ChangeLog

2024-09-15 Roy Hills <Roy.Hills@hotmail.com>

	* check-error: Change invalid option test string from
	  "ike-scan: unrecognized option", to "^Usage: ike-scan".
	  This fixes a test failure on cygwin because it's newlib based C
	  library outputs "ike-scan: unknown option" instead of
	  "ike-scan: unrecognized option" that is used by glibc and BSD libc.
	  https://github.com/royhills/ike-scan/pull/45

2022-10-02 Roy Hills <Roy.Hills@hotmail.com>

	* acinclude.m4: Replaced obsolete autoconf macros AC_TRY_COMPILE with
          AC_COMPILE_IFELSE. This macro was obsoleted in autoconf 2.70.

	* configure.ac: Remove obsolescent autoconf macros: AC_HEADER_STDC,
	  AC_C_CONST, AC_HEADER_TIME - all modern systems have an ANSI C
	  compiler with working const and time headers. Incremented version
	  number to reflect recent changes.

	* ike-scan.h: Include ASNI C headers unconditionally. Include
	  <sys/time.h> if HAVE_SYS_TIME_H is defined.

2022-10-01 Sam James <sam@gentoo.org>

	* configure.ac: Fix recognising -Wformat-security with Clang

	* acinclude.m4: fix typo in 'x' if check (was using lowercase 'x'
	  on one side of comparison and uppercase 'X' on the other side).
	  Declare main() as int to fix -Wimplicit-int errors.

2022-09-18 Roy Hills <Roy.Hills@nta-monitor.com>

	* check-decode, check-error, check-packet, check-psk-crack-1,
	  check-psk-crack-2, check-psk-crack-3, check-psk-crack-4,
	  check-run1, check-run2, check-run3, check-vendor-ids: Changed
	  "$srcdir/ike-scan" to "./ike-scan" in test scripts so
	  "make distcheck" succeeds.

	* .github/workflows/c-cpp.yml: Enable "make distcheck" step.

2022-09-14 Roy Hills <Roy.Hills@nta-monitor.com>

        * README.md, .github/workflows/*: Migrated from travis-ci to github
          actions for CI/CD build check and code coverage report.

        * .travis.yml: removed as no longer needed.

2020-07-05 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Remove unused variables "idfile" and "idstrings", and
	  the associated options -F and --idfile.  These were never used, and
	  were causing warnings with GCC 10.2

	* ike-scan.c: Add "break" statement after call to usage() in options
	  switch statement.  This isn't required as usage() never returns,
	  but it's harmless and prevents a "this statement may fall through"
	  compiler warning with GCC 8.3.0.

	* utils.c: Use labs() rather than abs() when computing time
	  difference as time_t is normally "long" and using abs() generates
	  a compiler warning with GCC 10.2

2020-07-05 Roy Hills <Roy.Hills@nta-monitor.com>

	* README.md, ike-backoff-patterns, ike-scan.1, ike-vendor-ids: Update
	  wiki references to use new URL http://www.royhills.co.uk/wiki/

2014-05-23 Richard Moore <rich@...>

	* ika-scan.c, ike-scan.c: Added option to bind to a specific interface.

2014-03-21 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Added fclose call to fix the potential file pointer
	  resource leak in print_psk_crack_values().

2013-12-01 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac, .gitignore: Added configure option --enable-gcov to
	  enable gcov code coverage.

2013-11-12 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Disallow the use of both --aggressive and --ikev2 options.
	  This fixes debian bug #512962.

2013-11-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Updated attribute maps with new values and updated
	  RFC references.

	* TODO: Removed items that have been addressed or are no longer
	  required.

2013-10-27 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, ike-scan.h, isakmp.c: Use payload type 43 instead of
	  13 for vendor ID payloads with ikev2. This implementation requires
	  that the --ikev2 or -2 option be specified before the --vendor or -e
	  option to work correctly.

	* isakmp.c: Updated maps from RFC 5996 (new IKEv2 RFC which replaces
	  4306), RFC 5282, RFC 5114, and RFC 6467.

	* ike-vendor-ids, check-deocde: Minor change to Firewall-1 NGX vendor
	  id name.

2013-10-26 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Add support for sending key exchange payload for ECP
	  Diffie-Hellman groups 19, 20 and 21 with --dhgroup=n. The Key
	  Exchange payload length for these groups is as detailed in RFC 4753.
	  DH groups 19 and 20 tested in aggressive mode with Checkpoint VPN-1
	  R77.

2013-09-04 Roy Hills <Roy.Hills@nta-monitor.com>

	* Added references to the github repository in README, *.c and *.h
	  in place of the ike-scan email address and the pattern submission
	  URL.

	* configure.ac: Change the bug-report string in AC_INIT from the
	  ike-scan email address to the github URL.

2013-08-17 Roy Hills <Roy.Hills@nta-monitor.com>

	* check-vendor-ids, Makefile.am: New check script to validate the
	  vendor ID patterns as part of "make check" from Jonathan Claudius.

2013-08-16 Roy Hills <Roy.Hills@nta-monitor.com>

	* .travis.yaml: New file to enable autobuild on Travis CI.

	* .gitignore: New file listing patterns to exclude from the repository.

	* COPYING: New file.

	* check-decode: Modified so "make check" works with new
	  HeartBeat_Notify VID name.

	* configure.ac: Incremented version to 1.9.4 to distinguish new
	  version under git revision control.

	* ike-vendor-ids: Merged in vendor ID additions from Jonathan Claudius.

	* Removed $Id$ keywords from all files, and associated rcsid variable
	  from C sources.

2013-08-15 Roy Hills <Roy.Hills@nta-monitor.com>

        * Final SVN revision before migration to git.

2012-12-14 Jesper Kückelhahn <(email withheld)>

	* ike-vendor-ids: Added new vendor IDs from research while developing
	  script for nmap.

2011-09-22 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Removed most occurances of set but unused variables as
	  reported by -Wunused-but-set-variable in gcc 4.6. There is one
	  occuurance of this error remaining, because the --idstrings
	  option has not been fully implemented.

2011-04-04 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: incremented version number to 1.9.3

	* configure.ac: Remove version number from AM_INIT_AUTOMAKE macro,
	  as this usage is obsolete now.

	* ike-scan.c, ike-scan.h: Modify add_host_pattern() and add_host() so
	  we always use the more efficient inet_aton() rather than
	  get_host_address() for IPnet/bits, IPnet:mask and IPstart-IPend
	  patterns.

	* ike-scan.c: Add support for IPnet:netmask format in
          add_host_pattern().

	* ike-scan.c: Change all uses of sprintf() to snprintf().

2011-03-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* acinclude.m4: Removed #include <features.h> from GCC_FORTIFY_SOURCE
	  macro, as this header is not portable.

	* configure.ac: Added GCC_WEXTRA macro if we are compiling with GCC
	  to enable extra warnings, and define ATTRIBUTE_UNUSED to the
	  appropriate pragma depending on whether we are using GCC or not.

