-= Stable version () =- version 1.4.14 - 29-Sep-2001 - Etienne Bernard ---------------------------------------------- "ignore all" and "log all" options are now available. Simplified the memory handling at certain places so that the memory leak detection should be simplified but did not manage to find the memory leak described in debian bug report #111190. Anyway, I found a minor memory leak in the filter reloading (this should only occur if you specify a rule with a TO | without a FROM | rule). version 1.4.13 - 14-Apr-2001 - Etienne Bernard ---------------------------------------------- Fixed the parsing of hostnames containing a "-". version 1.4.12 - 05-Nov-2000 - Etienne Bernard ---------------------------------------------- Forgot to bump up version number. Changed to manual page to tell that the default behaviour is changed to not resolve. version 1.4.11 - 28-Oct-2000 - Etienne Bernard ---------------------------------------------- Parsing of port ranges (port--port) was broken (see Debian bug #69160). Applied patch from Matt Zimmerman (see Debian bug #72323) Tell the resolver to use UDP instead of TCP. Should fix Debian bug #75305. Set default to *NO RESOLVE* (as suggested in Debian bug #50359). Some exit conditions (in icmp.c, tcp.c and udp.c) now log a message before stopping ippl. Should ease bug detection. version 1.4.10 - 21-Apr-2000 - Hugo Haas ---------------------------------------- Parsing of x.x.x.x/n was broken. Applied patch by Charles C.Fu . version 1.4.9 - 11-Feb-2000 - Hugo Haas --------------------------------------- ippl would change UID, but not GID. See Debian bug #55864. Patch by Topi Miettinen . version 1.4.8 - 11/10/99 - Hugo Haas ------------------------------------ go_background() now uses daemon(). Cleaned up code. Stopped complaining about packets with options in the IP header. Those options are legitimate (source routing). I had kept that from iplogger's behavior. Fixed a typo in ippl.conf man page. version 1.4.7 - 5/9/99 - Hugo Haas ---------------------------------- Updated documentation. version 1.4.pre7 - 29/8/99 - Hugo Haas -------------------------------------- Updated ippl.conf.man to specify a new format for the netmasks. Now support syslogd-like 'last message repeated x time(s)' thanks to Per/dw . version 1.4.6 - 16/6/99 - Hugo Haas ----------------------------------- Fixes a parsing problem for "port pop-3" (patch by Etienne). Fixes a couple of problems in the Makefile system. More fixes to come. version 1.4.5 - 16/4/99 - Etienne Bernard ----------------------------------------- Fixes another problem with ident resolution. version 1.4.4 - 12/4/99 - Hugo Haas ----------------------------------- Applied patch from Etienne solving a problem related to the parsing of port ranges. version 1.4.3 - 09/04/99 - Etienne Bernard ------------------------------------------ Implemented a better solution for the problem described below, thanks to Frank Pavageau . Maybe I should buy "Advanced Programming in the Unix Environment" by Richard R. Stevens :-) (donations are also accepted, of course :-) version 1.4.2 - 07/04/99 - Etienne Bernard ------------------------------------------ Fixed a bug related to the ident function. I am not satisfied by the solution that I used, and I will change it as soon as I get rid of a problem related to signals and multithreading. version 1.4.1 - 05/04/99 - Etienne Bernard ------------------------------------------ Integrated patch for filtering on source port from Charles R. Anderson (). Corrected debian bug #35365 (see http://www.debian.org/Bugs/db/35/35365.html), thanks to Gaël Roualland . Fixed a bug which caused ippl to take 100 % CPU on ident requests sometimes. version 1.4.0 - 26/3/99 - Hugo Haas ----------------------------------- ippl.y: now run works fine if it called more than once. udp.c: changed the message displayed to "port x UDP datagram from x"; fixes the problem "UDP datagram port port x" since service_lookup() returns "port x" if x is an unknown port. ident.c: closed the socket after lookup. version 1.3.9 - 17/3/99 - Hugo Haas ----------------------------------- Changed ippl.y: now handle errors in the Line section, not in the Rule one. Added code to debug parsing mechanism (--enable-parsing-debug). Removed test against ALL_PROTO in do_log() since it is not supported anymore. version 1.3.8 - 16/3/99 - Hugo Haas ----------------------------------- Corrected a typo in configuration.c. Removed reference to the all keyword for a rule in the man page. Added filter debugging code. version 1.3.7 - 15/3/99 - Hugo Haas ----------------------------------- Added the possibility to change the user running the logging threads. The default user can be modify using the --with-user=USER option of configure. At run time, it is specified with the "runas" keyword. configuration.c: reset all the variables to their default values when reading configuration. Defined set_default_values(). main.c: do not stop anymore when the account used is not found or when there is nothing to log. Instead, display a warning and do nothing. version 1.3.6 - 14/3/99 - Hugo Haas ----------------------------------- Modified configure.in. Modified INSTALL. version 1.3.5 - 