$Id: ChangeLog,v 1.9 2003/07/25 08:27:40 rsh Exp $

2003-07-17 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Print any vendor ID payload in hex if it follows an SA
	  payload.
	* ike-scan.c: allocate vid_data using malloc rather than having a
	  fixed-length array.  This allows the supplied vendor id to be of
	  arbitary length.

2003-07-16 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Changed --vendor option to use a hex string of arbitary
	  length (up to MAXLINE) rather than an md5 hash of the supplied
	  string.  This allows us to specify any vandor ID e.g. the one that
	  SecuRemote uses with main mode.

2003-07-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released version v1.3.  Tarball size 113350 bytes.
	  tarball md5sum: 3fc330e97017ac93bd35fd2973d14e58
	  Note: this is not an official release and no Windows (zip) version
	  was produced.  It is for internal use to test the new pattern
	  matching code.  However, it is available in the public download
	  directory if anyone wants to use it.

2003-07-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-backoff-patterns: Added new patterns "watchguard-soho" and
	  "sonicwall-pro".  These both use the new "/" notation to represent
	  per-entry fuzz values.
	* ike-scan.c: Add fact that per-pattern fuzz entries override the
	  values specified with --fuzz to the help output.
	* Created detached GPG sigs (.asc) for *.tar.gz and *.zip using DSA
	  key ID 567B9F3A Roy Hills <Roy.Hills@nta-monitor.com>.

2003-07-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added check_struct_sizes() to check the size of the
	  ISAKMP structure sizes.
	* ike-scan.h: Added definition of check_struct_sizes().

2003-07-04 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added support for per-pattern-entry fuzz specification
	  in the patterns file.
	* ike-scan.h: New structure to support per-pattern-entry fuzz.

2003-06-27 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Improved backoff pattern display in dump_backoff().
	  Use integer arithmetic in add_pattern() to avoid rounding errors.
	* ike-scan.h: Remove math.h include.  Not needed now that we use
	  integer aritmetic in add_pattern().
	* configure.ac: Removed check for maths library.  Not needed now that
	  we use integer aritmetic in add_pattern().

2003-06-17 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.1: Created man page ike-scan.1.  This is required by some
	  Linux distributions e.g. Debian.
	* Makefile.am: Added support for new man page.
	* NEWS: Added info for v1.0, v1.1 and v1.2.
	* Makefile.am: Changed location of "ike-backoff-patterns" from
	  $datadir to $pkgdatadir.

2003-06-11 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released version v1.2.  Tarball size 108137 bytes, Zip size 620292.
	  tarball md5sum: 25777051bb09306cb0b86e0cf1c48caa
	  zip md5sum: 5c02090900dc3fda7fa374fe99f48af5

2003-06-11 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-backoff-patterns: Minor comment changes.

2003-05-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Added package name and version to AC_INIT.

	* ike-scan.c: Use PACKAGE_STRING and PACKAGE_BUGREPORT symbols rather
	  than hard-coded strings.

2003-05-09 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac, acinclude.m4: Wrote macro AC_NTA_NET_SIZE_T to
	  determine the best type to use for the 3rd argument to accept().
	  This is normally socklen_t, but is sometimes int or size_t.
	  This change allows the program to compile on HP Tru64 Unix.

2003-05-08 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Renamed configure.in to configure.ac to comply with
	  new autoconf naming scheme and ran autoupdate to update from
	  autoconf 2.13 to 2.53.  No C code changes.

2003-02-21 Roy Hills <Roy.Hills@nta-monitor.com>

	* error.c: Changed "syslog(level, buf)" to "syslog(level, "%s", buf)"
	  to fix syslog format string vulnerability.

2003-02-18 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released version v1.1.  Tarball size 91606 bytes, Zip size 578034.
	  tarball md5sum: b87fe14043c43c2897cf309c364574b7
	  zip md5sum: 59db0f1f170aaf50dfb2c05f4f950d00
	* Corrected typo in README-WIN32: know -> known.

2003-02-03 Roy Hills <Roy.Hills@nta-monitor.com>

	* Makefile.am: Changed DATADIR to IKEDATADIR.
	* ike-scan.h: Include <windows.h> if compiling under Cygwin.
	* ike-scan.c: Use ike-scan.exe dir as default patterns file dir
	  if compiling under Cygwin.
	* ike-scan now compiles under Cygwin and can be used as a Windows EXE
	  if CYGWIN1.DLL is present.

2003-01-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* Minor changes to --help output to make use of <> brackets
	  consistent.

2003-01-29 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added output of "Ending:" line showing number of hosts
	  scanned and number of responders after scan completes.
	* ike-scan.c: Only show backoff table if there is at least one
	  handshake responder.
	* ike-scan.c: Don't bother waiting for extra packets after all host
	  entries have been removed if there are no handshake responders.
	* ike-scan.c: Show that notify message 9101 is Firewall-1 4.x or NG
	  in output message.
	* ike-scan.c: Cast value from htonl to uint32_t when used in printf
	  statement to avoid warnings on those platforms which define htonl
	  as returning unsigned long (like FreeBSD).
	* ike-backoff-patterns: Added OpenBSD-isakmpd, discovered by Thomas
	  Walpuski.

2003-01-27 Roy Hills <Roy.Hills@nta-monitor.com>

	* Fixed possible buffer overflow in code which joined argv elements
	  into a fixed-length string which is then written to syslog.
	* Removed RSA 1991 MD5 implementation and replaced with
	  L. Peter Deutsch's MD5 implementation dated 2002.

2003-01-25 Roy Hills <Roy.Hills@nta-monitor.com>

	* Moved all #includes to ike-scan.h.
	* ike-scan.c, ike-scan.h: Changed host_entry element "n" from int to
	  unsigned.
	* ike-scan.c: Changed printf format for unsigned from %d to %u.
	* ike-scan.c: Added exchange type (Main Mode or Aggressive Mode) to
	  "handshake returned" message.
	* ike-scan.h: Make all #includes conditional based on configure findings
	* configure.in: Check for uint_8, uint_16 and u_int32 types using
	  custom macro AC_NTA_CHECK_TYPE (defined in acinclude.m4).  If the
	  types are not defined, then #define them to values that will work on
	  most systems.
	* ike-scan now builds and runs on two new platforms:
	  - Debian Linux 1.3.1 (old libc5 based Linux system with 2.0 kernel)
	  - Cygwin on Windows NT Workstation (only under the cygwin
	    environment; this doesn't produce a standalone windows exe).

2003-01-23 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-backoff-patterns: Changed Cisco Concentrator entry to 0,8,8,8

2003-01-20 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released initial version v1.0. Tarball size 86434 bytes,
	  md5sum: 7299777c7d67d1cea82d9594867b4806
