diff options
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 1719 |
1 files changed, 1719 insertions, 0 deletions
@@ -0,0 +1,1719 @@ +Thursday, January 12, 2023 / The Tcpdump Group + Summary for 4.99.3 tcpdump release + Updated printers: + PTP: Use the proper values for the control field and print un-allocated + values for the message field as "Reserved" instead of "none". + Source code: + smbutil.c: Replace obsolete function call (asctime) + Building and testing: + cmake: Update the minimum required version to 2.8.12 (except Windows). + CI: Introduce and use TCPDUMP_CMAKE_TAINTED. + Makefile.in: Add the releasecheck target. + Makefile.in: Add "make -s install" in the releasecheck target. + Cirrus CI: Run the "make releasecheck" command in the Linux task. + Makefile.in: Add the whitespacecheck target. + Cirrus CI: Run the "make whitespacecheck" command in the Linux task. + Address all shellcheck warnings in update-test.sh. + Makefile.in: Get rid of a remain of gnuc.h. + Documentation: + Reformat the installation notes (INSTALL.txt) in Markdown. + Convert CONTRIBUTING to Markdown. + CONTRIBUTING.md: Document the use of "protocol: " in a commit summary. + Add a README file for NetBSD. + Fix CMake build to set man page section numbers in tcpdump.1 + +Saturday, December 31, 2022 / The Tcpdump Group + Summary for 4.99.2 tcpdump release + Updated printers: + BGP: Update cease notification decoding to RFC 9003. + BGP: decode BGP link-bandwidth extended community properly. + BGP: Fix parsing the AIGP attribute + BGP: make sure the path attributes don't go past the end of the packet. + BGP: Shutdown message can be up to 255 bytes length according to rfc9003 + DSA: correctly determine VID. + EAP: fix some length checks and output issues. + 802.11: Fix the misleading comment regarding "From DS", "To DS" Frame + Control Flags. + 802.11: Fetch the CF and TIM IEs a field at a time. + 802.15.4, BGP, LISP: fix some length checks, compiler warnings, + and undefined behavior warnings. + PFLOG: handle LINKTYPE_PFLOG/DLT_PFLOG files from all OSes on all + OSes. + RRCP: support more Realtek protocols than just RRCP. + MPLS: show the EXP field as TC, as per RFC 5462. + ICMP: redo MPLS Extension code as general ICMP Extension code. + VQP: Do not print unknown error codes twice. + Juniper: Add some bounds checks. + Juniper: Don't treat known DLT_ types as "Unknown". + lwres: Fix a length check, update a variable type. + EAP: Fix some undefined behaviors at runtime. + Ethernet: Rework the length checks, add a length check. + IPX: Add two length checks. + Zephyr: Avoid printing non-ASCII characters. + VRRP: Print the protocol name before any GET_(). + DCCP: Get rid of trailing commas in lists. + Juniper: Report invalid packets as invalid, not truncated. + IPv6: Remove an obsolete code in an always-false #if wrapper. + ISAKMP: Use GET_U_1() to replace a direct dereference. + RADIUS: Use GET_U_1() to replace a direct dereference. + TCP: Fix an invalid check. + RESP: Fix an invalid check. + RESP: Remove an unnecessary test. + Arista: Refine the output format and print HwInfo. + sFlow: add support for IPv6 agent, add a length check. + VRRP: add support for IPv6. + OSPF: Update to match the Router Properties registry. + OSPF: Remove two unnecessary dereferences. + OSPF: Add support bit Nt RFC3101. + OSPFv3: Remove two unnecessary dereferences. + ICMPv6: Fix output for Router Renumbering messages. + ICMPv6: Fix the Node Information flags. + ICMPv6: Remove an unused macro and extra blank lines. + ICMPv6: Add a length check in the rpl_dio_print() function. + ICMPv6: Use GET_IP6ADDR_STRING() in the rpl_dio_print() function. + IPv6: Add some checks for the Hop-by-Hop Options header + IPv6: Add a check for the Jumbo Payload Hop-by-Hop option. + NFS: Fix the format for printing an unsigned int + PTP: fix printing of the correction fields + PTP: Use ND_LCHECK_U for checking invalid length. + WHOIS: Add its own printer source file and printer function + MPTCP: print length before subtype inside MPTCP options + ESP: Add a workaround to a "use-of-uninitialized-value". + PPP: Add tests to avoid incorrectly re-entering ppp_hdlc(). + PPP: Don't process further if protocol is unknown (-e option). + PPP: Change the pointer to packet data. + ZEP: Add three length checks. + Add some const qualifiers. + Building and testing: + Update config.guess and config.sub. + Use AS_HELP_STRING macro instead of AC_HELP_STRING. + Handle some Autoconf/make errors better. + Fix an error when cross-compiling. + Use "git archive" for the "make releasetar" process. + Remove the release candidate rcX targets. + Mend "make check" on Solaris 9 with Autoconf. + Address assorted compiler warnings. + Fix auto-enabling of Capsicum on FreeBSD with Autoconf. + Treat "msys" as Windows for test exit statuses. + Clean up some help messages in configure. + Use unified diff by default. + Remove awk code from mkdep. + Fix configure test errors with Clang 15 + CMake: Prevent stripping of the RPATH on installation. + AppVeyor CI: update Npcap site, update to 1.12 SDK. + Cirrus CI: Use the same configuration as for the main branch. + CI: Add back running tcpdump -J/-L and capture, now with Cirrus VMs. + Remove four test files (They are now in the libpcap tests directory). + On Solaris, for 64-bit builds, use the 64-bit pcap-config. + Tell CMake not to check for a C++ compiler. + CMake: Add a way to request -Werror and equivalents. + configure: Special-case macOS /usr/bin/pcap-config as we do in CMake. + configure: Use pcap-config --static-pcap-only if available. + configure: Use ac_c_werror_flag to force unknown compiler flags to fail. + configure: Use AC_COMPILE_IFELSE() and AC_LANG_SOURCE() for testing + flags. + Run the test that fails on OpenBSD only if we're not on OpenBSD. + Source code: + Fix some snapend-changing routines to protect against pointer + underflow. + Use __func__ from C99 in some function calls. + Memory allocator: Update nd_add_alloc_list() to a static function. + addrtoname.c: Fix two invalid tests. + Use more S_SUCCESS and S_ERR_HOST_PROGRAM in main(). + Add some comments about "don't use GET_IP6ADDR_STRING()". + Assign ndo->ndo_packetp in pretty_print_packet(). + Add ND_LCHECKMSG_U, ND_LCHECK_U, ND_LCHECKMSG_ZU and ND_LCHECK_ZU macros. + Update tok2strbuf() to a static function. + netdissect.h: Keep the link-layer dissectors names sorted. + setsignal(): Set SA_RESTART on non-lethal signals (REQ_INFO, FLUSH_PCAP) + to avoid corrupting binary pcap output. + Use __builtin_unreachable(). + Fail if nd_push_buffer() or nd_push_snaplen() fails. + Improve code style and fix many typos. + Documentation: + Some man page cleanups. + Update the print interface for the packet count to stdout. + Note that we require compilers to support at least some of C99. + Update AIX and Solaris-related specifics. + INSTALL.txt: Add doc/README.*, delete the deleted win32 directory. + Update README.md and README.Win32.md. + Update some comments with new RFC numbers. + +Wednesday, June 9, 2021 by gharris + Summary for 4.99.1 tcpdump release + Source code: + Squelch some compiler warnings + ICMP: Update the snapend for some nested IP packets. + MACsec: Update the snapend thus the ICV field is not payload + for the caller. + EIGRP: Fix packet header fields + SMB: Disable printer by default in CMake builds + OLSR: Print the protocol name even if the packet is invalid + MSDP: Print ": " before the protocol name + ESP: Remove padding, padding length and next header from the buffer + DHCPv6: Update the snapend for nested DHCPv6 packets + OpenFlow 1.0: Get snapend right for nested frames. + TCP: Update the snapend before decoding a MPTCP option + Ethernet, IEEE 802.15.4, IP, L2TP, TCP, ZEP: Add bounds checks + ForCES: Refine SPARSEDATA-TLV length check. + ASCII/hex: Use nd_trunc_longjmp() in truncation cases + GeoNet: Add a ND_TCHECK_LEN() call + Replace ND_TCHECK_/memcpy() pairs with GET_CPY_BYTES(). + BGP: Fix overwrites of global 'astostr' temporary buffer + ARP: fix overwrites of static buffer in q922_string(). + Frame Relay: have q922_string() handle errors better. + Building and testing: + Rebuild configure script when building release + Fix "make clean" for out-of-tree autotools builds + CMake: add stuff from CMAKE_PREFIX_PATH to PKG_CONFIG_PATH. + Documentation: + man: Update a reference as www.cifs.org is gone. [skip ci] + man: Update DNS sections + Solaris: + Fix a compile error with Sun C + +Wednesday, December 30, 2020, by mcr@sandelman.ca, denis and fxl. + Summary for 4.99.0 tcpdump release + CVE-2018-16301: For the -F option handle large input files safely. + Improve the contents, wording and formatting of the man page. + Print unsupported link-layer protocol packets in hex. + Add support