	* utils.c: Added ATTRIBUTE_UNUSED to sig_alarm parameter to avoid
	  unused parameter warning.

	* ike-scan.c: Add some casts to unsigned to avoid "comparison between
	  signed and unsigned" warnings.

2010-12-07 Roy Hills <Roy.Hills@nta-monitor.com>

	* acinclude.m4: Added GCC_WEXTRA macro to determine if the C compiler
	  supports the -Wextra switch to enable extra warnings.

	* ike-scan.c, isakmp.c, utils.c, psk-crack.c: Addressed some of the
	  unsigned/signed comparisons flagged up with -Wextra.

2009-08-15 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, utils.c: Improve handling of --bandwidth and
	  --interval options: Allow either upper or lowercase
	  multiplier letters and give an error if an unknown multiplier
	  character is used.  Previously an unknown multiplier character
	  or one with the wrong case was silently ignored and treated as
	  no multiplier at all.

	* wrappers.c: Change Strtoul so it gives an error if the
	  underlying strtoul function finishes at an unconvertable
	  character other than NULL or whitespace.

	* configure.ac: Added extra warnings "-Wshadow -Wwrite-strings"
	  for gcc.

2009-08-14 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, ike-scan.h, psk-crack.h, configure.ac, error.c: Removed
	  syslog functionality as this is not used and has been #ifdef'ed out
	  for some time.

2009-05-06 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Upgraded for autoconf 2.61

2009-03-06 Roy Hills <Roy.Hills@nta-monitor.com>

	* acinclude.m4: Added macros to detect compiler support for
	 -fstack-protect, -D_FORTIFY_SOURCE and -Wformat-security.

	* configure.ac: Conditionally enable compiler flags for
	 -fstack-protect, -D_FORTIFY_SOURCE and -Wformat-security using
	 the new acinclude.m4 autoconf macros.

	* configure.ac: Incremented version to 1.9.2

2008-09-01 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Improved the description of the --trans option in
	  the help output.

	* wrappers.c: Modified Strtoul so it only permits fully convertable
	  strings.  This avoids the problem mentioned by ML with 1=7/128
	  in an advanced transform specification.

	* ike-scan.c: Corrected those calls to Strtoul that assumed the old
	  behaviour, where a string could be terminated by any non convertable
	  character.

	* check-packet, pkt-custom-proposal.dat: Corrected the advanced
	  transform specification, and added an additional transform using
	  variable length attributes.

2008-03-07 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Added additional XAUTH authentication methods to auth_map.

	* ike-backoff-patterns: Added Cisco PIX 7.0

	* ike-vendor-ids: Added Windows 2008 server

2007-06-09 Roy Hills <Roy.Hills@nta-monitor.com>

	* check-error: new checking script to test response to error
          conditions.

2007-04-22 Roy Hills <Roy.Hills@nta-monitor.com>

	* utils.c: New function "dupstr", which is a local implementation
	  of the common but non-standard library function "strdup".

	* ike-scan.c: Replace calls to malloc/strcpy with calls to the
	  new dupstr function.  This makes the code tidier and also reduces
	  the number of calls to the potentially dangerous strcpy function.

2007-04-17 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.h: Undefined SYSLOG, as we don't use this any more, and I
	  doubt that anyone else needs it.  The syslog functionality may be
	  removed in a future release.

2007-04-13 Roy Hills <Roy.Hills@nta-monitor.com>

        * configure.ac: Added checks for strlcat and strlcpy, with
          replacement functions using the OpenBSD implementations if they are
          not present.

        * strlcat.c, strlcpy.c: New source files from the OpenBSD source at
          http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/string

2007-03-06 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Incremented version number to 1.9.1.

	* ike-vendor-ids, ike-backoff-patterns: various minor changes and
	  additions.

2007-01-26 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released v1.9  Tarball size: 1412689, Zip size: 2260655.
	  tarball md5sum: bed63c7d2f54c482525a735be7b5e720
	  Zip md5sum: 5a224a60235189ba1b8882c98e09489c

2007-01-14 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Refactored display_packet() to ensure that payload
	  is correctly aligned.

2007-01-13 Roy Hills <Roy.Hills@nta-monitor.com>

	* check-decode: New tests for pkt-main-natt-response,
	  pkt-aggr-cert-response, pkt-v2-notify-response and
	  pkt-checkpoint-notify.

	* check-packet: New test for pkt-single-trans.

	* ike-scan.c: Added conditional code to write received IKE packet to
	  a file.  This is used to create data files for use with check-decode,
	  and is not intended for production use.

	* psk-crack.h: Include <sys/time.h> and <time.h>.

	* ike-scan.c: Added O_TRUNC option to writepkttofile open() call.

2007-01-02 Roy Hills <Roy.Hills@nta-monitor.com>

	* check-psk-crack-4: New checking script to improve coverage of
	  psk-crack.c and hash_functions.h.  Test coverage for these
	  source files is now:

	  96.88% of 64 lines executed in file hash_functions.h
	  95.28% of 318 lines executed in file psk-crack.c

	* check-packet, check-decode: Added new tests to improve coverage of
	  ike-scan.c and isakmp.c.  Test coverage for these files is
	  now:

	  71.18% of 1957 lines executed in file ike-scan.c
	  69.61% of 964 lines executed in file isakmp.c

	* ike-scan.c, ike-scan.h: Added new --readpktfromfile option.
	  This option reads the packet from the specified file rather
	  than from the network.  It is intended for debugging and
	  testing purposes, to allow the IKE packet decoding to be
	  easily checked.  This option is not documented, because it is
	  designed purely for testing.

2006-12-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, isakmp.c: Added support for IKEv2 with new --ikev2
          option.

	* configure.ac: Incremented version to 1.8.7.

2006-12-27 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, isakmp.c: New option --rcookie to set the responder
	  cookie to the specified value.  Modified make_isakmp_header() to
	  support specification of the responder cookie.

2006-12-23 Roy Hills <Roy.Hills@nta-monitor.com>

	* psk-crack.c, psk-crack.h: Moved nortel_user into psk_entry struct
	  to permit cracking a mixture of Nortel and standard PSKs, although
	  the command line options do not currently permit this.

	* psk-crack.c: Changed cracking loop order, so that the candidate
	  password selection (either the next work from the dictionary, or
	  the next brute-force string) is the outher loop, and the PSK entry
	  selection the inner one.  This avoids having to rewind the
	  dictionary file, which permits the use of stdin for the
	  dictionary.

	  This also cured an as-yet unfound bug, which caused false positive
	  matches against the last candidate password when cracking multiple
	  PSK entries.

	* psk-crack.c: Added support for using stdin for the dictionary file
	  with "--dictionary=-".  This allows us to use other programs to
	  generate the candidate passwords, e.g:
	  john --incremental --stdout | psk-crack --dictionary=- psk-file

	* hash_functions.h: New header file containing "inline static"
	  functions for MD5, SHA1, hmac_md5 and hmac_sha1.

	* configure.ac: Incremented version to 1.8.6.

