1 Monthday, Month DD, YYYY by gharris and denis
2 Summary for 5.0.0 tcpdump release (so far!)
3 Refine protocol decoding for:
4 EIGRP: Get the packet header fields right.
5 OpenFlow 1.0: Fix indentation of PORT_MOD.
6 RIP: Make a couple trivial protocol updates.
7 NetFlow: Use tcp_flag_values[] for TCP flags.
8 OSPF: Update to match the Router Properties registry.
9 VQP: Do not print unknown error codes twice.
10 ZMTP: Replace custom code with bittok2str().
11 BFD: Add support for S-BFD and spell LAG in uppercase.
12 BGP: Update cease notification decoding to RFC 9003.
13 IEEE 802.11: include the Mesh ID field while printing management
15 DNS: sync resource types with IANA.
16 MPTCP: print length before subtype inside MPTCP options, parse MPC
17 data_len field, print flags from MP_CAPABLE option.
18 sFlow: add support for IPv6 agent.
19 VRRP: add support for IPv6.
20 ICMP: add dissector for ICMP Interface Identification Object
22 Add --print-sampling to print every Nth packet instead of all.
23 Print the supported time stamp types (-J) to stdout instead of stderr.
24 Print the list of data link types (-L) to stdout instead of stderr.
26 Use %zu when printing a sizeof to squelch compiler warnings
27 (FIXME: somebody please wrap the line below just before the release)
28 AODV, AppleTalk, BOOTP, EGP, EIGRP, ForCES, Geneve, L2TP, NetFlow, NTP, OLSR, PGM, RIP, RSVP, SCTP, SNMP, TCP, UDP: Modernize packet parsing style
29 DCCP, EGP: Replace custom code with tok2str()
30 UDP: Clean up address and port printing.
31 AppleTalk: Declutter appletalk.h.
32 Introduce new ND_ICHECK*() macros to deduplicate more code.
33 IEEE 802.11: Simplify handle_action().
34 RPKI-Router: Refine length and bounds checks.
36 Add a configure option to help debugging (--enable-instrument-functions)
39 Summary for 4.99.2 tcpdump release (so far!)
41 BGP: decode BGP link-bandwidth extended community properly.
42 DSA: correctly determine VID.
43 EAP: fix some length checks and output issues.
44 802.15.4, BGP, LISP: fix some length checks, compiler warnings,
45 and undefined behavior warnings.
46 PFLOG: handle LINKTYPE_PFLOG/DLT_PFLOG files from all OSes on all
48 RRCP: support more Realtek protocols than just RRCP.
49 MPLS: show the EXP field as TC, as per RFC 5462.
50 ICMP: redo MPLS Extension code as general ICMP Extension code.
52 Update config.guess and config.sub.
53 Handle some Autoconf/make errors better.
54 Fix an error when corss-compiling.
55 Fix "make releasetar" on AIX and Solaris.
56 Mend "make check" on Solaris 9 with Autoconf.
57 Address assorted compiler warnings.
58 Fix auto-enabling of Capsicum on FreeBSD with Autoconf.
59 Treat "msys" as Windows for test exit statuses.
60 Clean up some help messages in configure.
61 Use unified diff by default.
63 Some man page cleanups.
64 Note that we require compilers to support at least some of C99.
66 Wednesday, June 9, 2021 by gharris
67 Summary for 4.99.1 tcpdump release
69 Squelch some compiler warnings
70 ICMP: Update the snapend for some nested IP packets.
71 MACsec: Update the snapend thus the ICV field is not payload
73 EIGRP: Fix packet header fields
74 SMB: Disable printer by default in CMake builds
75 OLSR: Print the protocol name even if the packet is invalid
76 MSDP: Print ": " before the protocol name
77 ESP: Remove padding, padding length and next header from the buffer
78 DHCPv6: Update the snapend for nested DHCPv6 packets
79 OpenFlow 1.0: Get snapend right for nested frames.
80 TCP: Update the snapend before decoding a MPTCP option
81 Ethernet, IEEE 802.15.4, IP, L2TP, TCP, ZEP: Add bounds checks
82 ForCES: Refine SPARSEDATA-TLV length check.
83 ASCII/hex: Use nd_trunc_longjmp() in truncation cases
84 GeoNet: Add a ND_TCHECK_LEN() call
85 Replace ND_TCHECK_/memcpy() pairs with GET_CPY_BYTES().
86 BGP: Fix overwrites of global 'astostr' temporary buffer
87 ARP: fix overwrites of static buffer in q922_string().
88 Frame Relay: have q922_string() handle errors better.
90 Rebuild configure script when building release
91 Fix "make clean" for out-of-tree autotools builds
92 CMake: add stuff from CMAKE_PREFIX_PATH to PKG_CONFIG_PATH.
94 man: Update a reference as www.cifs.org is gone. [skip ci]
95 man: Update DNS sections
97 Fix a compile error with Sun C
99 Wednesday, December 30, 2020, by mcr@sandelman.ca, denis and fxl.
100 Summary for 4.99.0 tcpdump release
101 CVE-2018-16301: For the -F option handle large input files safely.
102 Improve the contents, wording and formatting of the man page.
103 Print unsupported link-layer protocol packets in hex.
104 Add support for new network protocols and DLTs: Arista, Autosar SOME/IP,
105 Broadcom LI and Ethernet switches tag, IEEE 802.15.9, IP-over-InfiniBand
106 (IPoIB), Linux SLL2, Linux vsockmon, MACsec, Marvell Distributed Switch
107 Architecture, OpenFlow 1.3, Precision Time Protocol (PTP), SSH, WHOIS,
108 ZigBee Encapsulation Protocol (ZEP).
109 Make protocol-specific updates for: AH, DHCP, DNS, ESP, FRF.16, HNCP,
110 ICMP6, IEEE 802.15.4, IPv6, IS-IS, Linux SLL, LLDP, LSP ping, MPTCP, NFS,
111 NSH, NTP, OSPF, OSPF6, PGM, PIM, PPTP, RADIUS, RSVP, Rx, SMB, UDLD,
114 Make SLL2 the default for Linux "any" pseudo-device.
115 Add --micro and --nano shorthands.
116 Add --count to print a counter only instead of decoding.
117 Add --print, to cause packet printing even with -w.
118 Add support for remote capture if libpcap supports it.
119 Display the "wireless" flag and connection status.
120 Flush the output packet buffer on a SIGUSR2.
121 Add the snapshot length to the "reading from file ..." message.
122 Fix local time printing (DST offset in timestamps).
123 Allow -C arguments > 2^31-1 GB if they can fit into a long.
124 Handle very large -f files by rejecting them.
125 Report periodic stats only when safe to do so.
126 Print the number of packets captured only as often as necessary.
127 With no -s, or with -s 0, don't specify the snapshot length with newer
129 Improve version and usage message printing.
130 Building and testing:
131 Install into bindir, not sbindir.
132 autoconf: replace --with-system-libpcap with --disable-local-libpcap.
133 Require the compiler to support C99.
134 Better detect and use various C compilers and their features.
135 Add CMake as the second build system.
136 Make out-of-tree builds more reliable.
137 Use pkg-config to detect libpcap if available.
138 Improve Windows support.
139 Add more tests and improve the scripts that run them.
140 Test both with "normal" and "x87" floating-point.
141 Eliminate dependency on libdnet.
143 Print a proper error message about monitor mode VAP.
144 Use libcasper if available.
145 Fix failure to capture on RDMA device.
146 Include the correct capsicum header.
148 Start the transition to longjmp() for packet truncation handling.
149 Introduce new helper functions, including GET_*(), nd_print_protocol(),
150 nd_print_invalid(), nd_print_trunc(), nd_trunc_longjmp() and others.
151 Put integer signedness right in many cases.
152 Introduce nd_uint*, nd_mac_addr, nd_ipv4 and nd_ipv6 types to fix
153 alignment issues, especially on SPARC.
154 Fix many C compiler, Coverity, UBSan and cppcheck warnings.
155 Fix issues detected with AddressSanitizer.
156 Remove many workarounds for older compilers and OSes.
157 Add a sanity check on packet header length.
158 Add and remove plenty of bounds checks.
159 Clean up pcap_findalldevs() call to find the first interface.
160 Use a short timeout, rather than immediate mode, for text output.
161 Handle DLT_ENC files *not* written on the same OS and byte-order host.
162 Add, and use, macros to do locale-independent case mapping.
163 Use a table instead of getprotobynumber().
164 Get rid of ND_UNALIGNED and ND_TCHECK().
165 Make roundup2() generally available.
166 Resync SMI list against Wireshark.
169 Friday, September 20, 2019, by mcr@sandelman.ca
170 A huge thank you to Denis, Francois-Xavier and Guy who did much of the heavy lifting.
171 Summary for 4.9.3 tcpdump release
172 Fix buffer overflow/overread vulnerabilities:
174 CVE-2018-14468 (FrameRelay)
175 CVE-2018-14469 (IKEv1)
176 CVE-2018-14470 (BABEL)
177 CVE-2018-14466 (AFS/RX)
179 CVE-2018-14462 (ICMP)
180 CVE-2018-14465 (RSVP)
183 CVE-2018-14463 (VRRP)
185 CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled)
186 CVE-2018-10105 (SMB - too unreliably reproduced, SMB printing disabled)
187 CVE-2018-14880 (OSPF6)
190 CVE-2018-16227 (802.11)
191 CVE-2018-16229 (DCCP)
195 CVE-2018-16228 (HNCP)
197 CVE-2019-15167 (VRRP)
198 Fix for cmdline argument/local issues:
199 CVE-2018-14879 (tcpdump -V)
201 Sunday September 3, 2017 denis@ovsienko.info
202 Summary for 4.9.2 tcpdump release
203 Do not use getprotobynumber() for protocol name resolution. Do not do
204 any protocol name resolution if -n is specified.