for new network protocols and DLTs: Arista, Autosar SOME/IP, + Broadcom LI and Ethernet switches tag, IEEE 802.15.9, IP-over-InfiniBand + (IPoIB), Linux SLL2, Linux vsockmon, MACsec, Marvell Distributed Switch + Architecture, OpenFlow 1.3, Precision Time Protocol (PTP), SSH, WHOIS, + ZigBee Encapsulation Protocol (ZEP). + Make protocol-specific updates for: AH, DHCP, DNS, ESP, FRF.16, HNCP, + ICMP6, IEEE 802.15.4, IPv6, IS-IS, Linux SLL, LLDP, LSP ping, MPTCP, NFS, + NSH, NTP, OSPF, OSPF6, PGM, PIM, PPTP, RADIUS, RSVP, Rx, SMB, UDLD, + VXLAN-GPE. + User interface: + Make SLL2 the default for Linux "any" pseudo-device. + Add --micro and --nano shorthands. + Add --count to print a counter only instead of decoding. + Add --print, to cause packet printing even with -w. + Add support for remote capture if libpcap supports it. + Display the "wireless" flag and connection status. + Flush the output packet buffer on a SIGUSR2. + Add the snapshot length to the "reading from file ..." message. + Fix local time printing (DST offset in timestamps). + Allow -C arguments > 2^31-1 GB if they can fit into a long. + Handle very large -f files by rejecting them. + Report periodic stats only when safe to do so. + Print the number of packets captured only as often as necessary. + With no -s, or with -s 0, don't specify the snapshot length with newer + versions of libpcap. + Improve version and usage message printing. + Building and testing: + Install into bindir, not sbindir. + autoconf: replace --with-system-libpcap with --disable-local-libpcap. + Require the compiler to support C99. + Better detect and use various C compilers and their features. + Add CMake as the second build system. + Make out-of-tree builds more reliable. + Use pkg-config to detect libpcap if available. + Improve Windows support. + Add more tests and improve the scripts that run them. + Test both with "normal" and "x87" floating-point. + Eliminate dependency on libdnet. + FreeBSD: + Print a proper error message about monitor mode VAP. + Use libcasper if available. + Fix failure to capture on RDMA device. + Include the correct capsicum header. + Source code: + Start the transition to longjmp() for packet truncation handling. + Introduce new helper functions, including GET_*(), nd_print_protocol(), + nd_print_invalid(), nd_print_trunc(), nd_trunc_longjmp() and others. + Put integer signedness right in many cases. + Introduce nd_uint*, nd_mac_addr, nd_ipv4 and nd_ipv6 types to fix + alignment issues, especially on SPARC. + Fix many C compiler, Coverity, UBSan and cppcheck warnings. + Fix issues detected with AddressSanitizer. + Remove many workarounds for older compilers and OSes. + Add a sanity check on packet header length. + Add and remove plenty of bounds checks. + Clean up pcap_findalldevs() call to find the first interface. + Use a short timeout, rather than immediate mode, for text output. + Handle DLT_ENC files *not* written on the same OS and byte-order host. + Add, and use, macros to do locale-independent case mapping. + Use a table instead of getprotobynumber(). + Get rid of ND_UNALIGNED and ND_TCHECK(). + Make roundup2() generally available. + Resync SMI list against Wireshark. + Fix many typos. + +Friday, September 20, 2019, by mcr@sandelman.ca + A huge thank you to Denis, Francois-Xavier and Guy who did much of the heavy lifting. + Summary for 4.9.3 tcpdump release + Fix buffer overflow/overread vulnerabilities: + CVE-2017-16808 (AoE) + CVE-2018-14468 (FrameRelay) + CVE-2018-14469 (IKEv1) + CVE-2018-14470 (BABEL) + CVE-2018-14466 (AFS/RX) + CVE-2018-14461 (LDP) + CVE-2018-14462 (ICMP) + CVE-2018-14465 (RSVP) + CVE-2018-14881 (BGP) + CVE-2018-14464 (LMP) + CVE-2018-14463 (VRRP) + CVE-2018-14467 (BGP) + CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled) + CVE-2018-10105 (SMB - too unreliably reproduced, SMB printing disabled) + CVE-2018-14880 (OSPF6) + CVE-2018-16451 (SMB) + CVE-2018-14882 (RPL) + CVE-2018-16227 (802.11) + CVE-2018-16229 (DCCP) + CVE-2018-16230 (BGP) + CVE-2018-16452 (SMB) + CVE-2018-16300 (BGP) + CVE-2018-16228 (HNCP) + CVE-2019-15166 (LMP) + CVE-2019-15167 (VRRP) + Fix for cmdline argument/local issues: + CVE-2018-14879 (tcpdump -V) + +Sunday September 3, 2017 denis@ovsienko.info + Summary for 4.9.2 tcpdump release + Do not use getprotobynumber() for protocol name resolution. Do not do + any protocol name resolution if -n is specified. + Improve errors detection in the test scripts. + Fix a segfault with OpenSSL 1.1 and improve OpenSSL usage. + Clean up IS-IS printing. + Fix buffer overflow vulnerabilities: + CVE-2017-11543 (SLIP) + CVE-2017-13011 (bittok2str_internal) + Fix infinite loop vulnerabilities: + CVE-2017-12989 (RESP) + CVE-2017-12990 (ISAKMP) + CVE-2017-12995 (DNS) + CVE-2017-12997 (LLDP) + Fix buffer over-read vulnerabilities: + CVE-2017-11541 (safeputs) + CVE-2017-11542 (PIMv1) + CVE-2017-12893 (SMB/CIFS) + CVE-2017-12894 (lookup_bytestring) + CVE-2017-12895 (ICMP) + CVE-2017-12896 (ISAKMP) + CVE-2017-12897 (ISO CLNS) + CVE-2017-12898 (NFS) + CVE-2017-12899 (DECnet) + CVE-2017-12900 (tok2strbuf) + CVE-2017-12901 (EIGRP) + CVE-2017-12902 (Zephyr) + CVE-2017-12985 (IPv6) + CVE-2017-12986 (IPv6 routing headers) + CVE-2017-12987 (IEEE 802.11) + CVE-2017-12988 (telnet) + CVE-2017-12991 (BGP) + CVE-2017-12992 (RIPng) + CVE-2017-12993 (Juniper) + CVE-2017-12994 (BGP) + CVE-2017-12996 (PIMv2) + CVE-2017-12998 (ISO IS-IS) + CVE-2017-12999 (ISO IS-IS) + CVE-2017-13000 (IEEE 802.15.4) + CVE-2017-13001 (NFS) + CVE-2017-13002 (AODV) + CVE-2017-13003 (LMP) + CVE-2017-13004 (Juniper) + CVE-2017-13005 (NFS) + CVE-2017-13006 (L2TP) + CVE-2017-13007 (Apple PKTAP) + CVE-2017-13008 (IEEE 802.11) + CVE-2017-13009 (IPv6 mobility) + CVE-2017-13010 (BEEP) + CVE-2017-13012 (ICMP) + CVE-2017-13013 (ARP) + CVE-2017-13014 (White Board) + CVE-2017-13015 (EAP) + CVE-2017-11543 (SLIP) + CVE-2017-13016 (ISO ES-IS) + CVE-2017-13017 (DHCPv6) + CVE-2017-13018 (PGM) + CVE-2017-13019 (PGM) + CVE-2017-13020 (VTP) + CVE-2017-13021 (ICMPv6) + CVE-2017-13022 (IP) + CVE-2017-13023 (IPv6 mobility) + CVE-2017-13024 (IPv6 mobility) + CVE-2017-13025 (IPv6 mobility) + CVE-2017-13026 (ISO IS-IS) + CVE-2017-13027 (LLDP) + CVE-2017-13028 (BOOTP) + CVE-2017-13029 (PPP) + CVE-2017-13030 (PIM) + CVE-2017-13031 (IPv6 fragmentation header) + CVE-2017-13032 (RADIUS) + CVE-2017-13033 (VTP) + CVE-2017-13034 (PGM) + CVE-2017-13035 (ISO IS-IS) + CVE-2017-13036 (OSPFv3) + CVE-2017-13037 (IP) + CVE-2017-13038 (PPP) + CVE-2017-13039 (ISAKMP) + CVE-2017-13040 (MPTCP) + CVE-2017-13041 (ICMPv6) + CVE-2017-13042 (HNCP) + CVE-2017-13043 (BGP) + CVE-2017-13044 (HNCP) + CVE-2017-13045 (VQP) + CVE-2017-13046 (BGP) + CVE-2017-13047 (ISO ES-IS) + CVE-2017-13048 (RSVP) + CVE-2017-13049 (Rx) + CVE-2017-13050 (RPKI-Router) + CVE-2017-13051 (RSVP) + CVE-2017-13052 (CFM) + CVE-2017-13053 (BGP) + CVE-2017-13054 (LLDP) + CVE-2017-13055 (ISO IS-IS) + CVE-2017-13687 (Cisco HDLC) + CVE-2017-13688 (OLSR) + CVE-2017-13689 (IKEv1) + CVE-2017-13690 (IKEv2) + CVE-2017-13725 (IPv6 routing headers) + +Sunday July 23, 2017 denis@ovsienko.info + Summary for 4.9.1 tcpdump release + CVE-2017-11108/Fix bounds checking for STP. + Make assorted documentation updates and fix a few typos in tcpdump output. + Fixup -C for file size >2GB (GH #488). + Show AddressSanitizer presence in version output. + Fix a bug in test scripts (exposed in GH #613). + On FreeBSD adjust Capsicum capabilities for netmap. + On Linux fix a use-after-free when the requested interface does not exist. + +Wednesday January 18, 2017 devel.fx.lebail@orange.fr + Summary for 4.9.0 tcpdump release + General updates: + Fix some heap overflows found with American Fuzzy Lop by Hanno Boeck and others + (More information in the log with CVE-2016-* and CVE-2017-*) + Change the way protocols print link-layer addresses (Fix heap overflows + in CALM-FAST and GeoNetworking printers) + Pass correct caplen value to ether_print() and some other functions + Fix lookup_nsap() to match what isonsap_string() expects + Clean up relative time stamp printing (Fix an array overflow) + Fix some alignment issues with GCC on Solaris 10 SPARC + Add some ND_TTEST_/ND_TCHECK_ macros to simplify writing bounds checks + Add a fn_printztn() which returns the number of bytes processed + Add nd_init() and nd_cleanup() functions. Improve libsmi support + Add CONTRIBUTING file + Add a summary comment in all printers + Compile with more warning options in devel mode if supported (-Wcast-qual, ...) + Fix some leaks found by Valgrind/Memcheck + Fix a bunch of de-constifications + Squelch some Coverity warnings and some compiler warnings + Update Coverity and Travis-CI setup + Update Visual Studio files + + Frontend: + Fix capsicum support to work with zerocopy buffers in bpf + Try