freebsd-dev/contrib/tcpdump/CHANGES

599 lines
20 KiB
Plaintext
Raw Normal View History

$Header: /tcpdump/master/tcpdump/CHANGES,v 1.79 2001/01/10 20:13:58 mcr Exp $
Tuesday January 9, 2001. mcr@sandelman.ottawa.on.ca. Summary for 3.6 release
Cleaned up documentation.
Promisc mode fixes for Linux
IPsec changes/cleanups.
Alignment fixes for picky architectures
Removed dependency on native headers for packet dissectors.
Removed Linux specific headers that were shipped
libpcap changes provide for exchanging capture files between
systems. Save files now have well known PACKET_ values instead of
depending upon system dependant mappings of DLT_* types.
Support for computing/checking IP and UDP/TCP checksums.
Updated autoconf stock files.
IPv6 improvements: dhcp (draft-15), mobile-ip6, ppp, ospf6,
Added dissector support for: ISOCLNS, Token Ring, IGMPv3, bxxp,
timed, vrrp, radius, chdlc, cnfp, cdp, IEEE802.1d, raw-AppleTalk
Added filtering support for: VLANs, ESIS, ISIS
Improvements to: print-telnet, IPTalk, bootp/dhcp, ECN, PPP,
L2TP, PPPoE
HP-UX 11.0 -- find the right dlpi device.
Solaris 8 - IPv6 works
Linux - Added support for an "any" device to capture on all interfaces
Security fixes: buffer overrun audit done. Strcpy replaced with
strlcpy, sprintf replaced with snprintf.
Look for lex problems, and warn about them.
v3.5 Fri Jan 28 18:00:00 PST 2000
Bill Fenner <fenner@research.att.com>
- switch to config.h for autoconf
- unify RCSID strings
- Updated PIMv1, PIMv2, DVMRP, IGMP parsers, add Cisco Auto-RP parser
- Really fix the RIP printer
- Fix MAC address -> name translation.
- some -Wall -Wformat fixes
- update makemib to parse much of SMIv2
- Print TCP sequence # with -vv even if you normally wouldn't
- Print as much of IP/TCP/UDP headers as possible even if truncated.
itojun@iijlab.net
- -X will make a ascii dump. from netbsd.
- telnet command sequence decoder (ff xx xx). from netbsd.
- print-bgp.c: improve options printing. ugly code exists for
unaligned option parsing (need some fix).
- const poisoning in SMB decoder.
- -Wall -Werror clean checks.
- bring in KAME IPv6/IPsec decoding code.
Assar Westerlund <assar@sics.se>
- SNMPv2 and SNMPv3 printer
- If compiled with libsmi, tcpdump can load MIBs on the fly to decode
SNMP packets.
- Incorporate NFS parsing code from NetBSD. Adds support for nfsv3.
- portability fixes
- permit building in different directories.
Ken Hornstein <kenh@cmf.nrl.navy.mil>
- bring in code at
/afs/transarc.com/public/afs-contrib/tools/tcpdump for parsing
AFS3 packets
Andrew Tridgell <tridge@linuxcare.com>
- SMB printing code
Love <lha@stacken.kth.se>
- print-rx.c: add code for printing MakeDir and StoreStatus. Also
change date format to the right one.
Michael C. Richardson <mcr@sandelman.ottawa.on.ca>
- Created tcpdump.org repository
1998-09-15 19:36:32 +00:00
v3.4 Sat Jul 25 12:40:55 PDT 1998
- Hardwire Linux slip support since it's too hard to detect.
- Redo configuration of "network" libraries (-lsocket and -lnsl) to
deal with IRIX. Thanks to John Hawkinson (jhawk@mit.edu)
- Added -a which tries to translate network and broadcast addresses to
names. Suggested by Rob van Nieuwkerk (robn@verdi.et.tudelft.nl)
- Added a configure option to disable gcc.
- Added a "raw" packet printer.
- Not having an interface address is no longer fatal. Requested by John
Hawkinson.
- Rework signal setup to accommodate Linux.
- OSPF truncation check fix. Also display the type of OSPF packets
using MD5 authentication. Thanks to Brian Wellington
(bwelling@tis.com)
- Fix truncation check bugs in the Kerberos printer. Reported by Ezra
Peisach (epeisach@mit.edu)
- Don't catch SIGHUP when invoked with nohup(1). Thanks to Dave Plonka
(plonka@mfa.com)
- Specify full install target as a way of detecting if install
directory does not exist. Thanks to Dave Plonka.
