1*b636d99dSDavid van MoolenbroekMonday March. 11, 2015 guy@alum.mit.edu 2*b636d99dSDavid van Moolenbroek Summary for 4.7.3 tcpdump release 3*b636d99dSDavid van Moolenbroek Capsicum fixes for FreeBSD 10 4*b636d99dSDavid van Moolenbroek 5*b636d99dSDavid van MoolenbroekMonday March. 10, 2015 guy@alum.mit.edu 6*b636d99dSDavid van Moolenbroek Summary for 4.7.2 tcpdump release 7*b636d99dSDavid van Moolenbroek DCCP: update Packet Types with RFC4340/IANA names 8*b636d99dSDavid van Moolenbroek fixes for CVE-2015-0261: IPv6 mobility header check issue 9*b636d99dSDavid van Moolenbroek fixes for CVE-2015-2153, 2154, 2155: kday packets 10*b636d99dSDavid van Moolenbroek 11*b636d99dSDavid van MoolenbroekFriday Nov. 12, 2014 guy@alum.mit.edu 12*b636d99dSDavid van Moolenbroek Summary for 4.7.0 tcpdump release 13*b636d99dSDavid van Moolenbroek changes to hex printing of CDP packets 14*b636d99dSDavid van Moolenbroek Fix PPI printing 15*b636d99dSDavid van Moolenbroek Radius: update Packet Type Codes and Attribute Types with RFC/IANA names 16*b636d99dSDavid van Moolenbroek Add a routine to print "text protocols", and add FTP/HTTP/SMTP/RTSP support. 17*b636d99dSDavid van Moolenbroek improvements to telnet printer, even if not -v 18*b636d99dSDavid van Moolenbroek omit length for bcp, print-tcp uses it 19*b636d99dSDavid van Moolenbroek formatting fixes for a bunch of protocols 20*b636d99dSDavid van Moolenbroek new bounds checks for a number of protocols 21*b636d99dSDavid van Moolenbroek split netflow 1,6, and 6 dissector up. 22*b636d99dSDavid van Moolenbroek added geneve dissector 23*b636d99dSDavid van Moolenbroek CVE-2014-9140 PPP dissector fixed. 24*b636d99dSDavid van Moolenbroek 25*b636d99dSDavid van MoolenbroekTuesday Sep. 2, 2014 mcr@sandelman.ca 26*b636d99dSDavid van Moolenbroek Summary for 4.6.2 tcpdump release 27*b636d99dSDavid van Moolenbroek fix out-of-source-tree builds: find libpcap that is out of source 28*b636d99dSDavid van Moolenbroek better configure check for libsmi 29*b636d99dSDavid van Moolenbroek 30*b636d99dSDavid van MoolenbroekSaturday Jul. 19, 2014 mcr@sandelman.ca 31*b636d99dSDavid van Moolenbroek Summary for 4.6.1 tcpdump release 32*b636d99dSDavid van Moolenbroek added FreeBSD capsicum 33*b636d99dSDavid van Moolenbroek add a short option '#', same as long option '--number' 34*b636d99dSDavid van Moolenbroek 35*b636d99dSDavid van MoolenbroekWednesday Jul. 2, 2014 mcr@sandelman.ca 36*b636d99dSDavid van Moolenbroek Summary for 4.6.0 tcpdump release 37*b636d99dSDavid van Moolenbroek all of tcpdump is now using the new "NDO" code base (Thanks Denis!) 38*b636d99dSDavid van Moolenbroek nflog, mobile, forces, pptp, AODV, AHCP, IPv6, OSPFv4, RPL, DHCPv6 enhancements/fixes 39*b636d99dSDavid van Moolenbroek M3UA decode added. 40*b636d99dSDavid van Moolenbroek many new test cases: 82 in 4.5.1 to 133 in 4.6.0 41*b636d99dSDavid van Moolenbroek many improvements to travis continuous integration system: OSX, and Coverity options 42*b636d99dSDavid van Moolenbroek cleaned up some unnecessary header files 43*b636d99dSDavid van Moolenbroek Added bittok2str(). 44*b636d99dSDavid van Moolenbroek a number of unaligned access faults fixed 45*b636d99dSDavid van Moolenbroek -A flag does not consider CR to be printable anymore 46*b636d99dSDavid van Moolenbroek fx.lebail took over coverity baby sitting 47*b636d99dSDavid van Moolenbroek default snapshot size increased to 256K for accomodate USB captures 48*b636d99dSDavid van Moolenbroek WARNING: this release contains a lot of very worthwhile code churn. 49*b636d99dSDavid van Moolenbroek 50*b636d99dSDavid van MoolenbroekWednesday Jan. 15, 2014 guy@alum.mit.edu 51*b636d99dSDavid van Moolenbroek Summary for 4.5.2 tcpdump release 52*b636d99dSDavid van Moolenbroek Man page fix 53*b636d99dSDavid van Moolenbroek Fix crashes on SPARC 54*b636d99dSDavid van Moolenbroek 55*b636d99dSDavid van MoolenbroekMonday Nov. 11, 2013 mcr@sandelman.ca 56*b636d99dSDavid van Moolenbroek Summary for 4.5.1 tcpdump release 57*b636d99dSDavid van Moolenbroek CREDITS file fixes 58*b636d99dSDavid van Moolenbroek 59*b636d99dSDavid van MoolenbroekThursday Nov. 7, 2013 mcr@sandelman.ca and guy@alum.mit.edu. 60*b636d99dSDavid van Moolenbroek Summary for 4.5.0 tcpdump release 61*b636d99dSDavid van Moolenbroek some NFSv4 fixes for printing 62*b636d99dSDavid van Moolenbroek fix printing of unknown TCP options, and tcp fast-open 63*b636d99dSDavid van Moolenbroek fixes for syslog parser 64*b636d99dSDavid van Moolenbroek some gcc-version-specific flag tuning 65*b636d99dSDavid van Moolenbroek adopt MacOS deprecation workarounds for openssl 66*b636d99dSDavid van Moolenbroek improvements to babel printing 67*b636d99dSDavid van Moolenbroek add OpenFlow 1.0 (no SSL) and test cases 68*b636d99dSDavid van Moolenbroek GeoNet printer. 69*b636d99dSDavid van Moolenbroek added STBC Rx support 70*b636d99dSDavid van Moolenbroek improvements to DHCPv6 decoder 71*b636d99dSDavid van Moolenbroek clarify which autoconf is needed 72*b636d99dSDavid van Moolenbroek Point users to the the-tcpdump-group repository on GitHub rather 73*b636d99dSDavid van Moolenbroek than the mcr repository 74*b636d99dSDavid van Moolenbroek Add MSDP printer. 75*b636d99dSDavid van Moolenbroek Fixed IPv6 check on Solaris and other OSes requiring extra 76*b636d99dSDavid van Moolenbroek networking libraries. 77*b636d99dSDavid van Moolenbroek Add support for VXLAN (draft-mahalingam-dutt-dcops-vxlan-03), 78*b636d99dSDavid van Moolenbroek and add "vxlan" as an option for -T. 79*b636d99dSDavid van Moolenbroek Add support for OTV (draft-hasmit-otv-04). 80*b636d99dSDavid van Moolenbroek fixes for DLT_IEEE802_11_RADIO datalink types 81*b636d99dSDavid van Moolenbroek added MPTCP decoder 82*b636d99dSDavid van Moolenbroek 83*b636d99dSDavid van MoolenbroekSaturday April 6, 2013 guy@alum.mit.edu. 84*b636d99dSDavid van Moolenbroek Summary for 4.4.0 tcpdump release 85*b636d99dSDavid van Moolenbroek RPKI-RTR (RFC6810) is now official (TCP Port 323) 86*b636d99dSDavid van Moolenbroek Fix detection of OpenSSL libcrypto. 87*b636d99dSDavid van Moolenbroek Add DNSSL (RFC6106) support. 88*b636d99dSDavid van Moolenbroek Add "radius" as an option for -T. 89*b636d99dSDavid van Moolenbroek Update Action codes for handle_action function according to 90*b636d99dSDavid van Moolenbroek 802.11s amendment. 91*b636d99dSDavid van Moolenbroek Decode DHCPv6 AFTR-Name option (RFC6334). 92*b636d99dSDavid van Moolenbroek Updates for Babel. 93*b636d99dSDavid van Moolenbroek Fix printing of infinite lifetime in ICMPv6. 94*b636d99dSDavid van Moolenbroek Added support for SPB, SPBM Service Identifier, and Unicast 95*b636d99dSDavid van Moolenbroek Address sub-TLV in ISIS. 96*b636d99dSDavid van Moolenbroek Decode RIPv2 authentication up to RFC4822. 97*b636d99dSDavid van Moolenbroek Fix RIP Request/full table decoding issues. 98*b636d99dSDavid van Moolenbroek On Linux systems with cap-ng.h, drop root privileges 99*b636d99dSDavid van Moolenbroek using Linux Capabilities. 100*b636d99dSDavid van Moolenbroek Add support for reading multiple files. 101*b636d99dSDavid van Moolenbroek Add MS NLB heartbeat printer. 102*b636d99dSDavid van Moolenbroek Separate multiple nexthops in BGP. 103*b636d99dSDavid van Moolenbroek 104*b636d99dSDavid van MoolenbroekWednesday November 28, 2012 guy@alum.mit.edu. 105*b636d99dSDavid van Moolenbroek Summary for 4.3.1 tcpdump release 106*b636d99dSDavid van Moolenbroek Print "LLDP, length N" for LLDP packets even when not in verbose 107*b636d99dSDavid van Moolenbroek mode, so something is printed even if only the timestamp is 108*b636d99dSDavid van Moolenbroek present 109*b636d99dSDavid van Moolenbroek Document "-T carp" 110*b636d99dSDavid van Moolenbroek Print NTP poll interval correctly (it's an exponent, so print 111*b636d99dSDavid van Moolenbroek both its raw value and 2^value) 112*b636d99dSDavid van Moolenbroek Document that "-e" is used to get MAC addresses 113*b636d99dSDavid van Moolenbroek More clearly document that you need to escape or quote 114*b636d99dSDavid van Moolenbroek backslashes in filter expressions on the command line 115*b636d99dSDavid van Moolenbroek Fix some "the the" in the man page 116*b636d99dSDavid van Moolenbroek Use the right maximum path length 117*b636d99dSDavid van Moolenbroek Don't treat 192_1_2, when passed to -i, as an interface number 118*b636d99dSDavid van Moolenbroek 119*b636d99dSDavid van MoolenbroekFriday April 3, 2012. mcr@sandelman.ca. 120*b636d99dSDavid van Moolenbroek Summary for 4.3.0 tcpdump release 121*b636d99dSDavid van Moolenbroek fixes for forces: SPARSE data (per RFC 5810) 122*b636d99dSDavid van Moolenbroek some more test cases added 123*b636d99dSDavid van Moolenbroek updates to documentation on -l, -U and -w flags. 124*b636d99dSDavid van Moolenbroek Fix printing of BGP optional headers. 125*b636d99dSDavid van Moolenbroek Tried to include DLT_PFSYNC support, failed due to headers required. 126*b636d99dSDavid van Moolenbroek added TIPC support. 127*b636d99dSDavid van Moolenbroek Fix LLDP Network Policy bit definitions. 128*b636d99dSDavid van Moolenbroek fixes for IGMPv3's Max Response Time: it is in units of 0.1 second. 129*b636d99dSDavid van Moolenbroek SIGUSR1 can be used rather than SIGINFO for stats 130*b636d99dSDavid van Moolenbroek permit -n flag to affect print-ip for protocol numbers 131*b636d99dSDavid van Moolenbroek ND_OPT_ADVINTERVAL is in milliseconds, not seconds 132*b636d99dSDavid van Moolenbroek Teach PPPoE parser about RFC 4638 133*b636d99dSDavid van Moolenbroek 134*b636d99dSDavid van Moolenbroek 135*b636d99dSDavid van MoolenbroekFriday December 9, 2011. guy@alum.mit.edu. 136*b636d99dSDavid van Moolenbroek Summary for 4.2.1 tcpdump release 137*b636d99dSDavid van Moolenbroek Only build the Babel printer if IPv6 is enabled. 138*b636d99dSDavid van Moolenbroek Support Babel on port 6696 as well as 6697. 139*b636d99dSDavid van Moolenbroek Include ppi.h in release tarball. 140*b636d99dSDavid van Moolenbroek Include all the test files in the release tarball, and don't 141*b636d99dSDavid van Moolenbroek "include" test files that no longer exist. 