opening interfaces by name first, then by name-as-index + Work around pcap_create() failures fetching time stamp type lists + Fix a segmentation fault with 'tcpdump -J' + Improve addrtostr6() bounds checking + Add exit_tcpdump() function + Don't drop CAP_SYS_CHROOT before chrooting + Fixes issue where statistics not reported when -G and -W options used + + Updated printers: + 802.11: Beginnings of 11ac radiotap support + 802.11: Check the Protected bit for management frames + 802.11: Do bounds checking on last_presentp before dereferencing it (Fix a heap overflow) + 802.11: Fix the radiotap printer to handle the special bits correctly + 802.11: If we have the MCS field, it's 11n + 802.11: Only print unknown frame type or subtype messages once + 802.11: Radiotap dBm values get printed as dB; Update a test output accordingly + 802.11: Source and destination addresses were backwards + AH: Add a bounds check + AH: Report to our caller that dissection failed if a bounds check fails + AP1394: Print src > dst, not dst > src + ARP: Don't assume the target hardware address is <= 6 octets long (Fix a heap overflow) + ATALK: Add bounds and length checks (Fix heap overflows) + ATM: Add some bounds checks (Fix a heap overflow) + ATM: Fix an incorrect bounds check + BFD: Update specification from draft to RFC 5880 + BFD: Update to print optional authentication field + BGP: Add support for the AIGP attribute (RFC7311) + BGP: Print LARGE_COMMUNITY Path Attribute + BGP: Update BGP numbers from IANA; Print minor values for FSM notification + BOOTP: Add a bounds check + Babel: Add decoder for source-specific extension + CDP: Filter out non-printable characters + CFM: Fixes to match the IEEE standard, additional bounds and length checks + CSLIP: Add more bounds checks (Fix a heap overflow) + ClassicalIPoATM: Add a bounds check on LLC+SNAP header (Fix a heap overflow) + DHCP: Fix MUDURL and TZ options + DHCPv6: Process MUDURL and TZ options + DHCPv6: Update Status Codes with RFCs/IANA names + DNS: Represent the "DNSSEC OK" bit as "DO" instead of "OK". Add a test case + DTP: Improve packet integrity checks + EGP: Fix bounds checks + ESP: Don't use OpenSSL_add_all_algorithms() in OpenSSL 1.1.0 or later + Ethernet: Add some bounds checking before calling isoclns_print (Fix a heap overflow) + Ethernet: Print the Length/Type field as length when needed + FDDI: Fix -e output for FDDI + FR: Add some packet-length checks and improve Q.933 printing (Fix heap overflows) + GRE: Add some bounds checks (Fix heap overflows) + Geneve: Fix error message with invalid option length; Update list option classes + HNCP: Fix incorrect time interval format. Fix handling of IPv4 prefixes + ICMP6: Fetch a 32-bit big-endian quantity with EXTRACT_32BITS() + IGMP: Add a length check + IP: Add a bounds check (Fix a heap overflow) + IP: Check before fetching the protocol version (Fix a heap overflow) + IP: Don't try to dissect if IP version != 4 (Fix a heap overflow) + IP: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP + IPComp: Check whether we have the CPI before we fetch it (Fix a heap overflow) + IPoFC: Fix -e output (IP-over-Fibre Channel) + IPv6: Don't overwrite the destination IPv6 address for routing headers + IPv6: Fix header printing + IPv6: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP + ISAKMP: Clean up parsing of IKEv2 Security Associations + ISOCLNS/IS-IS: Add support for Purge Originator Identifier (RFC6232) and test cases + ISOCLNS/IS-IS: Don't overwrite packet data when checking the signature + ISOCLNS/IS-IS: Filter out non-printable characters + ISOCLNS/IS-IS: Fix segmentation faults + ISOCLNS/IS-IS: Have signature_verify() do the copying and clearing + ISOCLNS: Add some bounds checks + Juniper: Make sure a Juniper header TLV isn't bigger than what's left in the packet (Fix a heap overflow) + LLC/SNAP: With -e, print the LLC header before the SNAP header; without it, cut the SNAP header + LLC: Add a bounds check (Fix a heap overflow) + LLC: Clean up printing of LLC packets + LLC: Fix the printing of RFC 948-style IP packets + LLC: Skip the LLC and SNAP headers with -x for 802.11 and some other protocols + LLDP: Implement IANA OUI and LLDP MUD option + MPLS LSP ping: Update printing for RFC 4379, bug fixes, more bounds checks + MPLS: "length" is now the *remaining* packet length + MPLS: Add bounds and length checks (Fix a heap overflow) + NFS: Don't assume the ONC RPC header is nicely aligned + NFS: Don't overflow the Opaque_Handle buffer (Fix a segmentation fault) + NFS: Don't run past the end of an NFSv3 file handle + OLSR: Add a test to cover a HNA sgw case + OLSR: Fix 'Advertised networks' count + OLSR: Fix printing of smart-gateway HNAs in IPv4 + OSPF: Add a bounds check for the Hello packet options + OSPF: Do more bounds checking + OSPF: Fix a segmentation fault + OSPF: Fix printing 'ospf_topology_values' default + OTV: Add missing bounds checks + PGM: Print the formatted IP address, not the raw binary address, as a string + PIM: Add some bounds checking (Fix a heap overflow) + PIMv2: Fix checksumming of Register messages + PPP: Add some bounds checks (Fix a heap overflow) + PPP: Report invalid PAP AACK/ANAK packets + Q.933: Add a missing bounds check + RADIUS: Add Value 13 "VLAN" to Tunnel-Type attribute + RADIUS: Filter out non-printable characters + RADIUS: Translate UDP/1700 as RADIUS + RESP: Do better checking of RESP packets + RPKI-RTR: Add a return value check for "fn_printn" call + RPKI-RTR: Remove printing when truncated condition already detected + RPL: Fix 'Consistency Check' control code + RPL: Fix suboption print + RSVP: An INTEGRITY object in a submessage covers only the submessage + RSVP: Fix an infinite loop; Add bounds and length checks + RSVP: Fix some if statements missing brackets + RSVP: Have signature_verify() do the copying and clearing + RTCP: Add some bounds checks + RTP: Add some bounds checks, fix two segmentation faults + SCTP: Do more bounds checking + SFLOW: Fix bounds checking + SLOW: Fix bugs, add checks + SMB: Before fetching the flags2 field, make sure we have it + SMB: Do bounds checks on NBNS resource types and resource data lengths + SNMP: Clean up the "have libsmi but no modules loaded" case + SNMP: Clean up the object abbreviation list and fix the code to match them + SNMP: Do bounds checks when printing character and octet strings + SNMP: Improve ASN.1 bounds checks + SNMP: More bounds and length checks + STP: Add a bunch of bounds checks, and fix some printing (Fix heap overflows) + STP: Filter out non-printable characters + TCP: Add bounds and length checks for packets with TCP option 20 + TCP: Correct TCP option Kind value for TCP Auth and add SCPS-TP + TCP: Fix two bounds checks (Fix heap overflows) + TCP: Make sure we have the data offset field before fetching it (Fix a heap overflow) + TCP: Put TCP-AO option decoding right + TFTP: Don't use strchr() to scan packet data (Fix a heap overflow) + Telnet: Add some bounds checks + TokenRing: Fix -e output + UDLD: Fix an infinite loop + UDP: Add a bounds check (Fix a heap overflow) + UDP: Check against the packet length first + VAT: Add some bounds checks + VTP: Add a test on Mgmt Domain Name length + VTP: Add bounds checks and filter out non-printable characters + VXLAN: Add a bound check and a test case + ZeroMQ: Fix an infinite loop + +Tuesday October 25, 2016 mcr@sandelman.ca + Summary for 4.8.1 tcpdump release + Fix "-x" for Apple PKTAP and PPI packets + Improve separation frontend/backend (tcpdump/libnetdissect) + Fix display of timestamps with -tt, -ttt and -ttttt options + Add support for the Marvell Extended Distributed Switch Architecture header + Use PRIx64 to print a 64-bit number in hex. + Printer for HNCP (RFCs 7787 and 7788). + dagid is always an IPv6 address, not an opaque 128-bit string, and other fixes to RPL printer. + RSVP: Add bounds and length checks + OSPF: Do more bounds checking + Handle OpenSSL 1.1.x. + Initial support for the REdis Serialization Protocol known as RESP. + Add printing function for Generic Protocol Extension for VXLAN + draft-ietf-nvo3-vxlan-gpe-01 + Network Service Header: draft-ietf-sfc-nsh-01 + Don't recompile the filter if the new file has the same DLT. + Pass an adjusted struct pcap_pkthdr to the sub-printer. + Add three test cases for already fixed CVEs + CVE-2014-8767: OLSR + CVE-2014-8768: Geonet + CVE-2014-8769: AODV + Don't do the DDP-over-UDP heuristic first: GitHub issue #499. + Use the new debugging routines in libpcap. + Harmonize TCP source or destination ports tests with UDP ones + Introduce data types to use for integral values in packet structures. + RSVP: Fix an infinite loop + Support of Type 3 and Type 4 LISP packets. + Don't require IPv6 library support in order to support IPv6 