- Bit-swap FDDI addresses for BSD/OS too. Thanks to Paul Vixie
(paul@vix.com)
- Fix off-by-one bug when testing size of ethernet packets. Thanks to
Marty Leisner (leisner@sdsp.mc.xerox.com)
- Add a local autoconf macro to check for routines in libraries; the
autoconf version is broken (it only puts the library name in the
cache variable name). Thanks to John Hawkinson.
- Add a local autoconf macro to check for types; the autoconf version
is broken (it uses grep instead of actually compiling a code fragment).
- Modified to support the new BSD/OS 2.1 PPP and SLIP link layer header
formats.
- Extend OSF ip header workaround to versions 1 and 2.
- Fix some signed problems in the nfs printer. As reported by David
Sacerdote (davids@silence.secnet.com)
- Detect group wheel and use it as the default since BSD/OS' install
can't hack numeric groups. Reported by David Sacerdote.
- AIX needs special loader options. Thanks to Jonathan I. Kamens
(jik@cam.ov.com)
- Fixed the nfs printer to print port numbers in decimal. Thanks to
Kent Vander Velden (graphix@iastate.edu)
- Find installed libpcap in /usr/local/lib when not using gcc.
- Disallow network masks with non-network bits set.
- Attempt to detect "egcs" versions of gcc.
- Add missing closing double quotes when displaying bootp strings.
Reported by Viet-Trung Luu (vluu@picard.math.uwaterloo.ca)
1997-05-27 02:11:31 +00:00
v3.3 Sat Nov 30 20:56:27 PST 1996
- Added Linux support.
- GRE encapsulated packet printer thanks to John Hawkinson
(jhawk@mit.edu)
- Rewrite gmt2local() to avoid problematic os dependencies.
- Suppress nfs truncation message on errors.
- Add missing m4 quoting in AC_LBL_UNALIGNED_ACCESS autoconf macro.
Reported by Joachim Ott (ott@ardala.han.de)
- Enable "ip_hl vs. ip_vhl" workaround for OSF4 too.
- Print arp hardware type in host order. Thanks to Onno van der Linden
(onno@simplex.nl)
- Avoid solaris compiler warnings. Thanks to Bruce Barnett
(barnett@grymoire.crd.ge.com)
- Fix rip printer to not print one more route than is actually in the
packet. Thanks to Jean-Luc Richier (Jean-Luc.Richier@imag.fr) and
Bill Fenner (fenner@parc.xerox.com)
- Use autoconf endian detection since BYTE_ORDER isn't defined on all systems.
- Fix dvmrp printer truncation checks and add a dvmrp probe printer.
Thanks to Danny J. Mitzel (mitzel@ipsilon.com)
- Rewrite ospf printer to improve truncation checks.
- Don't parse tcp options past the EOL. As noted by David Sacerdote
(davids@secnet.com). Also, check tcp options to make sure they ar
actually in the tcp header (in addition to the normal truncation
checks). Fix the SACK code to print the N blocks (instead of the
first block N times).
- Don't say really small UDP packets are truncated just because they
aren't big enough to be a RPC. As noted by David Sacerdote.
v3.2.1 Sun Jul 14 03:02:26 PDT 1996
- Added rfc1716 icmp codes as suggested by Martin Fredriksson
(martin@msp.se)
- Print mtu for icmp unreach need frag packets. Thanks to John
Hawkinson (jhawk@mit.edu)
- Decode icmp router discovery messages. Thanks to Jeffrey Honig
(jch@bsdi.com)
- Added a printer entry for DLT_IEEE802 as suggested by Tak Kushida
(kushida@trl.ibm.co.jp)
- Check igmp checksum if possible. Thanks to John Hawkinson.
- Made changes for SINIX. Thanks to Andrej Borsenkow
(borsenkow.msk@sni.de)
- Use autoconf's idea of the top level directory in install targets.
Thanks to John Hawkinson.
- Avoid infinite loop in tcp options printing code. Thanks to Jeffrey
Mogul (mogul@pa.dec.com)
- Avoid using -lsocket in IRIX 5.2 and earlier since it breaks snoop.
Thanks to John Hawkinson.
- Added some more packet truncation checks.
- On systems that have it, use sigset() instead of signal() since
signal() has different semantics on these systems.
- Fixed some more alignment problems on the alpha.
- Add code to massage unprintable characters in the domain and ipx
printers. Thanks to John Hawkinson.
- Added explicit netmask support. Thanks to Steve Nuchia
(steve@research.oknet.com)
- Add "sca" keyword (for DEC cluster services) as suggested by Terry
Kennedy (terry@spcvxa.spc.edu)
- Add "atalk" keyword as suggested by John Hawkinson.