2006-12-21 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added --nat-t option to enable RFC 3947 NAT Traversal.
	  This option adds the Non-ESP marker to outbound packets and
	  strips the marker from responses.  It also changes the default
	  source and destination UDP ports to 4500.

2006-12-18 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added experimental support for RFC 3947 NAT-Traversal.

2006-12-17 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Added CRACK (128) to auth map.  This is defined in
	  draft-harkins-ipsra-crack-00 "IKE Challenge/Response for
	  Authenticated Cryptographic Keys", but I've not seen it used in
	  practice.

2006-11-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Moved all the ID/Name maps into isakmp.c as global
	  consts.  Other source files that need to reference them do so
	  by declaring them as extern.

	* utils.c: New functions name_or_number() and str_ccmp() which
	  allow a string containing either a number or a name from the
	  specified map to be used.

2006-11-25 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Changed --ranssrc option to --sourceip, and allow it
	  to take an IP address or the string "random".  When --sourceip is
	  specified, we no longer attempt to read from the socket as reading
	  UDP from a raw socket doesn't work on all OSes and we are unlikely
	  to receive any return data if we've spoofed the source address
	  anyway.

	* ike-vendor-ids: Update strongSwan vendor IDs based on stronSwan
	  4.0.5

2006-11-23 Roy Hills <Roy.Hills@nta-monitor.com>

	* psk-crack.c: New function load_psk_params() to read the data from
	  the psk parameters file into a list of structures.  This moves the
	  psk file reading loop out of main(), and also allows more flexible
	  selection of the psk cracking order as all the psks are in memory.

	* psk-crack.c: New function compute_hash(), which does the real work
	  of computing the hash given the PSK parameters and a candidate
	  password.  This function is defined as "static inline" because it
	  is called from a tight loop, and inlining significantly improves
	  performance.

	* psk-crack.c: New function open_dict_file(), which opens the
	  dictionary file.  This function reduces the size of main() to make
	  it more readable.

	* configure.ac: Added AC_C_INLINE to check for compiler support for
	  function inlining and define "inline" accordingly in config.h.

2006-11-21 Roy Hills <Roy.Hills@nta-monitor.com>

	* psk-crack.h: New header file for psk-crack.
	  This separates the psk-crack headers, defines, structures and
	  prototypes from ike-scan.

	* ike-scan.h: Removed psk-crack specific stuff. Modified psk_crack
	  structure to improve storage efficiency.

2006-10-18 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Modified creation of proposal and SA payloads, so that
	  these payloads contain the transform and proposal payloads
	  respectively (previously, they only returned the header, and it
	  was down to the caller to add the rest).  Also added add_prop()
	  function which allows for multiple proposals within an SA
	  payload (although ike-scan does not have any way to use this yet).

	* ike-scan.c: Modified initialise_ike_packet() function to use
	  modified SA and proposal functions.

2006-10-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* check-psk-crack-3: New script to check Nortel Contivity PSK
	  cracking.  Uses test data obtained from a Contivity 1600 running
	  software release 6.00.

	* psk-crack.1: Added --username option description to psk-crack
	  manpage.

2006-10-01 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Show backoff patterns even if there was only a
	  single response.  Some implementations, e.g. linksys, don't
	  retry at all, and this change allows these to be matched as
	  well. The lack of a pattern is sufficiently unusual to be a
	  pattern itself.

2006-09-23 Anonymous <l...e@gmail.com>

	* psk-crack.c: Added code to allow cracking Nortel Contivity
	  pre-shared keys, which use a variation of Mamro's method.  Thanks
	  to an anonymous benefactor.

2006-08-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-backoff-patterns: Added new PIX backoff pattern, with details
	  of the PIX versions for both patterns.

2006-08-22 Roy Hills <Roy.Hills@nta-monitor.com>

	* udp.h: Removed unneeded BSD-flavour declarations and unneeded macros.
	  Changed types from u_int{8,16,32}_t to uint{8,16,32}_t.  Added
	  definition of struct pseudo_hdr (moved from ike-scan.c).
	  Changed names of pseudo_hdr struct members to avoid problem due
	  to s_addr being defined as a macro on some systems (e.g. Solaris).

	* ip.h: Changed types from u_int{8,16,32}_t to uint{8,16,32}_t.
	  Removed unneeded macros.

	* utils.c: Change random_ip() so that it generates the same sequence
	  on both little-endian and big-endian systems.

	* ike-scan.c: --randsrc option now works on Solaris 9 and FreeBSD 5.3
	  as well as Linux.

2006-08-14 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, isakmp.c: Changed random number implementation to use
	  the mersenne twister functions from mt19937ar.c rather than the
	  standard rand() from the C library.

	  This improves the quality of the random numbers, as some C library
	  rand() functions are quite bad.  More importantly, it makes the
	  random number generation process repeatable across different
	  platforms.

	  However, this change also means that packets created with the new
	  PRNG will not be the same as packets created with the old one, even
	  if the same random seed value is used.

	* mt19937ar.c: New file - Mersenne Twister random number generator.

	* utils.c: New functions random_byte() and random_ip(), which use
	  the mersenne twister random number functions.

	* pkt-aggressive.dat: New file - sample aggressive mode packet.

	* check-packet: Added aggressive mode packet check.  This is possible
	  now that the random number generator is repeatable across platforms.

	* configure.ac: Incremented version number to 1.8.4.

2006-08-04 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, ike-scan.h: Added new --randsrc option for source IP
	  spoofing.

	* ike-scan.c, ike-scan.h: Added new --shownum option to display the
	  return packet number.  This is useful when looking for DoS
          conditions.

2006-08-02 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added experimental support for source IP spoofing.
	  Currently, this only works on Linux.

	* ip.h, udp.h: New header files to support IP spoofing.  Copied
	  from the GNU C Library.

	* configure.ac: incremented version number to 1.8.2

2006-07-01 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac, ike-scan.c: Removed initial lookup and configure
	  option --enable-lookup to control it.  This is legacy code
	  that has never been required.

	* ike-scan.h, ike-scan.c: Removed low-pass filter in timing
	  error correction code, and associated ALPHA macro.  This had
	  never been used, and tests indicate that it performed worse
	  than the standard timing error correction code.

	* psk-crack.c: Free malloc'ed data when we are finished with
	  each PSK to prevent a memory leak when cracking many PSKs.
	  Thanks to Antoine Brodin for finding and reporting this bug.

2006-06-24 Roy Hills <Roy.Hills@nta-monitor.com>

	* utils.c: Changed printable() and hexstring() to make the first
	  arg "const unsigned char *" instead of "unsigned char *".  This
	  change was integrated from the arp-scan source.

2006-06-06 Roy Hills <Roy.Hills@nta-monitor.com>

	* Changed web URLs to correspond with the new layout of the NTA
	  website.

2006-05-14 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Add --timestamp option.

	* isakmp.c: Improve decoding of notification payload.  Tony has found
	  an IKE implementation which returnes a notification payload after
	  the SA payload, and this uncovered shortcomings in the notification
	  processing code.