142*b636d99dSDavid van Moolenbroek Don't assume we have <rpc/rpc.h> - check for it. 143*b636d99dSDavid van Moolenbroek Support "-T carp" as a way of dissecting IP protocol 112 as CARP 144*b636d99dSDavid van Moolenbroek rather than VRRP. 145*b636d99dSDavid van Moolenbroek Support Hilscher NetAnalyzer link-layer header format. 146*b636d99dSDavid van Moolenbroek Constify some pointers and fix compiler warnings. 147*b636d99dSDavid van Moolenbroek Get rid of never-true test. 148*b636d99dSDavid van Moolenbroek Fix an unintended fall-through in a case statement in the ARP 149*b636d99dSDavid van Moolenbroek printer. 150*b636d99dSDavid van Moolenbroek Fix several cases where sizeof(sizeof(XXX)) was used when just 151*b636d99dSDavid van Moolenbroek sizeof(XXX) was intended. 152*b636d99dSDavid van Moolenbroek Make stricter sanity checks in the ES-IS printer. 153*b636d99dSDavid van Moolenbroek Get rid of some GCCisms that caused builds to fai with compilers 154*b636d99dSDavid van Moolenbroek that don't support them. 155*b636d99dSDavid van Moolenbroek Fix typo in man page. 156*b636d99dSDavid van Moolenbroek Added length checks to Babel printer. 157*b636d99dSDavid van Moolenbroek 158*b636d99dSDavid van MoolenbroekSunday July 24, 2011. mcr@sandelman.ca. 159*b636d99dSDavid van Moolenbroek Summary for 4.2.+ 160*b636d99dSDavid van Moolenbroek merged 802.15.4 decoder from Dmitry Eremin-Solenikov <dbaryshkov 161*b636d99dSDavid van Moolenbroek at gmail dot com> 162*b636d99dSDavid van Moolenbroek updates to forces for new port numbers 163*b636d99dSDavid van Moolenbroek Use "-H", not "-h", for the 802.11s option. (-h always help) 164*b636d99dSDavid van Moolenbroek Better ICMPv6 checksum handling. 165*b636d99dSDavid van Moolenbroek add support for the RPKI/Router Protocol, per -ietf-sidr-rpki-rtr-12 166*b636d99dSDavid van Moolenbroek get rid of uuencoded pcap test files, git can do binary. 167*b636d99dSDavid van Moolenbroek sFlow changes for 64-bit counters. 168*b636d99dSDavid van Moolenbroek fixes for PPI packet header handling and printing. 169*b636d99dSDavid van Moolenbroek Add DCB Exchange protocol (DCBX) version 1.01. 170*b636d99dSDavid van Moolenbroek Babel dissector, from Juliusz Chroboczek and Grégoire Henry. 171*b636d99dSDavid van Moolenbroek improvements to radiotap for rate values > 127. 172*b636d99dSDavid van Moolenbroek Many improvements to ForCES decode, including fix SCTP TML port 173*b636d99dSDavid van Moolenbroek updated RPL type code to RPL-17 draft 174*b636d99dSDavid van Moolenbroek Improve printout of DHCPv6 options. 175*b636d99dSDavid van Moolenbroek added support and test case for QinQ (802.1q VLAN) packets 176*b636d99dSDavid van Moolenbroek Handle DLT_IEEE802_15_4_NOFCS like DLT_IEEE802_15_4. 177*b636d99dSDavid van Moolenbroek Build fixes for Sparc and other machines with alignment restrictions. 178*b636d99dSDavid van Moolenbroek Merged changes from Debian package. 179*b636d99dSDavid van Moolenbroek PGM: Add ACK decoding and add PGMCC DATA and FEEDBACK options. 180*b636d99dSDavid van Moolenbroek Build fixes for OSX (Snow Leopard and others) 181*b636d99dSDavid van Moolenbroek Add support for IEEE 802.15.4 packets 182*b636d99dSDavid van Moolenbroek 183*b636d99dSDavid van MoolenbroekTue. July 20, 2010. guy@alum.mit.edu. 184*b636d99dSDavid van Moolenbroek Summary for 4.1.2 tcpdump release 185*b636d99dSDavid van Moolenbroek If -U is specified, flush the file after creating it, so it's 186*b636d99dSDavid van Moolenbroek not zero-length 187*b636d99dSDavid van Moolenbroek Fix TCP flags output description, and some typoes, in the man 188*b636d99dSDavid van Moolenbroek page 189*b636d99dSDavid van Moolenbroek Add a -h flag, and only attempt to recognize 802.11s mesh 190*b636d99dSDavid van Moolenbroek headers if it's set 191*b636d99dSDavid van Moolenbroek When printing the link-layer type list, send *all* output to 192*b636d99dSDavid van Moolenbroek stderr 193*b636d99dSDavid van Moolenbroek Include the CFLAGS setting when configure was run in the 194*b636d99dSDavid van Moolenbroek compiler flags 195*b636d99dSDavid van Moolenbroek 196*b636d99dSDavid van MoolenbroekThu. April 1, 2010. guy@alum.mit.edu. 197*b636d99dSDavid van Moolenbroek Summary for 4.1.1 tcpdump release 198*b636d99dSDavid van Moolenbroek Fix build on systems with PF, such as FreeBSD and OpenBSD. 199*b636d99dSDavid van Moolenbroek Don't blow up if a zero-length link-layer address is passed to 200*b636d99dSDavid van Moolenbroek linkaddr_string(). 201*b636d99dSDavid van Moolenbroek 202*b636d99dSDavid van MoolenbroekThu. March 11, 2010. ken@netfunctional.ca/guy@alum.mit.edu. 203*b636d99dSDavid van Moolenbroek Summary for 4.1.0 tcpdump release 204*b636d99dSDavid van Moolenbroek Fix printing of MAC addresses for VLAN frames with a length 205*b636d99dSDavid van Moolenbroek field 206*b636d99dSDavid van Moolenbroek Add some additional bounds checks and use the EXTRACT_ macros 207*b636d99dSDavid van Moolenbroek more 208*b636d99dSDavid van Moolenbroek Add a -b flag to print the AS number in BGP packets in ASDOT 209*b636d99dSDavid van Moolenbroek notation rather than ASPLAIN notation 210*b636d99dSDavid van Moolenbroek Add ICMPv6 RFC 5006 support 211*b636d99dSDavid van Moolenbroek Decode the access flags in NFS access requests 212*b636d99dSDavid van Moolenbroek Handle the new DLT_ for memory-mapped USB captures on Linux 213*b636d99dSDavid van Moolenbroek Make the default snapshot (-s) the maximum 214*b636d99dSDavid van Moolenbroek Print name of device (when -L is used) 215*b636d99dSDavid van Moolenbroek Support for OpenSolaris (and SXCE build 125 and later) 216*b636d99dSDavid van Moolenbroek Print new TCP flags 217*b636d99dSDavid van Moolenbroek Add support for RPL DIO 218*b636d99dSDavid van Moolenbroek Add support for TCP User Timeout (UTO) 219*b636d99dSDavid van Moolenbroek Add support for non-standard Ethertypes used by 3com PPPoE gear 220*b636d99dSDavid van Moolenbroek Add support for 802.11n and 802.11s 221*b636d99dSDavid van Moolenbroek Add support for Transparent Ethernet Bridge ethertype in GRE 222*b636d99dSDavid van Moolenbroek Add 4 byte AS support for BGP printer 223*b636d99dSDavid van Moolenbroek Add support for the MDT SAFI 66 BG printer 224*b636d99dSDavid van Moolenbroek Add basic IPv6 support to print-olsr 225*b636d99dSDavid van Moolenbroek Add USB printer 226*b636d99dSDavid van Moolenbroek Add printer for ForCES 227*b636d99dSDavid van Moolenbroek Handle frames with an FCS 228*b636d99dSDavid van Moolenbroek Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames 229*b636d99dSDavid van Moolenbroek Fix TCP sequence number printing 230*b636d99dSDavid van Moolenbroek Report 802.2 packets as 802.2 instead of 802.3 231*b636d99dSDavid van Moolenbroek Don't include -L/usr/lib in LDFLAGS 232*b636d99dSDavid van Moolenbroek On x86_64 Linux, look in lib64 directory too 233*b636d99dSDavid van Moolenbroek Lots of code clean ups 234*b636d99dSDavid van Moolenbroek Autoconf clean ups 235*b636d99dSDavid van Moolenbroek Update testcases to make output changes 236*b636d99dSDavid van Moolenbroek Fix compiling with/out smi (--with{,out}-smi) 237*b636d99dSDavid van Moolenbroek Fix compiling without IPv6 support (--disable-ipv6) 238*b636d99dSDavid van Moolenbroek 239*b636d99dSDavid van MoolenbroekMon. October 27, 2008. ken@netfunctional.ca. Summary for 4.0.0 tcpdump release 240*b636d99dSDavid van Moolenbroek Add support for Bluetooth Sniffing 241*b636d99dSDavid van Moolenbroek Add support for Realtek Remote Control Protocol (openrrcp.org.ru) 242*b636d99dSDavid van Moolenbroek Add support for 802.11 AVS 243*b636d99dSDavid van Moolenbroek Add support for SMB over TCP 244*b636d99dSDavid van Moolenbroek Add support for 4 byte BGP AS printing 245*b636d99dSDavid van Moolenbroek Add support for compiling on case-insensitive file systems 246*b636d99dSDavid van Moolenbroek Add support for ikev2 printing 247*b636d99dSDavid van Moolenbroek Update support for decoding AFS 248*b636d99dSDavid van Moolenbroek Update DHCPv6 printer 249*b636d99dSDavid van Moolenbroek Use newer libpcap API's (allows -B option on all platforms) 250*b636d99dSDavid van Moolenbroek Add -I to turn on monitor mode 251*b636d99dSDavid van Moolenbroek Bugfixes in lldp, lspping, dccp, ESP, NFS printers 252*b636d99dSDavid van Moolenbroek Cleanup unused files and various cruft 253*b636d99dSDavid van Moolenbroek 254*b636d99dSDavid van MoolenbroekMon. September 10, 2007. ken@xelerance.com. Summary for 3.9.8 tcpdump release 255*b636d99dSDavid van Moolenbroek Rework ARP printer 256*b636d99dSDavid van Moolenbroek Rework OSPFv3 printer 257*b636d99dSDavid van Moolenbroek Add support for Frame-Relay ARP 258*b636d99dSDavid van Moolenbroek Decode DHCP Option 121 (RFC 3442 Classless Static Route) 259*b636d99dSDavid van Moolenbroek Decode DHCP Option 249 (MS Classless Static Route) the same as Option 121 260*b636d99dSDavid van Moolenbroek TLV: Add support for Juniper .pcap extensions 261*b636d99dSDavid van Moolenbroek Print EGP header in new-world-order style 262*b636d99dSDavid van Moolenbroek Converted print-isakmp.c to NETDISSECT 263*b636d99dSDavid van Moolenbroek Moved AF specific stuff into af.h 264*b636d99dSDavid van Moolenbroek Test subsystem now table driven, and saves outputs and diffs to one place 265*b636d99dSDavid van Moolenbroek Require <net/pfvar.h> for pf definitions - allows reading of pflog formatted 266*b636d99dSDavid van Moolenbroek libpcap files on an OS other than where the file was generated 267*b636d99dSDavid van Moolenbroek 268*b636d99dSDavid van Moolenbroek 269*b636d99dSDavid van MoolenbroekWed. July 23, 2007. mcr@xelerance.com. Summary for 3.9.7 libpcap release 270*b636d99dSDavid van Moolenbroek 271*b636d99dSDavid van Moolenbroek NFS: Print unsigned values as such. 272*b636d99dSDavid van Moolenbroek RX: parse safely. 273*b636d99dSDavid van Moolenbroek BGP: fixes for IPv6-less builds. 274*b636d99dSDavid van Moolenbroek 801.1ag: use standard codepoint. 275*b636d99dSDavid van Moolenbroek use /dev/bpf on systems with such a device. 276*b636d99dSDavid van Moolenbroek 802.11: print QoS data, avoid dissect of no-data frame, ignore padding. 