addresses. + Many many changes to support libnetdissect usage. + Add a test that makes unaligned accesses: GitHub issue #478. + add a DNSSEC test case: GH #445 and GH #467. + BGP: add decoding of ADD-PATH capability + fixes to LLC header printing, and RFC948-style IP packets + +Friday April 10, 2015 guy@alum.mit.edu + Summary for 4.7.4 tcpdump release + RPKI to Router Protocol: Fix Segmentation Faults and other problems + RPKI to Router Protocol: print strings with fn_printn() + wb: fix some bounds checks + +Wednesday March 11, 2015 mcr@sandelman.ca + Summary for 4.7.3 tcpdump release + Capsicum fixes for FreeBSD 10 + +Tuesday March 10, 2015 mcr@sandelman.ca + Summary for 4.7.2 tcpdump release + DCCP: update Packet Types with RFC4340/IANA names + fixes for CVE-2015-0261: IPv6 mobility header check issue + fixes for CVE-2015-2153, 2154, 2155: kday packets + +Friday Nov. 12, 2014 guy@alum.mit.edu + Summary for 4.7.0 tcpdump release + changes to hex printing of CDP packets + Fix PPI printing + Radius: update Packet Type Codes and Attribute Types with RFC/IANA names + Add a routine to print "text protocols", and add FTP/HTTP/SMTP/RTSP support. + improvements to telnet printer, even if not -v + omit length for bcp, print-tcp uses it + formatting fixes for a bunch of protocols + new bounds checks for a number of protocols + split netflow 1,6, and 6 dissector up. + added geneve dissector + CVE-2014-9140 PPP dissector fixed. + +Tuesday Sep. 2, 2014 mcr@sandelman.ca + Summary for 4.6.2 tcpdump release + fix out-of-source-tree builds: find libpcap that is out of source + better configure check for libsmi + +Saturday Jul. 19, 2014 mcr@sandelman.ca + Summary for 4.6.1 tcpdump release + added FreeBSD capsicum + add a short option '#', same as long option '--number' + +Wednesday Jul. 2, 2014 mcr@sandelman.ca + Summary for 4.6.0 tcpdump release + all of tcpdump is now using the new "NDO" code base (Thanks Denis!) + nflog, mobile, forces, pptp, AODV, AHCP, IPv6, OSPFv4, RPL, DHCPv6 enhancements/fixes + M3UA decode added. + many new test cases: 82 in 4.5.1 to 133 in 4.6.0 + many improvements to travis continuous integration system: OSX, and Coverity options + cleaned up some unnecessary header files + Added bittok2str(). + a number of unaligned access faults fixed + -A flag does not consider CR to be printable anymore + fx.lebail took over coverity baby sitting + default snapshot size increased to 256K for accommodate USB captures + WARNING: this release contains a lot of very worthwhile code churn. + +Wednesday Jan. 15, 2014 guy@alum.mit.edu + Summary for 4.5.2 tcpdump release + Man page fix + Fix crashes on SPARC + +Monday Nov. 11, 2013 mcr@sandelman.ca + Summary for 4.5.1 tcpdump release + CREDITS file fixes + +Thursday Nov. 7, 2013 mcr@sandelman.ca and guy@alum.mit.edu. + Summary for 4.5.0 tcpdump release + some NFSv4 fixes for printing + fix printing of unknown TCP options, and tcp fast-open + fixes for syslog parser + some gcc-version-specific flag tuning + adopt MacOS deprecation workarounds for openssl + improvements to babel printing + add OpenFlow 1.0 (no SSL) and test cases + GeoNet printer. + added STBC Rx support + improvements to DHCPv6 decoder + clarify which autoconf is needed + Point users to the the-tcpdump-group repository on GitHub rather + than the mcr repository + Add MSDP printer. + Fixed IPv6 check on Solaris and other OSes requiring extra + networking libraries. + Add support for VXLAN (draft-mahalingam-dutt-dcops-vxlan-03), + and add "vxlan" as an option for -T. + Add support for OTV (draft-hasmit-otv-04). + fixes for DLT_IEEE802_11_RADIO datalink types + added MPTCP decoder + +Saturday April 6, 2013 guy@alum.mit.edu. + Summary for 4.4.0 tcpdump release + RPKI-RTR (RFC6810) is now official (TCP Port 323) + Fix detection of OpenSSL libcrypto. + Add DNSSL (RFC6106) support. + Add "radius" as an option for -T. + Update Action codes for handle_action function according to + 802.11s amendment. + Decode DHCPv6 AFTR-Name option (RFC6334). + Updates for Babel. + Fix printing of infinite lifetime in ICMPv6. + Added support for SPB, SPBM Service Identifier, and Unicast + Address sub-TLV in ISIS. + Decode RIPv2 authentication up to RFC4822. + Fix RIP Request/full table decoding issues. + On Linux systems with cap-ng.h, drop root privileges + using Linux Capabilities. + Add support for reading multiple files. + Add MS NLB heartbeat printer. + Separate multiple nexthops in BGP. + +Wednesday November 28, 2012 guy@alum.mit.edu. + Summary for 4.3.1 tcpdump release + Print "LLDP, length N" for LLDP packets even when not in verbose + mode, so something is printed even if only the timestamp is + present + Document "-T carp" + Print NTP poll interval correctly (it's an exponent, so print + both its raw value and 2^value) + Document that "-e" is used to get MAC addresses + More clearly document that you need to escape or quote + backslashes in filter expressions on the command line + Fix some "the the" in the man page + Use the right maximum path length + Don't treat 192_1_2, when passed to -i, as an interface number + +Friday April 3, 2012. mcr@sandelman.ca. + Summary for 4.3.0 tcpdump release + fixes for forces: SPARSE data (per RFC 5810) + some more test cases added + updates to documentation on -l, -U and -w flags. + Fix printing of BGP optional headers. + Tried to include DLT_PFSYNC support, failed due to headers required. + added TIPC support. + Fix LLDP Network Policy bit definitions. + fixes for IGMPv3's Max Response Time: it is in units of 0.1 second. + SIGUSR1 can be used rather than SIGINFO for stats + permit -n flag to affect print-ip for protocol numbers + ND_OPT_ADVINTERVAL is in milliseconds, not seconds + Teach PPPoE parser about RFC 4638 + + +Friday December 9, 2011. guy@alum.mit.edu. + Summary for 4.2.1 tcpdump release + Only build the Babel printer if IPv6 is enabled. + Support Babel on port 6696 as well as 6697. + Include ppi.h in release tarball. + Include all the test files in the release tarball, and don't + "include" test files that no longer exist. + Don't assume we have <rpc/rpc.h> - check for it. + Support "-T carp" as a way of dissecting IP protocol 112 as CARP + rather than VRRP. + Support Hilscher NetAnalyzer link-layer header format. + Constify some pointers and fix compiler warnings. + Get rid of never-true test. + Fix an unintended fall-through in a case statement in the ARP + printer. + Fix several cases where sizeof(sizeof(XXX)) was used when just + sizeof(XXX) was intended. + Make stricter sanity checks in the ES-IS printer. + Get rid of some GCCisms that caused builds to fai with compilers + that don't support them. + Fix typo in man page. + Added length checks to Babel printer. + +Sunday July 24, 2011. mcr@sandelman.ca. + Summary for 4.2.+ + merged 802.15.4 decoder from Dmitry Eremin-Solenikov <dbaryshkov + at gmail dot com> + updates to forces for new port numbers + Use "-H", not "-h", for the 802.11s option. (-h always help) + Better ICMPv6 checksum handling. + add support for the RPKI/Router Protocol, per -ietf-sidr-rpki-rtr-12 + get rid of uuencoded pcap test files, git can do binary. + sFlow changes for 64-bit counters. + fixes for PPI packet header handling and printing. + Add DCB Exchange protocol (DCBX) version 1.01. + Babel dissector, from Juliusz Chroboczek and Grégoire Henry. + improvements to radiotap for rate values > 127. + Many improvements to ForCES decode, including fix SCTP TML port + updated RPL type code to RPL-17 draft + Improve printout of DHCPv6 options. + added support and test case for QinQ (802.1q VLAN) packets + Handle DLT_IEEE802_15_4_NOFCS like DLT_IEEE802_15_4. + Build fixes for Sparc and other machines with alignment restrictions. + Merged changes from Debian package. + PGM: Add ACK decoding and add PGMCC DATA and FEEDBACK options. + Build fixes for OSX (Snow Leopard and others) + Add support for IEEE 802.15.4 packets + +Tue. July 20, 2010. guy@alum.mit.edu. + Summary for 4.1.2 tcpdump release + If -U is specified, flush the file after creating it, so it's + not zero-length + Fix TCP flags output description, and some typos, in the man + page + Add a -h flag, and only attempt to recognize 802.11s mesh + headers if it's set + When printing the link-layer type list, send *all* output to + stderr + Include the CFLAGS setting when configure was run in the + compiler flags + +Thu. April 1, 2010. guy@alum.mit.edu. + Summary for 4.1.1 tcpdump release + Fix build on systems with PF, such as FreeBSD and OpenBSD. + Don't blow up if a zero-length link-layer address is passed to + linkaddr_string(). + +Thu. March 11, 2010. ken@netfunctional.ca/guy@alum.mit.edu. + Summary for 4.1.0 tcpdump release + Fix printing of MAC addresses for VLAN frames with a length + field + Add