205 Improve errors detection in the test scripts.
206 Fix a segfault with OpenSSL 1.1 and improve OpenSSL usage.
207 Clean up IS-IS printing.
208 Fix buffer overflow vulnerabilities:
209 CVE-2017-11543 (SLIP)
210 CVE-2017-13011 (bittok2str_internal)
211 Fix infinite loop vulnerabilities:
212 CVE-2017-12989 (RESP)
213 CVE-2017-12990 (ISAKMP)
215 CVE-2017-12997 (LLDP)
216 Fix buffer over-read vulnerabilities:
217 CVE-2017-11541 (safeputs)
218 CVE-2017-11542 (PIMv1)
219 CVE-2017-12893 (SMB/CIFS)
220 CVE-2017-12894 (lookup_bytestring)
221 CVE-2017-12895 (ICMP)
222 CVE-2017-12896 (ISAKMP)
223 CVE-2017-12897 (ISO CLNS)
225 CVE-2017-12899 (DECnet)
226 CVE-2017-12900 (tok2strbuf)
227 CVE-2017-12901 (EIGRP)
228 CVE-2017-12902 (Zephyr)
229 CVE-2017-12985 (IPv6)
230 CVE-2017-12986 (IPv6 routing headers)
231 CVE-2017-12987 (IEEE 802.11)
232 CVE-2017-12988 (telnet)
234 CVE-2017-12992 (RIPng)
235 CVE-2017-12993 (Juniper)
237 CVE-2017-12996 (PIMv2)
238 CVE-2017-12998 (ISO IS-IS)
239 CVE-2017-12999 (ISO IS-IS)
240 CVE-2017-13000 (IEEE 802.15.4)
242 CVE-2017-13002 (AODV)
244 CVE-2017-13004 (Juniper)
246 CVE-2017-13006 (L2TP)
247 CVE-2017-13007 (Apple PKTAP)
248 CVE-2017-13008 (IEEE 802.11)
249 CVE-2017-13009 (IPv6 mobility)
250 CVE-2017-13010 (BEEP)
251 CVE-2017-13012 (ICMP)
253 CVE-2017-13014 (White Board)
255 CVE-2017-11543 (SLIP)
256 CVE-2017-13016 (ISO ES-IS)
257 CVE-2017-13017 (DHCPv6)
261 CVE-2017-13021 (ICMPv6)
263 CVE-2017-13023 (IPv6 mobility)
264 CVE-2017-13024 (IPv6 mobility)
265 CVE-2017-13025 (IPv6 mobility)
266 CVE-2017-13026 (ISO IS-IS)
267 CVE-2017-13027 (LLDP)
268 CVE-2017-13028 (BOOTP)
271 CVE-2017-13031 (IPv6 fragmentation header)
272 CVE-2017-13032 (RADIUS)
275 CVE-2017-13035 (ISO IS-IS)
276 CVE-2017-13036 (OSPFv3)
279 CVE-2017-13039 (ISAKMP)
280 CVE-2017-13040 (MPTCP)
281 CVE-2017-13041 (ICMPv6)
282 CVE-2017-13042 (HNCP)
284 CVE-2017-13044 (HNCP)
287 CVE-2017-13047 (ISO ES-IS)
288 CVE-2017-13048 (RSVP)
290 CVE-2017-13050 (RPKI-Router)
291 CVE-2017-13051 (RSVP)
294 CVE-2017-13054 (LLDP)
295 CVE-2017-13055 (ISO IS-IS)
296 CVE-2017-13687 (Cisco HDLC)
297 CVE-2017-13688 (OLSR)
298 CVE-2017-13689 (IKEv1)
299 CVE-2017-13690 (IKEv2)
300 CVE-2017-13725 (IPv6 routing headers)
302 Sunday July 23, 2017 denis@ovsienko.info
303 Summary for 4.9.1 tcpdump release
304 CVE-2017-11108/Fix bounds checking for STP.
305 Make assorted documentation updates and fix a few typos in tcpdump output.
306 Fixup -C for file size >2GB (GH #488).
307 Show AddressSanitizer presence in version output.
308 Fix a bug in test scripts (exposed in GH #613).
309 On FreeBSD adjust Capsicum capabilities for netmap.
310 On Linux fix a use-after-free when the requested interface does not exist.
312 Wednesday January 18, 2017 devel.fx.lebail@orange.fr
313 Summary for 4.9.0 tcpdump release
315 Fix some heap overflows found with American Fuzzy Lop by Hanno Boeck and others
316 (More information in the log with CVE-2016-* and CVE-2017-*)
317 Change the way protocols print link-layer addresses (Fix heap overflows
318 in CALM-FAST and GeoNetworking printers)
319 Pass correct caplen value to ether_print() and some other functions
320 Fix lookup_nsap() to match what isonsap_string() expects
321 Clean up relative time stamp printing (Fix an array overflow)
322 Fix some alignment issues with GCC on Solaris 10 SPARC
323 Add some ND_TTEST_/ND_TCHECK_ macros to simplify writing bounds checks
324 Add a fn_printztn() which returns the number of bytes processed
325 Add nd_init() and nd_cleanup() functions. Improve libsmi support
326 Add CONTRIBUTING file
327 Add a summary comment in all printers
328 Compile with more warning options in devel mode if supported (-Wcast-qual, ...)
329 Fix some leaks found by Valgrind/Memcheck
330 Fix a bunch of de-constifications
331 Squelch some Coverity warnings and some compiler warnings
332 Update Coverity and Travis-CI setup
333 Update Visual Studio files
336 Fix capsicum support to work with zerocopy buffers in bpf
337 Try opening interfaces by name first, then by name-as-index
338 Work around pcap_create() failures fetching time stamp type lists
339 Fix a segmentation fault with 'tcpdump -J'
340 Improve addrtostr6() bounds checking
341 Add exit_tcpdump() function
342 Don't drop CAP_SYS_CHROOT before chrooting
343 Fixes issue where statistics not reported when -G and -W options used
346 802.11: Beginnings of 11ac radiotap support
347 802.11: Check the Protected bit for management frames
348 802.11: Do bounds checking on last_presentp before dereferencing it (Fix a heap overflow)
349 802.11: Fix the radiotap printer to handle the special bits correctly
350 802.11: If we have the MCS field, it's 11n
351 802.11: Only print unknown frame type or subtype messages once
352 802.11: Radiotap dBm values get printed as dB; Update a test output accordingly
353 802.11: Source and destination addresses were backwards
354 AH: Add a bounds check
355 AH: Report to our caller that dissection failed if a bounds check fails
356 AP1394: Print src > dst, not dst > src
357 ARP: Don't assume the target hardware address is <= 6 octets long (Fix a heap overflow)
358 ATALK: Add bounds and length checks (Fix heap overflows)
359 ATM: Add some bounds checks (Fix a heap overflow)
360 ATM: Fix an incorrect bounds check
361 BFD: Update specification from draft to RFC 5880
362 BFD: Update to print optional authentication field
363 BGP: Add support for the AIGP attribute (RFC7311)
364 BGP: Print LARGE_COMMUNITY Path Attribute
365 BGP: Update BGP numbers from IANA; Print minor values for FSM notification
366 BOOTP: Add a bounds check
367 Babel: Add decoder for source-specific extension
368 CDP: Filter out non-printable characters
369 CFM: Fixes to match the IEEE standard, additional bounds and length checks
370 CSLIP: Add more bounds checks (Fix a heap overflow)
371 ClassicalIPoATM: Add a bounds check on LLC+SNAP header (Fix a heap overflow)
372 DHCP: Fix MUDURL and TZ options
373 DHCPv6: Process MUDURL and TZ options
374 DHCPv6: Update Status Codes with RFCs/IANA names
375 DNS: Represent the "DNSSEC OK" bit as "DO" instead of "OK". Add a test case
376 DTP: Improve packet integrity checks
377 EGP: Fix bounds checks
378 ESP: Don't use OpenSSL_add_all_algorithms() in OpenSSL 1.1.0 or later
379 Ethernet: Add some bounds checking before calling isoclns_print (Fix a heap overflow)
380 Ethernet: Print the Length/Type field as length when needed
381 FDDI: Fix -e output for FDDI
382 FR: Add some packet-length checks and improve Q.933 printing (Fix heap overflows)
383 GRE: Add some bounds checks (Fix heap overflows)
384 Geneve: Fix error message with invalid option length; Update list option classes
385 HNCP: Fix incorrect time interval format. Fix handling of IPv4 prefixes
386 ICMP6: Fetch a 32-bit big-endian quantity with EXTRACT_32BITS()
387 IGMP: Add a length check
388 IP: Add a bounds check (Fix a heap overflow)
389 IP: Check before fetching the protocol version (Fix a heap overflow)
390 IP: Don't try to dissect if IP version != 4 (Fix a heap overflow)
391 IP: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP
392 IPComp: Check whether we have the CPI before we fetch it (Fix a heap overflow)
393 IPoFC: Fix -e output (IP-over-Fibre Channel)
394 IPv6: Don't overwrite the destination IPv6 address for routing headers
395 IPv6: Fix header printing
396 IPv6: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP
397 ISAKMP: Clean up parsing of IKEv2 Security Associations
398 ISOCLNS/IS-IS: Add support for Purge Originator Identifier (RFC6232) and test cases
