Directory ip-routing/lbl-tools/

traceroute*.tar.gz
tcpdump*.tar.gz
libpcap*.tar.gz	- original LBL versions (only gzipped).

.obsolete/tcpdump*.dif.gz
.obsolete/libpcap*.dif.gz - slightly repaired versions, working only with kernels 2.1.68+
.obsolet/tcpdump-3.4-glibc2.1.dif.gz - additional patch to compile it with glibc2.1
			      (contributed by Pawel Krawczyk <kravietz@ceti.com.pl>)

These patches are mainly obsolete, though they work.
Please, do not send me bug reports, addons etc.
Currently supported libpcap and tcpdump have suffuces "ssXXYYZZ".

=====================================================================

Real patches are:

traceroute-*.dif.gz
tcpdump*-ssAABBCC.dif.gz
libpcap*-ssAABBCC.dif.gz - more advanced versions. See below.

kernel-turbopacket.dif.gz - "Turbo" extension to packet socket.
			    It is not required, but lipcap is much faster
			    with it.

tcpdump-tcpdump.org-ssAABBCC.dif.gz - diff wrt cvs.tcpdump.org as of AABBCC.

WARNING! These diffs are raw diffs between untarred LBL distribution
and my working directory. I do not care about cleaning them, so that
try not to delete preconfigured Makefile.


Differences are:

- use PF_PACKET socket. Normally, it uses SOCK_DGRAM socket,
  and, hence, works for arbitrary link types, including
  all the sorts of tunnels.
  If "-e" option to tcpdump is done, it uses SOCK_RAW socket,
  that prints more detailed info, but works only for several
  link types.

  [ The last is more not correct for ssAABBCC versions,
    raw mode is turned on by special -R option;
    -e affects only printing link layer addresses.
  ]

- NOTE!!! Now it works in non-promiscuous mode by default!!
  The sense of "-p" option is inverted!

- IPv6 support (a bit improved) is taken from NRL distribution.

- RSVP parser added (from ISI rel4.1)

- AX.25 support added (by Thomas Sailer <sailer@ife.ee.ethz.ch>)

- Token Ring support added (supplied by Paul Norton <pnorton@ccnusa.com>)

- RSVP parser updated to 4.2a3. You will have to get ISI rsvpd-4.2a3
  and linux patch from ftp://ftp.inr.ac.ru/ip-routing/rsvp and compile
  it. Besides that set symbolik link in tcpdump directory to rsvpd.

- IPv6 understands hop-by-hop and routing headers,
  is updated to fresh specs and generally more clever now.
  Formatting is improved a bit.

- [980901]
	* Updated to ISI rsvpd 4.2a4.
	* libpcap and tcpdump are merged to official *.4 LBNL releases.

- [980910]
	* Dave's patch for SACKs is applied. I beg pardon, I honestly
	  believed, that I've already applied it half of year ago.
	  Well, "late" is better than "never". 8)

- [981004]
	* LBNL traceroute-1.4a5 also included.

- [981016]
	* New libpcap/tcpdump. Since today I will put snapshots
	stamped with suffix ssAABBCC. Suffixless versions are frozen.

	NEW FEATURES.
	* libpcap.
	  - Kernel BPF filter added. It is pretty smart in selecting
	    between kernel/user filters, but still cannot detect, when
	    kernel filter is not patched to support ancillary data.
	    Patch kernel or use -R option (when the last one works, certainly)
	  - Rudimentary support for ipv6 bpf is added. Namely, if packet
	    has no extension headers, it understands:
	    * "tcp"/"udp" are interpreted as "ip or ipv6".
	       Ports are also understood.
	    * "icmpv6"
	    * "ipv6 proto xxxx"
	    * "ipv6" protocol and modifier (certainly, even with exthdrs)

	    NOTE there exist more advanced libpcapv6 library
		(http://dutch.antd.nist.gov/~dykang)
	        Unfortunately, despite of its "advanceness" it generates
		invalid bpf code. Sigh.

	* tcpdump
	  - if no "-i iface" is given, tcpdump listens on ALL interfaces.
	    It is very convenient in monitoring forwarding.
	  - -R option to force using raw sockets, it may be useful,
	    when kernel bpf is not applicable to datagram socket
	    (i.e. kernel is not patched)
	  - -b <protocol> to bind socket to this protocol ID.
	    It is more efficient and better bpf code is generated,
	    which is guaranteed to work without kernel patch.
	    Unfortunately, due to one Linux "feature" only received packets
	    are seen, but not output ones.
	  - Single character indicator of frame type:
	     > - output
	     < - input, unicast
	     B - input, broadcast
	     M - input, multicast
	     O - input, other host
	  - when listening on all devices, interface name is also printed.

- [981101]
	* Samba patches are applied. Grr... and repaired to print
	  something reasonable, rather than flood screen with some unitelligible
	  crap not depending on verbosity level. Set "-vv" if you want to see it.
	* Parsing icmpv6 messages is complete.
	* ip/ipv6/arp message parser is more intelligent now and
	  "-vv" option is VERY verbose f.e. it parses contents
	  of icmp error messsages and ndisc options.

- [990315]
	* bug in calculation packet length is fixed.
	* support for new option (MSG_TRUNC), so that
	  true packet lengths are known to libpcap.

- [990317]
	* "Turbo" packet capture mode (Patch kernel-turbopacket.dif.gz
	  is required to be applied to kernel).
	* ECN bits derived from patch by Jamal Hadi Salim.

- [990327]
	* PIMv2 (and PIMv1 too) parser.
	* "Turbo" mode improved
	* Stale oddities for normal socket mode are discarded.
	* Bug in pcap_open_live wrapper (Vladimir V. Ivanov <vlad@elis.tusur.ru)

- [990330]
	* Some PIM bits are cleaned.

- [990417]
	* Compilation problems by Robert Olsson.
	* rsvp parser does not loop, when message is truncated.
	  [ actually this fix is located in rsvpd tree ]
	* tcpdump&traceroute had wrong in_cksum! Fixed.

- [990523]
	* PIMv2 BSR & C-RP-Adv parser is added. Not tested.
	* Some misc. PIM bits.

- [990824]
	* New memory mapped packet socket (since 2.3.15)
	* Merged ATM packets parser from atm-0.61
	* Disguisting bug in TCP/IPv6.

- [990915]
	* libpcap should compile with kernels <=2.3.15 now.
	* Fixes to compile tcpdump with glibc-2.1 by Chris Wedgwood <cw@f00f.org>

- [991029]
	* PPPoE (PPP over Ethernet) parser (by Greg Stark <gsstark@mit.edu>)

- [991030]
	* Merge to cvs.tcpdump.org. Make separate two diffs wrt 3.4 and CVS
	  at tcpdump.org.
	
	I accepted not all the differences:

	- tcpdump: I removed the following chunks:
	  1. print-ah.c & print-esp.c. Well, they did nothing useful,
	     were not hooked _at_ _all_. Removed not to pollute tree with crap.
	  2. default_print* in tcpdump.c. Khm, I have no idea what the change
	     did, but it is _evidently_ wrong. At least, it is wrongly formatted,
	     which shows all. 8)
	- libpcap: all the chunks are ignored.

	Summary of changes comparing CVS and 3.4:

	* Better bootp printer.
	* Better snmp printer.
	* ISAKMP printer.
	


Alexey Kuznetsov