Fixed tcpdump.c to trace IP packets buried under VLAN headers.
Changes 6.6.3:
Added a function MissingData() in trace.c to check if TCP segments were
missing or were truncated when the -e option is given to extract
contents.
Changes 6.6.4:
Adding in the INBOUNDS module into the main tcptrace development tree.
It is NOT built in by default though; you need to uncomment a line in
Makefile.in to enable it.
Changes 6.6.5:
* Josh fixed the file format searching order, putting tcpdump format to
the end in file_formats.h as a work around for libpcap brokenness.
* Fixed Mfopen() in mfiles.c to open content data files that we
generate in "binary" mode - by changing fopen mode from "w" to "wb+" and "a"
to "ab+". The 'b' is dummy in UNIX systems, but seems to have some
semantic in the Windows world.
* Fixed QuitSig() function in tcptrace.c by adding a call to
udptrace_done() so that we print out UDP connection stats too (if one
were piping live tcpdump traffic to tcptrace and "ctrl-c"-ed it in the
middle, for example). On the way, also fixed the arbitrary "buf[4096]"
declaration to be written correctly as "buf[COMP_HDR_SIZE]" in the
PipeFitting() function.
Changes 6.6.6:
Fixed the callback function in tcpdump.c to prevent garbage data from
getting into the ip_buf buffer.
Changes 6.6.7:
Fixed bugs found in the AVL search function that had major bugs /
complexity issues.
- Remove FreeBSD header from pkgsrc Makefile
- ok'ed snj@/wiz@
From the ChangeLog:
- Fixed the processing of duplicate ACKs as in the BSD stack to count towards
the 3 dupacks required for fast-retransmit.
- Fixed the bug in processing IPv6 extension headers in ipv6.c:gethdrlength()
based on the patch sent by Thomas Bohnert.
- Added dsack counter to long output format and dsack sample input and output
- Fixed bug in the calculation of the "avg win adv" field, so that now avg.
falls in between min and max.
- Changes made to make gcc-3.3 make lesser warnings with tcptrace.
- Made the --csv/--tsv/--sv options' implementation better.
- Fixed a bug in traffic module, so that the number of open connections are
printed correct in the traffic_stats.dat file, even without giving
the -C option.
- Included the code to recognize Endace ERF (Extensible Record Format), sent
by Jesper Peterson.
- Included the code to recognize the PPP (Point-to-Point) input file format,
sent by Yann Samama.
- Fixing the bug with filtering connections based on hostname/portname with
the -f option.
- Included the code to generate PF file with '-c' option. Error messages are
made more logical when generating error messages for unsupported input and
captured file formats.
- Applied patch from Ulisses Alonso Camaro that lets SYN segments following
zero window advertisements from the opposite direction *not* be treated
as window probes. Also fixed a compilation problem due to the previous
patch by Jitesh (moved the "static int count=0" line to the beginning of
trace_done() function in trace.c).
- Fixed bunch of gcc3.3.1 warnings in erf.c (unused variable warning), netm.c,
ns.c (dereferencing type-punned pointer warnings).
- Fixed the typo(?) that made us have a #ifndef __WIN32 to #ifdef __WIN32 in
ipv6.h for the in6_addr structure definition.
- Patching in changes to mod_http.c making it more robust to print
information in cases where connections get closed with RST instead of
FINs and other trivia based on Yufei Wang's patch.
- Applying the patch courtesy John Heffner that displays a yellow rwnd line
in owin plots. Also adding --showrwinline option to control the yellow
rwnd line, in case it gets annoying.
- Also fixing trivia (type conversions for certain uint to int, etc.) in
output.c to keep gcc3.3 from warning on MacOSX 10.3.
- All the changes you see above in the 6.4.x series are part of the release
6.6.0.
- Includes a bugfix by Ramani, that restored the old semantics of the
SameConn() and WhichDir() functions and includes
new functions AVL_CheckHash() and AVL_CheckDir() to support the AVL tree
hash-bucket implementation.
- Includes a fix to ns.c to correctly read port numbers; added
functionality to track LEAST variables and reno LEAST algorithm to trace.c;
added isRTO() in rexmit.c : all by Wes.
summary of changes since 5.2.1 (there are a few, since this pkg is
~4 years old):
5.2.2 - Mon Sep 27, 1999
bug fix from Jamshid Majdavi (and Kevin Lahey), SYN-ACKs containing window
scaling were getting scaled (and shouldn't be).