399 ISOCLNS/IS-IS: Don't overwrite packet data when checking the signature
400 ISOCLNS/IS-IS: Filter out non-printable characters
401 ISOCLNS/IS-IS: Fix segmentation faults
402 ISOCLNS/IS-IS: Have signature_verify() do the copying and clearing
403 ISOCLNS: Add some bounds checks
404 Juniper: Make sure a Juniper header TLV isn't bigger than what's left in the packet (Fix a heap overflow)
405 LLC/SNAP: With -e, print the LLC header before the SNAP header; without it, cut the SNAP header
406 LLC: Add a bounds check (Fix a heap overflow)
407 LLC: Clean up printing of LLC packets
408 LLC: Fix the printing of RFC 948-style IP packets
409 LLC: Skip the LLC and SNAP headers with -x for 802.11 and some other protocols
410 LLDP: Implement IANA OUI and LLDP MUD option
411 MPLS LSP ping: Update printing for RFC 4379, bug fixes, more bounds checks
412 MPLS: "length" is now the *remaining* packet length
413 MPLS: Add bounds and length checks (Fix a heap overflow)
414 NFS: Don't assume the ONC RPC header is nicely aligned
415 NFS: Don't overflow the Opaque_Handle buffer (Fix a segmentation fault)
416 NFS: Don't run past the end of an NFSv3 file handle
417 OLSR: Add a test to cover a HNA sgw case
418 OLSR: Fix 'Advertised networks' count
419 OLSR: Fix printing of smart-gateway HNAs in IPv4
420 OSPF: Add a bounds check for the Hello packet options
421 OSPF: Do more bounds checking
422 OSPF: Fix a segmentation fault
423 OSPF: Fix printing 'ospf_topology_values' default
424 OTV: Add missing bounds checks
425 PGM: Print the formatted IP address, not the raw binary address, as a string
426 PIM: Add some bounds checking (Fix a heap overflow)
427 PIMv2: Fix checksumming of Register messages
428 PPP: Add some bounds checks (Fix a heap overflow)
429 PPP: Report invalid PAP AACK/ANAK packets
430 Q.933: Add a missing bounds check
431 RADIUS: Add Value 13 "VLAN" to Tunnel-Type attribute
432 RADIUS: Filter out non-printable characters
433 RADIUS: Translate UDP/1700 as RADIUS
434 RESP: Do better checking of RESP packets
435 RPKI-RTR: Add a return value check for "fn_printn" call
436 RPKI-RTR: Remove printing when truncated condition already detected
437 RPL: Fix 'Consistency Check' control code
438 RPL: Fix suboption print
439 RSVP: An INTEGRITY object in a submessage covers only the submessage
440 RSVP: Fix an infinite loop; Add bounds and length checks
441 RSVP: Fix some if statements missing brackets
442 RSVP: Have signature_verify() do the copying and clearing
443 RTCP: Add some bounds checks
444 RTP: Add some bounds checks, fix two segmentation faults
445 SCTP: Do more bounds checking
446 SFLOW: Fix bounds checking
447 SLOW: Fix bugs, add checks
448 SMB: Before fetching the flags2 field, make sure we have it
449 SMB: Do bounds checks on NBNS resource types and resource data lengths
450 SNMP: Clean up the "have libsmi but no modules loaded" case
451 SNMP: Clean up the object abbreviation list and fix the code to match them
452 SNMP: Do bounds checks when printing character and octet strings
453 SNMP: Improve ASN.1 bounds checks
454 SNMP: More bounds and length checks
455 STP: Add a bunch of bounds checks, and fix some printing (Fix heap overflows)
456 STP: Filter out non-printable characters
457 TCP: Add bounds and length checks for packets with TCP option 20
458 TCP: Correct TCP option Kind value for TCP Auth and add SCPS-TP
459 TCP: Fix two bounds checks (Fix heap overflows)
460 TCP: Make sure we have the data offset field before fetching it (Fix a heap overflow)
461 TCP: Put TCP-AO option decoding right
462 TFTP: Don't use strchr() to scan packet data (Fix a heap overflow)
463 Telnet: Add some bounds checks
464 TokenRing: Fix -e output
465 UDLD: Fix an infinite loop
466 UDP: Add a bounds check (Fix a heap overflow)
467 UDP: Check against the packet length first
468 VAT: Add some bounds checks
469 VTP: Add a test on Mgmt Domain Name length
470 VTP: Add bounds checks and filter out non-printable characters
471 VXLAN: Add a bound check and a test case
472 ZeroMQ: Fix an infinite loop
474 Tuesday October 25, 2016 mcr@sandelman.ca
475 Summary for 4.8.1 tcpdump release
476 Fix "-x" for Apple PKTAP and PPI packets
477 Improve separation frontend/backend (tcpdump/libnetdissect)
478 Fix display of timestamps with -tt, -ttt and -ttttt options
479 Add support for the Marvell Extended Distributed Switch Architecture header
480 Use PRIx64 to print a 64-bit number in hex.
481 Printer for HNCP (RFCs 7787 and 7788).
482 dagid is always an IPv6 address, not an opaque 128-bit string, and other fixes to RPL printer.
483 RSVP: Add bounds and length checks
484 OSPF: Do more bounds checking
485 Handle OpenSSL 1.1.x.
486 Initial support for the REdis Serialization Protocol known as RESP.
487 Add printing function for Generic Protocol Extension for VXLAN
488 draft-ietf-nvo3-vxlan-gpe-01
489 Network Service Header: draft-ietf-sfc-nsh-01
490 Don't recompile the filter if the new file has the same DLT.
491 Pass an adjusted struct pcap_pkthdr to the sub-printer.
492 Add three test cases for already fixed CVEs
494 CVE-2014-8768: Geonet
496 Don't do the DDP-over-UDP heuristic first: GitHub issue #499.
497 Use the new debugging routines in libpcap.
498 Harmonize TCP source or destination ports tests with UDP ones
499 Introduce data types to use for integral values in packet structures.
500 RSVP: Fix an infinite loop
501 Support of Type 3 and Type 4 LISP packets.
502 Don't require IPv6 library support in order to support IPv6 addresses.
503 Many many changes to support libnetdissect usage.
504 Add a test that makes unaligned accesses: GitHub issue #478.
505 add a DNSSEC test case: GH #445 and GH #467.
506 BGP: add decoding of ADD-PATH capability
507 fixes to LLC header printing, and RFC948-style IP packets
509 Friday April 10, 2015 guy@alum.mit.edu
510 Summary for 4.7.4 tcpdump release
511 RPKI to Router Protocol: Fix Segmentation Faults and other problems
512 RPKI to Router Protocol: print strings with fn_printn()
513 wb: fix some bounds checks
515 Wednesday March 11, 2015 mcr@sandelman.ca
516 Summary for 4.7.3 tcpdump release
517 Capsicum fixes for FreeBSD 10
519 Tuesday March 10, 2015 mcr@sandelman.ca
520 Summary for 4.7.2 tcpdump release
521 DCCP: update Packet Types with RFC4340/IANA names
522 fixes for CVE-2015-0261: IPv6 mobility header check issue
523 fixes for CVE-2015-2153, 2154, 2155: kday packets
525 Friday Nov. 12, 2014 guy@alum.mit.edu
526 Summary for 4.7.0 tcpdump release
527 changes to hex printing of CDP packets
529 Radius: update Packet Type Codes and Attribute Types with RFC/IANA names
530 Add a routine to print "text protocols", and add FTP/HTTP/SMTP/RTSP support.
531 improvements to telnet printer, even if not -v
532 omit length for bcp, print-tcp uses it
533 formatting fixes for a bunch of protocols
534 new bounds checks for a number of protocols
535 split netflow 1,6, and 6 dissector up.
536 added geneve dissector
537 CVE-2014-9140 PPP dissector fixed.
539 Tuesday Sep. 2, 2014 mcr@sandelman.ca
540 Summary for 4.6.2 tcpdump release
541 fix out-of-source-tree builds: find libpcap that is out of source
542 better configure check for libsmi
544 Saturday Jul. 19, 2014 mcr@sandelman.ca
545 Summary for 4.6.1 tcpdump release
546 added FreeBSD capsicum
547 add a short option '#', same as long option '--number'
549 Wednesday Jul. 2, 2014 mcr@sandelman.ca
550 Summary for 4.6.0 tcpdump release
551 all of tcpdump is now using the new "NDO" code base (Thanks Denis!)
