changes

一个网络流量分析的完整的程序

        Fixed detailed interface statistics logging bug (activity and
	packets-per-second figures were the same).

	Apologies to Dustin Trammell for my failure to credit him for his
	report on the behavior of IPTraf on bridges.

Changes to IPTraf 2.1.1 and new features in IPTraf 2.2.0

	Immediate flushing of disk buffers after a log file write to
	better accomodate separate logfile parsing scripts.

	Addition of a manual and automatic clearing of closed and idle
	TCP entries in the IP Traffic Monitor

	Added a TCP closed/idle persistence configuration option to
	control the TCP closed/idle clearing interval.

	Clarified TCP timeout logfile entries.

	Saves the state of the interface flags at startup of a facility,
        and restores them on exit, allowing interfaces previously set to
        promiscuous mode to retain that state.  Important on bridges.
	Thanks to Dustin D. Trammell <dtrammell@cautech.com> and Holger Friese
	<evildead@bs-pc5.et-inf.fho-emden.de> for the patch.  However, I had
	to modify it a little more than a bit and had to overhaul quite a
	good deal of the rest of the software to better accomodate
	multiple instances.

	Promiscuous mode is set only when a facility is started, and
	restored when it exits.  Promiscuous mode is no longer forced at
	menus.  Restoration is not performed though if there is still
	another facility running, but the interface state remains saved.

	Fixed a minor bug in the LAN station monitor.  The raw socket is
	now closed when the facility exits. duh.

	Fixed rare bug in the packet size distribution.  The lock file didn't
	get deleted if the raw socket open failed.

	Changed the promiscuous mode option to "Force promiscuous".
	Cosmetic.

	Added PID's (a la syslog) to daemon log entries.
 
	Minor cosmetic adjustments.

Changes to IPTraf 2.1.0

	Fixed bug in the packet size statistical breakdown.  The facility
	didn't filter packets based on interface name, thus causing
	inaccurate counts on systems with multiple network interfaces.

	Fixed a few minor cosmetic errors.

	Corrected some typographical errors in the manual.

	Added a FAQ (or the beginnings thereof).

	Added a spec file for RPM generation.  Thanks to Dag Wieers
	<dag@life.be>.  I'm not a really good RPM'er beyond RPM
	installation and removal.  :)
 
Changes to IPTraf 2.0.2 and new features in IPTraf 2.1.0

	Added non-IP to the display/logging filter selections

	Added interface selection to the IP Traffic Monitor and LAN
	Station Monitor (with an "All Interfaces" option).

	Related to the above: now requires an interface name as an
	argument to the -i and -l command-line parameters.  'all' may be
	specified for monitoring all interfaces.

	Added -B command-line parameter to fork program into the
	background solely for logging purposes.  Several people had
	requested this.

	Corrected TCP/UDP filter file placement error.  Included cfconv
	program to move files to the proper place.

	Added program-wide Ctrl+L sequence to redraw the screen if
	corrupted by outside factors (write, talk, syslog).

	Added TCP/UDP filter editing facility.

	Corrected several possible buffer overruns in TCP/UDP filter
	module.

	Corrected errors and reflected changes to manual and man pages.

Changes to IPTraf 2.0.1

	Fixed a rarely-occuring but nevertheless severe segmentation fault
	bug when long hostnames are coupled with long service names.
	Great thanks go to Ronald Wahl <rwahl@gmx.net> for the advice and
	the help.  Ron, I'm really gonna find the time to do the code the
	Right Way  :)

Changes to IPTraf 2.0.0

	Fixed minor non-IP byte count bug in detailed interface statistics.

	Fixed minor cosmetic bug causing elapsed time indicator to appear
	in the wrong line on screens not containing 25 lines.  Thanks to
	Uwe Storbeck <uwe@datacomm.ch> for the patch.

New features/changes in IPTraf 2.0 from 1.4.2

	Now uses the new PF_PACKET socket family as its packet capture
	mechanism.  Requires Linux 2.2.

	Added target/source IP addresses in ARP packet
	request/reply packet entries in the IP traffic monitor.  Also
	added target/source MAC addresses to RARP request/reply entries.

	Reorganized menu structure, see the README file for details.

	Moved packet counts by size to a facility of its own.  Added
	corresponding -z command-line option.

	New incoming/outgoing packet and byte counts and activity rates in
	the detailed interface statistics facility.

	Corrected a bug in the FDDI packet parsing code (wrong link type).

	Added a check for the IFF_UP flag when generating interface
	lists, to omit inactive interfaces (but still in /proc/net/dev).
	This covers the General Interface Statistics and all interface
	selection lists.
 
	Now uses the maximum number of columns on the screen.  High thanks
	to Michael "M." Brown <m2brown@waterloo.ca> for the patch.  Saved
        me a lot of tedious work. :)

	Reformatted TCP screen to show only one hostname:port per line,
	with connections indicated by the green "brackets".  I think
	that's clear enough.

	Added ARP/RARP opcode and target addresses in the ARP/RARP
	indicator lines.

	Added vertical scrolling to the lower (non-TCP) window in the
	IP traffic monitor to allow for long lines (ICMP, OSPF, some UDP).

	Allowed for slightly longer host names in the lower IP traffic
	monitor window.

	Still increased the rvnamed cache size to 2048 entries.

	Miscellaneous cosmetic changes.

	Manual now includes screen shots and comes in HTML format only.

Changes to IPTraf 1.4.1

	Fixed SEGV condition when attempts are made to load a filter list
	application or deletion with a zero-length filter list file, which
	could be caused by deleting the last filter.  Thanks to Daniel
	Savard <daniel.savard@gespro.com> for the report.

