Fetching contributors…
Cannot retrieve contributors at this time
309 lines (222 sloc) 10.6 KB
o Fix "no VLAN support for XXX"-related problems
o Fix truncated/garbled output (e.g. SIP over SLL/Linux cooked sockets)
o Change exit behavior to match BSD & GNU grep (see manpage)
o Add Solaris IPnet support
o Update to use 32bit values where relevant
o Emit frame # in header, useful for reference/analysis
o Emit total received, matched upon exit (dropped unreliable PCAP stats)
o Import debian patches related to autotools, manpage, and compilation
on other platforms
o Fix build clean/distclean when not linked against provided GNU regex
o Fix build --enable/--disable flag processing
o Fix building under MS VS2012 / Win32
o Update to latest autotools (2017)
o actual bugfix for the VLAN parsing issue. prior version 1.46 expanded
the BPF filter to include IPv4/6 traffic, but the offset calculation
forgot to account for the variable presence of VLAN headers. now
ngrep detects VLAN frames in every packet and adjusts the offset on
the fly.
o re-organized, in part to sync with downstream patches
(which were never sent upstream)
o removed included PCRE library, now builds against system
version when specified (default is included GNU Regex)
o fixed duplicate PCAP header check, which broke with the
release of libpcap 1.0
o prefixed all tack-on autoconf variables from _FOO -> EXTRA_FOO
o capitulated to Debian: use tar.gz instead of tar.bz2 :-(
o ngrep.c: Call setlocale to make isprint() work based on current
locale. See
o include tcpkill functionality (-K), a long-standing downstream patch
under Debian
o updated to latest autoconf
o updated copyrights to 2014
o fixed bug where setting the snaplen smaller than the minimum
necessary to read the full headres would cause garbage to be
fed into the pattern matcher
o fixed unreported bug in IPv6/TCP packet length calculation
o relocated the privilege-dropping routine to be invoked right
before entering the packet processing loop, to prevent
interference with necessary permissions to read or write
o fixed integer overflow with the snaplen that resulted from
an implicit signed/unsigned conversion
o minor change to compensate for some broken compiler
o fixed double-free race condition during ngrep termination
o reworked packet length calculation in the main processing
loop, improving performance and readability
o simplified regex build logic in configure and Makefile
o updated Win32 version to use config.h for preprocessor
definitions instead of the Visual Studio project files,
making manual tweaking and config of ngrep for Win32
consistent with *NIX and more obvious
o changed third-party Makefiles to properly clean up after
o added support for radiotap (IEEE802_11_RADIO)
o changed ``-s 0'' invocation to mimic the equivalent of tcpdump
o added post-config section to configure: emit important
config option settings that weren't previously indicated
o for BSD platforms, only emit pcap_restart warning from
configure if ``--disable-pcap-restart'' hasn't been
o added IPv6 and ICMPv6 support (all platforms); disabled by
default for common case where libpcap wasn't compiled with
IPv6 support
o added support for displaying protocol number (``-N''),
useful for when observing raw packets
o added support for new display method ``single'', similar to
``byline'' but both header and data occupy one single line
o introduced multiple levels of quiet (``-q''); the more it is
specified the more quiet ngrep becomes
o reorganization of some internal support headers and core
code to eliminate redundancy, improve readability and
efficiency, and support new features
o changed all integer types to be bit- and sign-explicit
o healed the win32 code fork: ngrep now builds from the same
source tree for all platforms including Windows
o re-wrote the privilege revocation logic after problems were
reported with the SPC version, and removed non-root
drop_privs capability altogether
o fix off-by-one bug which caused ngrep to exit 1 packet early
when ``-A'' as invoked
o Fixed problematic configtest for old broken-redhat-glibc UDP
o ngrep now sets a pcap filter "ip" by default, if one is not
o header offset fix to 802.11 processing
o support IGMP and Raw (unknown IP protocol) type packets
o support for latest versions of libpcap (0.8.3) and winpcap
(3.1 beta 4)
o updated configure to autoconf 2.59, and config.guess and
config.sub to latest versions
o updated PCRE from 3.4 to 5.0
o and various minor changes and updates to improve ngrep
o rewrote the entire to autoconf 2.57
to be more consistent with normal autoconf'd programs.