2006-05-12 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Allow --interval to be expressed in seconds by
	  appending "s" to the value.  This is useful if you want to send
	  packets very slowly, as it avoids having to add lots of trailing
	  zeros.

	* ike-scan.c: Add experimental option to display packet received
	  time in %H:%M:%S.%u format before the packet details.

	* Moved ike-scan source code from CVS to SVN revision control.
	  This changes the revision numbers from 1.x, where x is a relatively
	  small number, to y, where y is a larger number (currently four
	  digits).

2006-05-05 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Delay opening the file specified by --writepkttofile
	  until after we've dropped SUID to avoid security issues.

2006-03-22 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added --randomseed option, which allows the PRNG seed
	  to be specified.  This enables packets with payloads containing
	  random data, such as Key Exchange and Nonce, to be compared with
	  known good examples for testing.  It also allows the packet data to
	  be exactly repeatable, which can be useful in some situations.

2006-03-19 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Use unsigned 64-bit integer arithmetic for interval
	  calculation instead of double-precision floating point.  This
	  avoids the small rounding errors that can occur with floating point.

2006-03-14 Roy Hills <Roy.Hills@nta-monitor.com>

	* Moved ike-scan source code from RCS to CVS revision control.

2005-12-07 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released v1.8  Tarball size: 1376995, Zip size: 2090803.
	  tarball md5sum: 961310e6f3c07d26c90447e392dfb97e
	  Zip md5sum: 884e1c3eb03ea1519ab7537e095d2c0b

	* configure.ac: Incremented version number to 1.8.1 in preparation
	  for post 1.8 changes.

2005-12-06 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Incremented version number to 1.8 in preparation
	  for release.

2005-12-04 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-backoff-patterns: Added backoff patterns for Netgear ProSafe
	  and Netgear ADSL Firewall Router.  Submitted by Paul Askew.

2005-11-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* Removed automake boilerplace files, and ran automake --add-missing
	  --copy to obtain the latest versions as of automake 1.9.  The updated
	  files were: missing, install-sh, depcomp and INSTALL.  mkinstalldirs
	  is no longer installed by automake and is probably no longer needed.
	  However, I have kept the old version just in case.

2005-11-29 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.h: Changed u_int8_t, u_int16_t and u_int32_t to uint8_t,
	  uint16_t and uint32_t in definition of delete payload.

	* configure.ac: Improved OpenSSL detection by adding support for
	  libcrypto.so and libcrypto.dylib as well as libcrypto.a.

2005-11-25 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, ike-scan.h, configure.ac: Added new --writepkttofile
	  option.  This option writes the output packet to the specified file
	  rather than sending it to the remote host.  It is intended for
	  debugging and testing purposes, to allow the IKE packet to be
	  easily checked.  This option is not documented, because it is
	  designed purely for testing.

	* check-packet: New test to check IKE scan packet data.  Currently
	  tests two sample packets: one default proposal, and one custom
	  proposal.

	* configure.ac: Added conditional #include <stdlib.h> to the
	  AC_LINK_IFELSE that checks if the OpenSSL headers and libraries
	  work.  This is needed because the OpenSSL md5.h and sha1.h in
	  recent versions use size_t but don't include any header to
	  define it.

2005-11-24 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Support the OpenSSL libcrypto.a library in either
	  $ssldir/lib or in $ssldir.

	* configure.ac: Added --disable-lookup option which allows the
	  initial DNS lookup to be disabled.  This is in response to
	  Debian bug ID 327220.  Thanks to Florian Weimer for reporting this,
	  and to Benoit Mortier for forwarding the bug to me.

2005-10-22 Roy Hills <Roy.Hills@nta-monitor.com>

	* wrappers.c: Added new wrapper function, Strtoul(), which
	  calls strtoul() and checks for errors.

	* ike-scan.c: Change most calls to strtoul() to use the new
	  wrapper function Strtoul() instead, because this checks for
	  errors.  Previously, a non-numeric value would be converted to
	  zero without any error, meaning something like "--sport=xxx"
	  would be silently accepted.  Now, such invalid inputs result in
	  an error.

	* ike-scan.c: Modify decode_trans_simple() to detect invalid values
	  which could previously result in an infinate loop.  Now, invalid
	  values cause an error.

2005-09-08 Roy Hills <Roy.Hills@nta-monitor.com>

	* Upgraded automake from 1.8 to 1.9.  No code changes required.

2005-09-08 Roy Hills <Roy.Hills@nta-monitor.com>

	* check-hash.c, check-sizes.c, error.c, ike-scan.c, isakmp.c,
	  psk-crack.c, utils.c, wrappers.c, ike-scan.h, isakmp.h: Added
	  OpenSSL exception to the copyright notice at the beginning of
	  these files.  This allows linking of the program against OpenSSL
	  and distributing linked versions.  This exception is intended to
	  allow the use of OpenSSL in this GPL v2 application.  The added
	  text reads:

	  "In addition, as a special exception, the copyright holders give
	  permission to link the code of portions of this program with the
	  OpenSSL library, and distribute linked combinations including the two.

	  You must obey the GNU General Public License in all respects
	  for all of the code used other than OpenSSL.  If you modify
	  file(s) with this exception, you may extend this exception to your
	  version of the file(s), but you are not obligated to do so.  If you
	  do not wish to do so, delete this exception statement from your
	  version."

	  This text was taken from
	  http://www.gnome.org/~markmc/openssl-and-the-gpl.html

2005-08-02 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, isakmp.c: Added support for advanced transform
	  creation using new functions add_transform() and make_transform().
	  These new functions take a pre-built attribute list, which has
	  previously been created with add_attr(), and can therefore create
	  transforms with arbitrary attributes.

	  The old add_trans() and make_trans() functions have been renamed
	  to add_trans_simple() and make_trans_simple() to reflect the fact
	  that they are simplified versions.  These simple versions are now
	  wrappers that use the advanced functions.

	  Added support for advanced transform creation, which uses these new
	  functions.  This involves an alternative syntax for the --trans
	  option: --trans=(attr=value, ...).

2005-08-01 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, isakmp.c: Added Notification payload processing.  We now
	  display details of an ISAKMP Notification payload if one is returned,
	  rather than just displaying generic payload information.

2005-07-21 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, isakmp.c, utils.c: Added support for variable length
	  lifetime and lifesize transform attributes.  Now, the --lifetime
	  and --lifesize options can take three options:

	  a) "none" - Do not add any lifetime or lifesize attribute
	  b) decimal integer, e.g. 86400 - Add a 4-byte value
	  c) hex number, e.g. 0xff - Add a variable length value

	  This allows arbitrary length lifetime and lifesize attributes to
	  be added using the hex notation.

2005-07-06 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added --exchange option to allow the exchange field
	  in the ISAKMP header to be set to arbitrary values.

	* ike-scan.c: Changed default packet rate calculation from interval
	  to bandwidth.  The default bandwidth is 56000 bits per second.  It's
	  still possible to set the interval instead for backwards
	  compatibility, and for those applications where it's important to
	  be able to specify the exact packet rate.

