Directory ip-routing/lbl-tools/

traceroute*.tar.gz
tcpdump*.tar.gz
libpcap*.tar.gz	- original LBL versions (only gzipped).

traceroute*.dif.gz
tcpdump*.dif.gz
libpcap*.dif.gz - slightly repaired versions, working only with kernels 2.1.68+
tcpdump-3.4-glibc2.1.dif.gz - additional patch to compile it with glibc2.1
			      (contributed by Pawel Krawczyk <kravietz@ceti.com.pl>)

These patches are mainly obsolete, though they work.
Please, do not send me bug reports, addons etc.
Currently supported versions have "ssXXYYZZ" suffices.

=====================================================================

Real patches are:

tcpdump*-ssAABBCC.dif.gz
libpcap*-ssAABBCC.dif.gz - more advanced versions. See below.


WARNING! These diffs are raw diffs between untarred LBL distribution
and my working directory. I do not care about cleaning them, so that
try not to delete preconfigured Makefile.


Differences are:

- use AF_PACKET socket. Normally, it uses SOCK_DGRAM socket,
  and, hence, works for arbitrary link types, including
  all the sorts of tunnels.
  If "-e" option to tcpdump is done, it uses SOCK_RAW socket,
  that prints more detailed info, but works only for several
  link types.

  [ The last is more not correct for ssAABBCC versions,
    raw mode is turned on by special -R option;
    -e affects only printing link layer addresses.
  ]

- NOTE!!! Now it works in non-promiscuous mode by default!!
  The sense of "-p" option is inverted!

- IPv6 support (a bit improved) is taken from NRL distribution.

- RSVP parser added (from ISI rel4.1)

- AX.25 support added (by Thomas Sailer <sailer@ife.ee.ethz.ch>)

- Token Ring support added (supplied by Paul Norton <pnorton@ccnusa.com>)

- RSVP parser updated to 4.2a3. You will have to get ISI rsvpd-4.2a3
  and linux patch from ftp://ftp.inr.ac.ru/ip-routing/rsvp and compile
  it. Besides that set symbolik link in tcpdump directory to rsvpd.

- IPv6 understands hop-by-hop and routing headers,
  is updated to fresh specs and generally more clever now.
  Formatting is improved a bit.

- [980901]
	* Updated to ISI rsvpd 4.2a4.
	* libpcap and tcpdump are merged to official *.4 LBNL releases.

- [980910]
	* Dave's patch for SACKs is applied. I beg pardon, I honestly
	  believed, that I've already applied it half of year ago.
	  Well, "late" is better than "never". 8)

- [981004]
	* LBNL traceroute-1.4a5 also included.

- [981016]
	* New libpcap/tcpdump. Since today I will put snapshots
	stamped with suffix ssAABBCC. Suffixless versions are frozen.

	NEW FEATURES.
	* libpcap.
	  - Kernel BPF filter added. It is pretty smart in selecting
	    between kernel/user filters, but still cannot detect, when
	    kernel filter is not patched to support ancillary data.
	    Patch kernel or use -R option (when the last one works, certainly)
	  - Rudimentary support for ipv6 bpf is added. Namely, if packet
	    has no extension headers, it understands:
	    * "tcp"/"udp" are interpreted as "ip or ipv6".
	       Ports are also understood.
	    * "icmpv6"
	    * "ipv6 proto xxxx"
	    * "ipv6" protocol and modifier (certainly, even with exthdrs)

	    NOTE there exist more advanced libpcapv6 library
		(http://dutch.antd.nist.gov/~dykang)
	        Unfortunately, despite of its "advanceness" it generates
		invalid bpf code. Sigh.

	* tcpdump
	  - if no "-i iface" is given, tcpdump listens on ALL interfaces.
	    It is very convenient in monitoring forwarding.
	  - -R option to force using raw sockets, it may be useful,
	    when kernel bpf is not applicable to datagram socket
	    (i.e. kernel is not patched)
	  - -b <protocol> to bind socket to this protocol ID.
	    It is more efficient and better bpf code is generated,
	    which is guaranteed to work without kernel patch.
	    Unfortunately, due to one Linux "feature" only received packets
	    are seen, but not output ones.
	  - Single character indicator of frame type:
	     > - output
	     < - input, unicast
	     B - input, broadcast
	     M - input, multicast
	     O - input, other host
	  - when listening on all devices, interface name is also printed.

- [981101]
	* Samba patches are applied. Grr... and repaired to print
	  something reasonable, rather than flood screen with some unitelligible
	  crap not depending on verbosity level. Set "-vv" if you want to see it.
	* Parsing icmpv6 messages is complete.
	* ip/ipv6/arp message parser is more intelligent now and
	  "-vv" option is VERY verbose f.e. it parses contents
	  of icmp error messsages and ndisc options.

- [990315]
	* bug in calculation packet length is fixed.
	* support for new option (MSG_TRUNC), so that
	  true packet lengths are known to libpcap.

- [990317]
	* "Turbo" packet capture mode (Patch kernel-turbopacket.dif.gz
	  is required to be applied to kernel).
	* ECN bits derived from patch by Jamal Hadi Salim.

Alexey Kuznetsov