552 nflog, mobile, forces, pptp, AODV, AHCP, IPv6, OSPFv4, RPL, DHCPv6 enhancements/fixes
554 many new test cases: 82 in 4.5.1 to 133 in 4.6.0
555 many improvements to travis continuous integration system: OSX, and Coverity options
556 cleaned up some unnecessary header files
558 a number of unaligned access faults fixed
559 -A flag does not consider CR to be printable anymore
560 fx.lebail took over coverity baby sitting
561 default snapshot size increased to 256K for accommodate USB captures
562 WARNING: this release contains a lot of very worthwhile code churn.
564 Wednesday Jan. 15, 2014 guy@alum.mit.edu
565 Summary for 4.5.2 tcpdump release
569 Monday Nov. 11, 2013 mcr@sandelman.ca
570 Summary for 4.5.1 tcpdump release
573 Thursday Nov. 7, 2013 mcr@sandelman.ca and guy@alum.mit.edu.
574 Summary for 4.5.0 tcpdump release
575 some NFSv4 fixes for printing
576 fix printing of unknown TCP options, and tcp fast-open
577 fixes for syslog parser
578 some gcc-version-specific flag tuning
579 adopt MacOS deprecation workarounds for openssl
580 improvements to babel printing
581 add OpenFlow 1.0 (no SSL) and test cases
583 added STBC Rx support
584 improvements to DHCPv6 decoder
585 clarify which autoconf is needed
586 Point users to the the-tcpdump-group repository on GitHub rather
587 than the mcr repository
589 Fixed IPv6 check on Solaris and other OSes requiring extra
590 networking libraries.
591 Add support for VXLAN (draft-mahalingam-dutt-dcops-vxlan-03),
592 and add "vxlan" as an option for -T.
593 Add support for OTV (draft-hasmit-otv-04).
594 fixes for DLT_IEEE802_11_RADIO datalink types
597 Saturday April 6, 2013 guy@alum.mit.edu.
598 Summary for 4.4.0 tcpdump release
599 RPKI-RTR (RFC6810) is now official (TCP Port 323)
600 Fix detection of OpenSSL libcrypto.
601 Add DNSSL (RFC6106) support.
602 Add "radius" as an option for -T.
603 Update Action codes for handle_action function according to
605 Decode DHCPv6 AFTR-Name option (RFC6334).
607 Fix printing of infinite lifetime in ICMPv6.
608 Added support for SPB, SPBM Service Identifier, and Unicast
609 Address sub-TLV in ISIS.
610 Decode RIPv2 authentication up to RFC4822.
611 Fix RIP Request/full table decoding issues.
612 On Linux systems with cap-ng.h, drop root privileges
613 using Linux Capabilities.
614 Add support for reading multiple files.
615 Add MS NLB heartbeat printer.
616 Separate multiple nexthops in BGP.
618 Wednesday November 28, 2012 guy@alum.mit.edu.
619 Summary for 4.3.1 tcpdump release
620 Print "LLDP, length N" for LLDP packets even when not in verbose
621 mode, so something is printed even if only the timestamp is
624 Print NTP poll interval correctly (it's an exponent, so print
625 both its raw value and 2^value)
626 Document that "-e" is used to get MAC addresses
627 More clearly document that you need to escape or quote
628 backslashes in filter expressions on the command line
629 Fix some "the the" in the man page
630 Use the right maximum path length
631 Don't treat 192_1_2, when passed to -i, as an interface number
633 Friday April 3, 2012. mcr@sandelman.ca.
634 Summary for 4.3.0 tcpdump release
635 fixes for forces: SPARSE data (per RFC 5810)
636 some more test cases added
637 updates to documentation on -l, -U and -w flags.
638 Fix printing of BGP optional headers.
639 Tried to include DLT_PFSYNC support, failed due to headers required.
641 Fix LLDP Network Policy bit definitions.
642 fixes for IGMPv3's Max Response Time: it is in units of 0.1 second.
643 SIGUSR1 can be used rather than SIGINFO for stats
644 permit -n flag to affect print-ip for protocol numbers
645 ND_OPT_ADVINTERVAL is in milliseconds, not seconds
646 Teach PPPoE parser about RFC 4638
649 Friday December 9, 2011. guy@alum.mit.edu.
650 Summary for 4.2.1 tcpdump release
651 Only build the Babel printer if IPv6 is enabled.
652 Support Babel on port 6696 as well as 6697.
653 Include ppi.h in release tarball.
654 Include all the test files in the release tarball, and don't
655 "include" test files that no longer exist.
656 Don't assume we have <rpc/rpc.h> - check for it.
657 Support "-T carp" as a way of dissecting IP protocol 112 as CARP
659 Support Hilscher NetAnalyzer link-layer header format.
660 Constify some pointers and fix compiler warnings.
661 Get rid of never-true test.
662 Fix an unintended fall-through in a case statement in the ARP
664 Fix several cases where sizeof(sizeof(XXX)) was used when just
665 sizeof(XXX) was intended.
666 Make stricter sanity checks in the ES-IS printer.
667 Get rid of some GCCisms that caused builds to fai with compilers
668 that don't support them.
669 Fix typo in man page.
670 Added length checks to Babel printer.
672 Sunday July 24, 2011. mcr@sandelman.ca.
674 merged 802.15.4 decoder from Dmitry Eremin-Solenikov <dbaryshkov
676 updates to forces for new port numbers
677 Use "-H", not "-h", for the 802.11s option. (-h always help)
678 Better ICMPv6 checksum handling.
679 add support for the RPKI/Router Protocol, per -ietf-sidr-rpki-rtr-12
680 get rid of uuencoded pcap test files, git can do binary.
681 sFlow changes for 64-bit counters.
682 fixes for PPI packet header handling and printing.
683 Add DCB Exchange protocol (DCBX) version 1.01.
684 Babel dissector, from Juliusz Chroboczek and Grégoire Henry.
685 improvements to radiotap for rate values > 127.
686 Many improvements to ForCES decode, including fix SCTP TML port
687 updated RPL type code to RPL-17 draft
688 Improve printout of DHCPv6 options.
689 added support and test case for QinQ (802.1q VLAN) packets
690 Handle DLT_IEEE802_15_4_NOFCS like DLT_IEEE802_15_4.
691 Build fixes for Sparc and other machines with alignment restrictions.
692 Merged changes from Debian package.
693 PGM: Add ACK decoding and add PGMCC DATA and FEEDBACK options.
694 Build fixes for OSX (Snow Leopard and others)
695 Add support for IEEE 802.15.4 packets
697 Tue. July 20, 2010. guy@alum.mit.edu.
698 Summary for 4.1.2 tcpdump release
699 If -U is specified, flush the file after creating it, so it's
701 Fix TCP flags output description, and some typos, in the man
703 Add a -h flag, and only attempt to recognize 802.11s mesh
705 When printing the link-layer type list, send *all* output to
707 Include the CFLAGS setting when configure was run in the
710 Thu. April 1, 2010. guy@alum.mit.edu.
711 Summary for 4.1.1 tcpdump release
712 Fix build on systems with PF, such as FreeBSD and OpenBSD.
713 Don't blow up if a zero-length link-layer address is passed to
716 Thu. March 11, 2010. ken@netfunctional.ca/guy@alum.mit.edu.
717 Summary for 4.1.0 tcpdump release
718 Fix printing of MAC addresses for VLAN frames with a length
720 Add some additional bounds checks and use the EXTRACT_ macros
722 Add a -b flag to print the AS number in BGP packets in ASDOT
723 notation rather than ASPLAIN notation
724 Add ICMPv6 RFC 5006 support
725 Decode the access flags in NFS access requests
726 Handle the new DLT_ for memory-mapped USB captures on Linux
727 Make the default snapshot (-s) the maximum
728 Print name of device (when -L is used)
729 Support for OpenSolaris (and SXCE build 125 and later)
731 Add support for RPL DIO
732 Add support for TCP User Timeout (UTO)
733 Add support for non-standard Ethertypes used by 3com PPPoE gear
734 Add support for 802.11n and 802.11s
735 Add support for Transparent Ethernet Bridge ethertype in GRE
736 Add 4 byte AS support for BGP printer
737 Add support for the MDT SAFI 66 BG printer
738 Add basic IPv6 support to print-olsr
740 Add printer for ForCES
741 Handle frames with an FCS
742 Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames
743 Fix TCP sequence number printing
744 Report 802.2 packets as 802.2 instead of 802.3
745 Don't include -L/usr/lib in LDFLAGS
746 On x86_64 Linux, look in lib64 directory too
747 Lots of code clean ups
749 Update testcases to make output changes
750 Fix compiling with/out smi (--with{,out}-smi)
751 Fix compiling without IPv6 support (--disable-ipv6)
753 Mon. October 27, 2008. ken@netfunctional.ca. Summary for 4.0.0 tcpdump release
754 Add support for Bluetooth Sniffing
755 Add support for Realtek Remote Control Protocol (openrrcp.org.ru)
756 Add support for 802.11 AVS
757 Add support for SMB over TCP
758 Add support for 4 byte BGP AS printing
759 Add support for compiling on case-insensitive file systems
760 Add support for ikev2 printing
761 Update support for decoding AFS
762 Update DHCPv6 printer
763 Use newer libpcap API's (allows -B option on all platforms)
764 Add -I to turn on monitor mode
765 Bugfixes in lldp, lspping, dccp, ESP, NFS printers
766 Cleanup unused files and various cruft
768 Mon. September 10, 2007. ken@xelerance.com. Summary for 3.9.8 tcpdump release
770 Rework OSPFv3 printer
771 Add support for Frame-Relay ARP
772 Decode DHCP Option 121 (RFC 3442 Classless Static Route)
773 Decode DHCP Option 249 (MS Classless Static Route) the same as Option 121
774 TLV: Add support for Juniper .pcap extensions
775 Print EGP header in new-world-order style
776 Converted print-isakmp.c to NETDISSECT
777 Moved AF specific stuff into af.h
778 Test subsystem now table driven, and saves outputs and diffs to one place
779 Require <net/pfvar.h> for pf definitions - allows reading of pflog formatted
780 libpcap files on an OS other than where the file was generated
783 Wed. July 23, 2007. mcr@xelerance.com. Summary for 3.9.7 libpcap release
785 NFS: Print unsigned values as such.
787 BGP: fixes for IPv6-less builds.
788 801.1ag: use standard codepoint.