- Added an igrp printer. Thanks to Francis Dupont
(francis.dupont@inria.fr)
- Print IPX net numbers in hex a la Novell Netware. Thanks to Terry
Kennedy (terry@spcvxa.spc.edu)
- Fixed snmp extended tag field parsing bug. Thanks to Pascal Hennequin
(pascal.hennequin@hugo.int-evry.fr)
- Added some ETHERTYPEs missing on some systems.
- Added truncated packet macros and various checks.
- Fixed endian problems with the DECnet printer.
- Use $CC when checking gcc version. Thanks to Carl Lindberg
(carl_lindberg@blacksmith.com)
- Fixes for AIX (although this system is not yet supported). Thanks to
John Hawkinson.
- Fix bugs in the autoconf misaligned accesses code fragment.
- Include sys/param.h to get BYTE_ORDER in a few places. Thanks to
Pavlin Ivanov Radoslavov (pavlin@cs.titech.ac.jp)
v3.2 Sun Jun 23 02:28:10 PDT 1996
- Print new icmp unreachable codes as suggested by Martin Fredriksson
(martin@msp.se). Also print code value when unknown for icmp redirect
and time exceeded.
- Fix an alignment endian bug in getname(). Thanks to John Hawkinson.
- Define "new" domain record types if not found in arpa/nameserv.h.
Resulted from a suggestion from John Hawkinson (jhawk@mit.edu). Also
fixed an endian bug when printing mx record and added some new record
types.
- Added RIP V2 support. Thanks to Jeffrey Honig (jch@bsdi.com)
- Added T/TCP options printing. As suggested by Richard Stevens
(rstevens@noao.edu)
- Use autoconf to detect architectures that can't handle misaligned
accesses.
v3.1 Thu Jun 13 20:59:32 PDT 1996
- Changed u_int32/int32 to u_int32_t/int32_t to be consistent with bsd
and bind (as suggested by Charles Hannum).
- Port to GNU autoconf.
- Add support for printing DVMRP and PIM traffic thanks to
Havard Eidnes (Havard.Eidnes@runit.sintef.no).
- Fix AppleTalk, IPX and DECnet byte order problems due to wrong endian
define being referenced. Reported by Terry Kennedy.
- Minor fixes to the man page thanks to Mark Andrews.
- Endian fixes to RTP and vat packet dumpers, thanks to Bruce Mah
(bmah@cs.berkeley.edu).
- Added support for new dns types, thanks to Rainer Orth.
- Fixed tftp_print() to print the block number for ACKs.
- Document -dd and -ddd. Resulted from a bug report from Charlie Slater
(cslater@imatek.com).
- Check return status from malloc/calloc/etc.
- Check return status from pcap_loop() so we can print an error and
exit with a bad status if there were problems.
- Bail if ip option length is <= 0. Resulted from a bug report from
Darren Reed (darrenr@vitruvius.arbld.unimelb.edu.au).
- Print out a little more information for sun rpc packets.
- Add suport for Kerberos 4 thanks to John Hawkinson (jhawk@mit.edu).
- Fixed the Fix EXTRACT_SHORT() and EXTRACT_LONG() macros (which were
wrong on little endian machines).
- Fixed alignment bug in ipx_decode(). Thanks to Matt Crawford
(crawdad@fnal.gov).
- Fix ntp_print() to not print garbage when the stratum is
"unspecified." Thanks to Deus Ex Machina (root@belle.bork.com).
- Rewrote tcp options printer code to check for truncation. Added
selective acknowledgment case.
- Fixed an endian bug in the ospf printer. Thanks to Jeffrey C Honig
(jch@bsdi.com)
- Fix rip printer to handle 4.4 BSD sockaddr struct which only uses one
octet for the sa_family member. Thanks to Yoshitaka Tokugawa
(toku@dit.co.jp)
- Don't checksum ip header if we don't have all of it. Thanks to John
Hawkinson (jhawk@mit.edu).
- Print out hostnames if possible in egp printer. Thanks to Jeffrey
Honig (jhc@bsdi.com)
v3.1a1 Wed May 3 19:21:11 PDT 1995
- Include time.h when SVR4 is defined to avoid problems under Solaris
2.3.
- Fix etheraddr_string() in the ETHER_SERVICE to return the saved
strings, not the local buffer. Thanks to Stefan Petri
(petri@ibr.cs.tu-bs.de).