some additional bounds checks and use the EXTRACT_ macros + more + Add a -b flag to print the AS number in BGP packets in ASDOT + notation rather than ASPLAIN notation + Add ICMPv6 RFC 5006 support + Decode the access flags in NFS access requests + Handle the new DLT_ for memory-mapped USB captures on Linux + Make the default snapshot (-s) the maximum + Print name of device (when -L is used) + Support for OpenSolaris (and SXCE build 125 and later) + Print new TCP flags + Add support for RPL DIO + Add support for TCP User Timeout (UTO) + Add support for non-standard Ethertypes used by 3com PPPoE gear + Add support for 802.11n and 802.11s + Add support for Transparent Ethernet Bridge ethertype in GRE + Add 4 byte AS support for BGP printer + Add support for the MDT SAFI 66 BG printer + Add basic IPv6 support to print-olsr + Add USB printer + Add printer for ForCES + Handle frames with an FCS + Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames + Fix TCP sequence number printing + Report 802.2 packets as 802.2 instead of 802.3 + Don't include -L/usr/lib in LDFLAGS + On x86_64 Linux, look in lib64 directory too + Lots of code clean ups + Autoconf clean ups + Update testcases to make output changes + Fix compiling with/out smi (--with{,out}-smi) + Fix compiling without IPv6 support (--disable-ipv6) + +Mon. October 27, 2008. ken@netfunctional.ca. Summary for 4.0.0 tcpdump release + Add support for Bluetooth Sniffing + Add support for Realtek Remote Control Protocol (openrrcp.org.ru) + Add support for 802.11 AVS + Add support for SMB over TCP + Add support for 4 byte BGP AS printing + Add support for compiling on case-insensitive file systems + Add support for ikev2 printing + Update support for decoding AFS + Update DHCPv6 printer + Use newer libpcap API's (allows -B option on all platforms) + Add -I to turn on monitor mode + Bugfixes in lldp, lspping, dccp, ESP, NFS printers + Cleanup unused files and various cruft + +Mon. September 10, 2007. ken@xelerance.com. Summary for 3.9.8 tcpdump release + Rework ARP printer + Rework OSPFv3 printer + Add support for Frame-Relay ARP + Decode DHCP Option 121 (RFC 3442 Classless Static Route) + Decode DHCP Option 249 (MS Classless Static Route) the same as Option 121 + TLV: Add support for Juniper .pcap extensions + Print EGP header in new-world-order style + Converted print-isakmp.c to NETDISSECT + Moved AF specific stuff into af.h + Test subsystem now table driven, and saves outputs and diffs to one place + Require <net/pfvar.h> for pf definitions - allows reading of pflog formatted + libpcap files on an OS other than where the file was generated + + +Wed. July 23, 2007. mcr@xelerance.com. Summary for 3.9.7 libpcap release + + NFS: Print unsigned values as such. + RX: parse safely. + BGP: fixes for IPv6-less builds. + 801.1ag: use standard codepoint. + use /dev/bpf on systems with such a device. + 802.11: print QoS data, avoid dissect of no-data frame, ignore padding. + smb: make sure that we haven't gone past the end of the captured data. + smb: squelch an uninitialized complaint from coverity. + NFS: from NetBSD; don't interpret the reply as a possible NFS reply + if it got MSG_DENIED. + BGP: don't print TLV values that didn't fit, from www.digit-labs.org. + revised INSTALL.txt about libpcap dependency. + +Wed. April 25, 2007. ken@xelerance.com. Summary for 3.9.6 tcpdump release + Update man page to reflect changes to libpcap + Changes to both TCP and IP Printer Output + Fix a potential buffer overflow in the 802.11 printer + Print basic info about a few more Cisco LAN protocols. + mDNS cleanup + ICMP MPLS rework of the extension code + bugfix: use the correct codepoint for the OSPF simple text auth token + entry, and use safeputs to print the password. + Add support in pflog for additional values + Add support for OIF RSVP Extensions UNI 1.0 Rev. 2 and additional RSVP objects + Add support for the Message-id NACK c-type. + Add support for 802.3ah loopback ctrl msg + Add support for Multiple-STP as per 802.1s + Add support for rapid-SPT as per 802.1w + Add support for CFM Link-trace msg, Link-trace-Reply msg, + Sender-ID tlv, private tlv, port, interface status + Add support for unidirectional link detection as per + https://tools.ietf.org/id/draft-foschiano-udld-02.txt + Add support for the olsr protocol as per RFC 3626 plus the LQ + extensions from olsr.org + Add support for variable-length checksum in DCCP, as per section 9 of + RFC 4340. + Add support for per-VLAN spanning tree and per-VLAN rapid spanning tree + Add support for Multiple-STP as per 802.1s + Add support for the cisco propriatry 'dynamic trunking protocol' + Add support for the cisco proprietary VTP protocol + Update dhcp6 options table as per IETF standardization activities + + +Tue. September 19, 2006. ken@xelerance.com. Summary for 3.9.5 tcpdump release + + Fix compiling on AIX (, at end of ENUM) + Updated list of DNS RR typecodes + Use local Ethernet defs on WIN32 + Add support for Frame-Relay ARP + Fixes for compiling under MSVC++ + Add support for parsing Juniper .pcap files + Add support for FRF.16 Multilink Frame-Relay (DLT_MFR) + Rework the OSPFv3 printer + Fix printing for 4.4BSD/NetBSD NFS Filehandles + Add support for Cisco style NLPID encapsulation + Add cisco prop. eigrp related, extended communities + Add support for BGP signaled VPLS + Cleanup the bootp printer + Add support for PPP over Frame-Relay + Add some bounds checking to the IP options code, and clean up + the options output a bit. + Add additional modp groups to ISAKMP printer + Add support for Address-Withdraw and Label-Withdraw Msgs + Add support for the BFD Discriminator TLV + Fixes for 64bit compiling + Add support for PIMv2 checksum verification + Add support for further dissection of the IPCP Compression Option + Add support for Cisco's proposed VQP protocol + Add basic support for keyed authentication TCP option + Lots of minor cosmetic changes to output printers + + +Mon. September 19, 2005. ken@xelerance.com. Summary for 3.9.4 tcpdump release + Decoder support for more Juniper link-layer types + Fix a potential buffer overflow (although it can't occur in + practice). + Fix the handling of unknown management frame types in the 802.11 + printer. + Add FRF.16 support, fix various Frame Relay bugs. + Add support for RSVP integrity objects, update fast-reroute + object printer to latest spec. + Clean up documentation of vlan filter expression, document mpls + filter expression. + Document new pppoed and pppoes filter expressions. + Update diffserver-TE codepoints as per RFC 4124. + Spelling fixes in ICMPv6. + Don't require any fields other than flags to be present in IS-IS + restart signaling TLVs, and only print the system ID in + those TLVs as system IDs, not as node IDs. + Support for DCCP. + +Tue. July 5, 2005. ken@xelerance.com. Summary for 3.9.3 tcpdump release + + Option to chroot() when dropping privs + Fixes for compiling on nearly every platform, + including improved 64bit support + Many new testcases + Support for sending packets + Many compilation fixes on most platforms + Fixes for recent version of GCC to eliminate warnings + Improved Unicode support + + Decoders & DLT Changes, Updates and New: + AES ESP support + Juniper ATM, FRF.15, FRF.16, PPPoE, + ML-FR, ML-PIC, ML-PPP, PL-PPP, LS-PIC + GGSN,ES,MONITOR,SERVICES + L2VPN + Axent Raptor/Symantec Firewall + TCP-MD5 (RFC 2385) + ESP-in-UDP (RFC 3948) + ATM OAM + LMP, LMP Service Discovery + IP over FC + IP over IEEE 1394 + BACnet MS/TP + SS7 + LDP over TCP + LACP, MARKER as per 802.3ad + PGM (RFC 3208) + LSP-PING + G.7041/Y.1303 Generic Framing Procedure + EIGRP-IP, EIGRP-IPX + ICMP6 + Radio - via radiotap + DHCPv6 + HDLC over PPP + +Tue. March 30, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.3 release + + No changes from 3.8.2. Version bumped only to maintain consistency + with libpcap 0.8.3. + +Mon. March 29, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.2 release + + Fixes for print-isakmp.c CVE: CAN-2004-0183, CAN-2004-0184 + https://web.archive.org/web/20160328035955/https://www.rapid7.com/resources/advisories/R7-0017.jsp + IP-over-IEEE1394 printing. + some MINGW32 changes. + updates for autoconf 2.5 + fixes for print-aodv.c - check for too short packets + formatting changes to print-ascii for hex output. + check for too short packets: print-bgp.c, print-bootp.c, print-cdp.c, + print-chdlc.c, print-domain.c, print-icmp.c, print-icmp6.c, + print-ip.c, print-lwres.c, print-ospf.c, print-pim.c, + print-ppp.c,print-pppoe.c, print-rsvp.c, print-wb.c + print-ether.c - better handling of unknown types. + print-isoclns.c - additional decoding of types. + print-llc.c - strings for LLC names added. + print-pfloc.c - various enhancements + print-radius.c - better decoding to strings. + +Wed. November 12, 2003. mcr@sandelman.ottawa.on.ca. Summary for 3.8 release + + changed syntax of -E argument so that multiple SAs can be decrypted + fixes for Digital Unix headers and Documentation + __attribute__ fixes + CDP changes from Terry Kennedy <terry@tmk.com>. + IPv6 mobility updates from Kazushi Sugyo <sugyo@pb.jp.nec.com> + Fixes for ASN.1 decoder for 2.100.3 forms. + Added a count of packets received and processed to clarify numbers. + Incorporated WinDUMP patches for Win32 builds. + PPPoE payload length headers. + Fixes for HP C compiler builds. + Use new pcap_breakloop() and pcap_findalldevs() if we can. + BGP output split into multiple lines. + Fixes to 802.11 decoding. + Fixes to PIM decoder. + SuperH is a CPU that can't handle unaligned access. Many fixes for + unaligned access work. + Fixes to Frame-Relay decoder for Q.933/922 frames. + Clarified when Solaris can do captures as non-root. + Added tests/ subdir for examples/regression tests. + New -U flag. -flush stdout after every packet + New -A flag -print ascii only + support for decoding IS-IS inside Cisco HDLC Frames + more verbosity for tftp decoder + mDNS decoder + new BFD decoder + cross compilation patches + RFC 3561 AODV support. + UDP/TCP pseudo-checksum properly for source-route options. + sanitized all files to modified BSD license + Add support for RFC 2625 IP-over-Fibre Channel. + fixes for DECnet support. + Support RFC 2684 bridging of Ethernet, 802.5 Token Ring, and FDDI. + RFC 2684 encapsulation of BPDUs. + +Tuesday, February 25, 2003. fenner@research.att.com. 3.7.2 release + + Fixed infinite loop when parsing invalid isakmp packets. + (reported by iDefense; already fixed in CVS) + Fixed infinite loop when parsing invalid BGP packets. + Fixed buffer overflow with certain invalid NFS packets. + Pretty-print unprintable network names in 802.11 printer. + Handle truncated nbp (appletalk) packets. + Updated DHCPv6 printer to match draft-ietf-dhc-dhcpv6-22.txt + Print IP protocol name even if we don't have a printer for it. + Print IP protocol name or number for fragments. + Print the whole MPLS label stack, not just the top label. + Print request header and file handle for NFS v3 FSINFO and PATHCONF + requests. + Fix NFS packet truncation checks. + Handle "old" DR-Priority and Bidir-Capable PIM HELLO options. + Handle unknown RADIUS attributes properly. + Fix an ASN.1 parsing error that would cause e.g. the OID + 2.100.3 to be misrepresented as 4.20.3 . + +Monday, January 21, 2002. mcr@sandelman.ottawa.on.ca. Summary for 3.7 release + keyword "ipx" added. + Better OSI/802.2 support on Linux. + IEEE 802.11 support, from clenahan@fortresstech.com, achirica@ttd.net. + LLC SAP support for FDDI/token ring/RFC-1483 style ATM + BXXP protocol was replaced by the BEEP protocol; + improvements to SNAP demux. + Changes to "any" interface documentation. + Documentation on pcap_stats() counters. + Fix a memory leak found by Miklos Szeredi - pcap_ether_aton(). + Added MPLS encapsulation decoding per RFC3032. + DNS dissector handles TKEY, TSIG and IXFR. + adaptive SLIP interface patch from Igor Khristophorov <igor@atdot.org> + SMB printing has much improved bounds checks + OUI 0x0000f8 decoded as encapsulated ethernet for Cisco-custom bridging + Zephyr support, from Nickolai Zeldovich <kolya@MIT.EDU>. + Solaris - devices with digits in them. Stefan Hudson <hudson@mbay.net> + IPX socket 0x85be is for Cisco EIGRP over IPX. + Improvements to fragmented ESP handling. + SCTP support from Armando L. Caro Jr. <acaro@mail.eecis.udel.edu> + Linux ARPHDR_ATM support fixed. + Added a "netbeui" keyword, which selects NetBEUI packets. + IPv6 ND improvements, MobileIP dissector, 2292bis-02 for RA option. + Handle ARPHDR_HDLC from Marcus Felipe Pereira <marcus@task.com.br>. + Handle IPX socket 0x553 -> NetBIOS-over-IPX socket, "nwlink-dgm" + Better Linux libc5 compat. + BIND9 lwres dissector added. + MIPS and SPARC get strict alignment macros (affects print-bgp.c) + Apple LocalTalk LINKTYPE_ reserved. + New time stamp formats documented. + DHCP6 updated to draft-22.txt spec. + ICMP types/codes now accept symbolic names. + Add SIGINFO handler from LBL + encrypted CIPE tunnels in IRIX, from Franz Schaefer <schaefer@mond.at>. + now we are -Wstrict-prototype clean. + NetBSD DLT_PPP_ETHER; adapted from Martin Husemann <martin@netbsd.org>. + PPPoE dissector cleaned up. + Support for LocalTalk hardware, from Uns Lider <unslider@miranda.org>. + In dissector, now the caller prints the IP addresses rather than proto. + cjclark@alum.mit.edu: print the IP proto for non-initial fragments. + LLC frames with a DSAP and LSAP of 0xe0 are IPX frames. + Linux cooked frames with a type value of LINUX_SLL_P_802_3 are IPX. + captures on the "any" device won't be done in promiscuous mode + Token Ring support on DLPI - Onno van der Linden <onno@simplex.nl> + ARCNet support, from NetBSD. + HSRP dissector, from Julian Cowley <julian@lava.net>. + Handle (GRE-encapsulated) PPTP + added -C option to rotate save file every optarg * 1,000,000 bytes. + support for "vrrp" name - NetBSD, by Klaus Klein <kleink@netbsd.org>. + PPTP support, from Motonori Shindo <mshindo@mshindo.net>. + IS-IS over PPP support, from Hannes Gredler <hannes@juniper.net>. + CNFP support for IPv6,format. Harry Raaymakers <harryr@connect.com.au>. + ESP printing updated to RFC2406. + HP-UX can now handle large number of PPAs. + MSDP printer added. + L2TP dissector improvements from Motonori Shindo. + +Tuesday January 9, 2001. mcr@sandelman.ottawa.on.ca. Summary for 3.6 release + Cleaned up documentation. + Promisc mode fixes for Linux + IPsec changes/cleanups. + Alignment fixes for picky architectures + + Removed dependency on native headers for packet dissectors. + Removed Linux specific headers that were shipped + + libpcap changes provide for exchanging capture files between + systems. Save files now have well known PACKET_ values instead of + depending upon system dependent mappings of DLT_* types. + + Support for computing/checking IP and UDP/TCP checksums. + + Updated autoconf stock files. + + IPv6 improvements: dhcp (draft-15), mobile-ip6, ppp, ospf6, + + Added dissector support for: ISOCLNS, Token Ring, IGMPv3, bxxp, + timed, vrrp, radius, chdlc, cnfp, cdp, IEEE802.1d, raw-AppleTalk + + Added filtering support for: VLANs, ESIS, ISIS + + Improvements to: print-telnet, IPTalk, bootp/dhcp, ECN, PPP, + L2TP, PPPoE + + HP-UX 11.0 -- find the right dlpi device. + Solaris 8 - IPv6 works + Linux - Added support for an "any" device to capture on all interfaces + + Security fixes: buffer overrun audit done. Strcpy replaced with + strlcpy, sprintf replaced with snprintf. + Look for lex problems, and warn about them. + + +v3.5 Fri Jan 28 18:00:00 PST 2000 + +Bill Fenner <fenner@research.att.com> +- switch to config.h for autoconf +- unify RCSID strings +- Updated PIMv1, PIMv2, DVMRP, IGMP parsers, add Cisco Auto-RP parser +- Really fix the RIP printer +- Fix MAC address -> name translation. +- some -Wall -Wformat fixes +- update makemib to parse much of SMIv2 +- Print TCP sequence # with -vv even if you normally wouldn't +- Print as much of IP/TCP/UDP headers as possible even if truncated. + +itojun@iijlab.net +- -X will make a ascii dump. from netbsd. +- telnet command sequence decoder (ff xx xx). from netbsd. +- print-bgp.c: improve options printing. ugly code exists for + unaligned option parsing (need some fix). +- const poisoning in SMB decoder. +- -Wall -Werror clean checks. +- bring in KAME IPv6/IPsec decoding code. + +Assar Westerlund <assar@sics.se> +- SNMPv2 and SNMPv3 printer +- If compiled with libsmi, tcpdump can load MIBs on the fly to decode + SNMP packets. +- Incorporate NFS parsing code from NetBSD. Adds support for nfsv3. +- portability fixes +- permit building in different directories. + +Ken Hornstein <kenh@cmf.nrl.navy.mil> +- bring in code at + /afs/transarc.com/public/afs-contrib/tools/tcpdump for parsing + AFS3 packets + +Andrew Tridgell <tridge@linuxcare.com> +- SMB printing code + +Love <lha@stacken.kth.se> +- print-rx.c: add code for printing MakeDir and StoreStatus. Also + change date format to the right one. + +Michael C. Richardson <mcr@sandelman.ottawa.on.ca> +- Created tcpdump.org repository + +v3.4 Sat Jul 25 12:40:55 PDT 1998 + +- Hardwire Linux slip support since it's too hard to detect. + +- Redo configuration of "network" libraries (-lsocket and -lnsl) to + deal with IRIX. Thanks to John Hawkinson (jhawk@mit.edu) + +- Added -a which tries to translate network and broadcast addresses to + names. Suggested by Rob van Nieuwkerk (robn@verdi.et.tudelft.nl) + +- Added a configure option to disable gcc. + +- Added a "raw" packet printer. + +- Not having an interface