277*b636d99dSDavid van Moolenbroek smb: make sure that we haven't gone past the end of the captured data. 278*b636d99dSDavid van Moolenbroek smb: squelch an uninitialized complaint from coverity. 279*b636d99dSDavid van Moolenbroek NFS: from NetBSD; don't interpret the reply as a possible NFS reply 280*b636d99dSDavid van Moolenbroek if it got MSG_DENIED. 281*b636d99dSDavid van Moolenbroek BGP: don't print TLV values that didn't fit, from www.digit-labs.org. 282*b636d99dSDavid van Moolenbroek revised INSTALL.txt about libpcap dependancy. 283*b636d99dSDavid van Moolenbroek 284*b636d99dSDavid van MoolenbroekWed. April 25, 2007. ken@xelerance.com. Summary for 3.9.6 tcpdump release 285*b636d99dSDavid van Moolenbroek Update man page to reflect changes to libpcap 286*b636d99dSDavid van Moolenbroek Changes to both TCP and IP Printer Output 287*b636d99dSDavid van Moolenbroek Fix a potential buffer overflow in the 802.11 printer 288*b636d99dSDavid van Moolenbroek Print basic info about a few more Cisco LAN protocols. 289*b636d99dSDavid van Moolenbroek mDNS cleanup 290*b636d99dSDavid van Moolenbroek ICMP MPLS rework of the extension code 291*b636d99dSDavid van Moolenbroek bugfix: use the correct codepoint for the OSPF simple text auth token 292*b636d99dSDavid van Moolenbroek entry, and use safeputs to print the password. 293*b636d99dSDavid van Moolenbroek Add support in pflog for additional values 294*b636d99dSDavid van Moolenbroek Add support for OIF RSVP Extensions UNI 1.0 Rev. 2 and additional RSVP objects 295*b636d99dSDavid van Moolenbroek Add support for the Message-id NACK c-type. 296*b636d99dSDavid van Moolenbroek Add support for 802.3ah loopback ctrl msg 297*b636d99dSDavid van Moolenbroek Add support for Multiple-STP as per 802.1s 298*b636d99dSDavid van Moolenbroek Add support for rapid-SPT as per 802.1w 299*b636d99dSDavid van Moolenbroek Add support for CFM Link-trace msg, Link-trace-Reply msg, 300*b636d99dSDavid van Moolenbroek Sender-ID tlv, private tlv, port, interface status 301*b636d99dSDavid van Moolenbroek Add support for unidirectional link detection as per 302*b636d99dSDavid van Moolenbroek http://www.ietf.org/internet-drafts/draft-foschiano-udld-02.txt 303*b636d99dSDavid van Moolenbroek Add support for the olsr protocol as per RFC 3626 plus the LQ 304*b636d99dSDavid van Moolenbroek extensions from olsr.org 305*b636d99dSDavid van Moolenbroek Add support for variable-length checksum in DCCP, as per section 9 of 306*b636d99dSDavid van Moolenbroek RFC 4340. 307*b636d99dSDavid van Moolenbroek Add support for per-VLAN spanning tree and per-VLAN rapid spanning tree 308*b636d99dSDavid van Moolenbroek Add support for Multiple-STP as per 802.1s 309*b636d99dSDavid van Moolenbroek Add support for the cisco propriatry 'dynamic trunking protocol' 310*b636d99dSDavid van Moolenbroek Add support for the cisco proprietary VTP protocol 311*b636d99dSDavid van Moolenbroek Update dhcp6 options table as per IETF standardization activities 312*b636d99dSDavid van Moolenbroek 313*b636d99dSDavid van Moolenbroek 314*b636d99dSDavid van MoolenbroekTue. September 19, 2006. ken@xelerance.com. Summary for 3.9.5 tcpdump release 315*b636d99dSDavid van Moolenbroek 316*b636d99dSDavid van Moolenbroek Fix compiling on AIX (, at end of ENUM) 317*b636d99dSDavid van Moolenbroek Updated list of DNS RR typecodes 318*b636d99dSDavid van Moolenbroek Use local Ethernet defs on WIN32 319*b636d99dSDavid van Moolenbroek Add support for Frame-Relay ARP 320*b636d99dSDavid van Moolenbroek Fixes for compiling under MSVC++ 321*b636d99dSDavid van Moolenbroek Add support for parsing Juniper .pcap files 322*b636d99dSDavid van Moolenbroek Add support for FRF.16 Multilink Frame-Relay (DLT_MFR) 323*b636d99dSDavid van Moolenbroek Rework the OSPFv3 printer 324*b636d99dSDavid van Moolenbroek Fix printing for 4.4BSD/NetBSD NFS Filehandles 325*b636d99dSDavid van Moolenbroek Add support for Cisco style NLPID encapsulation 326*b636d99dSDavid van Moolenbroek Add cisco prop. eigrp related, extended communities 327*b636d99dSDavid van Moolenbroek Add support for BGP signaled VPLS 328*b636d99dSDavid van Moolenbroek Cleanup the bootp printer 329*b636d99dSDavid van Moolenbroek Add support for PPP over Frame-Relay 330*b636d99dSDavid van Moolenbroek Add some bounds checking to the IP options code, and clean up 331*b636d99dSDavid van Moolenbroek the options output a bit. 332*b636d99dSDavid van Moolenbroek Add additional modp groups to ISAKMP printer 333*b636d99dSDavid van Moolenbroek Add support for Address-Withdraw and Label-Withdraw Msgs 334*b636d99dSDavid van Moolenbroek Add support for the BFD Discriminator TLV 335*b636d99dSDavid van Moolenbroek Fixes for 64bit compiling 336*b636d99dSDavid van Moolenbroek Add support for PIMv2 checksum verification 337*b636d99dSDavid van Moolenbroek Add support for further dissection of the IPCP Compression Option 338*b636d99dSDavid van Moolenbroek Add support for Cisco's proposed VQP protocol 339*b636d99dSDavid van Moolenbroek Add basic support for keyed authentication TCP option 340*b636d99dSDavid van Moolenbroek Lots of minor cosmetic changes to output printers 341*b636d99dSDavid van Moolenbroek 342*b636d99dSDavid van Moolenbroek 343*b636d99dSDavid van MoolenbroekMon. September 19, 2005. ken@xelerance.com. Summary for 3.9.4 tcpdump release 344*b636d99dSDavid van Moolenbroek Decoder support for more Juniper link-layer types 345*b636d99dSDavid van Moolenbroek Fix a potential buffer overflow (although it can't occur in 346*b636d99dSDavid van Moolenbroek practice). 347*b636d99dSDavid van Moolenbroek Fix the handling of unknown management frame types in the 802.11 348*b636d99dSDavid van Moolenbroek printer. 349*b636d99dSDavid van Moolenbroek Add FRF.16 support, fix various Frame Relay bugs. 350*b636d99dSDavid van Moolenbroek Add support for RSVP integrity objects, update fast-reroute 351*b636d99dSDavid van Moolenbroek object printer to latest spec. 352*b636d99dSDavid van Moolenbroek Clean up documentation of vlan filter expression, document mpls 353*b636d99dSDavid van Moolenbroek filter expression. 354*b636d99dSDavid van Moolenbroek Document new pppoed and pppoes filter expressions. 355*b636d99dSDavid van Moolenbroek Update diffserver-TE codepoints as per RFC 4124. 356*b636d99dSDavid van Moolenbroek Spelling fixes in ICMPv6. 357*b636d99dSDavid van Moolenbroek Don't require any fields other than flags to be present in IS-IS 358*b636d99dSDavid van Moolenbroek restart signaling TLVs, and only print the system ID in 359*b636d99dSDavid van Moolenbroek those TLVs as system IDs, not as node IDs. 360*b636d99dSDavid van Moolenbroek Support for DCCP. 361*b636d99dSDavid van Moolenbroek 362*b636d99dSDavid van MoolenbroekTue. July 5, 2005. ken@xelerance.com. Summary for 3.9.3 tcpdump release 363*b636d99dSDavid van Moolenbroek 364*b636d99dSDavid van Moolenbroek Option to chroot() when dropping privs 365*b636d99dSDavid van Moolenbroek Fixes for compiling on nearly every platform, 366*b636d99dSDavid van Moolenbroek including improved 64bit support 367*b636d99dSDavid van Moolenbroek Many new testcases 368*b636d99dSDavid van Moolenbroek Support for sending packets 369*b636d99dSDavid van Moolenbroek Many compliation fixes on most platforms 370*b636d99dSDavid van Moolenbroek Fixes for recent version of GCC to eliminate warnings 371*b636d99dSDavid van Moolenbroek Improved Unicode support 372*b636d99dSDavid van Moolenbroek 373*b636d99dSDavid van Moolenbroek Decoders & DLT Changes, Updates and New: 374*b636d99dSDavid van Moolenbroek AES ESP support 375*b636d99dSDavid van Moolenbroek Juniper ATM, FRF.15, FRF.16, PPPoE, 376*b636d99dSDavid van Moolenbroek ML-FR, ML-PIC, ML-PPP, PL-PPP, LS-PIC 377*b636d99dSDavid van Moolenbroek GGSN,ES,MONITOR,SERVICES 378*b636d99dSDavid van Moolenbroek L2VPN 379*b636d99dSDavid van Moolenbroek Axent Raptor/Symantec Firewall 380*b636d99dSDavid van Moolenbroek TCP-MD5 (RFC 2385) 381*b636d99dSDavid van Moolenbroek ESP-in-UDP (RFC 3948) 382*b636d99dSDavid van Moolenbroek ATM OAM 383*b636d99dSDavid van Moolenbroek LMP, LMP Service Discovery 384*b636d99dSDavid van Moolenbroek IP over FC 385*b636d99dSDavid van Moolenbroek IP over IEEE 1394 386*b636d99dSDavid van Moolenbroek BACnet MS/TP 387*b636d99dSDavid van Moolenbroek SS7 388*b636d99dSDavid van Moolenbroek LDP over TCP 389*b636d99dSDavid van Moolenbroek LACP, MARKER as per 802.3ad 390*b636d99dSDavid van Moolenbroek PGM (RFC 3208) 391*b636d99dSDavid van Moolenbroek LSP-PING 392*b636d99dSDavid van Moolenbroek G.7041/Y.1303 Generic Framing Procedure 393*b636d99dSDavid van Moolenbroek EIGRP-IP, EIGRP-IPX 394*b636d99dSDavid van Moolenbroek ICMP6 395*b636d99dSDavid van Moolenbroek Radio - via radiotap 396*b636d99dSDavid van Moolenbroek DHCPv6 397*b636d99dSDavid van Moolenbroek HDLC over PPP 398*b636d99dSDavid van Moolenbroek 399*b636d99dSDavid van MoolenbroekTue. March 30, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.3 release 400*b636d99dSDavid van Moolenbroek 401*b636d99dSDavid van Moolenbroek No changes from 3.8.2. Version bumped only to maintain consistency 402*b636d99dSDavid van Moolenbroek with libpcap 0.8.3. 403*b636d99dSDavid van Moolenbroek 404*b636d99dSDavid van MoolenbroekMon. March 29, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.2 release 405*b636d99dSDavid van Moolenbroek 406*b636d99dSDavid van Moolenbroek Fixes for print-isakmp.c CVE: CAN-2004-0183, CAN-2004-0184 407*b636d99dSDavid van Moolenbroek http://www.rapid7.com/advisories/R7-0017.html 408*b636d99dSDavid van Moolenbroek IP-over-IEEE1394 printing. 409*b636d99dSDavid van Moolenbroek some MINGW32 changes. 410*b636d99dSDavid van Moolenbroek updates for autoconf 2.5 411*b636d99dSDavid van Moolenbroek fixes for print-aodv.c - check for too short packets 412*b636d99dSDavid van Moolenbroek formatting changes to print-ascii for hex output. 413*b636d99dSDavid van Moolenbroek check for too short packets: print-bgp.c, print-bootp.c, print-cdp.c, 414*b636d99dSDavid van Moolenbroek print-chdlc.c, print-domain.c, print-icmp.c, print-icmp6.c, 415*b636d99dSDavid van Moolenbroek print-ip.c, print-lwres.c, print-ospf.c, print-pim.c, 416*b636d99dSDavid van Moolenbroek print-ppp.c,print-pppoe.c, print-rsvp.c, print-wb.c 417*b636d99dSDavid van Moolenbroek print-ether.c - better handling of unknown types. 