789 use /dev/bpf on systems with such a device.
790 802.11: print QoS data, avoid dissect of no-data frame, ignore padding.
791 smb: make sure that we haven't gone past the end of the captured data.
792 smb: squelch an uninitialized complaint from coverity.
793 NFS: from NetBSD; don't interpret the reply as a possible NFS reply
794 if it got MSG_DENIED.
795 BGP: don't print TLV values that didn't fit, from www.digit-labs.org.
796 revised INSTALL.txt about libpcap dependency.
798 Wed. April 25, 2007. ken@xelerance.com. Summary for 3.9.6 tcpdump release
799 Update man page to reflect changes to libpcap
800 Changes to both TCP and IP Printer Output
801 Fix a potential buffer overflow in the 802.11 printer
802 Print basic info about a few more Cisco LAN protocols.
804 ICMP MPLS rework of the extension code
805 bugfix: use the correct codepoint for the OSPF simple text auth token
806 entry, and use safeputs to print the password.
807 Add support in pflog for additional values
808 Add support for OIF RSVP Extensions UNI 1.0 Rev. 2 and additional RSVP objects
809 Add support for the Message-id NACK c-type.
810 Add support for 802.3ah loopback ctrl msg
811 Add support for Multiple-STP as per 802.1s
812 Add support for rapid-SPT as per 802.1w
813 Add support for CFM Link-trace msg, Link-trace-Reply msg,
814 Sender-ID tlv, private tlv, port, interface status
815 Add support for unidirectional link detection as per
816 https://tools.ietf.org/id/draft-foschiano-udld-02.txt
817 Add support for the olsr protocol as per RFC 3626 plus the LQ
818 extensions from olsr.org
819 Add support for variable-length checksum in DCCP, as per section 9 of
821 Add support for per-VLAN spanning tree and per-VLAN rapid spanning tree
822 Add support for Multiple-STP as per 802.1s
823 Add support for the cisco propriatry 'dynamic trunking protocol'
824 Add support for the cisco proprietary VTP protocol
825 Update dhcp6 options table as per IETF standardization activities
828 Tue. September 19, 2006. ken@xelerance.com. Summary for 3.9.5 tcpdump release
830 Fix compiling on AIX (, at end of ENUM)
831 Updated list of DNS RR typecodes
832 Use local Ethernet defs on WIN32
833 Add support for Frame-Relay ARP
834 Fixes for compiling under MSVC++
835 Add support for parsing Juniper .pcap files
836 Add support for FRF.16 Multilink Frame-Relay (DLT_MFR)
837 Rework the OSPFv3 printer
838 Fix printing for 4.4BSD/NetBSD NFS Filehandles
839 Add support for Cisco style NLPID encapsulation
840 Add cisco prop. eigrp related, extended communities
841 Add support for BGP signaled VPLS
842 Cleanup the bootp printer
843 Add support for PPP over Frame-Relay
844 Add some bounds checking to the IP options code, and clean up
845 the options output a bit.
846 Add additional modp groups to ISAKMP printer
847 Add support for Address-Withdraw and Label-Withdraw Msgs
848 Add support for the BFD Discriminator TLV
849 Fixes for 64bit compiling
850 Add support for PIMv2 checksum verification
851 Add support for further dissection of the IPCP Compression Option
852 Add support for Cisco's proposed VQP protocol
853 Add basic support for keyed authentication TCP option
854 Lots of minor cosmetic changes to output printers
857 Mon. September 19, 2005. ken@xelerance.com. Summary for 3.9.4 tcpdump release
858 Decoder support for more Juniper link-layer types
859 Fix a potential buffer overflow (although it can't occur in
861 Fix the handling of unknown management frame types in the 802.11
863 Add FRF.16 support, fix various Frame Relay bugs.
864 Add support for RSVP integrity objects, update fast-reroute
865 object printer to latest spec.
866 Clean up documentation of vlan filter expression, document mpls
868 Document new pppoed and pppoes filter expressions.
869 Update diffserver-TE codepoints as per RFC 4124.
870 Spelling fixes in ICMPv6.
871 Don't require any fields other than flags to be present in IS-IS
872 restart signaling TLVs, and only print the system ID in
873 those TLVs as system IDs, not as node IDs.
876 Tue. July 5, 2005. ken@xelerance.com. Summary for 3.9.3 tcpdump release
878 Option to chroot() when dropping privs
879 Fixes for compiling on nearly every platform,
880 including improved 64bit support
882 Support for sending packets
883 Many compliation fixes on most platforms
884 Fixes for recent version of GCC to eliminate warnings
885 Improved Unicode support
887 Decoders & DLT Changes, Updates and New:
889 Juniper ATM, FRF.15, FRF.16, PPPoE,
890 ML-FR, ML-PIC, ML-PPP, PL-PPP, LS-PIC
891 GGSN,ES,MONITOR,SERVICES
893 Axent Raptor/Symantec Firewall
895 ESP-in-UDP (RFC 3948)
897 LMP, LMP Service Discovery
903 LACP, MARKER as per 802.3ad
906 G.7041/Y.1303 Generic Framing Procedure
913 Tue. March 30, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.3 release
915 No changes from 3.8.2. Version bumped only to maintain consistency
918 Mon. March 29, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.2 release
920 Fixes for print-isakmp.c CVE: CAN-2004-0183, CAN-2004-0184
921 https://web.archive.org/web/20160328035955/https://www.rapid7.com/resources/advisories/R7-0017.jsp
922 IP-over-IEEE1394 printing.
923 some MINGW32 changes.
924 updates for autoconf 2.5
925 fixes for print-aodv.c - check for too short packets
926 formatting changes to print-ascii for hex output.
927 check for too short packets: print-bgp.c, print-bootp.c, print-cdp.c,
928 print-chdlc.c, print-domain.c, print-icmp.c, print-icmp6.c,
929 print-ip.c, print-lwres.c, print-ospf.c, print-pim.c,
930 print-ppp.c,print-pppoe.c, print-rsvp.c, print-wb.c
931 print-ether.c - better handling of unknown types.
932 print-isoclns.c - additional decoding of types.
933 print-llc.c - strings for LLC names added.
934 print-pfloc.c - various enhancements
935 print-radius.c - better decoding to strings.
937 Wed. November 12, 2003. mcr@sandelman.ottawa.on.ca. Summary for 3.8 release
939 changed syntax of -E argument so that multiple SAs can be decrypted
940 fixes for Digital Unix headers and Documentation
942 CDP changes from Terry Kennedy <terry@tmk.com>.
943 IPv6 mobility updates from Kazushi Sugyo <sugyo@pb.jp.nec.com>
944 Fixes for ASN.1 decoder for 2.100.3 forms.
945 Added a count of packets received and processed to clarify numbers.
946 Incorporated WinDUMP patches for Win32 builds.
947 PPPoE payload length headers.
948 Fixes for HP C compiler builds.
949 Use new pcap_breakloop() and pcap_findalldevs() if we can.
950 BGP output split into multiple lines.
951 Fixes to 802.11 decoding.
952 Fixes to PIM decoder.
953 SuperH is a CPU that can't handle unaligned access. Many fixes for
954 unaligned access work.
955 Fixes to Frame-Relay decoder for Q.933/922 frames.
956 Clarified when Solaris can do captures as non-root.
957 Added tests/ subdir for examples/regression tests.
958 New -U flag. -flush stdout after every packet
959 New -A flag -print ascii only
960 support for decoding IS-IS inside Cisco HDLC Frames
961 more verbosity for tftp decoder
964 cross compilation patches
965 RFC 3561 AODV support.
966 UDP/TCP pseudo-checksum properly for source-route options.
967 sanitized all files to modified BSD license
968 Add support for RFC 2625 IP-over-Fibre Channel.
969 fixes for DECnet support.
970 Support RFC 2684 bridging of Ethernet, 802.5 Token Ring, and FDDI.
971 RFC 2684 encapsulation of BPDUs.
973 Tuesday, February 25, 2003. fenner@research.att.com. 3.7.2 release
975 Fixed infinite loop when parsing invalid isakmp packets.
976 (reported by iDefense; already fixed in CVS)
977 Fixed infinite loop when parsing invalid BGP packets.
978 Fixed buffer overflow with certain invalid NFS packets.
979 Pretty-print unprintable network names in 802.11 printer.
980 Handle truncated nbp (appletalk) packets.
981 Updated DHCPv6 printer to match draft-ietf-dhc-dhcpv6-22.txt
982 Print IP protocol name even if we don't have a printer for it.
983 Print IP protocol name or number for fragments.
984 Print the whole MPLS label stack, not just the top label.
985 Print request header and file handle for NFS v3 FSINFO and PATHCONF
987 Fix NFS packet truncation checks.
988 Handle "old" DR-Priority and Bidir-Capable PIM HELLO options.
989 Handle unknown RADIUS attributes properly.
990 Fix an ASN.1 parsing error that would cause e.g. the OID
991 2.100.3 to be misrepresented as 4.20.3 .