- Detect when pcap raises the snaplen (e.g. with snit). Print a warning
that the selected value was not used. Thanks to Pascal Hennequin
(Pascal.Hennequin@hugo.int-evry.fr).
- Add a truncated packet test to print-nfs.c. Thanks to Pascal Hennequin.
- BYTEORDER -> BYTE_ORDER Thanks to Terry Kennedy (terry@spcvxa.spc.edu).
v3.0.3 Sun Oct 1 18:35:00 GMT 1995
- Although there never was a 3.0.3 release, the linux boys cleverly
"released" one in late 1995.
v3.0.2 Thu Apr 20 21:28:16 PDT 1995
- Change configuration to not use gcc v2 flags with gcc v1.
- Redo gmt2local() so that it works under BSDI (which seems to return
an empty timezone struct from gettimeofday()). Based on report from
Terry Kennedy (terry@spcvxa.spc.edu).
- Change configure to recognize IP[0-9]* as "mips" SGI hardware. Based
on report from Mark Andrews (mandrews@alias.com).
- Don't pass cc flags to gcc. Resulted from a bug report from Rainer
Orth (ro@techfak.uni-bielefeld.de).
- Fixed printout of connection id for uncompressed tcp slip packets.
Resulted from a bug report from Richard Stevens (rstevens@noao.edu).
- Hack around deficiency in Ultrix's make.
- Add ETHERTYPE_TRAIL define which is missing from irix5.
v3.0.1 Wed Aug 31 22:42:26 PDT 1994
- Fix problems with gcc2 vs. malloc() and read() prototypes under SunOS 4.
v3.0 Mon Jun 20 19:23:27 PDT 1994
- Added support for printing tcp option timestamps thanks to
Mark Andrews (mandrews@alias.com).
- Reorganize protocol dumpers to take const pointers to packets so they
never change the contents (i.e., they used to do endian conversions
in place). Previously, whenever more than one pass was taken over
the packet, the packet contents would be dumped incorrectly (i.e.,
the output form -x would be wrong on little endian machines because
the protocol dumpers would modify the data). Thanks to Charles Hannum
(mycroft@gnu.ai.mit.edu) for reporting this problem.
- Added support for decnet protocol dumping thanks to Jeff Mogul
(mogul@pa.dec.com).
- Fix bug that caused length of packet to be incorrectly printed
(off by ether header size) for unknown ethernet types thanks
to Greg Miller (gmiller@kayak.mitre.org).
- Added support for IPX protocol dumping thanks to Brad Parker
(brad@fcr.com).
- Added check to verify IP header checksum under -v thanks to
Brad Parker (brad@fcr.com).
- Move packet capture code to new libpcap library (which is
packaged separately).
- Prototype everything and assume an ansi compiler.
- print-arp.c: Print hardware ethernet addresses if they're not
what we expect.
- print-bootp.c: Decode the cmu vendor field. Add RFC1497 tags.
Many helpful suggestions from Gordon Ross (gwr@jericho.mc.com).
- print-fddi.c: Improvements. Thanks to Jeffrey Mogul
(mogul@pa.dec.com).
- print-icmp.c: Byte swap netmask before printing. Thanks to
Richard Stevens (rstevens@noao.edu). Print icmp type when unknown.
- print-ip.c: Print the inner ip datagram of ip-in-ip encapsulated packets.
By default, only the inner packet is dumped, appended with the token
"(encap)". Under -v, both the inner and output packets are dumped
(on the same line). Note that the filter applies to the original packet,
not the encapsulated packet. So if you run tcpdump on a net with an
IP Multicast tunnel, you cannot filter out the datagrams using the
conventional syntax. (You can filter away all the ip-in-ip traffic
with "not ip proto 4".)
- print-nfs.c: Keep pending rpc's in circular table. Add generic
nfs header and remove os dependences. Thanks to Jeffrey Mogul.
- print-ospf.c: Improvements. Thanks to Jeffrey Mogul.
- tcpdump.c: Add -T flag allows interpretation of "vat", "wb", "rpc"
(sunrpc) and rtp packets. Added "inbound" and "outbound" keywords
Add && and || operators
v2.2.1 Tue Jun 6 17:57:22 PDT 1992
- Fix bug with -c flag.
v2.2 Fri May 22 17:19:41 PDT 1992
- savefile.c: Remove hack that shouldn't have been exported. Add
truncate checks.
- Added the 'icmp' keyword. For example, 'icmp[0] != 8 and icmp[0] != 0'
matches non-echo/reply ICMP packets.