5.2.3 - Interal changes and enhancements
5.2.4 - Tue Apr 11, 2000
bug fix by Priya - we were detecting rexmitted bytes in segments in error in
some cases
fixed bug in IPv6 header processing reported by Takayoshi Ohnishi,
IPPROTO_ICMPV6 was causing infinite loop
5.2.6 - Thu Jul 6, 2000
fixed bug in TCP checksum code, it was always saying CORRECT
6.0.0a - preparing for alpha release of version 6
6.0.1a - added support for atmsnoop output format in snoop.c
6.0.1a2 - changed all of the DLT_ constants in tcpdump.[ch] to PCAP_DLT_
with the same numbers to avoid OSs that are renumbering them.
6.0.1a3 - added format characters to several options, as an extension of a
suggestion by Brian Utterback.
6.0.0b4- Saturday, 6 Oct 2001
Added options :
--xplot_all_files and --xplot_args.
Added support for zero window probe packets and urgent data packets.
Fixed all sprintf's in the code to snprintf's to thwart any
buffer overflow attacks.
Changed functionality for window scaled connections so that
the output of "min win adv" does not print the minimum window
as advertised in SYN packets as SYN packets cannot be scaled
themselves.
Completely revamped the http module with code sent by Bruce Mah.
Added code to verify TCP and UDP checksums in IPv6 packets.
However, code has not been tested thoroughly yet.
6.0.1 - Mon Dec 3, 2001
This is the version we'll release
Also, added support with --print_seq_zero for printing sequence numbers
as relative to the SYN rather than absolute. NOTE: this only works for
"-P" which uses connection records, but NOT for "-p" (which doesn't)
Also fixed the SACK-printing code to print in decimal if requested.
Updated the manual page and made the necessary change to Makefile.in so
that the manual page gets installed when tcptrace is installed.
Fixed a bug with with the statistics for average window advertisement.
Average was showing more than max.
Fixed a bug with ACK sequence comparisons in the HTTP module. Many thanks to
Daikichi Osuga for pointing out the error.
Fixed a divide-by-zero error in PlotHist() in mod_rttgraph.c.
Matt Muggeridge has been very kind in providing detailed information regarding
porting tcptrace to OpenVMS. Please read the new file README.OpenVMS if you
are interested in running tcptrace on OpenVMS.
Changes made to code in order to be able to compile tcptrace under cygwin on
Windows. Now works on windows too. Does not support reading compressed dump
files directly though.
The ns code was modified by Angelos Stavrou to read in the more detailed
output from the extra headers in the ns FullTcp.
Fixed a bug with the host letters. The function HostLetter was skipping host
names after y, z ... jumping to ba, bb, ... instead of aa, ab ...
6.2.0 - Stable - Fri Jul 26, 2002
This is the version we'll release
6.2.1 - Fri Aug 09, 2002
enhance fulltcp file reading from r.schramp@kpn.com
6.2.2 - Fri Aug 30, 2002
added vlan support to snoop for Tysko. Need to add support in other
formats too, but I don't have a packet dump to test against yet - sdo
6.2.3 - Wed Sep 18, 2002
bugfix: For FIN segments with data only FIN was getting plotted and not the
data. Now data gets plotted with the default color and then one byte
is plotted with the synfin color. For no data, only one byte of FIN
is plotted with the synfin color.
6.2.4 - Wed Sep 18, 2002
bugfix: RST_IN relative offset was being calculated using the incorrect
sequence space.
6.2.5 - Mon Nov 11, 2002
bugfix: Negative sequence numbers were being printed by function
PrintSeqRep() for the packet print '-p' / '-P' switches. Changed the
print format from %d to %u.
6.2.6 - Thu Nov 14, 2002
bugfix: '-c' option - ignore non-complete connections was working only for
long output. Fixed it to work for brief output too.
Release 6.4.0
=============
Bugfix made to fix misbehavior due to FILE synchronization issues
found when tcptrace exits with "PCAP error - truncated file" when asked to
read real-time network packets from STDIN - Mani.
Patches added to process dumpfiles with 802.11 wireless headers for the
Prism2 chipset. Courtesy - Brandon Eisenmann.
Added new extended option "--nonreal_live_conn_interval" option to let the
user set the duration to timeout live connections, in non real-time mode
- Ramani.
Merged from development tree:
Added the options --oUDP, --iUDP, --oTCP, --iTCP to filter out TCP
and UDP connections - Mani
Added options --csv, --tsv, --sv=<SP> for comma/tab/<SP>-separated values to be
printed with the long output - Avinash
6.4.1 : 26 APR 2003 Mani
-----
Fixed a bug in the processing of IPv6 extension headers in ipv6.c:findheader()
6.4.2 : 3 MAY 2003 Jitesh
-----
Fixed the processing of duplicate ACKs as in the BSD stack to count towards
the 3 dupacks required for fast-retransmit.