418*b636d99dSDavid van Moolenbroek print-isoclns.c - additional decoding of types. 419*b636d99dSDavid van Moolenbroek print-llc.c - strings for LLC names added. 420*b636d99dSDavid van Moolenbroek print-pfloc.c - various enhancements 421*b636d99dSDavid van Moolenbroek print-radius.c - better decoding to strings. 422*b636d99dSDavid van Moolenbroek 423*b636d99dSDavid van MoolenbroekWed. November 12, 2003. mcr@sandelman.ottawa.on.ca. Summary for 3.8 release 424*b636d99dSDavid van Moolenbroek 425*b636d99dSDavid van Moolenbroek changed syntax of -E argument so that multiple SAs can be decrypted 426*b636d99dSDavid van Moolenbroek fixes for Digital Unix headers and Documentation 427*b636d99dSDavid van Moolenbroek __attribute__ fixes 428*b636d99dSDavid van Moolenbroek CDP changes from Terry Kennedy <terry@tmk.com>. 429*b636d99dSDavid van Moolenbroek IPv6 mobility updates from Kazushi Sugyo <sugyo@pb.jp.nec.com> 430*b636d99dSDavid van Moolenbroek Fixes for ASN.1 decoder for 2.100.3 forms. 431*b636d99dSDavid van Moolenbroek Added a count of packets received and processed to clarify numbers. 432*b636d99dSDavid van Moolenbroek Incorporated WinDUMP patches for Win32 builds. 433*b636d99dSDavid van Moolenbroek PPPoE payload length headers. 434*b636d99dSDavid van Moolenbroek Fixes for HP C compiler builds. 435*b636d99dSDavid van Moolenbroek Use new pcap_breakloop() and pcap_findalldevs() if we can. 436*b636d99dSDavid van Moolenbroek BGP output split into multiple lines. 437*b636d99dSDavid van Moolenbroek Fixes to 802.11 decoding. 438*b636d99dSDavid van Moolenbroek Fixes to PIM decoder. 439*b636d99dSDavid van Moolenbroek SuperH is a CPU that can't handle unaligned access. Many fixes for 440*b636d99dSDavid van Moolenbroek unaligned access work. 441*b636d99dSDavid van Moolenbroek Fixes to Frame-Relay decoder for Q.933/922 frames. 442*b636d99dSDavid van Moolenbroek Clarified when Solaris can do captures as non-root. 443*b636d99dSDavid van Moolenbroek Added tests/ subdir for examples/regression tests. 444*b636d99dSDavid van Moolenbroek New -U flag. -flush stdout after every packet 445*b636d99dSDavid van Moolenbroek New -A flag -print ascii only 446*b636d99dSDavid van Moolenbroek support for decoding IS-IS inside Cisco HDLC Frames 447*b636d99dSDavid van Moolenbroek more verbosity for tftp decoder 448*b636d99dSDavid van Moolenbroek mDNS decoder 449*b636d99dSDavid van Moolenbroek new BFD decoder 450*b636d99dSDavid van Moolenbroek cross compilation patches 451*b636d99dSDavid van Moolenbroek RFC 3561 AODV support. 452*b636d99dSDavid van Moolenbroek UDP/TCP pseudo-checksum properly for source-route options. 453*b636d99dSDavid van Moolenbroek sanitized all files to modified BSD license 454*b636d99dSDavid van Moolenbroek Add support for RFC 2625 IP-over-Fibre Channel. 455*b636d99dSDavid van Moolenbroek fixes for DECnet support. 456*b636d99dSDavid van Moolenbroek Support RFC 2684 bridging of Ethernet, 802.5 Token Ring, and FDDI. 457*b636d99dSDavid van Moolenbroek RFC 2684 encapsulation of BPDUs. 458*b636d99dSDavid van Moolenbroek 459*b636d99dSDavid van MoolenbroekTuesday, February 25, 2003. fenner@research.att.com. 3.7.2 release 460*b636d99dSDavid van Moolenbroek 461*b636d99dSDavid van Moolenbroek Fixed infinite loop when parsing malformed isakmp packets. 462*b636d99dSDavid van Moolenbroek (reported by iDefense; already fixed in CVS) 463*b636d99dSDavid van Moolenbroek Fixed infinite loop when parsing malformed BGP packets. 464*b636d99dSDavid van Moolenbroek Fixed buffer overflow with certain malformed NFS packets. 465*b636d99dSDavid van Moolenbroek Pretty-print unprintable network names in 802.11 printer. 466*b636d99dSDavid van Moolenbroek Handle truncated nbp (appletalk) packets. 467*b636d99dSDavid van Moolenbroek Updated DHCPv6 printer to match draft-ietf-dhc-dhcpv6-22.txt 468*b636d99dSDavid van Moolenbroek Print IP protocol name even if we don't have a printer for it. 469*b636d99dSDavid van Moolenbroek Print IP protocol name or number for fragments. 470*b636d99dSDavid van Moolenbroek Print the whole MPLS label stack, not just the top label. 471*b636d99dSDavid van Moolenbroek Print request header and file handle for NFS v3 FSINFO and PATHCONF 472*b636d99dSDavid van Moolenbroek requests. 473*b636d99dSDavid van Moolenbroek Fix NFS packet truncation checks. 474*b636d99dSDavid van Moolenbroek Handle "old" DR-Priority and Bidir-Capable PIM HELLO options. 475*b636d99dSDavid van Moolenbroek Handle unknown RADIUS attributes properly. 476*b636d99dSDavid van Moolenbroek Fix an ASN.1 parsing error that would cause e.g. the OID 477*b636d99dSDavid van Moolenbroek 2.100.3 to be misrepresented as 4.20.3 . 478*b636d99dSDavid van Moolenbroek 479*b636d99dSDavid van MoolenbroekMonday, January 21, 2002. mcr@sandelman.ottawa.on.ca. Summary for 3.7 release 480*b636d99dSDavid van Moolenbroeksee http://www.tcpdump.org/cvs-log/2002-01-21.10:16:48.html for commit log. 481*b636d99dSDavid van Moolenbroek keyword "ipx" added. 482*b636d99dSDavid van Moolenbroek Better OSI/802.2 support on Linux. 483*b636d99dSDavid van Moolenbroek IEEE 802.11 support, from clenahan@fortresstech.com, achirica@ttd.net. 484*b636d99dSDavid van Moolenbroek LLC SAP support for FDDI/token ring/RFC-1483 style ATM 485*b636d99dSDavid van Moolenbroek BXXP protocol was replaced by the BEEP protocol; 486*b636d99dSDavid van Moolenbroek improvements to SNAP demux. 487*b636d99dSDavid van Moolenbroek Changes to "any" interface documentation. 488*b636d99dSDavid van Moolenbroek Documentation on pcap_stats() counters. 489*b636d99dSDavid van Moolenbroek Fix a memory leak found by Miklos Szeredi - pcap_ether_aton(). 490*b636d99dSDavid van Moolenbroek Added MPLS encapsulation decoding per RFC3032. 491*b636d99dSDavid van Moolenbroek DNS dissector handles TKEY, TSIG and IXFR. 492*b636d99dSDavid van Moolenbroek adaptive SLIP interface patch from Igor Khristophorov <igor@atdot.org> 493*b636d99dSDavid van Moolenbroek SMB printing has much improved bounds checks 494*b636d99dSDavid van Moolenbroek OUI 0x0000f8 decoded as encapsulated ethernet for Cisco-custom bridging 495*b636d99dSDavid van Moolenbroek Zephyr support, from Nickolai Zeldovich <kolya@MIT.EDU>. 496*b636d99dSDavid van Moolenbroek Solaris - devices with digits in them. Stefan Hudson <hudson@mbay.net> 497*b636d99dSDavid van Moolenbroek IPX socket 0x85be is for Cisco EIGRP over IPX. 498*b636d99dSDavid van Moolenbroek Improvements to fragmented ESP handling. 499*b636d99dSDavid van Moolenbroek SCTP support from Armando L. Caro Jr. <acaro@mail.eecis.udel.edu> 500*b636d99dSDavid van Moolenbroek Linux ARPHDR_ATM support fixed. 501*b636d99dSDavid van Moolenbroek Added a "netbeui" keyword, which selects NetBEUI packets. 502*b636d99dSDavid van Moolenbroek IPv6 ND improvements, MobileIP dissector, 2292bis-02 for RA option. 503*b636d99dSDavid van Moolenbroek Handle ARPHDR_HDLC from Marcus Felipe Pereira <marcus@task.com.br>. 504*b636d99dSDavid van Moolenbroek Handle IPX socket 0x553 -> NetBIOS-over-IPX socket, "nwlink-dgm" 505*b636d99dSDavid van Moolenbroek Better Linux libc5 compat. 506*b636d99dSDavid van Moolenbroek BIND9 lwres dissector added. 507*b636d99dSDavid van Moolenbroek MIPS and SPARC get strict alignment macros (affects print-bgp.c) 508*b636d99dSDavid van Moolenbroek Apple LocalTalk LINKTYPE_ reserved. 509*b636d99dSDavid van Moolenbroek New time stamp formats documented. 510*b636d99dSDavid van Moolenbroek DHCP6 updated to draft-22.txt spec. 511*b636d99dSDavid van Moolenbroek ICMP types/codes now accept symbolic names. 512*b636d99dSDavid van Moolenbroek Add SIGINFO handler from LBL 513*b636d99dSDavid van Moolenbroek encrypted CIPE tunnels in IRIX, from Franz Schaefer <schaefer@mond.at>. 514*b636d99dSDavid van Moolenbroek now we are -Wstrict-prototype clean. 515*b636d99dSDavid van Moolenbroek NetBSD DLT_PPP_ETHER; adapted from Martin Husemann <martin@netbsd.org>. 516*b636d99dSDavid van Moolenbroek PPPoE dissector cleaned up. 517*b636d99dSDavid van Moolenbroek Support for LocalTalk hardware, from Uns Lider <unslider@miranda.org>. 518*b636d99dSDavid van Moolenbroek In dissector, now the caller prints the IP addresses rather than proto. 519*b636d99dSDavid van Moolenbroek cjclark@alum.mit.edu: print the IP proto for non-initial fragments. 520*b636d99dSDavid van Moolenbroek LLC frames with a DSAP and LSAP of 0xe0 are IPX frames. 521*b636d99dSDavid van Moolenbroek Linux cooked frames with a type value of LINUX_SLL_P_802_3 are IPX. 522*b636d99dSDavid van Moolenbroek captures on the "any" device won't be done in promiscuous mode 523*b636d99dSDavid van Moolenbroek Token Ring support on DLPI - Onno van der Linden <onno@simplex.nl> 524*b636d99dSDavid van Moolenbroek ARCNet support, from NetBSD. 525*b636d99dSDavid van Moolenbroek HSRP dissector, from Julian Cowley <julian@lava.net>. 526*b636d99dSDavid van Moolenbroek Handle (GRE-encapsulated) PPTP 527*b636d99dSDavid van Moolenbroek added -C option to rotate save file every optarg * 1,000,000 bytes. 528*b636d99dSDavid van Moolenbroek support for "vrrp" name - NetBSD, by Klaus Klein <kleink@netbsd.org>. 529*b636d99dSDavid van Moolenbroek PPTP support, from Motonori Shindo <mshindo@mshindo.net>. 530*b636d99dSDavid van Moolenbroek IS-IS over PPP support, from Hannes Gredler <hannes@juniper.net>. 531*b636d99dSDavid van Moolenbroek CNFP support for IPv6,format. Harry Raaymakers <harryr@connect.com.au>. 532*b636d99dSDavid van Moolenbroek ESP printing updated to RFC2406. 533*b636d99dSDavid van Moolenbroek HP-UX can now handle large number of PPAs. 534*b636d99dSDavid van Moolenbroek MSDP printer added. 535*b636d99dSDavid van Moolenbroek L2TP dissector improvements from Motonori Shindo. 536*b636d99dSDavid van Moolenbroek 537*b636d99dSDavid van MoolenbroekTuesday January 9, 2001. mcr@sandelman.ottawa.on.ca. Summary for 3.6 release 538*b636d99dSDavid van Moolenbroek Cleaned up documentation. 