- Many improvements to filter code optimizer.
- Added 'multicast' keyword and extended the 'broadcast' keyword can now be
so that protocol qualifications are allowed. For example, "ip broadcast"
and "ether multicast" are valid filters.
- Added support for monitoring the loopback interface (i.e. 'tcpdump -i lo').
Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) contributed the kernel
patches to netinet/if_loop.c.
- Added support for the Ungermann-Bass Ethernet on IBM/PC-RTs running AOS.
Contact Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) for the diffs.
- Added EGP and OSPF printers, thanks to Jeffrey Honig.
v2.1 Tue Jan 28 11:00:14 PST 1992
- Internal release (never publically exported).
v2.0.1 Sun Jan 26 21:10:10 PDT
- Various byte ordering fixes.
- Add truncation checks.
- inet.c: Support BSD style SIOCGIFCONF.
- nametoaddr.c: Handle multi addresses for single host.
- optimize.c: Rewritten.
- pcap-bpf.c: don't choke when we get ptraced. only set promiscuous
for broadcast nets.
- print-atal.c: Fix an alignment bug (thanks to
stanonik@nprdc.navy.mil) Add missing printf() argument.
- print-bootp.c: First attempt at decoding the vendor buffer.
- print-domain.c: Fix truncation checks.
- print-icmp.c: Calculate length of packets from the ip header.
- print-ip.c: Print frag id in decimal (so it's easier to match up
with non-frags). Add support for ospf, egp and igmp.
- print-nfs.c: Lots of changes.
- print-ntp.c: Make some verbose output depend on -v.
- print-snmp.c: New version from John LoVerso.
- print-tcp.c: Print rfc1072 tcp options.
- tcpdump.c: Print "0x" prefix for %x formats. Always print 6 digits
(microseconds) worth of precision. Fix uid bugs.
- A packet dumper has been added (thanks to Jeff Mogul of DECWRL).
With this option, you can create an architecture independent binary
trace file in real time, without the overhead of the packet printer.
At a later time, the packets can be filtered (again) and printed.
- BSD is supported. You must have BPF in your kernel.
Since the filtering is now done in the kernel, fewer packets are
dropped. In fact, with BPF and the packet dumper option, a measly
Sun 3/50 can keep up with a busy network.
- Compressed SLIP packets can now be dumped, provided you use our
SLIP software and BPF. These packets are dumped as any other IP
packet; the compressed headers are dumped with the '-e' option.
- Machines with little-endian byte ordering are supported (thanks to
Jeff Mogul).
- Ultrix 4.0 is supported (also thanks to Jeff Mogul).
- IBM RT and Stanford Enetfilter support has been added by
Rayan Zachariassen <rayan@canet.ca>. Tcpdump has been tested under
both the vanilla Enetfilter interface, and the extended interface
(#ifdef'd by IBMRTPC) present in the MERIT version of the Enetfilter.
- TFTP packets are now printed (requests only).
- BOOTP packets are now printed.
- SNMP packets are now printed. (thanks to John LoVerso of Xylogics).
- Sparc architectures, including the Sparcstation-1, are now
supported thanks to Steve McCanne and Craig Leres.
- SunOS 4 is now supported thanks to Micky Liu of Columbia
University (micky@cunixc.cc.columbia.edu).
- IP options are now printed.
- RIP packets are now printed.
- There's a -v flag that prints out more information than the
default (e.g., it will enable printing of IP ttl, tos and id)
and -q flag that prints out less (e.g., it will disable
interpretation of AppleTalk-in-UDP).
- The grammar has undergone substantial changes (if you have an
earlier version of tcpdump, you should re-read the manual
entry).
The most useful change is the addition of an expression
syntax that lets you filter on arbitrary fields or values in the
packet. E.g., "ip[0] > 0x45" would print only packets with IP
options, "tcp[13] & 3 != 0" would print only TCP SYN and FIN
packets.
The most painful change is that concatenation no longer means
"and" -- e.g., you have to say "host foo and port bar" instead
of "host foo port bar". The up side to this down is that
repeated qualifiers can be omitted, making most filter
expressions shorter. E.g., you can now say "ip host foo and
(bar or baz)" to look at ip traffic between hosts foo and bar or
between hosts foo and baz. [The old way of saying this was "ip
host foo and (ip host bar or ip host baz)".]
v2.0 Sun Jan 13 12:20:40 PST 1991
- Initial public release.
@(#) $Header: /tcpdump/master/tcpdump/CHANGES,v 1.79 2001/01/10 20:13:58 mcr Exp $ (LBL)