3.2.2 - Late 1996 added better checking for looking too far into truncated packets 3.2.3 - Thu Jan 23, 1997 added a lot more truncation checking! 3.2.4 - Tue Feb 4, 1997 changed plotter.c:HostLetter(ix) to support unlimited (26**8) different endpoints (for mallman) fixes from Bill Fenner, thanks fixed bug in va_start/va_end in DoPlot. fixed bug with temporary colors not being done correctly when using text. Caused by Changes to xplot at last version and I didn't catch it 3.2.5 - Wed Feb 5, 1997 fixed small "off by one" error introduced by the LAST fix 3.2.6 - Thu Feb 13, 1997 fixed small bug in etherpeek reading. slicelength stored as "0" when entire packet was grabbed, didn't work before, now it does. 3.2.7 - Fri Feb 14, 1997 fixes from Jeff Semke, PSC fixed bug in output.c that make it fail on some machines added FDDI support (untested by me, don't have FDDI) added Makefile flags so that it will compile on a "NetBSD 1.2 on a Pentium box" (also untested by me, I don't have one) an HP compiler picked out some places where I missed a static decl for some functions. Not fatal, but I fixed it. 3.2.8 - Tue Mar 4, 1997 added changes for Mark allow connection reuse on same pair of IP addresses and ports 4 minutes must have passed and either new segment has a SYN or old connection had seen both FINs added fix to tcptrace.c so that ^C processing is re-enabled after all packets read so that the output can be killed from the keyboard fix by Bill Fenner - Endian boo boo caused PC's not to read any packets. removed the "-m" option and made all of the array structures resizable (now supports an "infinite" number of connections) changed elapsed() routine to return double to prevent overflow of microsecond stored in a long int 3.2.9 - Wed Mar 5, 1997 changes by Rich Jones at HP to run under HPUX mostly fixed the non-ansii standard #endif FOO to be #endif /* FOO */ fixed minor printing bug, 1323 flags printed wrong fixed snoop and netm so that they worked on PC's (more byte sex problems) 3.2.10 - Thu Mar 27, 1997 Mark "pushed" segments on TSG plots top arrow is red instead of white Compute slow-start window size (should be one except for "new" tcp's) Compute estimated congestion window 3.2.11a - Mon Mar 31, 1997 Fixed bug is TS options are not 4-byte aligned Fixed tick printing (bad % value) for HUGE files (millions of packets) 3.2.12a - Thu Apr 24, 1997 Fixed bug for file with large snap length 3.2.13a - Mon Apr 28, 1997 Big fix for Rob Austein otherdir->ack being initialized incorrectly in trace.c at SYN time 3.3.0 - Mon Jul 14, 1997 Added modules support Included http module for NASA Backed out delete of libpcap, causes too many problems Now using libpcap 0.4 4.0.1 - Tue Jul 15, 1997 Ready for next public release (I hope) Verified on the platforms I have access to 4.0.2 - Wed Jul 16, 1997 Added '-W' option to turn off Mark's estimated Cwin stuff, it's not generally useful Added raw packet printing to mod_http 4.0.3 - Thu Jul 24, 1997 Fixed tcpdump.c to work with lastest libpcap (can no longer assume that header is aligned :-( ) Added plast into all packet reading routines to better check for the end of packets Added fix from Kacheong Poon for sack truncation problem 4.0.4 - Wed Aug 13, 1997 Added some very minor patches to ease FreeBSD patch. All you should need to do now is change the Makefile for FreeBSD (thanks Bill Fenner) Added hack by Mark Allman for http module Added minor changes to support Linux compilation (mostly just left the standard include files in a separate linux directory) 4.1.0 - Fri Aug 22, 1997 Added support for reading compressed files (configurable, .gz and .Z by default) Added option to save TCP stream data into files (-e) Modified mod_http.c to support HTTP1.1 streams (ick) Added help argument "-h" with several options for information including docs for long format output 4.1.1 - Fri Sep 5, 1997 Minor mfiles bug fixes mod_http now generates plot files, still experimenting fixed tcpdump to allow files with DLT_NULL headers 4.1.2 Added more module interface routines Allow modules to have per-connection data structures Fixed some compression bugs 4.1.3 Added "percent done" for compressed files, just a guess but better than N/A Passed filesize and compressed state to modules Added mod_traffic fixed bug in extract_contents (for mod_http) that caused it to fail if the first segment seen was not the first segment of the connection (oops!) Added -z flag to plot time axis from 0 rather than wallclock time big lint cleanup added support for "configure" to simplify cross-platform stuff added Mark's "data xmit time" code 4.1.4 minor LINT fix in print.c added ECHO/ECHOREPL CC/CCNEW/CCECHO to understood options added support for Etherpeek version 7 save file format fixed minor http modules bugs changed some longer fields to use "long long" if available added "pushed packets" counter added hardware duplicate detection 5.0a adding Nasseef's IPv6 support added the -y flag to turn off the (yellow) instantaneous dots in the tput plot first cut at the output filtering code (slick!) 