address is no longer fatal. Requested by John + Hawkinson. + +- Rework signal setup to accommodate Linux. + +- OSPF truncation check fix. Also display the type of OSPF packets + using MD5 authentication. Thanks to Brian Wellington + (bwelling@tis.com) + +- Fix truncation check bugs in the Kerberos printer. Reported by Ezra + Peisach (epeisach@mit.edu) + +- Don't catch SIGHUP when invoked with nohup(1). Thanks to Dave Plonka + (plonka@mfa.com) + +- Specify full install target as a way of detecting if install + directory does not exist. Thanks to Dave Plonka. + +- Bit-swap FDDI addresses for BSD/OS too. Thanks to Paul Vixie + (paul@vix.com) + +- Fix off-by-one bug when testing size of ethernet packets. Thanks to + Marty Leisner (leisner@sdsp.mc.xerox.com) + +- Add a local autoconf macro to check for routines in libraries; the + autoconf version is broken (it only puts the library name in the + cache variable name). Thanks to John Hawkinson. + +- Add a local autoconf macro to check for types; the autoconf version + is broken (it uses grep instead of actually compiling a code fragment). + +- Modified to support the new BSD/OS 2.1 PPP and SLIP link layer header + formats. + +- Extend OSF ip header workaround to versions 1 and 2. + +- Fix some signed problems in the nfs printer. As reported by David + Sacerdote (davids@silence.secnet.com) + +- Detect group wheel and use it as the default since BSD/OS' install + can't hack numeric groups. Reported by David Sacerdote. + +- AIX needs special loader options. Thanks to Jonathan I. Kamens + (jik@cam.ov.com) + +- Fixed the nfs printer to print port numbers in decimal. Thanks to + Kent Vander Velden (graphix@iastate.edu) + +- Find installed libpcap in /usr/local/lib when not using gcc. + +- Disallow network masks with non-network bits set. + +- Attempt to detect "egcs" versions of gcc. + +- Add missing closing double quotes when displaying bootp strings. + Reported by Viet-Trung Luu (vluu@picard.math.uwaterloo.ca) + +v3.3 Sat Nov 30 20:56:27 PST 1996 + +- Added Linux support. + +- GRE encapsulated packet printer thanks to John Hawkinson + (jhawk@mit.edu) + +- Rewrite gmt2local() to avoid problematic os dependencies. + +- Suppress nfs truncation message on errors. + +- Add missing m4 quoting in AC_LBL_UNALIGNED_ACCESS autoconf macro. + Reported by Joachim Ott (ott@ardala.han.de) + +- Enable "ip_hl vs. ip_vhl" workaround for OSF4 too. + +- Print arp hardware type in host order. Thanks to Onno van der Linden + (onno@simplex.nl) + +- Avoid solaris compiler warnings. Thanks to Bruce Barnett + (barnett@grymoire.crd.ge.com) + +- Fix rip printer to not print one more route than is actually in the + packet. Thanks to Jean-Luc Richier (Jean-Luc.Richier@imag.fr) and + Bill Fenner (fenner@parc.xerox.com) + +- Use autoconf endian detection since BYTE_ORDER isn't defined on all systems. + +- Fix dvmrp printer truncation checks and add a dvmrp probe printer. + Thanks to Danny J. Mitzel (mitzel@ipsilon.com) + +- Rewrite ospf printer to improve truncation checks. + +- Don't parse tcp options past the EOL. As noted by David Sacerdote + (davids@secnet.com). Also, check tcp options to make sure they ar + actually in the tcp header (in addition to the normal truncation + checks). Fix the SACK code to print the N blocks (instead of the + first block N times). + +- Don't say really small UDP packets are truncated just because they + aren't big enough to be a RPC. As noted by David Sacerdote. + +v3.2.1 Sun Jul 14 03:02:26 PDT 1996 + +- Added rfc1716 icmp codes as suggested by Martin Fredriksson + (martin@msp.se) + +- Print mtu for icmp unreach need frag packets. Thanks to John + Hawkinson (jhawk@mit.edu) + +- Decode icmp router discovery messages. Thanks to Jeffrey Honig + (jch@bsdi.com) + +- Added a printer entry for DLT_IEEE802 as suggested by Tak Kushida + (kushida@trl.ibm.co.jp) + +- Check igmp checksum if possible. Thanks to John Hawkinson. + +- Made changes for SINIX. Thanks to Andrej Borsenkow + (borsenkow.msk@sni.de) + +- Use autoconf's idea of the top level directory in install targets. + Thanks to John Hawkinson. + +- Avoid infinite loop in tcp options printing code. Thanks to Jeffrey + Mogul (mogul@pa.dec.com) + +- Avoid using -lsocket in IRIX 5.2 and earlier since it breaks snoop. + Thanks to John Hawkinson. + +- Added some more packet truncation checks. + +- On systems that have it, use sigset() instead of signal() since + signal() has different semantics on these systems. + +- Fixed some more alignment problems on the alpha. + +- Add code to massage unprintable characters in the domain and ipx + printers. Thanks to John Hawkinson. + +- Added explicit netmask support. Thanks to Steve Nuchia + (steve@research.oknet.com) + +- Add "sca" keyword (for DEC cluster services) as suggested by Terry + Kennedy (terry@spcvxa.spc.edu) + +- Add "atalk" keyword as suggested by John Hawkinson. + +- Added an igrp printer. Thanks to Francis Dupont + (francis.dupont@inria.fr) + +- Print IPX net numbers in hex a la Novell Netware. Thanks to Terry + Kennedy (terry@spcvxa.spc.edu) + +- Fixed snmp extended tag field parsing bug. Thanks to Pascal Hennequin + (pascal.hennequin@hugo.int-evry.fr) + +- Added some ETHERTYPEs missing on some systems. + +- Added truncated packet macros and various checks. + +- Fixed endian problems with the DECnet printer. + +- Use $CC when checking gcc version. Thanks to Carl Lindberg + (carl_lindberg@blacksmith.com) + +- Fixes for AIX (although this system is not yet supported). Thanks to + John Hawkinson. + +- Fix bugs in the autoconf misaligned accesses code fragment. + +- Include sys/param.h to get BYTE_ORDER in a few places. Thanks to + Pavlin Ivanov Radoslavov (pavlin@cs.titech.ac.jp) + +v3.2 Sun Jun 23 02:28:10 PDT 1996 + +- Print new icmp unreachable codes as suggested by Martin Fredriksson + (martin@msp.se). Also print code value when unknown for icmp redirect + and time exceeded. + +- Fix an alignment endian bug in getname(). Thanks to John Hawkinson. + +- Define "new" domain record types if not found in arpa/nameserv.h. + Resulted from a suggestion from John Hawkinson (jhawk@mit.edu). Also + fixed an endian bug when printing mx record and added some new record + types. + +- Added RIP V2 support. Thanks to Jeffrey Honig (jch@bsdi.com) + +- Added T/TCP options printing. As suggested by Richard Stevens + (rstevens@noao.edu) + +- Use autoconf to detect architectures that can't handle misaligned + accesses. + +v3.1 Thu Jun 13 20:59:32 PDT 1996 + +- Changed u_int32/int32 to u_int32_t/int32_t to be consistent with bsd + and bind (as suggested by Charles Hannum). + +- Port to GNU autoconf. + +- Add support for printing DVMRP and PIM traffic thanks to + Havard Eidnes (Havard.Eidnes@runit.sintef.no). + +- Fix AppleTalk, IPX and DECnet byte order problems due to wrong endian + define being referenced. Reported by Terry Kennedy. + +- Minor fixes to the man page thanks to Mark Andrews. + +- Endian fixes to RTP and vat packet dumpers, thanks to Bruce Mah + (bmah@cs.berkeley.edu). + +- Added support for new dns types, thanks to Rainer Orth. + +- Fixed tftp_print() to print the block number for ACKs. + +- Document -dd and -ddd. Resulted from a bug report from Charlie Slater + (cslater@imatek.com). + +- Check return status from malloc/calloc/etc. + +- Check return status from pcap_loop() so we can print an error and + exit with a bad status if there were problems. + +- Bail if ip option length is <= 0. Resulted from a bug report from + Darren Reed (darrenr@vitruvius.arbld.unimelb.edu.au). + +- Print out a little more information for sun rpc packets. + +- Add support for Kerberos 4 thanks to John Hawkinson (jhawk@mit.edu). + +- Fixed the Fix EXTRACT_SHORT() and EXTRACT_LONG() macros (which were + wrong on little endian machines). + +- Fixed alignment bug in ipx_decode(). Thanks to Matt Crawford + (crawdad@fnal.gov). + +- Fix ntp_print() to not print garbage when the stratum is + "unspecified." Thanks to Deus Ex Machina (root@belle.bork.com). + +- Rewrote tcp options printer code to check for truncation. Added + selective acknowledgment case. + +- Fixed an endian bug in the ospf printer. Thanks to Jeffrey C Honig + (jch@bsdi.com) + +- Fix rip printer to handle 4.4 BSD sockaddr struct which only uses one + octet for the sa_family member. Thanks to Yoshitaka Tokugawa + (toku@dit.co.jp) + +- Don't checksum ip header if we don't have all of it. Thanks to John + Hawkinson (jhawk@mit.edu). + +- Print out hostnames if possible in egp printer. Thanks to Jeffrey + Honig (jhc@bsdi.com) + + +v3.1a1 Wed May 3 19:21:11 PDT 1995 + +- Include time.h when SVR4 is defined to avoid problems under Solaris + 2.3. + +- Fix etheraddr_string() in the ETHER_SERVICE to return the saved + strings, not the local