewritten. 309 310- pcap-bpf.c: don't choke when we get ptraced. only set promiscuous 311 for broadcast nets. 312 313- print-atal.c: Fix an alignment bug (thanks to 314 stanonik@nprdc.navy.mil) Add missing printf() argument. 315 316- print-bootp.c: First attempt at decoding the vendor buffer. 317 318- print-domain.c: Fix truncation checks. 319 320- print-icmp.c: Calculate length of packets from the ip header. 321 322- print-ip.c: Print frag id in decimal (so it's easier to match up 323 with non-frags). Add support for ospf, egp and igmp. 324 325- print-nfs.c: Lots of changes. 326 327- print-ntp.c: Make some verbose output depend on -v. 328 329- print-snmp.c: New version from John LoVerso. 330 331- print-tcp.c: Print rfc1072 tcp options. 332 333- tcpdump.c: Print "0x" prefix for %x formats. Always print 6 digits 334 (microseconds) worth of precision. Fix uid bugs. 335 336- A packet dumper has been added (thanks to Jeff Mogul of DECWRL). 337 With this option, you can create an architecture independent binary 338 trace file in real time, without the overhead of the packet printer. 339 At a later time, the packets can be filtered (again) and printed. 340 341- BSD is supported. You must have BPF in your kernel. 342 Since the filtering is now done in the kernel, fewer packets are 343 dropped. In fact, with BPF and the packet dumper option, a measly 344 Sun 3/50 can keep up with a busy network. 345 346- Compressed SLIP packets can now be dumped, provided you use our 347 SLIP software and BPF. These packets are dumped as any other IP 348 packet; the compressed headers are dumped with the '-e' option. 349 350- Machines with little-endian byte ordering are supported (thanks to 351 Jeff Mogul). 352 353- Ultrix 4.0 is supported (also thanks to Jeff Mogul). 354 355- IBM RT and Stanford Enetfilter support has been added by 356 Rayan Zachariassen <rayan@canet.ca>. Tcpdump has been tested under 357 both the vanilla Enetfilter interface, and the extended interface 358 (#ifdef'd by IBMRTPC) present in the MERIT version of the Enetfilter. 359 360- TFTP packets are now printed (requests only). 361 362- BOOTP packets are now printed. 363 364- SNMP packets are now printed. (thanks to John LoVerso of Xylogics). 365 366- Sparc architectures, including the Sparcstation-1, are now 367 supported thanks to Steve McCanne and Craig Leres. 368 369- SunOS 4 is now supported thanks to Micky Liu of Columbia 370 University (micky@cunixc.cc.columbia.edu). 371 372- IP options are now printed. 373 374- RIP packets are now printed. 375 376- There's a -v flag that prints out more information than the 377 default (e.g., it will enable printing of IP ttl, tos and id) 378 and -q flag that prints out less (e.g., it will disable 379 interpretation of AppleTalk-in-UDP). 380 381- The grammar has undergone substantial changes (if you have an 382 earlier version of tcpdump, you should re-read the manual 383 entry). 384 385 The most useful change is the addition of an expression 386 syntax that lets you filter on arbitrary fields or values in the 387 packet. E.g., "ip[0] > 0x45" would print only packets with IP 388 options, "tcp[13] & 3 != 0" would print only TCP SYN and FIN 389 packets. 390 391 The most painful change is that concatenation no longer means 392 "and" -- e.g., you have to say "host foo and port bar" instead 393 of "host foo port bar". The up side to this down is that 394 repeated qualifiers can be omitted, making most filter 395 expressions shorter. E.g., you can now say "ip host foo and 396 (bar or baz)" to look at ip traffic between hosts foo and bar or 397 between hosts foo and baz. [The old way of saying this was "ip 398 host foo and (ip host bar or ip host baz)".] 399 400v2.0 Sun Jan 13 12:20:40 PST 1991 401 402- Initial public release. 403