539*b636d99dSDavid van Moolenbroek Promisc mode fixes for Linux 540*b636d99dSDavid van Moolenbroek IPsec changes/cleanups. 541*b636d99dSDavid van Moolenbroek Alignment fixes for picky architectures 542*b636d99dSDavid van Moolenbroek 543*b636d99dSDavid van Moolenbroek Removed dependency on native headers for packet dissectors. 544*b636d99dSDavid van Moolenbroek Removed Linux specific headers that were shipped 545*b636d99dSDavid van Moolenbroek 546*b636d99dSDavid van Moolenbroek libpcap changes provide for exchanging capture files between 547*b636d99dSDavid van Moolenbroek systems. Save files now have well known PACKET_ values instead of 548*b636d99dSDavid van Moolenbroek depending upon system dependant mappings of DLT_* types. 549*b636d99dSDavid van Moolenbroek 550*b636d99dSDavid van Moolenbroek Support for computing/checking IP and UDP/TCP checksums. 551*b636d99dSDavid van Moolenbroek 552*b636d99dSDavid van Moolenbroek Updated autoconf stock files. 553*b636d99dSDavid van Moolenbroek 554*b636d99dSDavid van Moolenbroek IPv6 improvements: dhcp (draft-15), mobile-ip6, ppp, ospf6, 555*b636d99dSDavid van Moolenbroek 556*b636d99dSDavid van Moolenbroek Added dissector support for: ISOCLNS, Token Ring, IGMPv3, bxxp, 557*b636d99dSDavid van Moolenbroek timed, vrrp, radius, chdlc, cnfp, cdp, IEEE802.1d, raw-AppleTalk 558*b636d99dSDavid van Moolenbroek 559*b636d99dSDavid van Moolenbroek Added filtering support for: VLANs, ESIS, ISIS 560*b636d99dSDavid van Moolenbroek 561*b636d99dSDavid van Moolenbroek Improvements to: print-telnet, IPTalk, bootp/dhcp, ECN, PPP, 562*b636d99dSDavid van Moolenbroek L2TP, PPPoE 563*b636d99dSDavid van Moolenbroek 564*b636d99dSDavid van Moolenbroek HP-UX 11.0 -- find the right dlpi device. 565*b636d99dSDavid van Moolenbroek Solaris 8 - IPv6 works 566*b636d99dSDavid van Moolenbroek Linux - Added support for an "any" device to capture on all interfaces 567*b636d99dSDavid van Moolenbroek 568*b636d99dSDavid van Moolenbroek Security fixes: buffer overrun audit done. Strcpy replaced with 569*b636d99dSDavid van Moolenbroek strlcpy, sprintf replaced with snprintf. 570*b636d99dSDavid van Moolenbroek Look for lex problems, and warn about them. 571*b636d99dSDavid van Moolenbroek 572*b636d99dSDavid van Moolenbroek 573*b636d99dSDavid van Moolenbroekv3.5 Fri Jan 28 18:00:00 PST 2000 574*b636d99dSDavid van Moolenbroek 575*b636d99dSDavid van MoolenbroekBill Fenner <fenner@research.att.com> 576*b636d99dSDavid van Moolenbroek- switch to config.h for autoconf 577*b636d99dSDavid van Moolenbroek- unify RCSID strings 578*b636d99dSDavid van Moolenbroek- Updated PIMv1, PIMv2, DVMRP, IGMP parsers, add Cisco Auto-RP parser 579*b636d99dSDavid van Moolenbroek- Really fix the RIP printer 580*b636d99dSDavid van Moolenbroek- Fix MAC address -> name translation. 581*b636d99dSDavid van Moolenbroek- some -Wall -Wformat fixes 582*b636d99dSDavid van Moolenbroek- update makemib to parse much of SMIv2 583*b636d99dSDavid van Moolenbroek- Print TCP sequence # with -vv even if you normally wouldn't 584*b636d99dSDavid van Moolenbroek- Print as much of IP/TCP/UDP headers as possible even if truncated. 585*b636d99dSDavid van Moolenbroek 586*b636d99dSDavid van Moolenbroekitojun@iijlab.net 587*b636d99dSDavid van Moolenbroek- -X will make a ascii dump. from netbsd. 588*b636d99dSDavid van Moolenbroek- telnet command sequence decoder (ff xx xx). from netbsd. 589*b636d99dSDavid van Moolenbroek- print-bgp.c: improve options printing. ugly code exists for 590*b636d99dSDavid van Moolenbroek unaligned option parsing (need some fix). 591*b636d99dSDavid van Moolenbroek- const poisoning in SMB decoder. 592*b636d99dSDavid van Moolenbroek- -Wall -Werror clean checks. 593*b636d99dSDavid van Moolenbroek- bring in KAME IPv6/IPsec decoding code. 594*b636d99dSDavid van Moolenbroek 595*b636d99dSDavid van MoolenbroekAssar Westerlund <assar@sics.se> 596*b636d99dSDavid van Moolenbroek- SNMPv2 and SNMPv3 printer 597*b636d99dSDavid van Moolenbroek- If compiled with libsmi, tcpdump can load MIBs on the fly to decode 598*b636d99dSDavid van Moolenbroek SNMP packets. 599*b636d99dSDavid van Moolenbroek- Incorporate NFS parsing code from NetBSD. Adds support for nfsv3. 600*b636d99dSDavid van Moolenbroek- portability fixes 601*b636d99dSDavid van Moolenbroek- permit building in different directories. 602*b636d99dSDavid van Moolenbroek 603*b636d99dSDavid van MoolenbroekKen Hornstein <kenh@cmf.nrl.navy.mil> 604*b636d99dSDavid van Moolenbroek- bring in code at 605*b636d99dSDavid van Moolenbroek /afs/transarc.com/public/afs-contrib/tools/tcpdump for parsing 606*b636d99dSDavid van Moolenbroek AFS3 packets 607*b636d99dSDavid van Moolenbroek 608*b636d99dSDavid van MoolenbroekAndrew Tridgell <tridge@linuxcare.com> 609*b636d99dSDavid van Moolenbroek- SMB printing code 610*b636d99dSDavid van Moolenbroek 611*b636d99dSDavid van MoolenbroekLove <lha@stacken.kth.se> 612*b636d99dSDavid van Moolenbroek- print-rx.c: add code for printing MakeDir and StoreStatus. Also 613*b636d99dSDavid van Moolenbroek change date format to the right one. 614*b636d99dSDavid van Moolenbroek 615*b636d99dSDavid van MoolenbroekMichael C. Richardson <mcr@sandelman.ottawa.on.ca> 616*b636d99dSDavid van Moolenbroek- Created tcpdump.org repository 617*b636d99dSDavid van Moolenbroek 618*b636d99dSDavid van Moolenbroekv3.4 Sat Jul 25 12:40:55 PDT 1998 619*b636d99dSDavid van Moolenbroek 620*b636d99dSDavid van Moolenbroek- Hardwire Linux slip support since it's too hard to detect. 621*b636d99dSDavid van Moolenbroek 622*b636d99dSDavid van Moolenbroek- Redo configuration of "network" libraries (-lsocket and -lnsl) to 623*b636d99dSDavid van Moolenbroek deal with IRIX. Thanks to John Hawkinson (jhawk@mit.edu) 624*b636d99dSDavid van Moolenbroek 625*b636d99dSDavid van Moolenbroek- Added -a which tries to translate network and broadcast addresses to 626*b636d99dSDavid van Moolenbroek names. Suggested by Rob van Nieuwkerk (robn@verdi.et.tudelft.nl) 627*b636d99dSDavid van Moolenbroek 628*b636d99dSDavid van Moolenbroek- Added a configure option to disable gcc. 629*b636d99dSDavid van Moolenbroek 630*b636d99dSDavid van Moolenbroek- Added a "raw" packet printer. 631*b636d99dSDavid van Moolenbroek 632*b636d99dSDavid van Moolenbroek- Not having an interface address is no longer fatal. Requested by John 633*b636d99dSDavid van Moolenbroek Hawkinson. 634*b636d99dSDavid van Moolenbroek 635*b636d99dSDavid van Moolenbroek- Rework signal setup to accommodate Linux. 636*b636d99dSDavid van Moolenbroek 637*b636d99dSDavid van Moolenbroek- OSPF truncation check fix. Also display the type of OSPF packets 638*b636d99dSDavid van Moolenbroek using MD5 authentication. Thanks to Brian Wellington 639*b636d99dSDavid van Moolenbroek (bwelling@tis.com) 640*b636d99dSDavid van Moolenbroek 641*b636d99dSDavid van Moolenbroek- Fix truncation check bugs in the Kerberos printer. Reported by Ezra 642*b636d99dSDavid van Moolenbroek Peisach (epeisach@mit.edu) 643*b636d99dSDavid van Moolenbroek 644*b636d99dSDavid van Moolenbroek- Don't catch SIGHUP when invoked with nohup(1). Thanks to Dave Plonka 645*b636d99dSDavid van Moolenbroek (plonka@mfa.com) 646*b636d99dSDavid van Moolenbroek 647*b636d99dSDavid van Moolenbroek- Specify full install target as a way of detecting if install 648*b636d99dSDavid van Moolenbroek directory does not exist. Thanks to Dave Plonka. 649*b636d99dSDavid van Moolenbroek 650*b636d99dSDavid van Moolenbroek- Bit-swap FDDI addresses for BSD/OS too. Thanks to Paul Vixie 651*b636d99dSDavid van Moolenbroek (paul@vix.com) 652*b636d99dSDavid van Moolenbroek 653*b636d99dSDavid van Moolenbroek- Fix off-by-one bug when testing size of ethernet packets. Thanks to 654*b636d99dSDavid van Moolenbroek Marty Leisner (leisner@sdsp.mc.xerox.com) 655*b636d99dSDavid van Moolenbroek 656*b636d99dSDavid van Moolenbroek- Add a local autoconf macro to check for routines in libraries; the 657*b636d99dSDavid van Moolenbroek autoconf version is broken (it only puts the library name in the 658*b636d99dSDavid van Moolenbroek cache variable name). Thanks to John Hawkinson. 659*b636d99dSDavid van Moolenbroek 660*b636d99dSDavid van Moolenbroek- Add a local autoconf macro to check for types; the autoconf version 661*b636d99dSDavid van Moolenbroek is broken (it uses grep instead of actually compiling a code fragment). 662*b636d99dSDavid van Moolenbroek 663*b636d99dSDavid van Moolenbroek- Modified to support the new BSD/OS 2.1 PPP and SLIP link layer header 664*b636d99dSDavid van Moolenbroek formats. 665*b636d99dSDavid van Moolenbroek 666*b636d99dSDavid van Moolenbroek- Extend OSF ip header workaround to versions 1 and 2. 667*b636d99dSDavid van Moolenbroek 668*b636d99dSDavid van Moolenbroek- Fix some signed problems in the nfs printer. As reported by David 669*b636d99dSDavid van Moolenbroek Sacerdote (davids@silence.secnet.com) 670*b636d99dSDavid van Moolenbroek 671*b636d99dSDavid van Moolenbroek- Detect group wheel and use it as the default since BSD/OS' install 672*b636d99dSDavid van Moolenbroek can't hack numeric groups. Reported by David Sacerdote. 673*b636d99dSDavid van Moolenbroek 674*b636d99dSDavid van Moolenbroek- AIX needs special loader options. Thanks to Jonathan I. Kamens 675*b636d99dSDavid van Moolenbroek (jik@cam.ov.com) 676*b636d99dSDavid van Moolenbroek 677*b636d99dSDavid van Moolenbroek- Fixed the nfs printer to print port numbers in decimal. Thanks to 678*b636d99dSDavid van Moolenbroek Kent Vander Velden (graphix@iastate.edu) 679*b636d99dSDavid van Moolenbroek 680*b636d99dSDavid van Moolenbroek- Find installed libpcap in /usr/local/lib when not using gcc. 681*b636d99dSDavid van Moolenbroek 682*b636d99dSDavid van Moolenbroek- Disallow network masks with non-network bits set. 683*b636d99dSDavid van Moolenbroek 684*b636d99dSDavid van Moolenbroek- Attempt to detect "egcs" versions of gcc. 685*b636d99dSDavid van Moolenbroek 686*b636d99dSDavid van Moolenbroek- Add missing closing double quotes when displaying bootp strings. 