corrects bugs around packaging impediments and typos
o improved privilege dropping code and added more options to
configure to govern its behaviour
o added flag to turn off privilege revocation logic
o added multiline match as default and ability to enforce
previous default single-line match (bugfix + feature)
o added ability to read bpf filter expression from file
o added ability to force the column width to a certain size
o added two new output modes: ``byline'', whose output
respects embedded carriage returns (useful for http dumps),
and ``none'', which prints out each dump as a single line no
matter what
o added ability to specify alternate nonprintable character
(default is ``.'')
o made ``-q'' effects more consistent and usable for scenarios
where ``-I'' and/or ``-O'' are being employed
o documentation updated
o added -S (set limitlen)
o added LOOP and SLL tests for portability/old libpcap'en
o added configure --safe-user and dropprivs code
o added TCP ECN congestion header recognition
o improved support for a few OSes
o relaxed some restrictions in the license (COPYRIGHT -> LICENSE)
o 802.11 support
o MacOS X support
o ISDN (SLL) support
o OpenBSD tun device support
o updated to support specifying pcap directory
o updated config.sub and config.guess
o added scripts/, parallel ngrep perl script
o very minor change to documentation
o license change, amends the BSD advertising clause
o fixed bug from not considering caplen in payload length
o added -s (set bpf caplen)
o fixed header include for linux glibc 2.2 (time.h wasn't
being included)
o typographical error, -p works now
o added in AIX includes
o added BSD* includes for display updates
o added -p (don't go into promiscuous mode)
o in standard match mode, the display now updates when window
sizes change
o configure now gives the user the option to compile with the
pcre library, which is more license-friendly (albeit slower)
o fixed minor bug in date printing with -t
o added configure option '--without-restart', which will
remove the pcap restart API call. Newer versions of libpcap
don't need it, and on certain platforms the API call
o win32: compiled with winpcap's pcap.h, which apparently
breaks the pcap standard and introduces its own data link
layer types. fixes the 'unsupported interface' error folks
sometimes got when used with a 100bT adapter
o binary matching
o windows compilation support
o 64-bit clean patch to regex.c
o dump and replay pcap_dump files
o officially licensed under the BSD license
o normal and diff/delta timestamps
o added FDDI support
o added -l (line buffer stdout)
o a few optimizations were made to shave off some cpu cycles
spent on processing each packet
o fixed bug where the blank regex algorithm wasn't even being
o fixed bug in blank regex algorithm that was preventing '-n'
from working
o change to compile on LinuxPPC
o change to nix potential warnings on other OSes
o change to not exit if pcap_lookupnet fails
o appears that the release of 1.34 had only one of the
match optimizations: somehow only the tcp match was updated;
udp change was omitted. fixed
o moved -v (version) to -V
o added -v (grep -v), invert match
o added -d lo (null linktype)
o added ability to match proto icmp
o updated to handle old installations of pcap
more gracefully (i.e. continue on by adding the necessary
defines and just gripe)
o merged in patch from Andrew W. Flury <>
for hex printing, made minor modification to patch to not
print off the end of the buffer
o added an optimization for the case where no regex was
specified; should account for a little speed up
o fragment changes, this should be it
o switched around regex -w/-i logic
o fragment bugfixes
o added -A (match after)
o changes
o changes for solaris
o added manpage (ngrep.8)
o bugfix: wasn't malloc'ing enough for word_regex
o bugfix: case-insensitive was tolower()ing the word_regex
o added -e (show empty)
o one or two safe, preemptive changes catching possible int
o added -n
o no required arguments anymore
o regex's are not required anymore, can just be bpf logic
o probably a bugfix or two