2005-06-21 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, isakmp.c: Added --hdrflags and --hdrmsgid options to
	  allow Flags and MsgID fields in the ISAKMP header to be specified.

	* ike-scan.c: Added --cookie option to allow the initiator cookie in
	  the ISAKMP header to be set to a static value.

	* isakmp.c: Added support for Checkpoint notify code 9110.  This was
	  observed when sending a large volume of requests to a VPN-1 system,
	  and is believed to be related to the Client Puzzles VPN DoS avoidance
	  mechanism.

	* isakmp.c: Display the Version, flags, or msgid from the ISAKMP
	  header if they don't contain the expected value.

2005-06-21 Roy Hills <Roy.Hills@nta-monitor.com>

	* make-win32-zipfile.sh: New file to create the Windows binary
	  zipfile.  Used under Cygwin.  Previously, I had manually created
	  the zip files using "winzip", which was error-prone.

2005-06-20 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Add 64-bit cast to calculation of microsecond-resolution
	  time differences to ensure that the calculation is performed with
	  64-bit quantities.  Previously, the calculation was performed
	  with 32-bit quantities before being assigned to a 64-bit value.

2005-06-18 Roy Hills <Roy.Hills@nta-monitor.com>

	* utils.c: Modify timeval_diff() to prevent it changing its input
	  arguments.  Previously, it was sometimes changing its second
	  argument, b, because of the carry calculation; now it uses a
	  temporary value to perform the carry on.

2005-06-17 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, isakmp.c: Added Delete payload processing.  We now
	  display details of an ISAKMP Delete payload if one is returned,
	  rather than just displaying generic payload information.

2005-06-16 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, isakmp.c: Add --spisize option to allow a random SPI
	  of the specified size to be added to the proposal payload.

2005-06-15 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, isakmp.c: Display responder cookie value as a hex string
	  when displaying SA and Notify payloads, unless quiet is in effect.

	* ike-scan.c: Added support for SIGUSR1 handling.  Not fully
	  implemented.  NOTE: This was removed later in June 2005, because the
	  bug we were looking for was found and fixed.

	* isakmp.c: Print the SA Proposal SPI as hex if the SPI size in the
	  proposal header is non-zero.  During Phase-1, the SPI size is
	  normally zero.  However it has been observed to be non-zero on rare
	  occasions, and RFC 2408 allows this: "[during phase-1, the SPI is]
	  redundant and MAY be set to 0 or it MAY contain the transmitting
	  entity's cookie".

2005-05-31 Roy Hills <Roy.Hills@nta-monitor.com>

	* psk-crack.c: Fixed error which caused psk-crack to incorrectly report
	  PSKs after finding a valid one, when processing multiple PSK records.
	  Solution was to ensure that "found" is cleared on every loop
	  iteration.  Thanks to Daniel Lucq for finding this bug and suggesting
	  the solution.

2005-05-20 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Check return value from sendto() against size of
	  packet, and warn if they are different (meaning that not all of
	  the packet was sent).  I've seen this occur when using TCP
	  encapsulation to send huge packets (which fragment into many TCP
	  segments), and the VPN server sends a RST back.

2005-05-12 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Use POSIX regex to split both the backoff pattern and
	  vendor id pattern entries into name and pattern in functions
	  add_pattern() and add_vid_pattern().  Previously, we manually
	  stepped through the strings using pointers.  POSIX regex is more
	  complex, but it allows for more flexible and precise matching.

	* ike-scan.c: Add SO_REUSEADDR option to TCP socket when performing
	  TCP scanning (--tcp option).

	* ike-vendor-ids: Added 16 new Vendor IDs, and revised some comments
	  on existing entries.

2005-04-20 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Don't try to decode the SA in the returned packet if
	  it contains more than one transform.  This cannot happen during
	  normal scanning, because the VPN server will only return one
	  transform, but can occur if you scan your own host, and ike-scan
	  sees its own packets which contain multiple transforms.

2005-04-09 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Modified usage() so that it can output either brief or
	  detailed help output depending on a new "detailed" argument.  Now,
	  detailed output, including information on the available options, is
	  only displayed when ike-scan is run with the --help option.  For
	  error conditions such as incorrect options, it only produces brief
	  output.

2005-03-19 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Changed initialise_ike_packet() function to use the
	  struct ike_packet_params rather than taking the various parameters
	  as separate arguments, as the argument count for this function was
	  up to 15 and growing (c89 std only guarantees up to 31 I believe).
	  Also removed some unnecessary global variables and placed these in
	  the new struct, which currently contains 18 members.

	* ike-scan.c: Added --doi (-D) and --situation (-S) options to allow
	  the DOI and Situation in the SA of the outbound packets to be changed
	  from the default of DOI_IPSEC and SIT_IDENTITY_ONLY.

	* ike-scan.c: Added --protocol (-j) and --transid (-k) options to
	  allow the proposal protocol and transform id of the outbound packets
	  to be changed from the defaults.

2005-03-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, isakmp.c: Improved decoding of Certificate and
	  CertificateRequest payloads.  These used to be decoded as
	  generic payloads, but now include the certificate type in the
	  decode output.

	* ike-scan.c: Added --certreq (-C) option to add a
	  CertificateRequest payload to the outgoing packet.

2005-03-09 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added --headerlen (-L) option to allow the ISAKMP header
	  length to be manually specified.  Normally, ike-scan will
	  automatically calculate the correct length; however, you can use this
	  option if you want to use an incorrect length value instead.

	* ike-scan.c, isakmp.c: Added --mbz (-Z) option to allow the value for
	  the reserved (MBZ) fields to be set to non-zero values.  Doing so
	  will make the outgoing packet non-RFC compliant.

	* ike-scan.c, isakmp.c: Added --headerver (-E) option to allow the
	  version field in the ISAKMP header to be altered from the default of
	  0x10 (v1.0).

2005-02-21 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Drop root privileges after binding the local port if we
	  are running SUID.  We don't need enhanced privileges after this
	  point, and having effective UID root can cause problems on NFS
	  filesystems where the root user is squashed to nobody and we need
	  to write a PSK parameters file.

2005-02-18 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Make errors from gethostbyname or inet_aton when adding
	  hosts non-fatal.  Now these errors elicit a warning and cause the
	  offending target to be ignored, but processing continues.
	  Thanks to Tony Lloyd for finding this bug.

	* ike-scan.h, ike-scan.c, isakmp.c: Change structure definitions to
	  typedefs.  i.e. change "struct foo {defs};" to
	  typedef struct {defs} foo;".

	* ike-scan.h: Added extra data structure to the host entry structure.
	  This is designed to allow arbitrary extra data, such as an id string
	  or a transform specification, to be attached to a host entry.

2005-02-15 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added --bandwidth (-B) option to allow the outgoing
	  bandwidth to be specified directly instead of using --interval.
	  The --bandwidth option calculates the appropriate interval setting,
	  taking into account the size of the packet.