5.0.2 added support for DLT_RAW under tcpdump (pcap) 5.0.3 bug fix for John Tysko, tcp_length & tcp_data_length were unsigned and resulting in a HUGE amount of data if the tcp header was truncated. Changed to unsigned. count/print truncated bytes/segs ALWAYS, not just when extracting data changed to use flex/bison for better portability fixed bug in etherpeek for odd-sized packets from compressed files 5.0.4 - Thu May 14, 1998 forced the "char" types for tcp_opt for ws and sack_count to be "SIGNED char", because the compiler on my PB3400/Linux makes them unsigned by default. The "-fsigned-char" could also fix it, but this seems easier. 5.0.5 - Tue Jun 23, 1998 -- Fri Aug 7, 1998 fixed mod_traffic memory allocation bug. I wonder why nobody reported this? added "pure ack" counter (for Mark) added call to print modules usage for "-hargs" added Eric's tcplib-generating module added check for ASCII input added reading of arguments from resource file, then from envariable, and then from the command line (suggestion from Jeff Semke) can read from standard input if filename is "stdin" extended "-z" option to allow you to lock either the X or the Y axis (or both) to zero (for Brian Utterback) added printing of zero-sized packets (for Brian Utterback) zero-sized packets pointed out a "bug" in the zero-based time stuff from version 4.1.3. Both graphs in a pair don't have the same "zero point", which is a little confusing. They were off by 1/2 a RTT, the difference between the SYN and the SYN/ACK. I fixed this by adding a green dot corresponding the the first SYN in the second graph. Kind of helpful in general, too. added Mallman's netbsd mkstemp change in compress.c extended the "-w" flag to make the normal case quieter lots of changes to mod_traffic, plus a few bugfixes, mostly for my use 5.0.6 - Fri Aug 14, 1998 added UDP connection support, a lot of people have been asking for it finished mod_collie 5.0.7 - Mon Aug 24, 1998 fixed bug in StringToArgv() that messed up when the arg buffer started with whitespace 5.0.8 - Wed Sep 9, 1998 changed mod_traffic to ALWAYS 'quiet' the final traffic output fixed bug report from Mark, SYN RTT's weren't being included in min RTT report. Fixed so that both SYNs and FINs are included in that calculation. 5.0.9 - Thu Sep 24, 1998 fixed bug with "only" connections not detecting reuse of ports added warnings for re-ordered packets and/or files 5.0.10 - Thu Oct 1, 1998 bug fix in snoop.c, netm.c, and epeek.c Just a check for bogus save files with invalid packet lengths to keep the program from crashing without warning fixed args in tcplib module to match the conventions in the other modules added "long duration" connection graph to traffic module bug fixes from Michele Clark - UNC thruput plot files - graph for both directions had the same title suggested making the type for the xplot sequence number axis "double" rather than "unsigned". The unsigned was from Tim Shepard's original xplot demo files. She says that double makes it work better for large sequence numbers. I'll try it and see if anybody has trouble. changed "new connection" heuristic. Then a new connection uses the same pair of ports as a previous connection, it wasn't always being detected. This was originally pointed out by Brian Utterback and later by Mark Allman. New heuristic is more in line with RFC1122 (SYN is out of the sequence space for the previous connection). 5.0.11 - Mon Oct 19, 1998 Brian Utterback found another case where I was splicing connections together. Bad unsigned match caused it... fixed (knock, knock) 5.0.12 - Mon Nov 2, 1998 Added generic, high-level line drawing functions to plotter.c Used same in mod_traffic to add an overall RTT plot Added one more minor patch to the connection splicing heuristic Lots of changes to make the RTT calculation better in cases of retransmissions and etc Added RTT graph to the traffic module Added triple-dupack counter Added triple dupack tick on TSG graphs Added dongles to ACKS on the TSG graphs to distinguish different kinds of ACKS that need to be handled differently for RTT calculation 5.0.13 - Wed Nov 4, 1998 Fixed tcpdump OUTPUT bug, created files generated "truncated-ip" warnings from real tcpdump program, I fixed it. Added cwin graph (-N) for Mark Added segsize graph (-F!) for Jeff Fedor Added elapsed time to "tick" output to make it easier to stop early Added "pure acks/second" to traffic module Added "halfopen conns" to traffic module 5.0.14 - Wed Nov 18, 1998 Changed the way that connections are stored and searched. Has a major impact in improving performance when the program's VM Size grows above the machine's physical memory. It can now continue to run well under these conditions (up to available swap space), before it just thrashed itself to a standstill. 