993 Monday, January 21, 2002. mcr@sandelman.ottawa.on.ca. Summary for 3.7 release
995 Better OSI/802.2 support on Linux.
996 IEEE 802.11 support, from clenahan@fortresstech.com, achirica@ttd.net.
997 LLC SAP support for FDDI/token ring/RFC-1483 style ATM
998 BXXP protocol was replaced by the BEEP protocol;
999 improvements to SNAP demux.
1000 Changes to "any" interface documentation.
1001 Documentation on pcap_stats() counters.
1002 Fix a memory leak found by Miklos Szeredi - pcap_ether_aton().
1003 Added MPLS encapsulation decoding per RFC3032.
1004 DNS dissector handles TKEY, TSIG and IXFR.
1005 adaptive SLIP interface patch from Igor Khristophorov <igor@atdot.org>
1006 SMB printing has much improved bounds checks
1007 OUI 0x0000f8 decoded as encapsulated ethernet for Cisco-custom bridging
1008 Zephyr support, from Nickolai Zeldovich <kolya@MIT.EDU>.
1009 Solaris - devices with digits in them. Stefan Hudson <hudson@mbay.net>
1010 IPX socket 0x85be is for Cisco EIGRP over IPX.
1011 Improvements to fragmented ESP handling.
1012 SCTP support from Armando L. Caro Jr. <acaro@mail.eecis.udel.edu>
1013 Linux ARPHDR_ATM support fixed.
1014 Added a "netbeui" keyword, which selects NetBEUI packets.
1015 IPv6 ND improvements, MobileIP dissector, 2292bis-02 for RA option.
1016 Handle ARPHDR_HDLC from Marcus Felipe Pereira <marcus@task.com.br>.
1017 Handle IPX socket 0x553 -> NetBIOS-over-IPX socket, "nwlink-dgm"
1018 Better Linux libc5 compat.
1019 BIND9 lwres dissector added.
1020 MIPS and SPARC get strict alignment macros (affects print-bgp.c)
1021 Apple LocalTalk LINKTYPE_ reserved.
1022 New time stamp formats documented.
1023 DHCP6 updated to draft-22.txt spec.
1024 ICMP types/codes now accept symbolic names.
1025 Add SIGINFO handler from LBL
1026 encrypted CIPE tunnels in IRIX, from Franz Schaefer <schaefer@mond.at>.
1027 now we are -Wstrict-prototype clean.
1028 NetBSD DLT_PPP_ETHER; adapted from Martin Husemann <martin@netbsd.org>.
1029 PPPoE dissector cleaned up.
1030 Support for LocalTalk hardware, from Uns Lider <unslider@miranda.org>.
1031 In dissector, now the caller prints the IP addresses rather than proto.
1032 cjclark@alum.mit.edu: print the IP proto for non-initial fragments.
1033 LLC frames with a DSAP and LSAP of 0xe0 are IPX frames.
1034 Linux cooked frames with a type value of LINUX_SLL_P_802_3 are IPX.
1035 captures on the "any" device won't be done in promiscuous mode
1036 Token Ring support on DLPI - Onno van der Linden <onno@simplex.nl>
1037 ARCNet support, from NetBSD.
1038 HSRP dissector, from Julian Cowley <julian@lava.net>.
1039 Handle (GRE-encapsulated) PPTP
1040 added -C option to rotate save file every optarg * 1,000,000 bytes.
1041 support for "vrrp" name - NetBSD, by Klaus Klein <kleink@netbsd.org>.
1042 PPTP support, from Motonori Shindo <mshindo@mshindo.net>.
1043 IS-IS over PPP support, from Hannes Gredler <hannes@juniper.net>.
1044 CNFP support for IPv6,format. Harry Raaymakers <harryr@connect.com.au>.
1045 ESP printing updated to RFC2406.
1046 HP-UX can now handle large number of PPAs.
1048 L2TP dissector improvements from Motonori Shindo.
1050 Tuesday January 9, 2001. mcr@sandelman.ottawa.on.ca. Summary for 3.6 release
1051 Cleaned up documentation.
1052 Promisc mode fixes for Linux
1053 IPsec changes/cleanups.
1054 Alignment fixes for picky architectures
1056 Removed dependency on native headers for packet dissectors.
1057 Removed Linux specific headers that were shipped
1059 libpcap changes provide for exchanging capture files between
1060 systems. Save files now have well known PACKET_ values instead of
1061 depending upon system dependent mappings of DLT_* types.
1063 Support for computing/checking IP and UDP/TCP checksums.
1065 Updated autoconf stock files.
1067 IPv6 improvements: dhcp (draft-15), mobile-ip6, ppp, ospf6,
1069 Added dissector support for: ISOCLNS, Token Ring, IGMPv3, bxxp,
1070 timed, vrrp, radius, chdlc, cnfp, cdp, IEEE802.1d, raw-AppleTalk
1072 Added filtering support for: VLANs, ESIS, ISIS
1074 Improvements to: print-telnet, IPTalk, bootp/dhcp, ECN, PPP,
1077 HP-UX 11.0 -- find the right dlpi device.
1078 Solaris 8 - IPv6 works
1079 Linux - Added support for an "any" device to capture on all interfaces
1081 Security fixes: buffer overrun audit done. Strcpy replaced with
1082 strlcpy, sprintf replaced with snprintf.
1083 Look for lex problems, and warn about them.
1086 v3.5 Fri Jan 28 18:00:00 PST 2000
1088 Bill Fenner <fenner@research.att.com>
1089 - switch to config.h for autoconf
1090 - unify RCSID strings
1091 - Updated PIMv1, PIMv2, DVMRP, IGMP parsers, add Cisco Auto-RP parser
1092 - Really fix the RIP printer
1093 - Fix MAC address -> name translation.
1094 - some -Wall -Wformat fixes
1095 - update makemib to parse much of SMIv2
1096 - Print TCP sequence # with -vv even if you normally wouldn't
1097 - Print as much of IP/TCP/UDP headers as possible even if truncated.
1100 - -X will make a ascii dump. from netbsd.
1101 - telnet command sequence decoder (ff xx xx). from netbsd.
1102 - print-bgp.c: improve options printing. ugly code exists for
1103 unaligned option parsing (need some fix).
1104 - const poisoning in SMB decoder.
1105 - -Wall -Werror clean checks.
1106 - bring in KAME IPv6/IPsec decoding code.
1108 Assar Westerlund <assar@sics.se>
1109 - SNMPv2 and SNMPv3 printer
1110 - If compiled with libsmi, tcpdump can load MIBs on the fly to decode
1112 - Incorporate NFS parsing code from NetBSD. Adds support for nfsv3.
1114 - permit building in different directories.
1116 Ken Hornstein <kenh@cmf.nrl.navy.mil>
1118 /afs/transarc.com/public/afs-contrib/tools/tcpdump for parsing
1121 Andrew Tridgell <tridge@linuxcare.com>
1124 Love <lha@stacken.kth.se>
1125 - print-rx.c: add code for printing MakeDir and StoreStatus. Also
1126 change date format to the right one.
1128 Michael C. Richardson <mcr@sandelman.ottawa.on.ca>
1129 - Created tcpdump.org repository
1131 v3.4 Sat Jul 25 12:40:55 PDT 1998
1133 - Hardwire Linux slip support since it's too hard to detect.
1135 - Redo configuration of "network" libraries (-lsocket and -lnsl) to
1136 deal with IRIX. Thanks to John Hawkinson (jhawk@mit.edu)
1138 - Added -a which tries to translate network and broadcast addresses to
1139 names. Suggested by Rob van Nieuwkerk (robn@verdi.et.tudelft.nl)
1141 - Added a configure option to disable gcc.
1143 - Added a "raw" packet printer.
1145 - Not having an interface address is no longer fatal. Requested by John
1148 - Rework signal setup to accommodate Linux.
1150 - OSPF truncation check fix. Also display the type of OSPF packets
1151 using MD5 authentication. Thanks to Brian Wellington
1154 - Fix truncation check bugs in the Kerberos printer. Reported by Ezra
1155 Peisach (epeisach@mit.edu)
1157 - Don't catch SIGHUP when invoked with nohup(1). Thanks to Dave Plonka
1160 - Specify full install target as a way of detecting if install
1161 directory does not exist. Thanks to Dave Plonka.
1163 - Bit-swap FDDI addresses for BSD/OS too. Thanks to Paul Vixie
1166 - Fix off-by-one bug when testing size of ethernet packets. Thanks to
1167 Marty Leisner (leisner@sdsp.mc.xerox.com)
1169 - Add a local autoconf macro to check for routines in libraries; the
1170 autoconf version is broken (it only puts the library name in the
1171 cache variable name). Thanks to John Hawkinson.
1173 - Add a local autoconf macro to check for types; the autoconf version
1174 is broken (it uses grep instead of actually compiling a code fragment).