687*b636d99dSDavid van Moolenbroek Reported by Viet-Trung Luu (vluu@picard.math.uwaterloo.ca) 688*b636d99dSDavid van Moolenbroek 689*b636d99dSDavid van Moolenbroekv3.3 Sat Nov 30 20:56:27 PST 1996 690*b636d99dSDavid van Moolenbroek 691*b636d99dSDavid van Moolenbroek- Added Linux support. 692*b636d99dSDavid van Moolenbroek 693*b636d99dSDavid van Moolenbroek- GRE encapsulated packet printer thanks to John Hawkinson 694*b636d99dSDavid van Moolenbroek (jhawk@mit.edu) 695*b636d99dSDavid van Moolenbroek 696*b636d99dSDavid van Moolenbroek- Rewrite gmt2local() to avoid problematic os dependencies. 697*b636d99dSDavid van Moolenbroek 698*b636d99dSDavid van Moolenbroek- Suppress nfs truncation message on errors. 699*b636d99dSDavid van Moolenbroek 700*b636d99dSDavid van Moolenbroek- Add missing m4 quoting in AC_LBL_UNALIGNED_ACCESS autoconf macro. 701*b636d99dSDavid van Moolenbroek Reported by Joachim Ott (ott@ardala.han.de) 702*b636d99dSDavid van Moolenbroek 703*b636d99dSDavid van Moolenbroek- Enable "ip_hl vs. ip_vhl" workaround for OSF4 too. 704*b636d99dSDavid van Moolenbroek 705*b636d99dSDavid van Moolenbroek- Print arp hardware type in host order. Thanks to Onno van der Linden 706*b636d99dSDavid van Moolenbroek (onno@simplex.nl) 707*b636d99dSDavid van Moolenbroek 708*b636d99dSDavid van Moolenbroek- Avoid solaris compiler warnings. Thanks to Bruce Barnett 709*b636d99dSDavid van Moolenbroek (barnett@grymoire.crd.ge.com) 710*b636d99dSDavid van Moolenbroek 711*b636d99dSDavid van Moolenbroek- Fix rip printer to not print one more route than is actually in the 712*b636d99dSDavid van Moolenbroek packet. Thanks to Jean-Luc Richier (Jean-Luc.Richier@imag.fr) and 713*b636d99dSDavid van Moolenbroek Bill Fenner (fenner@parc.xerox.com) 714*b636d99dSDavid van Moolenbroek 715*b636d99dSDavid van Moolenbroek- Use autoconf endian detection since BYTE_ORDER isn't defined on all systems. 716*b636d99dSDavid van Moolenbroek 717*b636d99dSDavid van Moolenbroek- Fix dvmrp printer truncation checks and add a dvmrp probe printer. 718*b636d99dSDavid van Moolenbroek Thanks to Danny J. Mitzel (mitzel@ipsilon.com) 719*b636d99dSDavid van Moolenbroek 720*b636d99dSDavid van Moolenbroek- Rewrite ospf printer to improve truncation checks. 721*b636d99dSDavid van Moolenbroek 722*b636d99dSDavid van Moolenbroek- Don't parse tcp options past the EOL. As noted by David Sacerdote 723*b636d99dSDavid van Moolenbroek (davids@secnet.com). Also, check tcp options to make sure they ar 724*b636d99dSDavid van Moolenbroek actually in the tcp header (in addition to the normal truncation 725*b636d99dSDavid van Moolenbroek checks). Fix the SACK code to print the N blocks (instead of the 726*b636d99dSDavid van Moolenbroek first block N times). 727*b636d99dSDavid van Moolenbroek 728*b636d99dSDavid van Moolenbroek- Don't say really small UDP packets are truncated just because they 729*b636d99dSDavid van Moolenbroek aren't big enough to be a RPC. As noted by David Sacerdote. 730*b636d99dSDavid van Moolenbroek 731*b636d99dSDavid van Moolenbroekv3.2.1 Sun Jul 14 03:02:26 PDT 1996 732*b636d99dSDavid van Moolenbroek 733*b636d99dSDavid van Moolenbroek- Added rfc1716 icmp codes as suggested by Martin Fredriksson 734*b636d99dSDavid van Moolenbroek (martin@msp.se) 735*b636d99dSDavid van Moolenbroek 736*b636d99dSDavid van Moolenbroek- Print mtu for icmp unreach need frag packets. Thanks to John 737*b636d99dSDavid van Moolenbroek Hawkinson (jhawk@mit.edu) 738*b636d99dSDavid van Moolenbroek 739*b636d99dSDavid van Moolenbroek- Decode icmp router discovery messages. Thanks to Jeffrey Honig 740*b636d99dSDavid van Moolenbroek (jch@bsdi.com) 741*b636d99dSDavid van Moolenbroek 742*b636d99dSDavid van Moolenbroek- Added a printer entry for DLT_IEEE802 as suggested by Tak Kushida 743*b636d99dSDavid van Moolenbroek (kushida@trl.ibm.co.jp) 744*b636d99dSDavid van Moolenbroek 745*b636d99dSDavid van Moolenbroek- Check igmp checksum if possible. Thanks to John Hawkinson. 746*b636d99dSDavid van Moolenbroek 747*b636d99dSDavid van Moolenbroek- Made changes for SINIX. Thanks to Andrej Borsenkow 748*b636d99dSDavid van Moolenbroek (borsenkow.msk@sni.de) 749*b636d99dSDavid van Moolenbroek 750*b636d99dSDavid van Moolenbroek- Use autoconf's idea of the top level directory in install targets. 751*b636d99dSDavid van Moolenbroek Thanks to John Hawkinson. 752*b636d99dSDavid van Moolenbroek 753*b636d99dSDavid van Moolenbroek- Avoid infinite loop in tcp options printing code. Thanks to Jeffrey 754*b636d99dSDavid van Moolenbroek Mogul (mogul@pa.dec.com) 755*b636d99dSDavid van Moolenbroek 756*b636d99dSDavid van Moolenbroek- Avoid using -lsocket in IRIX 5.2 and earlier since it breaks snoop. 757*b636d99dSDavid van Moolenbroek Thanks to John Hawkinson. 758*b636d99dSDavid van Moolenbroek 759*b636d99dSDavid van Moolenbroek- Added some more packet truncation checks. 760*b636d99dSDavid van Moolenbroek 761*b636d99dSDavid van Moolenbroek- On systems that have it, use sigset() instead of signal() since 762*b636d99dSDavid van Moolenbroek signal() has different semantics on these systems. 763*b636d99dSDavid van Moolenbroek 764*b636d99dSDavid van Moolenbroek- Fixed some more alignment problems on the alpha. 765*b636d99dSDavid van Moolenbroek 766*b636d99dSDavid van Moolenbroek- Add code to massage unprintable characters in the domain and ipx 767*b636d99dSDavid van Moolenbroek printers. Thanks to John Hawkinson. 768*b636d99dSDavid van Moolenbroek 769*b636d99dSDavid van Moolenbroek- Added explicit netmask support. Thanks to Steve Nuchia 770*b636d99dSDavid van Moolenbroek (steve@research.oknet.com) 771*b636d99dSDavid van Moolenbroek 772*b636d99dSDavid van Moolenbroek- Add "sca" keyword (for DEC cluster services) as suggested by Terry 773*b636d99dSDavid van Moolenbroek Kennedy (terry@spcvxa.spc.edu) 774*b636d99dSDavid van Moolenbroek 775*b636d99dSDavid van Moolenbroek- Add "atalk" keyword as suggested by John Hawkinson. 776*b636d99dSDavid van Moolenbroek 777*b636d99dSDavid van Moolenbroek- Added an igrp printer. Thanks to Francis Dupont 778*b636d99dSDavid van Moolenbroek (francis.dupont@inria.fr) 779*b636d99dSDavid van Moolenbroek 780*b636d99dSDavid van Moolenbroek- Print IPX net numbers in hex a la Novell Netware. Thanks to Terry 781*b636d99dSDavid van Moolenbroek Kennedy (terry@spcvxa.spc.edu) 782*b636d99dSDavid van Moolenbroek 783*b636d99dSDavid van Moolenbroek- Fixed snmp extended tag field parsing bug. Thanks to Pascal Hennequin 784*b636d99dSDavid van Moolenbroek (pascal.hennequin@hugo.int-evry.fr) 785*b636d99dSDavid van Moolenbroek 786*b636d99dSDavid van Moolenbroek- Added some ETHERTYPEs missing on some systems. 787*b636d99dSDavid van Moolenbroek 788*b636d99dSDavid van Moolenbroek- Added truncated packet macros and various checks. 789*b636d99dSDavid van Moolenbroek 790*b636d99dSDavid van Moolenbroek- Fixed endian problems with the DECnet printer. 791*b636d99dSDavid van Moolenbroek 792*b636d99dSDavid van Moolenbroek- Use $CC when checking gcc version. Thanks to Carl Lindberg 793*b636d99dSDavid van Moolenbroek (carl_lindberg@blacksmith.com) 794*b636d99dSDavid van Moolenbroek 795*b636d99dSDavid van Moolenbroek- Fixes for AIX (although this system is not yet supported). Thanks to 796*b636d99dSDavid van Moolenbroek John Hawkinson. 797*b636d99dSDavid van Moolenbroek 798*b636d99dSDavid van Moolenbroek- Fix bugs in the autoconf misaligned accesses code fragment. 799*b636d99dSDavid van Moolenbroek 800*b636d99dSDavid van Moolenbroek- Include sys/param.h to get BYTE_ORDER in a few places. Thanks to 801*b636d99dSDavid van Moolenbroek Pavlin Ivanov Radoslavov (pavlin@cs.titech.ac.jp) 802*b636d99dSDavid van Moolenbroek 803*b636d99dSDavid van Moolenbroekv3.2 Sun Jun 23 02:28:10 PDT 1996 804*b636d99dSDavid van Moolenbroek 805*b636d99dSDavid van Moolenbroek- Print new icmp unreachable codes as suggested by Martin Fredriksson 806*b636d99dSDavid van Moolenbroek (martin@msp.se). Also print code value when unknown for icmp redirect 807*b636d99dSDavid van Moolenbroek and time exceeded. 808*b636d99dSDavid van Moolenbroek 809*b636d99dSDavid van Moolenbroek- Fix an alignment endian bug in getname(). Thanks to John Hawkinson. 810*b636d99dSDavid van Moolenbroek 811*b636d99dSDavid van Moolenbroek- Define "new" domain record types if not found in arpa/nameserv.h. 812*b636d99dSDavid van Moolenbroek Resulted from a suggestion from John Hawkinson (jhawk@mit.edu). Also 813*b636d99dSDavid van Moolenbroek fixed an endian bug when printing mx record and added some new record 814*b636d99dSDavid van Moolenbroek types. 815*b636d99dSDavid van Moolenbroek 816*b636d99dSDavid van Moolenbroek- Added RIP V2 support. Thanks to Jeffrey Honig (jch@bsdi.com) 817*b636d99dSDavid van Moolenbroek 818*b636d99dSDavid van Moolenbroek- Added T/TCP options printing. As suggested by Richard Stevens 819*b636d99dSDavid van Moolenbroek (rstevens@noao.edu) 820*b636d99dSDavid van Moolenbroek 821*b636d99dSDavid van Moolenbroek- Use autoconf to detect architectures that can't handle misaligned 822*b636d99dSDavid van Moolenbroek accesses. 823*b636d99dSDavid van Moolenbroek 824*b636d99dSDavid van Moolenbroekv3.1 Thu Jun 13 20:59:32 PDT 1996 825*b636d99dSDavid van Moolenbroek 826*b636d99dSDavid van Moolenbroek- Changed u_int32/int32 to u_int32_t/int32_t to be consistent with bsd 827*b636d99dSDavid van Moolenbroek and bind (as suggested by Charles Hannum). 828*b636d99dSDavid van Moolenbroek 829*b636d99dSDavid van Moolenbroek- Port to GNU autoconf. 830*b636d99dSDavid van Moolenbroek 831*b636d99dSDavid van Moolenbroek- Add support for printing DVMRP and PIM traffic thanks to 832*b636d99dSDavid van Moolenbroek Havard Eidnes (Havard.Eidnes@runit.sintef.no). 833*b636d99dSDavid van Moolenbroek 834*b636d99dSDavid van Moolenbroek- Fix AppleTalk, IPX and DECnet byte order problems due to wrong endian 835*b636d99dSDavid van Moolenbroek define being referenced. Reported by Terry Kennedy. 836*b636d99dSDavid van Moolenbroek 837*b636d99dSDavid van Moolenbroek- Minor fixes to the man page thanks to Mark Andrews. 838*b636d99dSDavid van Moolenbroek 839*b636d99dSDavid van Moolenbroek- Endian fixes to RTP and vat packet dumpers, thanks to Bruce Mah 840*b636d99dSDavid van Moolenbroek (bmah@cs.berkeley.edu). 