buffer. Thanks to Stefan Petri + (petri@ibr.cs.tu-bs.de). + +- Detect when pcap raises the snaplen (e.g. with snit). Print a warning + that the selected value was not used. Thanks to Pascal Hennequin + (Pascal.Hennequin@hugo.int-evry.fr). + +- Add a truncated packet test to print-nfs.c. Thanks to Pascal Hennequin. + +- BYTEORDER -> BYTE_ORDER Thanks to Terry Kennedy (terry@spcvxa.spc.edu). + +v3.0.3 Sun Oct 1 18:35:00 GMT 1995 + +- Although there never was a 3.0.3 release, the linux boys cleverly + "released" one in late 1995. + +v3.0.2 Thu Apr 20 21:28:16 PDT 1995 + +- Change configuration to not use gcc v2 flags with gcc v1. + +- Redo gmt2local() so that it works under BSDI (which seems to return + an empty timezone struct from gettimeofday()). Based on report from + Terry Kennedy (terry@spcvxa.spc.edu). + +- Change configure to recognize IP[0-9]* as "mips" SGI hardware. Based + on report from Mark Andrews (mandrews@alias.com). + +- Don't pass cc flags to gcc. Resulted from a bug report from Rainer + Orth (ro@techfak.uni-bielefeld.de). + +- Fixed printout of connection id for uncompressed tcp slip packets. + Resulted from a bug report from Richard Stevens (rstevens@noao.edu). + +- Hack around deficiency in Ultrix's make. + +- Add ETHERTYPE_TRAIL define which is missing from irix5. + +v3.0.1 Wed Aug 31 22:42:26 PDT 1994 + +- Fix problems with gcc2 vs. malloc() and read() prototypes under SunOS 4. + +v3.0 Mon Jun 20 19:23:27 PDT 1994 + +- Added support for printing tcp option timestamps thanks to + Mark Andrews (mandrews@alias.com). + +- Reorganize protocol dumpers to take const pointers to packets so they + never change the contents (i.e., they used to do endian conversions + in place). Previously, whenever more than one pass was taken over + the packet, the packet contents would be dumped incorrectly (i.e., + the output form -x would be wrong on little endian machines because + the protocol dumpers would modify the data). Thanks to Charles Hannum + (mycroft@gnu.ai.mit.edu) for reporting this problem. + +- Added support for decnet protocol dumping thanks to Jeff Mogul + (mogul@pa.dec.com). + +- Fix bug that caused length of packet to be incorrectly printed + (off by ether header size) for unknown ethernet types thanks + to Greg Miller (gmiller@kayak.mitre.org). + +- Added support for IPX protocol dumping thanks to Brad Parker + (brad@fcr.com). + +- Added check to verify IP header checksum under -v thanks to + Brad Parker (brad@fcr.com). + +- Move packet capture code to new libpcap library (which is + packaged separately). + +- Prototype everything and assume an ansi compiler. + +- print-arp.c: Print hardware ethernet addresses if they're not + what we expect. + +- print-bootp.c: Decode the cmu vendor field. Add RFC1497 tags. + Many helpful suggestions from Gordon Ross (gwr@jericho.mc.com). + +- print-fddi.c: Improvements. Thanks to Jeffrey Mogul + (mogul@pa.dec.com). + +- print-icmp.c: Byte swap netmask before printing. Thanks to + Richard Stevens (rstevens@noao.edu). Print icmp type when unknown. + +- print-ip.c: Print the inner ip datagram of ip-in-ip encapsulated packets. + By default, only the inner packet is dumped, appended with the token + "(encap)". Under -v, both the inner and output packets are dumped + (on the same line). Note that the filter applies to the original packet, + not the encapsulated packet. So if you run tcpdump on a net with an + IP Multicast tunnel, you cannot filter out the datagrams using the + conventional syntax. (You can filter away all the ip-in-ip traffic + with "not ip proto 4".) + +- print-nfs.c: Keep pending rpc's in circular table. Add generic + nfs header and remove os dependences. Thanks to Jeffrey Mogul. + +- print-ospf.c: Improvements. Thanks to Jeffrey Mogul. + +- tcpdump.c: Add -T flag allows interpretation of "vat", "wb", "rpc" + (sunrpc) and rtp packets. Added "inbound" and "outbound" keywords + Add && and || operators + +v2.2.1 Tue Jun 6 17:57:22 PDT 1992 + +- Fix bug with -c flag. + +v2.2 Fri May 22 17:19:41 PDT 1992 + +- savefile.c: Remove hack that shouldn't have been exported. Add + truncate checks. + +- Added the 'icmp' keyword. For example, 'icmp[0] != 8 and icmp[0] != 0' + matches non-echo/reply ICMP packets. + +- Many improvements to filter code optimizer. + +- Added 'multicast' keyword and extended the 'broadcast' keyword can now be + so that protocol qualifications are allowed. For example, "ip broadcast" + and "ether multicast" are valid filters. + +- Added support for monitoring the loopback interface (i.e. 'tcpdump -i lo'). + Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) contributed the kernel + patches to netinet/if_loop.c. + +- Added support for the Ungermann-Bass Ethernet on IBM/PC-RTs running AOS. + Contact Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) for the diffs. + +- Added EGP and OSPF printers, thanks to Jeffrey Honig. + +v2.1 Tue Jan 28 11:00:14 PST 1992 + +- Internal release (never publicly exported). + +v2.0.1 Sun Jan 26 21:10:10 PDT + +- Various byte ordering fixes. + +- Add truncation checks. + +- inet.c: Support BSD style SIOCGIFCONF. + +- nametoaddr.c: Handle multi addresses for single host. + +- optimize.c: Rewritten. + +- pcap-bpf.c: don't choke when we get ptraced. only set promiscuous + for broadcast nets. + +- print-atal.c: Fix an alignment bug (thanks to + stanonik@nprdc.navy.mil) Add missing printf() argument. + +- print-bootp.c: First attempt at decoding the vendor buffer. + +- print-domain.c: Fix truncation checks. + +- print-icmp.c: Calculate length of packets from the ip header. + +- print-ip.c: Print frag id in decimal (so it's easier to match up + with non-frags). Add support for ospf, egp and igmp. + +- print-nfs.c: Lots of changes. + +- print-ntp.c: Make some verbose output depend on -v. + +- print-snmp.c: New version from John LoVerso. + +- print-tcp.c: Print rfc1072 tcp options. + +- tcpdump.c: Print "0x" prefix for %x formats. Always print 6 digits + (microseconds) worth of precision. Fix uid bugs. + +- A packet dumper has been added (thanks to Jeff Mogul of DECWRL). + With this option, you can create an architecture independent binary + trace file in real time, without the overhead of the packet printer. + At a later time, the packets can be filtered (again) and printed. + +- BSD is supported. You must have BPF in your kernel. + Since the filtering is now done in the kernel, fewer packets are + dropped. In fact, with BPF and the packet dumper option, a measly + Sun 3/50 can keep up with a busy network. + +- Compressed SLIP packets can now be dumped, provided you use our + SLIP software and BPF. These packets are dumped as any other IP + packet; the compressed headers are dumped with the '-e' option. + +- Machines with little-endian byte ordering are supported (thanks to + Jeff Mogul). + +- Ultrix 4.0 is supported (also thanks to Jeff Mogul). + +- IBM RT and Stanford Enetfilter support has been added by + Rayan Zachariassen <rayan@canet.ca>. Tcpdump has been tested under + both the vanilla Enetfilter interface, and the extended interface + (#ifdef'd by IBMRTPC) present in the MERIT version of the Enetfilter. + +- TFTP packets are now printed (requests only). + +- BOOTP packets are now printed. + +- SNMP packets are now printed. (thanks to John LoVerso of Xylogics). + +- Sparc architectures, including the Sparcstation-1, are now + supported thanks to Steve McCanne and Craig Leres. + +- SunOS 4 is now supported thanks to Micky Liu of Columbia + University (micky@cunixc.cc.columbia.edu). + +- IP options are now printed. + +- RIP packets are now printed. + +- There's a -v flag that prints out more information than the + default (e.g., it will enable printing of IP ttl, tos and id) + and -q flag that prints out less (e.g., it will disable + interpretation of AppleTalk-in-UDP). + +- The grammar has undergone substantial changes (if you have an + earlier version of tcpdump, you should re-read the manual + entry). + + The most useful change is the addition of an expression + syntax that lets you filter on arbitrary fields or values in the + packet. E.g., "ip[0] > 0x45" would print only packets with IP + options, "tcp[13] & 3 != 0" would print only TCP SYN and FIN + packets. + + The most painful change is that concatenation no longer means + "and" -- e.g., you have to say "host foo and port bar" instead + of "host foo port bar". The up side to this down is that + repeated qualifiers can be omitted, making most filter + expressions shorter. E.g., you can now say "ip host foo and + (bar or baz)" to look at ip traffic between hosts foo and bar or + between hosts foo and baz. [The old way of saying this was "ip + host foo and (ip host bar or ip host baz)".] + +v2.0 Sun Jan 13 12:20:40 PST 1991 + +- Initial public release. |