	* ike-scan.c: Added --noncelen (-c) option to allow the length of the
	  nonce data to be changed.  This is only applicable to aggressive
	  mode.

2005-02-14 Roy Hills <Roy.Hills@nta-monitor.com>

	* psk-crack.1: Updated psk-crack manpage to reflect current usage.  The
	  manpage had fallen behind, and had become inaccurate.

2005-02-09 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Match ip range and slash notation using regular
	  expressions rather than single character matches in
	  add_host_pattern().  This fixes the bug which caused hostnames with
	  hyphens to fail because they were wrongly interpreted as IP ranges.
	  Thanks to Volker Stolz for reporting this bug.

2005-01-27 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Make lack of Posix regular expression support a fatal
	  error.  Previously, it was optional, and we used conditional
	  compilation based on HAVE_REGEX_H.  However, this never worked, and
	  I've not found a system which lacks Posix regex support.

	* ike-scan.h, ike-scan.c, isakmp.c: Remove HAVE_REGEX_H conditional
	  compilation.  Note that we still use it to conditionally include
	  <regex.h> in ike-scan.h though.

2005-01-25 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Add SO_BROADCAST option to UDP socket to allow sending
	  to the broadcast address.

2005-01-20 Roy Hills <Roy.Hills@nta-monitor.com>

	* utils.c: Added new id_to_name() function to replace the more
	  limited STR_OR_ID macro.  This allows the use of sparse maps where
	  the IDs are not contiguous.  For example, the authentication methods
	  map, where RFC-defined IDs are 1 to 5, but there are proprietary and
	  draft methods around 64,000.

	* ike-scan.c, isakmp.c: Use new id_to_name() function rather than
	  STR_OR_ID macro.  Change the various id to name maps from char *
	  arrays to id_name_map arrays.

	* ike-scan.h: Remove STR_OR_ID macro, and add id_to_name() prototype.

2005-01-16 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Incremented version number to 1.7.1 in preparation
	  for post 1.7 changes.

2005-01-14 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released v1.7  Tarball size: 1350170, Zip size: 2010303.
	  tarball md5sum: c06c6a3d78ba9b93c0abf79b3a3d2a11
	  Zip md5sum: 4e8c37775d541318e9841f17d22d492e

2005-01-13 Roy Hills <Roy.Hills@nta-monitor.com>

	* README: Updated for ike-scan 1.6.7.
	* ike-scan.h: Increased default pattern matching fuzz value from 100
	  to 500 ms.
	* ike-scan.c: treat ECONNRESET the same as ECONNREFUSED. Some OSes
	  (e.g. Cygwin on Windows) return ECONNRESET from recvfrom() whereas
	  others return ECONNREFUSED.

2004-12-31 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Allow --interval argument to be specified as either
	  milliseconds or microseconds.  Milliseconds is the default, unless
	  the argument ends in "u" in which case it is taken as microseconds.

2004-12-22 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Corrected pointer comparison in remove_host() so that
	  advance_cursor() is always called when the host being removed is the
	  current host.  This bug sometimes caused ike-scan to hang.

2004-12-20 Roy Hills <Roy.Hills@nta-monitor.com>

	* check-hash.c: Correct unsigned/signed char * pointers which were
	  giving warnings on Tru64 Alpha with Compaq C.

	* psk-crack.c: Avoid division by zero if elapsed_seconds is zero.
	  I've seen this problem occur on Tru64/Alpha with few iterations,
	  probably because the granularity of gettimeofday() is not small
	  enough on this platform.

	* sha1.c: Change "unsigned long" to "uint32_t" where a 32-bit
	  unsigned quantity is required.  This allows sha1 to work on systems
	  where "unsigned long" is not 32-bits e.g. Alpha.

	* psk-crack.c: cast argument to isspace() to unsigned char to avoid
	  "subscript has type char" warning on some OSes e.g. HP-UX.

	* psk-crack.c: Correct spelling of "fnbuf_siz" variable used for
	  Cygwin.

	* ike-scan.c, utils.c: Cast tv_sec and tv_usec timeval elements to
	  unsigned long before printing.  This is done because different
	  vendors use different types (signed/unsigned int/long) for these
	  elements.  As long is the widest type, and the values cannot be
	  negative, casting to unsigned long is safe.

2004-12-19 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Improve detection and location of OpenSSL libraries.
	  configure will now search several standard locations for the
	  OpenSSL libraries if the --with-openssl option is supplied.  If a
	  directory argument is given, then that will be added to the search
	  list.

2004-12-09 Roy Hills <Roy.Hills@nta-monitor.com>

	* psk-crack.c: Remove options to manually specify hash type (MD5 or
	  SHA1), as these are never needed.

2004-12-08 Roy Hills <Roy.Hills@nta-monitor.com>

	* psk-crack.c: Changed syntax for dictionary cracking.  Now dictionary
	  cracking does not need the dictionary file to be specified as an
	  argument.  It's possible to use a dictionary file other than the
	  default with the --dictionary option.

	* psk-crack.c: Support cracking multiple hashes if the PSK parameters
	  file has more than one line.

2004-12-05 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Minor changes to usage() to improve description of
	  --pskcrack and --tcptimeout options.

	* check-run-1, check-run-2: Add --nodns --retry=1 to reduce delay.

	* check-psk-crack-2: Add dictionary cracking tests.

2004-11-29 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added optional filename argument to --pskcrack (-P)
	  option to allow the PSK data to be written to a file for later
	  cracking with psk-crack.

2004-11-19 Roy Hills <Roy.Hills@nta-monitor.com>

	* sha1.c: define SHA1HANDSOFF to 1 to prevent the SHA1 functions from
	  modifying the input buffer.  If this is not defined, then pre-shared
	  key cracking for SHA1 hashes using this SHA1 function fails.

	* Wrote two new tests for "make check": check-psk-crack-1 which tests
	  psk-crack --help and --version, and check-psk-crack-2 which tests
	  psk-crack bruteforce for both MD5 and SHA1 hashes.

2004-11-18 Roy Hills <Roy.Hills@nta-monitor.com>

	* utils.c: printable() should quote the backslash itself to make
	  "\\n" (backslash, en) distinguishable from "\n" (newline).
	  This fix contributed by Pavel Kankovsky <kan(at)dcit.cz>

	* psk-crack.c: Changed loop counters from 32-bit to 64-bit integers
	  to cope with very large iteration counts, e.g. when brute-forcing
	  8-character passwords with 36-element character set.

	* ike-scan.c: Change 64-bit unsigned integer types from the fixed-
	  width uint64_t type to the "at least 64-bit" type UINT64 which is
	  determined by autoconf.

	* configure.ac: Determine 64-bit integer type and snprintf format
	  string using code from postgresql autoconf.  Previously we used
	  the fixed-width 64-bit types, but we never need exactly 64-bits,
	  only at least 64-bits.

2004-10-29 Roy Hills <Roy.Hills@nta-monitor.com>

	* Internal release of 1.6.4.  NTA Monitor internal use only.