841*b636d99dSDavid van Moolenbroek 842*b636d99dSDavid van Moolenbroek- Added support for new dns types, thanks to Rainer Orth. 843*b636d99dSDavid van Moolenbroek 844*b636d99dSDavid van Moolenbroek- Fixed tftp_print() to print the block number for ACKs. 845*b636d99dSDavid van Moolenbroek 846*b636d99dSDavid van Moolenbroek- Document -dd and -ddd. Resulted from a bug report from Charlie Slater 847*b636d99dSDavid van Moolenbroek (cslater@imatek.com). 848*b636d99dSDavid van Moolenbroek 849*b636d99dSDavid van Moolenbroek- Check return status from malloc/calloc/etc. 850*b636d99dSDavid van Moolenbroek 851*b636d99dSDavid van Moolenbroek- Check return status from pcap_loop() so we can print an error and 852*b636d99dSDavid van Moolenbroek exit with a bad status if there were problems. 853*b636d99dSDavid van Moolenbroek 854*b636d99dSDavid van Moolenbroek- Bail if ip option length is <= 0. Resulted from a bug report from 855*b636d99dSDavid van Moolenbroek Darren Reed (darrenr@vitruvius.arbld.unimelb.edu.au). 856*b636d99dSDavid van Moolenbroek 857*b636d99dSDavid van Moolenbroek- Print out a little more information for sun rpc packets. 858*b636d99dSDavid van Moolenbroek 859*b636d99dSDavid van Moolenbroek- Add suport for Kerberos 4 thanks to John Hawkinson (jhawk@mit.edu). 860*b636d99dSDavid van Moolenbroek 861*b636d99dSDavid van Moolenbroek- Fixed the Fix EXTRACT_SHORT() and EXTRACT_LONG() macros (which were 862*b636d99dSDavid van Moolenbroek wrong on little endian machines). 863*b636d99dSDavid van Moolenbroek 864*b636d99dSDavid van Moolenbroek- Fixed alignment bug in ipx_decode(). Thanks to Matt Crawford 865*b636d99dSDavid van Moolenbroek (crawdad@fnal.gov). 866*b636d99dSDavid van Moolenbroek 867*b636d99dSDavid van Moolenbroek- Fix ntp_print() to not print garbage when the stratum is 868*b636d99dSDavid van Moolenbroek "unspecified." Thanks to Deus Ex Machina (root@belle.bork.com). 869*b636d99dSDavid van Moolenbroek 870*b636d99dSDavid van Moolenbroek- Rewrote tcp options printer code to check for truncation. Added 871*b636d99dSDavid van Moolenbroek selective acknowledgment case. 872*b636d99dSDavid van Moolenbroek 873*b636d99dSDavid van Moolenbroek- Fixed an endian bug in the ospf printer. Thanks to Jeffrey C Honig 874*b636d99dSDavid van Moolenbroek (jch@bsdi.com) 875*b636d99dSDavid van Moolenbroek 876*b636d99dSDavid van Moolenbroek- Fix rip printer to handle 4.4 BSD sockaddr struct which only uses one 877*b636d99dSDavid van Moolenbroek octet for the sa_family member. Thanks to Yoshitaka Tokugawa 878*b636d99dSDavid van Moolenbroek (toku@dit.co.jp) 879*b636d99dSDavid van Moolenbroek 880*b636d99dSDavid van Moolenbroek- Don't checksum ip header if we don't have all of it. Thanks to John 881*b636d99dSDavid van Moolenbroek Hawkinson (jhawk@mit.edu). 882*b636d99dSDavid van Moolenbroek 883*b636d99dSDavid van Moolenbroek- Print out hostnames if possible in egp printer. Thanks to Jeffrey 884*b636d99dSDavid van Moolenbroek Honig (jhc@bsdi.com) 885*b636d99dSDavid van Moolenbroek 886*b636d99dSDavid van Moolenbroek 887*b636d99dSDavid van Moolenbroekv3.1a1 Wed May 3 19:21:11 PDT 1995 888*b636d99dSDavid van Moolenbroek 889*b636d99dSDavid van Moolenbroek- Include time.h when SVR4 is defined to avoid problems under Solaris 890*b636d99dSDavid van Moolenbroek 2.3. 891*b636d99dSDavid van Moolenbroek 892*b636d99dSDavid van Moolenbroek- Fix etheraddr_string() in the ETHER_SERVICE to return the saved 893*b636d99dSDavid van Moolenbroek strings, not the local buffer. Thanks to Stefan Petri 894*b636d99dSDavid van Moolenbroek (petri@ibr.cs.tu-bs.de). 895*b636d99dSDavid van Moolenbroek 896*b636d99dSDavid van Moolenbroek- Detect when pcap raises the snaplen (e.g. with snit). Print a warning 897*b636d99dSDavid van Moolenbroek that the selected value was not used. Thanks to Pascal Hennequin 898*b636d99dSDavid van Moolenbroek (Pascal.Hennequin@hugo.int-evry.fr). 899*b636d99dSDavid van Moolenbroek 900*b636d99dSDavid van Moolenbroek- Add a truncated packet test to print-nfs.c. Thanks to Pascal Hennequin. 901*b636d99dSDavid van Moolenbroek 902*b636d99dSDavid van Moolenbroek- BYTEORDER -> BYTE_ORDER Thanks to Terry Kennedy (terry@spcvxa.spc.edu). 903*b636d99dSDavid van Moolenbroek 904*b636d99dSDavid van Moolenbroekv3.0.3 Sun Oct 1 18:35:00 GMT 1995 905*b636d99dSDavid van Moolenbroek 906*b636d99dSDavid van Moolenbroek- Although there never was a 3.0.3 release, the linux boys cleverly 907*b636d99dSDavid van Moolenbroek "released" one in late 1995. 908*b636d99dSDavid van Moolenbroek 909*b636d99dSDavid van Moolenbroekv3.0.2 Thu Apr 20 21:28:16 PDT 1995 910*b636d99dSDavid van Moolenbroek 911*b636d99dSDavid van Moolenbroek- Change configuration to not use gcc v2 flags with gcc v1. 912*b636d99dSDavid van Moolenbroek 913*b636d99dSDavid van Moolenbroek- Redo gmt2local() so that it works under BSDI (which seems to return 914*b636d99dSDavid van Moolenbroek an empty timezone struct from gettimeofday()). Based on report from 915*b636d99dSDavid van Moolenbroek Terry Kennedy (terry@spcvxa.spc.edu). 916*b636d99dSDavid van Moolenbroek 917*b636d99dSDavid van Moolenbroek- Change configure to recognize IP[0-9]* as "mips" SGI hardware. Based 918*b636d99dSDavid van Moolenbroek on report from Mark Andrews (mandrews@alias.com). 919*b636d99dSDavid van Moolenbroek 920*b636d99dSDavid van Moolenbroek- Don't pass cc flags to gcc. Resulted from a bug report from Rainer 921*b636d99dSDavid van Moolenbroek Orth (ro@techfak.uni-bielefeld.de). 922*b636d99dSDavid van Moolenbroek 923*b636d99dSDavid van Moolenbroek- Fixed printout of connection id for uncompressed tcp slip packets. 924*b636d99dSDavid van Moolenbroek Resulted from a bug report from Richard Stevens (rstevens@noao.edu). 925*b636d99dSDavid van Moolenbroek 926*b636d99dSDavid van Moolenbroek- Hack around deficiency in Ultrix's make. 927*b636d99dSDavid van Moolenbroek 928*b636d99dSDavid van Moolenbroek- Add ETHERTYPE_TRAIL define which is missing from irix5. 929*b636d99dSDavid van Moolenbroek 930*b636d99dSDavid van Moolenbroekv3.0.1 Wed Aug 31 22:42:26 PDT 1994 931*b636d99dSDavid van Moolenbroek 932*b636d99dSDavid van Moolenbroek- Fix problems with gcc2 vs. malloc() and read() prototypes under SunOS 4. 933*b636d99dSDavid van Moolenbroek 934*b636d99dSDavid van Moolenbroekv3.0 Mon Jun 20 19:23:27 PDT 1994 935*b636d99dSDavid van Moolenbroek 936*b636d99dSDavid van Moolenbroek- Added support for printing tcp option timestamps thanks to 937*b636d99dSDavid van Moolenbroek Mark Andrews (mandrews@alias.com). 938*b636d99dSDavid van Moolenbroek 939*b636d99dSDavid van Moolenbroek- Reorganize protocol dumpers to take const pointers to packets so they 940*b636d99dSDavid van Moolenbroek never change the contents (i.e., they used to do endian conversions 941*b636d99dSDavid van Moolenbroek in place). Previously, whenever more than one pass was taken over 942*b636d99dSDavid van Moolenbroek the packet, the packet contents would be dumped incorrectly (i.e., 943*b636d99dSDavid van Moolenbroek the output form -x would be wrong on little endian machines because 944*b636d99dSDavid van Moolenbroek the protocol dumpers would modify the data). Thanks to Charles Hannum 945*b636d99dSDavid van Moolenbroek (mycroft@gnu.ai.mit.edu) for reporting this problem. 946*b636d99dSDavid van Moolenbroek 947*b636d99dSDavid van Moolenbroek- Added support for decnet protocol dumping thanks to Jeff Mogul 948*b636d99dSDavid van Moolenbroek (mogul@pa.dec.com). 949*b636d99dSDavid van Moolenbroek 950*b636d99dSDavid van Moolenbroek- Fix bug that caused length of packet to be incorrectly printed 951*b636d99dSDavid van Moolenbroek (off by ether header size) for unknown ethernet types thanks 952*b636d99dSDavid van Moolenbroek to Greg Miller (gmiller@kayak.mitre.org). 953*b636d99dSDavid van Moolenbroek 954*b636d99dSDavid van Moolenbroek- Added support for IPX protocol dumping thanks to Brad Parker 955*b636d99dSDavid van Moolenbroek (brad@fcr.com). 956*b636d99dSDavid van Moolenbroek 957*b636d99dSDavid van Moolenbroek- Added check to verify IP header checksum under -v thanks to 958*b636d99dSDavid van Moolenbroek Brad Parker (brad@fcr.com). 959*b636d99dSDavid van Moolenbroek 960*b636d99dSDavid van Moolenbroek- Move packet capture code to new libpcap library (which is 961*b636d99dSDavid van Moolenbroek packaged separately). 962*b636d99dSDavid van Moolenbroek 963*b636d99dSDavid van Moolenbroek- Prototype everything and assume an ansi compiler. 964*b636d99dSDavid van Moolenbroek 965*b636d99dSDavid van Moolenbroek- print-arp.c: Print hardware ethernet addresses if they're not 966*b636d99dSDavid van Moolenbroek what we expect. 967*b636d99dSDavid van Moolenbroek 968*b636d99dSDavid van Moolenbroek- print-bootp.c: Decode the cmu vendor field. Add RFC1497 tags. 969*b636d99dSDavid van Moolenbroek Many helpful suggestions from Gordon Ross (gwr@jericho.mc.com). 970*b636d99dSDavid van Moolenbroek 971*b636d99dSDavid van Moolenbroek- print-fddi.c: Improvements. Thanks to Jeffrey Mogul 972*b636d99dSDavid van Moolenbroek (mogul@pa.dec.com). 973*b636d99dSDavid van Moolenbroek 974*b636d99dSDavid van Moolenbroek- print-icmp.c: Byte swap netmask before printing. Thanks to 975*b636d99dSDavid van Moolenbroek Richard Stevens (rstevens@noao.edu). Print icmp type when unknown. 976*b636d99dSDavid van Moolenbroek 977*b636d99dSDavid van Moolenbroek- print-ip.c: Print the inner ip datagram of ip-in-ip encapsulated packets. 978*b636d99dSDavid van Moolenbroek By default, only the inner packet is dumped, appended with the token 979*b636d99dSDavid van Moolenbroek "(encap)". Under -v, both the inner and output packets are dumped 980*b636d99dSDavid van Moolenbroek (on the same line). Note that the filter applies to the original packet, 981*b636d99dSDavid van Moolenbroek not the encapsulated packet. So if you run tcpdump on a net with an 982*b636d99dSDavid van Moolenbroek IP Multicast tunnel, you cannot filter out the datagrams using the 983*b636d99dSDavid van Moolenbroek conventional syntax. (You can filter away all the ip-in-ip traffic 984*b636d99dSDavid van Moolenbroek with "not ip proto 4".) 