	Makefile comes with the -m486 option commented out

Changes to IPTraf 1.4.0

	Moved configuration status window to unobscure a long menu option.

Changes to IPTraf 1.3.0 and new features in 1.4.0

	Support for PLIP interfaces.

	Support for other ISDN encapsulations (specifically raw IP and 
	Cisco HDLC) high thanks to Gerald Richter <richter@ecos.de> for
	the information and testing.

	Added -q parameter to suppress the 1.3.0 masquerading warning for
	users who wish to automate the various facilities from their
	inittab and similar non-interactive fashions.  Incorporated into
	the Debian version of 1.3.0 by Debian maintainer Frederic Peters
	(<fpeters@debian.org>, carried over to general release 1.4.0.

	Added an option to change activity indications between kbits/s and
	kbytes/s.  On a suggestion by Paul G. Fitzgerald
	<pgfitzgerald@buckman.com>.

	Incorporated more flexible compile-time control of directories for
	configuration, log, and other files.  Thanks to Stefan Luethje
	<luethje@sl-gw.lake.de> for the patch.
	
	Corrected minor flaws in the default screen update delay code
 	(visually insignificant), that led to occasional skips of the
	delays.  (Call it nitpicking if you will.  :))
	
	Moved signal() calls to after terminal checks in iptraf.c,
	allowing standard behavior of signals when error/warning messages
	may still be sent to stderr.  Allows the user to break out of it
	with Ctrl+C at the terminal warning if so desired. 

	Reformatted IP traffic monitor log entries on Gerald Richter's
	<richter@ecos.de> suggestions for easier processing with Perl 
	scripts.

	Included logfile rotation with the USR1 signal.  Again on Gerald
	Richter's <richter@ecos.de> suggestion.

	Moved first-instance tag sequence to after the initscr() call.

	Indicated IP fragments with no additional information in the lower
	traffic monitor window.  Datagram size, addresses, and interface
	are still indicated.

	Changed Non-IP count in IP traffic monitor to byte count
	(including data-link header lengths) from packet counts.
	Consistency purposes.

	Added some extra information for certain non-IP packets.  These
	may eventually grow, but not in too much detail, since this is an
	IP-oriented utility.  Thanks to David Harbaugh
 	<dlh@linux.cayuga-cc.edu> for the patch.

	Removed bind() operation on raw socket to address a condition in
	which the detailed interface statistics and TCP/UDP statistics
	stop counting if an interface goes down then up again.  This will
	be studied further.  Symptom report sent in by Roeland Jansen
	<bengel@xs4all.nl>.

	Changed Ethernet/FDDI/PLIP description file formats from binary to
	plain text, allowing database appends.  Other files (configuration
	and filters) are still binary.  On a suggestion by David Harbaugh
	<dlh@linux.cayuga-cc.edu>.

	Copied IP and upper-layer headers and some data from Ethernet, 
	PLIP, FDDI, and loopback frames into an aligned buffer.  Avoids
	SIGBUS on picky systems (like SPARCs) and general alignment
	problems.  I don't know yet which is worse, the overhead of
	a 96-byte transfer or the performance hit with misaligned reads.
	Thanks to Jonas Majauskas <jmajau@soften.ktu.lt> for reports and
	tests.

	Replaced __-type references with u_int-type references.

	Increased cache array size in rvnamed to 1024 entries from the
	previous 512, to better handle combinations of busy networks and
	slow DNS servers.
	
	Cleared up a few instructions in the Makefile, thanks to Arjan
	Opmeer <a.d.opmeer@student.utwente.nl>

New features in IPTraf 1.3.0 and changes to IPTraf 1.2.0

	Experimental FDDI support.  High thanks to Paonia Ezrine 
	<paonia@massart.edu> for the initial tests on the FDDI code.  More 
	feedback is requested on the FDDI functionality.  Bugs may still
	be present.

	Reestablished ippp interfaces (synchronous PPP over ISDN) after
	reports that the ISDN problem was fixed with Linux 2.0.34.

	Fixed fragmentation oversight in TCP/UDP service monitor.

	Applied the bind() system call to the raw socket to have the
	kernel filter out packets from interfaces we're not interested in.
	Makes for better capture times on multiple-interfaced machines.
	However, a strncmp() is still performed on the returned interface
	name to counter the race condition between the socket() and bind()
	calls.
	
	Fixed interface statistics print routines to print unsigned
	rather than signed numbers.

	Added additional option to adjust screen updates.  Useful for
	IPTraf sessions run on remote terminals (thanks to Lutz Vieweg
	<lkv@isg.de> for the suggestion and Dean Gaudet
	<dgaudet@arctic.org> for the base patch.  I modified it a bit,
	Dean.)

	Discovered terrible performance penalty due to screen refresh with
	heavily loaded LAN segments.  Therefore, with the new screen
	update interval option set to 0, all facilities have a 50 ms delay
	between refreshes (exception: the LAN station monitor has a delay 
	of 100 ms). This is still visually fast (although updates
	look kinda slower), but this gives more time to packet capture,
	therefore increasing accuracy and capture performance.  Thanks to
	everyone who responded to my request for advice on this matter and
	to Ronald Wahl <rwahl@gmx.net> for giving me the symptom report.

	Modified IP traffic monitor to mark TCP connection entries for reuse
	once one side is fully closed and acknowledged ("CLOSED" on the
	screen) and the other closed but even if not acknowledged ("DONE" 
	on the screen.  This is because many times, the last ACK gets lost.
	
	Included an additional parameter used together with the other
	command-line arguments to specify an amount of time for which the
	selected facility would run before automatically terminating (on a
	suggestion by Linux HOWTO coordinator Tim Bynum
	<tjbynum@wallybox.cei.net)>.

	Supplemented the main data structure for the IP traffic monitor