2004-10-05 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added --nodns (-N) option.
	  Added "ERROR:" to error messages that were missing this prefix.
	  Corrected buffer length calculation that could result in a segv with
	  long argument lists.

2004-09-28 Roy Hills <Roy.Hills@nta-monitor.com>

	* psk-crack.c: Added bruteforce support.  New options:
	  --bruteforce and --charset.

	* ike-scan.c: Added missing "=" to help text for --id option.

2004-09-20 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Added additional authentication method names and group
	  names from http://www.iana.org/assignments/ipsec-registry

2004-09-20 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Added SHA2 algorithms to auth_names[].

2004-07-19 Roy Hills <Roy.Hills@nta-monitor.com>

	* psk-crack.c: New program to crack Aggressive Mode Pre-Shared Keys
	  using dictionary attack.  This uses the output from "ike-scan -P"
	  together with a dictionary.  This program is not very polished, but
	  it works OK.

2004-07-16 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Display the rcsid for all important source files
	  for the --version option rather than just for ike-scan.c.

2004-07-12 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added new --tcptimeout (-O) option.  TCP Connect()
	  timeout can now be changed without having to change the #define.

2004-07-09 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added experimental support for Aggressive Mode
	  Pre-Shared Key (PSK) cracking with --pskcrack (-P) option.
	  This outputs the PSK parameters as colon-separated hex values
	  for input into a separate cracking program (which has not yet
	  been written).

2004-07-08 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Incremented version number from 1.6.2 to 1.6.3 in
	  preparation for next batch of changes.

	* Internal release on 1.6.2.  NTA Monitor internal use only.
	  No tarballs generated.

	* configure.ac: Incremented version number from 1.6.1 to 1.6.2.

	* configure.ac: Added checks for headers netinet/tcp.h and signal.h
	  for TCP support.

	* ike-scan.c: Added experimental support for Cisco encapsulated
	  IKE over TCP as used by Cisco VPN Concentrator.  Changed --tcp (-T)
	  option to take an optional numeric argument: 1 (default) meaning
	  raw IKE over TCP, and 2 meaning Cisco proprietary encapsulation.

	* ike-scan.c: Add timeout for TCP connect() when using the --tcp (-T)
	  option.  This uses the alarm() call to interrupt connect() which
	  has a granularity of seconds.  Currently, the timeout is defined
	  by the macro TCP_CONNECT_TIMEOUT in ike-scan.h.

2004-06-23 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added experimental support for TCP with --tcp (-T)
	  option.

2004-06-16 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-vendor-ids: Added several new Vendor ID patterns bringing the
	  total to 68.

	* ike-scan.h, ike-scan.c: Merge in timing error smoothing code.  This
	  is based on the TCP RTT smoothing algorithm in RFC 793.  It is only
	  used if ALPHA is defined in ike-scan.h.  Currently, this is disabled
	  because ALPHA is #undef'ed in ike-scan.h.

2004-05-25 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Allow identification value specified with --id option
	  to be either a string e.g. --id=test or a hex value with a leading
	  0x e.g. --id=0xdeadbeef.  Note that because previous versions always
	  interpreted the value as hex, you will need to add a leading 0x to
	  the values or re-code them as text strings.

2004-05-19 Roy Hills <Roy.Hills@nta-monitor.com>

	* Makefile.am: updated for automake 1.8.

	* configure.ac: updated for autoconf 2.59.

	* configure.ac: Support the use of OpenSSL hash functions.
	  If --with-openssl=PATH option is specified, then the OpenSSL
	  functions will be used; otherwise the built-in functions will be
	  used.

	* check-hash.c: New file to check MD5, SHA1 and HMAC functions for
	  "make check".

2004-04-15 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.h, ike-scan.c: Changed host entry list to use dynamic array
	  grown with realloc rather than a linked list using malloc for each
	  entry, plus an additional array of pointers.  This reduces the amount
	  of memory required from 56bytes per host to 45bytes per host.

	* ike-scan.c: Added --random (-R) option to randomise the host entry
	  list.  This uses the Knuth shuffle algorithm to shuffle the array of
	  pointers.

2004-04-05 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.h: Changed num_sent and num_rcvd fields from unsigned to
	  unsigned short to save space.

	* ike-scan.c: Moved the various utility functions that are not IKE
	  related to the new file utils.c.

	* Makefile.am: Added new source file: utils.c

2004-03-29 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Incremented version number from 1.6 to 1.6.1 for next
	  version.
	* ike-scan.h: Re-arranged struct host_entry for better alignment -
	  moved "live" to end of structure.
	* ike-scan.c: Included host name in error message from gethostbyname().
	* ike-backoff-patterns: Added Linksys router pattern, submitted by
	  Bob Davis.

2004-01-16 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released v1.6  Tarball size: 141847, Zip size: 648717.
	  tarball md5sum: 5cdc5633a2a7484805d76b3952b8cef6
	  Zip md5sum: 86c417529af55b2e201e77f2f617dc95

2004-01-13 Roy Hills <Roy.Hills@nta-monitor.com>

	* Makefile.am: Added new shell-script-based tests check-run1,
	  check-run2, and check-run3.

	* ike-scan.1: Updated man page OPTIONS section and added FILES
	  section.

	* Added Russ Allbery's inet_aton replacement function for systems
	  like Solaris which don't have inet_aton in the standard library.
	  Added inet_aton check to configure.ac.

	* ike-scan.c: Cast char * to unsigned char * before passing to
	  isdigit().  isdigit can have problems with char if char is signed
	  and value >127, esp. when it's implemented as a macro that indexes
	  into an array as on Solaris 8.

	* Use hexstring() to print cookie values rather than using htonl()
	  on the two 32-bit pieces.  Some systems define htonl() to return
	  unsigned long while others return unsigned int making it impossible
	  to use the same printf format string on all systems.

2004-01-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* iks-scan.c, isakmp.c: Added regular expression support for
	  Vendor ID pattern matching.  Patterns in ike-vendor-ids
	  are now Posix basic regular expressions which are compiled
	  with "regcomp" and matched against the hex representation
	  of the Vendor ID data with "regexec".

	* configure.ac: Added check for Posix regular expression
	  support.

2003-12-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Added transform attribute generation functions make_attr()
	  and add_attr().  Use these functions in make_trans() to improve
	  readability and allow for future flexibility.

	* ike-scan.c: Free various bits of malloc'ed storage when they are
	  no longer used.  The pointers involved are: vid_data, patcopy,
	  id_data, gss_data, hdr, sa, prop, transforms, ke, nonce, id and vid.
	  These are all used only at initialisation time.  We don't save much
	  memory by free'ing these, but it's better to be neat & tidy.

	* check-sizes.c: New test program which checks the sizes of structures
	  and types.  This is referenced by the TESTS target in Makefile.am,
	  so it gets run by "make check".

	* ike-scan.c: check_struct_sizes() is now obsolete and has been
	  removed.

2003-12-29 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Fixed bug which caused the data length for ID and VID
	  payloads to be 8 bytes more than it really was (we were not
	  subtracting the length of the header structure).