13/3/99 - Hugo Haas & Etienne Bernard ----------------------------------------------------- ippl.l, ippl.y, filter.h & tcp.c: added logclosing/nologclosing rule in order to log TCP connection closings. Added configuration capabilities. version 1.3.4 - 12/3/99 - Hugo Haas & Etienne Bernard ----------------------------------------------------- netutils.c: changed get_details() so that it does not display the port numbers only if source and destination ports are equal to 0. configuration.c: reset the line count before parsing the configuration file. ippl.l & ippl.y: fixed a stupid error that caused ident mechanism activation when an invalid rule was entered. The error is now properly reported. main.c: cosmetic changes version 1.3.3 - 9/3/99 - Hugo Haas ---------------------------------- main.c, filter.c, filter.h: added a destroy_filter() function which purges the existing filter. It now does it correctly (bugs = bugs - 1). ippl.y: enabled DNS resolution by default. Modified information files. version 1.3.2 - 07/3/99 - Etienne Bernard ----------------------------------------- Cleaned up the code a bit Merged libc5 patch from Hugo. version 1.3.1 - 07/3/99 - Etienne Bernard ----------------------------------------- Modified lots of things: - name resolution can be done protocol by protocol and rule by rule - added "short" logging format - the logging format can be configured protocol by protocol and rule by rule - the ident resolution can be configured rule by rule PLEASE NOTE THAT THE FORMAT OF THE CONFIGURATION FILE HAS CHANGED, AND THAT YOU WILL PROBABLY HAVE TO REWRITE AND/OR UPDATE YOURS. version 1.3 - 06/3/99 - Etienne Bernard --------------------------------------- Added ident mechanism to log remote username. Added interface for passing information from the filter structure to the logging function. version 1.2.4 - 6/3/99 - Hugo Haas ---------------------------------- Modified filter.c, netutils.c: a rule containing a wildcard will no longer make ippl crash if the noresolve option is used. Man page updated. version 1.2.3 - 6/3/99 - Hugo Haas ---------------------------------- Included a patch from Etienne fixing some problems in the configuration parsing. version 1.2.2 - 4/3/99 - Hugo Haas ---------------------------------- Removed a stupid line in main.c displaying "test" in the logs... version 1.2.1 - 3/3/99 - Hugo Haas ---------------------------------- Corrected a bug in main.c: all the file descriptors were closed in go_background() including those for the log files. Moreover, the connection to syslog was not open systematically. version 1.2 - 27/2/99 - Hugo Haas --------------------------------- Corrected a bug in the configuration parsing: "run all" was not logging anything. The --no-resolve and --long options do not exist anymore. They have been replaced by new rules in the configuration file. Now, the detailed output can be set on a per-protocol basis. Modified the README file, the CREDITS file and the man pages. Removed potential problems ((v)sprintf -> (v)snprintf). Code clean-up. Added generic interface for logging. Now it is possible to log in a file (on a per-protocol basis). Use the SIGHUP signal to reopen the log files. version 1.1 - 20/2/99 - Etienne Bernard --------------------------------------- Corrected a bug which caused compilation to stop with egcc. Changed lots of code in order to enable the reloading of the configuration when the ippl process gets a SIGHUP. Warning, this code is experimental, and I'm not sure of the order I have to take the mutexes. But it works all right for me. Perhaps we should stress test this one. I added support for multiple interfaces. The magic keyword is "TO". See the man page for ippl.conf(5) for further details. Since I do have only one ethernet card, I only tested this new code with IP Aliasing and the loopback interface. I included the patch from Steffen Ullrich which added a switch to disable name resolving and another one to activate detail logging of source and destination IP addresses and ports. Hugo (21/2/99): Modified reload_configuration() so that it now acquires the mutexes in a correct order. I changed ICMP_PROTO, TCP_PROTO and UDP_PROTO by IPPROTO_ICMP, IPPROTO_TCP and IPPROTO_UDP as suggested Robert Cheramy . I also included a patch from him logging when ippl starts and stops. version 1.0 - 14/2/99 - Hugo Haas --------------------------------- As it seems that no bug has been found in version 0.13, I cleaned up the code a little bit and I am going to release version 1.0, a.k.a. a stable version. I did not clean up the ident and log-in-file parts because I am planning to rewrite them so that may be useful later. version 0.13 - 8/2/99 - Hugo Haas --------------------------------- Corrected the PID file mechanism (actually, it was working, but badly). I used Martin Schulze's pidfile routines used in sysklogd: they are very clean so I did not see any good reason to rewrite them! Second try: Changed main.c so that when a thread is run, all the signals are ignored, i.e. the main thread will handle all the signals. Now ippl does not segfaulte on exit anymore. :-) version 0.12 - 7/2/99 - Hugo Haas --------------------------------- There was still