1176 - Modified to support the new BSD/OS 2.1 PPP and SLIP link layer header
1179 - Extend OSF ip header workaround to versions 1 and 2.
1181 - Fix some signed problems in the nfs printer. As reported by David
1182 Sacerdote (davids@silence.secnet.com)
1184 - Detect group wheel and use it as the default since BSD/OS' install
1185 can't hack numeric groups. Reported by David Sacerdote.
1187 - AIX needs special loader options. Thanks to Jonathan I. Kamens
1190 - Fixed the nfs printer to print port numbers in decimal. Thanks to
1191 Kent Vander Velden (graphix@iastate.edu)
1193 - Find installed libpcap in /usr/local/lib when not using gcc.
1195 - Disallow network masks with non-network bits set.
1197 - Attempt to detect "egcs" versions of gcc.
1199 - Add missing closing double quotes when displaying bootp strings.
1200 Reported by Viet-Trung Luu (vluu@picard.math.uwaterloo.ca)
1202 v3.3 Sat Nov 30 20:56:27 PST 1996
1204 - Added Linux support.
1206 - GRE encapsulated packet printer thanks to John Hawkinson
1209 - Rewrite gmt2local() to avoid problematic os dependencies.
1211 - Suppress nfs truncation message on errors.
1213 - Add missing m4 quoting in AC_LBL_UNALIGNED_ACCESS autoconf macro.
1214 Reported by Joachim Ott (ott@ardala.han.de)
1216 - Enable "ip_hl vs. ip_vhl" workaround for OSF4 too.
1218 - Print arp hardware type in host order. Thanks to Onno van der Linden
1221 - Avoid solaris compiler warnings. Thanks to Bruce Barnett
1222 (barnett@grymoire.crd.ge.com)
1224 - Fix rip printer to not print one more route than is actually in the
1225 packet. Thanks to Jean-Luc Richier (Jean-Luc.Richier@imag.fr) and
1226 Bill Fenner (fenner@parc.xerox.com)
1228 - Use autoconf endian detection since BYTE_ORDER isn't defined on all systems.
1230 - Fix dvmrp printer truncation checks and add a dvmrp probe printer.
1231 Thanks to Danny J. Mitzel (mitzel@ipsilon.com)
1233 - Rewrite ospf printer to improve truncation checks.
1235 - Don't parse tcp options past the EOL. As noted by David Sacerdote
1236 (davids@secnet.com). Also, check tcp options to make sure they ar
1237 actually in the tcp header (in addition to the normal truncation
1238 checks). Fix the SACK code to print the N blocks (instead of the
1239 first block N times).
1241 - Don't say really small UDP packets are truncated just because they
1242 aren't big enough to be a RPC. As noted by David Sacerdote.
1244 v3.2.1 Sun Jul 14 03:02:26 PDT 1996
1246 - Added rfc1716 icmp codes as suggested by Martin Fredriksson
1249 - Print mtu for icmp unreach need frag packets. Thanks to John
1250 Hawkinson (jhawk@mit.edu)
1252 - Decode icmp router discovery messages. Thanks to Jeffrey Honig
1255 - Added a printer entry for DLT_IEEE802 as suggested by Tak Kushida
1256 (kushida@trl.ibm.co.jp)
1258 - Check igmp checksum if possible. Thanks to John Hawkinson.
1260 - Made changes for SINIX. Thanks to Andrej Borsenkow
1261 (borsenkow.msk@sni.de)
1263 - Use autoconf's idea of the top level directory in install targets.
1264 Thanks to John Hawkinson.
1266 - Avoid infinite loop in tcp options printing code. Thanks to Jeffrey
1267 Mogul (mogul@pa.dec.com)
1269 - Avoid using -lsocket in IRIX 5.2 and earlier since it breaks snoop.
1270 Thanks to John Hawkinson.
1272 - Added some more packet truncation checks.
1274 - On systems that have it, use sigset() instead of signal() since
1275 signal() has different semantics on these systems.
1277 - Fixed some more alignment problems on the alpha.
1279 - Add code to massage unprintable characters in the domain and ipx
1280 printers. Thanks to John Hawkinson.
1282 - Added explicit netmask support. Thanks to Steve Nuchia
1283 (steve@research.oknet.com)
1285 - Add "sca" keyword (for DEC cluster services) as suggested by Terry
1286 Kennedy (terry@spcvxa.spc.edu)
1288 - Add "atalk" keyword as suggested by John Hawkinson.
1290 - Added an igrp printer. Thanks to Francis Dupont
1291 (francis.dupont@inria.fr)
1293 - Print IPX net numbers in hex a la Novell Netware. Thanks to Terry
1294 Kennedy (terry@spcvxa.spc.edu)
1296 - Fixed snmp extended tag field parsing bug. Thanks to Pascal Hennequin
1297 (pascal.hennequin@hugo.int-evry.fr)
1299 - Added some ETHERTYPEs missing on some systems.
1301 - Added truncated packet macros and various checks.
1303 - Fixed endian problems with the DECnet printer.
1305 - Use $CC when checking gcc version. Thanks to Carl Lindberg
1306 (carl_lindberg@blacksmith.com)
1308 - Fixes for AIX (although this system is not yet supported). Thanks to
1311 - Fix bugs in the autoconf misaligned accesses code fragment.
1313 - Include sys/param.h to get BYTE_ORDER in a few places. Thanks to
1314 Pavlin Ivanov Radoslavov (pavlin@cs.titech.ac.jp)
1316 v3.2 Sun Jun 23 02:28:10 PDT 1996
1318 - Print new icmp unreachable codes as suggested by Martin Fredriksson
1319 (martin@msp.se). Also print code value when unknown for icmp redirect
1322 - Fix an alignment endian bug in getname(). Thanks to John Hawkinson.
1324 - Define "new" domain record types if not found in arpa/nameserv.h.
1325 Resulted from a suggestion from John Hawkinson (jhawk@mit.edu). Also
1326 fixed an endian bug when printing mx record and added some new record
1329 - Added RIP V2 support. Thanks to Jeffrey Honig (jch@bsdi.com)
1331 - Added T/TCP options printing. As suggested by Richard Stevens
1334 - Use autoconf to detect architectures that can't handle misaligned
1337 v3.1 Thu Jun 13 20:59:32 PDT 1996
1339 - Changed u_int32/int32 to u_int32_t/int32_t to be consistent with bsd
1340 and bind (as suggested by Charles Hannum).
1342 - Port to GNU autoconf.
1344 - Add support for printing DVMRP and PIM traffic thanks to
1345 Havard Eidnes (Havard.Eidnes@runit.sintef.no).
1347 - Fix AppleTalk, IPX and DECnet byte order problems due to wrong endian
1348 define being referenced. Reported by Terry Kennedy.
1350 - Minor fixes to the man page thanks to Mark Andrews.
1352 - Endian fixes to RTP and vat packet dumpers, thanks to Bruce Mah
1353 (bmah@cs.berkeley.edu).
1355 - Added support for new dns types, thanks to Rainer Orth.
1357 - Fixed tftp_print() to print the block number for ACKs.
1359 - Document -dd and -ddd. Resulted from a bug report from Charlie Slater
1360 (cslater@imatek.com).
1362 - Check return status from malloc/calloc/etc.
1364 - Check return status from pcap_loop() so we can print an error and
1365 exit with a bad status if there were problems.
1367 - Bail if ip option length is <= 0. Resulted from a bug report from
1368 Darren Reed (darrenr@vitruvius.arbld.unimelb.edu.au).
1370 - Print out a little more information for sun rpc packets.
1372 - Add support for Kerberos 4 thanks to John Hawkinson (jhawk@mit.edu).
1374 - Fixed the Fix EXTRACT_SHORT() and EXTRACT_LONG() macros (which were
1375 wrong on little endian machines).
1377 - Fixed alignment bug in ipx_decode(). Thanks to Matt Crawford
1380 - Fix ntp_print() to not print garbage when the stratum is
1381 "unspecified." Thanks to Deus Ex Machina (root@belle.bork.com).
1383 - Rewrote tcp options printer code to check for truncation. Added
1384 selective acknowledgment case.
1386 - Fixed an endian bug in the ospf printer. Thanks to Jeffrey C Honig
1389 - Fix rip printer to handle 4.4 BSD sockaddr struct which only uses one
1390 octet for the sa_family member. Thanks to Yoshitaka Tokugawa
1393 - Don't checksum ip header if we don't have all of it. Thanks to John
1394 Hawkinson (jhawk@mit.edu).
1396 - Print out hostnames if possible in egp printer. Thanks to Jeffrey
1397 Honig (jhc@bsdi.com)
1400 v3.1a1 Wed May 3 19:21:11 PDT 1995
1402 - Include time.h when SVR4 is defined to avoid problems under Solaris
1405 - Fix etheraddr_string() in the ETHER_SERVICE to return the saved
1406 strings, not the local buffer. Thanks to Stefan Petri
1407 (petri@ibr.cs.tu-bs.de).
1409 - Detect when pcap raises the snaplen (e.g. with snit). Print a warning
1410 that the selected value was not used. Thanks to Pascal Hennequin
1411 (Pascal.Hennequin@hugo.int-evry.fr).
1413 - Add a truncated packet test to print-nfs.c. Thanks to Pascal Hennequin.
1415 - BYTEORDER -> BYTE_ORDER Thanks to Terry Kennedy (terry@spcvxa.spc.edu).