5.0.15 - Fri Nov 20, 1998 possible fix for pipe() failure with too many files open added some minor argument parsing checks added a few extended arguments "--foo" to control lesser-used functions fixed PAGESIZE reference for Craig Metz - not under some Linux fixed error in stats when SYNs and FINs rexmitted, unique bytes was wrong (which threw off missed data and throughput) fixed a bug where rexmitted SYNs were not being included in the rexmit counts (also fixed marking on tsg graphs) added another case to the connection-splicing code to fix something I saw with FACK/SACK fixed references to the idle_max counter to give the same answer everywhere (some machines were overflowing sooner than others, I changed the math) 5.1.0 - Tue Dec 1, 1998 Getting ready for a new multi-platform distribution 5.1.1 - Wed Dec 9, 1998 Fixed bug from Brian Utterback, both RTT graphs had same title ... which led me to discover a rather obscure bug that caused the first RTT plot to get corrupted, but only if no other plots were requested 5.1.2 - Mon Dec 14, 1998 Added extended options for --showrttdongles mark non-RTT-generating ACKs with special symbols --noshowrttdongles DON'T mark non-RTT-generating ACKs with special symbols --showdupack3 mark triple dupacks on time sequence graphs --noshowdupack3 DON't mark triple dupacks on time sequence graphs --show0lensegs show zero length packets on time sequence graphs --noshow0lensegs DON'T show zero length packets on time sequence graphs made the default for the RTT dongles FALSE, they're not generally useful Minor Docs changes for filtering Added new filter syntax prefix 'b_' to recap: # 'c_' means just "Client" ./tcptrace '-fc_segs>100' file Output filter: (c_segs>100) # 's_' means just "Server" ./tcptrace '-fs_segs>100' file Output filter: (s_segs>100) # no prefix, either one ./tcptrace '-fsegs>100' file Output filter: ((c_segs>100)OR(s_segs>100)) # 'e_' means "Either", same as without prefix ./tcptrace '-fe_segs>100' file Output filter: ((c_segs>100)OR(s_segs>100)) # 'b_' means "Both" ./tcptrace '-fb_segs>100' file Output filter: ((c_segs>100)AND(s_segs>100)) Added initial support for the NLANR tsh packet format bug fix, packets/connection were being passed to modules even though they were supposed to be ignored (caused mod_rtt to break, probably others too) name resolution: split in half to resolve_ipaddresses resolve_ports +-n still toggles both, but extended args let you control either changed "-o" option to allow "-oM-N" bug fix from Jamshid Mahdavi, sack blocks not converted to local byte order (made intel platforms plot/print sacks wrong) added support for TCP/UDP/IP checksum verification only implemented for IPv4 --checksum turns it on, it's expensive 5.1.3 - Tue Jan 19, 1999 added FDDI support in snoop module (for Brian Utterback) changes from Jun-ichiro Hagino, made compliant with latest IPv6 API/implementations (just changes to constant names in ipv6.[ch]) minor bug fixes to tcplib module 5.1.4 - Wed Jan 27, 1999 fixed bug in congestion window graph, REALLY long connections would cause a counter to wrap around, messing up the average fixed major bug in tcplib module, ftp data and control ports were backwards The -O options was writing IPv6 packets incorrectly (wrong length) 5.1.5 - Wed Feb 17, 1999 fixed bug in reading .tcptracerc files, caused core dump on some files when printing packets, IP options are now printed too 5.1.6 - Tue Mar 16, 1999 added extended arg for triple dupack stats (--dupack3_data) by default: if a segment has data, it can't be a triple dupack optional: if a segment has data, it CAN be a triple dupack bug fix from Brian Utterback in snoop.c. Obscure alignment problem fixed. added "total data" graph to traffic module made counters "long long" in traffic module patches from Kevin Lahey to print ECN information patches from Kevin Lahey to read LBL Network Simulator (ns) output allow unambiguous prefixes of extended args (--foo) added --dump_packet_data to add TCP/UDP packet DATA printout along with individual packet dumps (--dump is good enough prefix) bug fixed to the http module from Daikichi Osuga (byte sex problems) added support for DLT_ATM_RFC1483-format tcpdump files 5.2.0 - Tue Sep 7, 1999 patch in gache.c for Linux/Redhat stupidity with the strncmp() macro fixed ipv6.h to work with the way that Linux/Redhat built IPv6 fixed bug in recording window stats from SYN packets when using scaling fixed off-by-one in final report on number of packets seen