a bug in the configuration parsing: when a name resolution could not be performed, an incomplete filter entry was used, and it was screwing up everything. This has been fixed by adding a hostname field holding the hostname. Why? Well, until now, DNS results never expired, and this was annoying. Now, the cache is periodically emptied (see expire option in the config) and the configuration is reprocessed (which means that DNS queries are done) at the same time. Well, I also added a PID file which fixes the problem of the start-stop-daemon script on Debian systems. This is a big patch, I hope everything's fine (especially the part where I had to remember from the single writer - multiple reader scheme). I would tend to say that version 0.12 is a pre1.0 version. We will fix bugs, and add no more features. Configuration will be re-read in version 1.0+ (perhaps 1.1, or 2.0, depending on what we need to add). And now... beta-testing time! (as soon as Etienne has reread my code) version 0.11 - 5/2/99 - Hugo Haas --------------------------------- Etienne changed the parsing mechanism so that... it now works. :-) Now, hostnames are resolved when the configuration is read. It speeds up the filtering. version 0.10 - 3/2/99 - Hugo Haas --------------------------------- . Corrected a bug in the filtering system. . Removed code used to log in a file (#if 0 / #endif). . Wrote a man page for ippl.conf. . Corrected a bug in the parsing mechanism. Changed the syntax for ranges. Well, it makes a lot of things for tonight! version 0.9 - 2/2/99 - Hugo Haas -------------------------------- Version 0.8 had a problem: when UDP is logged, a lot of DNS queries are done. This was an issue because it could be a DoS of the DNS server. Etienne had an excellent idea: cache the DNS queries. I took my Advanced Algorithms book and coded my first hashtable. :-) Well, I hope I did it the right way, but the results are impressive: 9 requests out of 10 seem to be in the cache (unless I screwed up with my code gathering statistics). So it is a huge improvement. Etienne has improved the configuration parsing: ports can now be specified by their names, and error messages are more explicit. If you would like them to be more explicit, send us the URL of a good documentation about bison. Well, time to build the package. version 0.8 - 30/1/99 - Hugo Haas --------------------------------- I did not officially release version 0.7 because we wanted it to be tested. It seems that it works fine, so this time I think we will release this version. New in this version: . The arguments are parsed with getopt. Etienne changed that. I must confess that I did not know this command. . I wrote a module logging UDP packets. It was actually quite quick to do that. ippl is modular and it makes enhancements easy to implement. . Ok, I did not know that fnmatch had a case-insensitiveness option either. :-) The code has not been cleaned up yet, and the code about logging into a file is still there (and unused)... version 0.7 - 24/1/99 - Hugo Haas --------------------------------- Well, I guess that I am going to do my first public release. New in this version: . A new thread is not run to log each incoming packet. Why? If a lot of packets are received by a host and if the name resolution cannot be done quick enough, ippl rapidly takes all the resources of the host. Annoying... Well, unitl I find a solution, there will be one thread for each protocol logged and that's it! It means that under heavy network load, some packets may not be logged. I do not think this is a major problem. . A man page has been written. . I have removed all the RCS garbage in the code. . There is now a package for Debian. . Currently, users cannot log into a file. The code is here but no option enables to use it. Why (again)? I am not happy with the way it is done. Moreover, I believe that it would better to log everything via the syslog. I guess that in the next version, I will remove this part of the code and give rules to add in the syslog.conf file if people want to use a special file. version 0.6 - 13/12/98 - Hugo Haas ---------------------------------- All the changes were made by Etienne Bernard. The parser now uses Lex/Yacc. IPpl now runs as 'nobody'. This breaks the logging mechanism into a file. I will implement a fix soon. Added a BUGS file. version 0.5 - 1/12/98 - Hugo Haas --------------------------------- Now supports ICMP type/code (thanks to Arkadiusz Mi¶kiewicz). Added a few commands for the preprocessor. Added a CREDITS file. version 0.4 - 29/11/98 - Hugo Haas ---------------------------------- Removed ident mechanism (I do not think it works... I will change that later). New configuration: hopefully, it won't change. Seems to work! Added a TODO file. version 0.3 - 27/10/98 - Hugo Haas ---------------------------------- Added ident queries. IPpl has now all the features that iplogger 1.1 has. version 0.2 - 25/10/98 - Hugo Haas ---------------------------------- Configurable specifying host addresses. version 0.1 - 25/10/98 - Hugo Haas ---------------------------------- IPpl does offers more or less the same features as iplogger 1.1, except that it does not support the ident lookup.