1417 v3.0.3 Sun Oct 1 18:35:00 GMT 1995
1419 - Although there never was a 3.0.3 release, the linux boys cleverly
1420 "released" one in late 1995.
1422 v3.0.2 Thu Apr 20 21:28:16 PDT 1995
1424 - Change configuration to not use gcc v2 flags with gcc v1.
1426 - Redo gmt2local() so that it works under BSDI (which seems to return
1427 an empty timezone struct from gettimeofday()). Based on report from
1428 Terry Kennedy (terry@spcvxa.spc.edu).
1430 - Change configure to recognize IP[0-9]* as "mips" SGI hardware. Based
1431 on report from Mark Andrews (mandrews@alias.com).
1433 - Don't pass cc flags to gcc. Resulted from a bug report from Rainer
1434 Orth (ro@techfak.uni-bielefeld.de).
1436 - Fixed printout of connection id for uncompressed tcp slip packets.
1437 Resulted from a bug report from Richard Stevens (rstevens@noao.edu).
1439 - Hack around deficiency in Ultrix's make.
1441 - Add ETHERTYPE_TRAIL define which is missing from irix5.
1443 v3.0.1 Wed Aug 31 22:42:26 PDT 1994
1445 - Fix problems with gcc2 vs. malloc() and read() prototypes under SunOS 4.
1447 v3.0 Mon Jun 20 19:23:27 PDT 1994
1449 - Added support for printing tcp option timestamps thanks to
1450 Mark Andrews (mandrews@alias.com).
1452 - Reorganize protocol dumpers to take const pointers to packets so they
1453 never change the contents (i.e., they used to do endian conversions
1454 in place). Previously, whenever more than one pass was taken over
1455 the packet, the packet contents would be dumped incorrectly (i.e.,
1456 the output form -x would be wrong on little endian machines because
1457 the protocol dumpers would modify the data). Thanks to Charles Hannum
1458 (mycroft@gnu.ai.mit.edu) for reporting this problem.
1460 - Added support for decnet protocol dumping thanks to Jeff Mogul
1463 - Fix bug that caused length of packet to be incorrectly printed
1464 (off by ether header size) for unknown ethernet types thanks
1465 to Greg Miller (gmiller@kayak.mitre.org).
1467 - Added support for IPX protocol dumping thanks to Brad Parker
1470 - Added check to verify IP header checksum under -v thanks to
1471 Brad Parker (brad@fcr.com).
1473 - Move packet capture code to new libpcap library (which is
1474 packaged separately).
1476 - Prototype everything and assume an ansi compiler.
1478 - print-arp.c: Print hardware ethernet addresses if they're not
1481 - print-bootp.c: Decode the cmu vendor field. Add RFC1497 tags.
1482 Many helpful suggestions from Gordon Ross (gwr@jericho.mc.com).
1484 - print-fddi.c: Improvements. Thanks to Jeffrey Mogul
1487 - print-icmp.c: Byte swap netmask before printing. Thanks to
1488 Richard Stevens (rstevens@noao.edu). Print icmp type when unknown.
1490 - print-ip.c: Print the inner ip datagram of ip-in-ip encapsulated packets.
1491 By default, only the inner packet is dumped, appended with the token
1492 "(encap)". Under -v, both the inner and output packets are dumped
1493 (on the same line). Note that the filter applies to the original packet,
1494 not the encapsulated packet. So if you run tcpdump on a net with an
1495 IP Multicast tunnel, you cannot filter out the datagrams using the
1496 conventional syntax. (You can filter away all the ip-in-ip traffic
1497 with "not ip proto 4".)
1499 - print-nfs.c: Keep pending rpc's in circular table. Add generic
1500 nfs header and remove os dependences. Thanks to Jeffrey Mogul.
1502 - print-ospf.c: Improvements. Thanks to Jeffrey Mogul.
1504 - tcpdump.c: Add -T flag allows interpretation of "vat", "wb", "rpc"
1505 (sunrpc) and rtp packets. Added "inbound" and "outbound" keywords
1506 Add && and || operators
1508 v2.2.1 Tue Jun 6 17:57:22 PDT 1992
1510 - Fix bug with -c flag.
1512 v2.2 Fri May 22 17:19:41 PDT 1992
1514 - savefile.c: Remove hack that shouldn't have been exported. Add
1517 - Added the 'icmp' keyword. For example, 'icmp[0] != 8 and icmp[0] != 0'
1518 matches non-echo/reply ICMP packets.
1520 - Many improvements to filter code optimizer.
1522 - Added 'multicast' keyword and extended the 'broadcast' keyword can now be
1523 so that protocol qualifications are allowed. For example, "ip broadcast"
1524 and "ether multicast" are valid filters.
1526 - Added support for monitoring the loopback interface (i.e. 'tcpdump -i lo').
1527 Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) contributed the kernel
1528 patches to netinet/if_loop.c.
1530 - Added support for the Ungermann-Bass Ethernet on IBM/PC-RTs running AOS.
1531 Contact Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) for the diffs.
1533 - Added EGP and OSPF printers, thanks to Jeffrey Honig.
1535 v2.1 Tue Jan 28 11:00:14 PST 1992
1537 - Internal release (never publicly exported).
1539 v2.0.1 Sun Jan 26 21:10:10 PDT
1541 - Various byte ordering fixes.
1543 - Add truncation checks.
1545 - inet.c: Support BSD style SIOCGIFCONF.
1547 - nametoaddr.c: Handle multi addresses for single host.
1549 - optimize.c: Rewritten.
1551 - pcap-bpf.c: don't choke when we get ptraced. only set promiscuous
1554 - print-atal.c: Fix an alignment bug (thanks to
1555 stanonik@nprdc.navy.mil) Add missing printf() argument.
1557 - print-bootp.c: First attempt at decoding the vendor buffer.
1559 - print-domain.c: Fix truncation checks.
1561 - print-icmp.c: Calculate length of packets from the ip header.
1563 - print-ip.c: Print frag id in decimal (so it's easier to match up
1564 with non-frags). Add support for ospf, egp and igmp.
1566 - print-nfs.c: Lots of changes.
1568 - print-ntp.c: Make some verbose output depend on -v.
1570 - print-snmp.c: New version from John LoVerso.
1572 - print-tcp.c: Print rfc1072 tcp options.
1574 - tcpdump.c: Print "0x" prefix for %x formats. Always print 6 digits
1575 (microseconds) worth of precision. Fix uid bugs.
1577 - A packet dumper has been added (thanks to Jeff Mogul of DECWRL).
1578 With this option, you can create an architecture independent binary
1579 trace file in real time, without the overhead of the packet printer.
1580 At a later time, the packets can be filtered (again) and printed.
1582 - BSD is supported. You must have BPF in your kernel.
1583 Since the filtering is now done in the kernel, fewer packets are
1584 dropped. In fact, with BPF and the packet dumper option, a measly
1585 Sun 3/50 can keep up with a busy network.
1587 - Compressed SLIP packets can now be dumped, provided you use our
1588 SLIP software and BPF. These packets are dumped as any other IP
1589 packet; the compressed headers are dumped with the '-e' option.
1591 - Machines with little-endian byte ordering are supported (thanks to
1594 - Ultrix 4.0 is supported (also thanks to Jeff Mogul).
1596 - IBM RT and Stanford Enetfilter support has been added by
1597 Rayan Zachariassen <rayan@canet.ca>. Tcpdump has been tested under
1598 both the vanilla Enetfilter interface, and the extended interface
1599 (#ifdef'd by IBMRTPC) present in the MERIT version of the Enetfilter.
1601 - TFTP packets are now printed (requests only).
1603 - BOOTP packets are now printed.
1605 - SNMP packets are now printed. (thanks to John LoVerso of Xylogics).
1607 - Sparc architectures, including the Sparcstation-1, are now
1608 supported thanks to Steve McCanne and Craig Leres.
1610 - SunOS 4 is now supported thanks to Micky Liu of Columbia
1611 University (micky@cunixc.cc.columbia.edu).
1613 - IP options are now printed.
1615 - RIP packets are now printed.
1617 - There's a -v flag that prints out more information than the
1618 default (e.g., it will enable printing of IP ttl, tos and id)
1619 and -q flag that prints out less (e.g., it will disable
1620 interpretation of AppleTalk-in-UDP).
1622 - The grammar has undergone substantial changes (if you have an
1623 earlier version of tcpdump, you should re-read the manual
1626 The most useful change is the addition of an expression
1627 syntax that lets you filter on arbitrary fields or values in the
1628 packet. E.g., "ip[0] > 0x45" would print only packets with IP
1629 options, "tcp[13] & 3 != 0" would print only TCP SYN and FIN
1632 The most painful change is that concatenation no longer means
1633 "and" -- e.g., you have to say "host foo and port bar" instead
1634 of "host foo port bar". The up side to this down is that
1635 repeated qualifiers can be omitted, making most filter
1636 expressions shorter. E.g., you can now say "ip host foo and
1637 (bar or baz)" to look at ip traffic between hosts foo and bar or
1638 between hosts foo and baz. [The old way of saying this was "ip
1639 host foo and (ip host bar or ip host baz)".]
1641 v2.0 Sun Jan 13 12:20:40 PST 1991
1643 - Initial public release.
projects / tcpdump / blob