$Id: ChangeLog,v 1.18 2003/11/14 09:02:40 rsh Exp $

2003-11-14 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Fixed bug which could cause select() to be passed a
	  negative timeout when collecting backoff fingerprints.
	* Released v1.5.1.

2003-11-13 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added support for IKE Aggressive Mode.  New options:
	  --aggressive, --id, --idtype, --dhgroup.
	* isakmp.c: Added functions to build id, nonce and ke payloads for
	  Aggressive Mode.
	* ike-scan.1: Added details of Aggressive Mode options.
	* Released V1.5.

2003-11-08 Roy Hills <Roy.Hills@nta-monitor.com>

	* wrappers.c: New file containing system/library call wrappers
	  for those calls which are not expected to fail.  Wrappers have
	  the same name as the underlying call but with initial capital
	  letter.  This convention is from W. Richard Stevens' Unix Network
	  Programming book.
	* ike-scan.c: Changed to use wrapper functions for Gettimeofday,
	  Malloc and Realloc.
	* isakmp.c: Changed to use wrapper function for Malloc.
	* isakmp.c: Wrote new add_trans() function.  This allows a multi-
	  transform payload to be built, it calls make_trans.
	* ike-scan.c: Use new add_trans() function in intialise_ike_packet()
	  rather than manually building the transform payload using
	  make_trans().
	* isakmp.c: Add new add_vid() function.
	* ike-scan.c: Use new add_vid() function to allow multiple VIDs to
	  be specified.
	* ike-scan.c: Add new function decode_trans.  Use this function to
	  parse the --trans argument which allows the specification of
	  encryption key length.

2003-11-07 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Wrote ISAKMP payload construction functions.
	* ike-scan.c: Use functions from isakmp.c to construct ISAKMP
	  payloads rather than manually filling in structures.

2003-10-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Change loop timing units from ms to us to improve
	  accuracy.  This requires a 64-bit integer type.

2003-10-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added elapsed time statistics to "Ending:" line.
	* ike-scan.c: Changed atoi(optarg) to
          strtoul(optarg, (char **)NULL, 10) for unsigned options to allow
	  full unsigned range.
	* ike-scan.c: Dynamically adjust select_timeout based on requested
          interval and cumulative error.
	* ike-scan.c: Removed --selectwait option as it is now unneccesary.
	* ike-scan.c: Renamed backoff variable to backoff_factor and changed
          type from float to double.
        * ike-scan.c: Timeout hosts immediately if possible when
	  starting the timeout pass.  This reduces the scanning time,
	  especially when scanning a large number of hosts.  Previously, the
	  scanning time tended to <retries+1> * <num-hosts>; now it tends
	  towards <retries> * <num-hosts>.
	* ike-scan.c: Added pass number which is displayed if verbose >= 1.

2003-10-29 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Don't call advance_cursor() if we can't send to a host
	  yet because the next host won't be ready either.
	* ike-scan.c: Start the search for a matching cookie at cursor->prev
	  rather than cursor.

2003-08-05 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released version v1.4.  Tarball size 114410 bytes, Zip size 622630.
	  tarball md5sum: d8755044a041859cde12d111973bb541
	  zip md5sum: 7871aead615b88e3fd6a516f60ac63d0

2003-07-17 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Print any vendor ID payload in hex if it follows an SA
	  payload.
	* ike-scan.c: allocate vid_data using malloc rather than having a
	  fixed-length array.  This allows the supplied vendor id to be of
	  arbitary length.

2003-07-16 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Changed --vendor option to use a hex string of arbitary
	  length (up to MAXLINE) rather than an md5 hash of the supplied
	  string.  This allows us to specify any vandor ID e.g. the one that
	  SecuRemote uses with main mode.

2003-07-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released version v1.3.  Tarball size 113350 bytes.
	  tarball md5sum: 3fc330e97017ac93bd35fd2973d14e58
	  Note: this is not an official release and no Windows (zip) version
	  was produced.  It is for internal use to test the new pattern
	  matching code.  However, it is available in the public download
	  directory if anyone wants to use it.

2003-07-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-backoff-patterns: Added new patterns "watchguard-soho" and
	  "sonicwall-pro".  These both use the new "/" notation to represent
	  per-entry fuzz values.
	* ike-scan.c: Add fact that per-pattern fuzz entries override the
	  values specified with --fuzz to the help output.
	* Created detached GPG sigs (.asc) for *.tar.gz and *.zip using DSA
	  key ID 567B9F3A Roy Hills <Roy.Hills@nta-monitor.com>.

2003-07-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added check_struct_sizes() to check the size of the
	  ISAKMP structure sizes.
	* ike-scan.h: Added definition of check_struct_sizes().

2003-07-04 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added support for per-pattern-entry fuzz specification
	  in the patterns file.
	* ike-scan.h: New structure to support per-pattern-entry fuzz.