985*b636d99dSDavid van Moolenbroek 986*b636d99dSDavid van Moolenbroek- print-nfs.c: Keep pending rpc's in circular table. Add generic 987*b636d99dSDavid van Moolenbroek nfs header and remove os dependences. Thanks to Jeffrey Mogul. 988*b636d99dSDavid van Moolenbroek 989*b636d99dSDavid van Moolenbroek- print-ospf.c: Improvements. Thanks to Jeffrey Mogul. 990*b636d99dSDavid van Moolenbroek 991*b636d99dSDavid van Moolenbroek- tcpdump.c: Add -T flag allows interpretation of "vat", "wb", "rpc" 992*b636d99dSDavid van Moolenbroek (sunrpc) and rtp packets. Added "inbound" and "outbound" keywords 993*b636d99dSDavid van Moolenbroek Add && and || operators 994*b636d99dSDavid van Moolenbroek 995*b636d99dSDavid van Moolenbroekv2.2.1 Tue Jun 6 17:57:22 PDT 1992 996*b636d99dSDavid van Moolenbroek 997*b636d99dSDavid van Moolenbroek- Fix bug with -c flag. 998*b636d99dSDavid van Moolenbroek 999*b636d99dSDavid van Moolenbroekv2.2 Fri May 22 17:19:41 PDT 1992 1000*b636d99dSDavid van Moolenbroek 1001*b636d99dSDavid van Moolenbroek- savefile.c: Remove hack that shouldn't have been exported. Add 1002*b636d99dSDavid van Moolenbroek truncate checks. 1003*b636d99dSDavid van Moolenbroek 1004*b636d99dSDavid van Moolenbroek- Added the 'icmp' keyword. For example, 'icmp[0] != 8 and icmp[0] != 0' 1005*b636d99dSDavid van Moolenbroek matches non-echo/reply ICMP packets. 1006*b636d99dSDavid van Moolenbroek 1007*b636d99dSDavid van Moolenbroek- Many improvements to filter code optimizer. 1008*b636d99dSDavid van Moolenbroek 1009*b636d99dSDavid van Moolenbroek- Added 'multicast' keyword and extended the 'broadcast' keyword can now be 1010*b636d99dSDavid van Moolenbroek so that protocol qualifications are allowed. For example, "ip broadcast" 1011*b636d99dSDavid van Moolenbroek and "ether multicast" are valid filters. 1012*b636d99dSDavid van Moolenbroek 1013*b636d99dSDavid van Moolenbroek- Added support for monitoring the loopback interface (i.e. 'tcpdump -i lo'). 1014*b636d99dSDavid van Moolenbroek Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) contributed the kernel 1015*b636d99dSDavid van Moolenbroek patches to netinet/if_loop.c. 1016*b636d99dSDavid van Moolenbroek 1017*b636d99dSDavid van Moolenbroek- Added support for the Ungermann-Bass Ethernet on IBM/PC-RTs running AOS. 1018*b636d99dSDavid van Moolenbroek Contact Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) for the diffs. 1019*b636d99dSDavid van Moolenbroek 1020*b636d99dSDavid van Moolenbroek- Added EGP and OSPF printers, thanks to Jeffrey Honig. 1021*b636d99dSDavid van Moolenbroek 1022*b636d99dSDavid van Moolenbroekv2.1 Tue Jan 28 11:00:14 PST 1992 1023*b636d99dSDavid van Moolenbroek 1024*b636d99dSDavid van Moolenbroek- Internal release (never publically exported). 1025*b636d99dSDavid van Moolenbroek 1026*b636d99dSDavid van Moolenbroekv2.0.1 Sun Jan 26 21:10:10 PDT 1027*b636d99dSDavid van Moolenbroek 1028*b636d99dSDavid van Moolenbroek- Various byte ordering fixes. 1029*b636d99dSDavid van Moolenbroek 1030*b636d99dSDavid van Moolenbroek- Add truncation checks. 1031*b636d99dSDavid van Moolenbroek 1032*b636d99dSDavid van Moolenbroek- inet.c: Support BSD style SIOCGIFCONF. 1033*b636d99dSDavid van Moolenbroek 1034*b636d99dSDavid van Moolenbroek- nametoaddr.c: Handle multi addresses for single host. 1035*b636d99dSDavid van Moolenbroek 1036*b636d99dSDavid van Moolenbroek- optimize.c: Rewritten. 1037*b636d99dSDavid van Moolenbroek 1038*b636d99dSDavid van Moolenbroek- pcap-bpf.c: don't choke when we get ptraced. only set promiscuous 1039*b636d99dSDavid van Moolenbroek for broadcast nets. 1040*b636d99dSDavid van Moolenbroek 1041*b636d99dSDavid van Moolenbroek- print-atal.c: Fix an alignment bug (thanks to 1042*b636d99dSDavid van Moolenbroek stanonik@nprdc.navy.mil) Add missing printf() argument. 1043*b636d99dSDavid van Moolenbroek 1044*b636d99dSDavid van Moolenbroek- print-bootp.c: First attempt at decoding the vendor buffer. 1045*b636d99dSDavid van Moolenbroek 1046*b636d99dSDavid van Moolenbroek- print-domain.c: Fix truncation checks. 1047*b636d99dSDavid van Moolenbroek 1048*b636d99dSDavid van Moolenbroek- print-icmp.c: Calculate length of packets from the ip header. 1049*b636d99dSDavid van Moolenbroek 1050*b636d99dSDavid van Moolenbroek- print-ip.c: Print frag id in decimal (so it's easier to match up 1051*b636d99dSDavid van Moolenbroek with non-frags). Add support for ospf, egp and igmp. 1052*b636d99dSDavid van Moolenbroek 1053*b636d99dSDavid van Moolenbroek- print-nfs.c: Lots of changes. 1054*b636d99dSDavid van Moolenbroek 1055*b636d99dSDavid van Moolenbroek- print-ntp.c: Make some verbose output depend on -v. 1056*b636d99dSDavid van Moolenbroek 1057*b636d99dSDavid van Moolenbroek- print-snmp.c: New version from John LoVerso. 1058*b636d99dSDavid van Moolenbroek 1059*b636d99dSDavid van Moolenbroek- print-tcp.c: Print rfc1072 tcp options. 1060*b636d99dSDavid van Moolenbroek 1061*b636d99dSDavid van Moolenbroek- tcpdump.c: Print "0x" prefix for %x formats. Always print 6 digits 1062*b636d99dSDavid van Moolenbroek (microseconds) worth of precision. Fix uid bugs. 1063*b636d99dSDavid van Moolenbroek 1064*b636d99dSDavid van Moolenbroek- A packet dumper has been added (thanks to Jeff Mogul of DECWRL). 1065*b636d99dSDavid van Moolenbroek With this option, you can create an architecture independent binary 1066*b636d99dSDavid van Moolenbroek trace file in real time, without the overhead of the packet printer. 1067*b636d99dSDavid van Moolenbroek At a later time, the packets can be filtered (again) and printed. 1068*b636d99dSDavid van Moolenbroek 1069*b636d99dSDavid van Moolenbroek- BSD is supported. You must have BPF in your kernel. 1070*b636d99dSDavid van Moolenbroek Since the filtering is now done in the kernel, fewer packets are 1071*b636d99dSDavid van Moolenbroek dropped. In fact, with BPF and the packet dumper option, a measly 1072*b636d99dSDavid van Moolenbroek Sun 3/50 can keep up with a busy network. 1073*b636d99dSDavid van Moolenbroek 1074*b636d99dSDavid van Moolenbroek- Compressed SLIP packets can now be dumped, provided you use our 1075*b636d99dSDavid van Moolenbroek SLIP software and BPF. These packets are dumped as any other IP 1076*b636d99dSDavid van Moolenbroek packet; the compressed headers are dumped with the '-e' option. 1077*b636d99dSDavid van Moolenbroek 1078*b636d99dSDavid van Moolenbroek- Machines with little-endian byte ordering are supported (thanks to 1079*b636d99dSDavid van Moolenbroek Jeff Mogul). 1080*b636d99dSDavid van Moolenbroek 1081*b636d99dSDavid van Moolenbroek- Ultrix 4.0 is supported (also thanks to Jeff Mogul). 1082*b636d99dSDavid van Moolenbroek 1083*b636d99dSDavid van Moolenbroek- IBM RT and Stanford Enetfilter support has been added by 1084*b636d99dSDavid van Moolenbroek Rayan Zachariassen <rayan@canet.ca>. Tcpdump has been tested under 1085*b636d99dSDavid van Moolenbroek both the vanilla Enetfilter interface, and the extended interface 1086*b636d99dSDavid van Moolenbroek (#ifdef'd by IBMRTPC) present in the MERIT version of the Enetfilter. 1087*b636d99dSDavid van Moolenbroek 1088*b636d99dSDavid van Moolenbroek- TFTP packets are now printed (requests only). 1089*b636d99dSDavid van Moolenbroek 1090*b636d99dSDavid van Moolenbroek- BOOTP packets are now printed. 1091*b636d99dSDavid van Moolenbroek 1092*b636d99dSDavid van Moolenbroek- SNMP packets are now printed. (thanks to John LoVerso of Xylogics). 1093*b636d99dSDavid van Moolenbroek 1094*b636d99dSDavid van Moolenbroek- Sparc architectures, including the Sparcstation-1, are now 1095*b636d99dSDavid van Moolenbroek supported thanks to Steve McCanne and Craig Leres. 1096*b636d99dSDavid van Moolenbroek 1097*b636d99dSDavid van Moolenbroek- SunOS 4 is now supported thanks to Micky Liu of Columbia 1098*b636d99dSDavid van Moolenbroek University (micky@cunixc.cc.columbia.edu). 1099*b636d99dSDavid van Moolenbroek 1100*b636d99dSDavid van Moolenbroek- IP options are now printed. 1101*b636d99dSDavid van Moolenbroek 1102*b636d99dSDavid van Moolenbroek- RIP packets are now printed. 1103*b636d99dSDavid van Moolenbroek 1104*b636d99dSDavid van Moolenbroek- There's a -v flag that prints out more information than the 1105*b636d99dSDavid van Moolenbroek default (e.g., it will enable printing of IP ttl, tos and id) 1106*b636d99dSDavid van Moolenbroek and -q flag that prints out less (e.g., it will disable 1107*b636d99dSDavid van Moolenbroek interpretation of AppleTalk-in-UDP). 1108*b636d99dSDavid van Moolenbroek 1109*b636d99dSDavid van Moolenbroek- The grammar has undergone substantial changes (if you have an 1110*b636d99dSDavid van Moolenbroek earlier version of tcpdump, you should re-read the manual 1111*b636d99dSDavid van Moolenbroek entry). 1112*b636d99dSDavid van Moolenbroek 1113*b636d99dSDavid van Moolenbroek The most useful change is the addition of an expression 1114*b636d99dSDavid van Moolenbroek syntax that lets you filter on arbitrary fields or values in the 1115*b636d99dSDavid van Moolenbroek packet. E.g., "ip[0] > 0x45" would print only packets with IP 1116*b636d99dSDavid van Moolenbroek options, "tcp[13] & 3 != 0" would print only TCP SYN and FIN 1117*b636d99dSDavid van Moolenbroek packets. 1118*b636d99dSDavid van Moolenbroek 1119*b636d99dSDavid van Moolenbroek The most painful change is that concatenation no longer means 1120*b636d99dSDavid van Moolenbroek "and" -- e.g., you have to say "host foo and port bar" instead 1121*b636d99dSDavid van Moolenbroek of "host foo port bar". The up side to this down is that 1122*b636d99dSDavid van Moolenbroek repeated qualifiers can be omitted, making most filter 1123*b636d99dSDavid van Moolenbroek expressions shorter. E.g., you can now say "ip host foo and 1124*b636d99dSDavid van Moolenbroek (bar or baz)" to look at ip traffic between hosts foo and bar or 1125*b636d99dSDavid van Moolenbroek between hosts foo and baz. [The old way of saying this was "ip 1126*b636d99dSDavid van Moolenbroek host foo and (ip host bar or ip host baz)".] 1127*b636d99dSDavid van Moolenbroek 1128*b636d99dSDavid van Moolenbroekv2.0 Sun Jan 13 12:20:40 PST 1991 1129*b636d99dSDavid van Moolenbroek 1130*b636d99dSDavid van Moolenbroek- Initial public release. 1131