2003-06-27 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Improved backoff pattern display in dump_backoff().
	  Use integer arithmetic in add_pattern() to avoid rounding errors.
	* ike-scan.h: Remove math.h include.  Not needed now that we use
	  integer aritmetic in add_pattern().
	* configure.ac: Removed check for maths library.  Not needed now that
	  we use integer aritmetic in add_pattern().

2003-06-17 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.1: Created man page ike-scan.1.  This is required by some
	  Linux distributions e.g. Debian.
	* Makefile.am: Added support for new man page.
	* NEWS: Added info for v1.0, v1.1 and v1.2.
	* Makefile.am: Changed location of "ike-backoff-patterns" from
	  $datadir to $pkgdatadir.

2003-06-11 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released version v1.2.  Tarball size 108137 bytes, Zip size 620292.
	  tarball md5sum: 25777051bb09306cb0b86e0cf1c48caa
	  zip md5sum: 5c02090900dc3fda7fa374fe99f48af5

2003-06-11 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-backoff-patterns: Minor comment changes.

2003-05-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Added package name and version to AC_INIT.

	* ike-scan.c: Use PACKAGE_STRING and PACKAGE_BUGREPORT symbols rather
	  than hard-coded strings.

2003-05-09 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac, acinclude.m4: Wrote macro AC_NTA_NET_SIZE_T to
	  determine the best type to use for the 3rd argument to accept().
	  This is normally socklen_t, but is sometimes int or size_t.
	  This change allows the program to compile on HP Tru64 Unix.

2003-05-08 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Renamed configure.in to configure.ac to comply with
	  new autoconf naming scheme and ran autoupdate to update from
	  autoconf 2.13 to 2.53.  No C code changes.

2003-02-21 Roy Hills <Roy.Hills@nta-monitor.com>

	* error.c: Changed "syslog(level, buf)" to "syslog(level, "%s", buf)"
	  to fix syslog format string vulnerability.

2003-02-18 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released version v1.1.  Tarball size 91606 bytes, Zip size 578034.
	  tarball md5sum: b87fe14043c43c2897cf309c364574b7
	  zip md5sum: 59db0f1f170aaf50dfb2c05f4f950d00
	* Corrected typo in README-WIN32: know -> known.

2003-02-03 Roy Hills <Roy.Hills@nta-monitor.com>

	* Makefile.am: Changed DATADIR to IKEDATADIR.
	* ike-scan.h: Include <windows.h> if compiling under Cygwin.
	* ike-scan.c: Use ike-scan.exe dir as default patterns file dir
	  if compiling under Cygwin.
	* ike-scan now compiles under Cygwin and can be used as a Windows EXE
	  if CYGWIN1.DLL is present.

2003-01-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* Minor changes to --help output to make use of <> brackets
	  consistent.

2003-01-29 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added output of "Ending:" line showing number of hosts
	  scanned and number of responders after scan completes.
	* ike-scan.c: Only show backoff table if there is at least one
	  handshake responder.
	* ike-scan.c: Don't bother waiting for extra packets after all host
	  entries have been removed if there are no handshake responders.
	* ike-scan.c: Show that notify message 9101 is Firewall-1 4.x or NG
	  in output message.
	* ike-scan.c: Cast value from htonl to uint32_t when used in printf
	  statement to avoid warnings on those platforms which define htonl
	  as returning unsigned long (like FreeBSD).
	* ike-backoff-patterns: Added OpenBSD-isakmpd, discovered by Thomas
	  Walpuski.

2003-01-27 Roy Hills <Roy.Hills@nta-monitor.com>

	* Fixed possible buffer overflow in code which joined argv elements
	  into a fixed-length string which is then written to syslog.
	* Removed RSA 1991 MD5 implementation and replaced with
	  L. Peter Deutsch's MD5 implementation dated 2002.

2003-01-25 Roy Hills <Roy.Hills@nta-monitor.com>

	* Moved all #includes to ike-scan.h.
	* ike-scan.c, ike-scan.h: Changed host_entry element "n" from int to
	  unsigned.
	* ike-scan.c: Changed printf format for unsigned from %d to %u.
	* ike-scan.c: Added exchange type (Main Mode or Aggressive Mode) to
	  "handshake returned" message.
	* ike-scan.h: Make all #includes conditional based on configure findings
	* configure.in: Check for uint_8, uint_16 and u_int32 types using
	  custom macro AC_NTA_CHECK_TYPE (defined in acinclude.m4).  If the
	  types are not defined, then #define them to values that will work on
	  most systems.
	* ike-scan now builds and runs on two new platforms:
	  - Debian Linux 1.3.1 (old libc5 based Linux system with 2.0 kernel)
	  - Cygwin on Windows NT Workstation (only under the cygwin
	    environment; this doesn't produce a standalone windows exe).

2003-01-23 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-backoff-patterns: Changed Cisco Concentrator entry to 0,8,8,8

2003-01-20 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released initial version v1.0. Tarball size 86434 bytes,
	  md5sum: 7299777c7d67d1cea82d9594867b4806