	* isakmp.c: Only check the returned VID against a candidate pattern if
	  the VID data length is >= the candidate pattern length.

	* isakmp.c: Moved notification_msg[] from global to process_notify()
	  function.  Use STR_OR_ID macro to display appropriate string from
	  notification_msg[] which avoids a hard-coded constant.  Changed
	  format of "Firewall-1" 9101 notify message.

2003-12-24 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Modified error message if bind() fails to be more
	  specific depending on the value of errno.

	* ike-scan.c: Added --quiet option to prevent packet decode and thus
	  shorten the output if required and --multiline option to split the
	  decode over multiple lines (one line per payload).

	* ike-scan.c: Improved protocol decode.  SA and ID payloads are now
	  decoded.  For SA, the various transform attributes are shown.

	* ike-scan.c: Added utility functions printable() and hexstring() to
	  provide escaped-printable and hex representations of data.

	* isakmp.c: New process_id() function to process ID payload. Improved
	  process_sa() function to decode transforms.  Transform decoding is
	  no longer experimental.

2003-12-19 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Added experimental support for displaying transform
	  attributes.  This code is only enabled if the --experimental option is
	  specified.  New attribute parsing function process_attr(),
	  new macro STR_OR_ID, and new function numstr() as well as additional
	  code in process_sa() function.

2003-12-11 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added support for Vendor ID fingerprinting using
	  fingerprints loaded from the file "ike-vendor-ids".  Added
	  --vidpatterns (-I) option to specify Vendor ID patterns file
	  location if it's not the default.

	* isakmp.c: Modified process_vid() to check for known Vendor ID
	  and print entry from database if found.

2003-12-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Allow target hosts to be specified as IPnet/bits or
	  IPstart-IPend as well as the traditional single host or IP address.
	  The new function add_host_pattern() deals with these new formats.
	  Added details to usage() to explain these additional formats.
	  This functionality was first requested by Chris Gripp in Jan 2003.

2003-11-28 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Removed unnecessary gethostbyname() call.

2003-11-23 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Removed many global variables and made them local to
	  main().  Only 4 global variables left now, all of which have
	  some reason to stay global.

2003-11-22 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Added support for GSS ID attribute in make_trans()
	  function.

2003-11-21 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Added support for lifesize (KB) to add_trans() and
	  make_trans() functions.

	* ike-scan.h: Modified function definitions for add_trans(),
	  make_trans(), and initialise_ike_packet() to take lifesize
	  argument.

	* ike-scan.c: Added support for --lifesize (-z) option.  Default
	  is not to include this attribute.

2003-11-18 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Wrote ISAKMP packet parsing routines: skip_payload,
	  process_isakmp_hdr, process_sa, process_vid, process_notify.
	  These are used by the new display_packet() routine in ike-scan.c

	* ike-scan.c: Re-wrote display_packet() function to parse ISAKMP
	  packet in a flexible way using functions in isakmp.c.  This
	  allows us to display multiple Vendor ID payloads (previously we
	  could only display the first), and also to detect and print
	  vendor ID payloads anywhere in the packet (previously it had to be
	  immediately after the SA payload, which may not be the case with
	  aggressive mode).

2003-11-14 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Fixed bug which could cause select() to be passed a
	  negative timeout when collecting backoff fingerprints.
	* Released v1.5.1.  Tarball size: 122595, Zip size: 632736.
	  tarball md5sum: 6425534104fd9f6f644c6f7286ed40e1
	  Zip md5sum: 52cf28982532030b2e7faf26dde8fb1d

2003-11-13 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added support for IKE Aggressive Mode.  New options:
	  --aggressive, --id, --idtype, --dhgroup.
	* isakmp.c: Added functions to build id, nonce and ke payloads for
	  Aggressive Mode.
	* ike-scan.1: Added details of Aggressive Mode options.
	* Released V1.5.

2003-11-08 Roy Hills <Roy.Hills@nta-monitor.com>

	* wrappers.c: New file containing system/library call wrappers
	  for those calls which are not expected to fail.  Wrappers have
	  the same name as the underlying call but with initial capital
	  letter.  This convention is from W. Richard Stevens' Unix Network
	  Programming book.
	* ike-scan.c: Changed to use wrapper functions for Gettimeofday,
	  Malloc and Realloc.
	* isakmp.c: Changed to use wrapper function for Malloc.
	* isakmp.c: Wrote new add_trans() function.  This allows a multi-
	  transform payload to be built, it calls make_trans.
	* ike-scan.c: Use new add_trans() function in initialise_ike_packet()
	  rather than manually building the transform payload using
	  make_trans().
	* isakmp.c: Add new add_vid() function.
	* ike-scan.c: Use new add_vid() function to allow multiple VIDs to
	  be specified.
	* ike-scan.c: Add new function decode_trans.  Use this function to
	  parse the --trans argument which allows the specification of
	  encryption key length.

2003-11-07 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Wrote ISAKMP payload construction functions.
	* ike-scan.c: Use functions from isakmp.c to construct ISAKMP
	  payloads rather than manually filling in structures.

2003-10-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Change loop timing units from ms to us to improve
	  accuracy.  This requires a 64-bit integer type.

2003-10-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added elapsed time statistics to "Ending:" line.
	* ike-scan.c: Changed atoi(optarg) to
          strtoul(optarg, (char **)NULL, 10) for unsigned options to allow
	  full unsigned range.
	* ike-scan.c: Dynamically adjust select_timeout based on requested
          interval and cumulative error.
	* ike-scan.c: Removed --selectwait option as it is now unneccesary.
	* ike-scan.c: Renamed backoff variable to backoff_factor and changed
          type from float to double.
        * ike-scan.c: Timeout hosts immediately if possible when
	  starting the timeout pass.  This reduces the scanning time,
	  especially when scanning a large number of hosts.  Previously, the
	  scanning time tended to <retries+1> * <num-hosts>; now it tends
	  towards <retries> * <num-hosts>.
	* ike-scan.c: Added pass number which is displayed if verbose >= 1.

2003-10-29 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Don't call advance_cursor() if we can't send to a host
	  yet because the next host won't be ready either.
	* ike-scan.c: Start the search for a matching cookie at cursor->prev
	  rather than cursor.

2003-08-05 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released version v1.4.  Tarball size 114410 bytes, Zip size 622630.
	  tarball md5sum: d8755044a041859cde12d111973bb541
	  zip md5sum: 7871aead615b88e3fd6a516f60ac63d0

2003-07-17 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Print any vendor ID payload in hex if it follows an SA
	  payload.
	* ike-scan.c: allocate vid_data using malloc rather than having a
	  fixed-length array.  This allows the supplied vendor id to be of
	  arbitrary length.

2003-07-16 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Changed --vendor option to use a hex string of arbitrary
	  length (up to MAXLINE) rather than an md5 hash of the supplied
	  string.  This allows us to specify any vendor ID e.g. the one that
	  SecuRemote uses with main mode.

2003-07-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released version v1.3.  Tarball size 113350 bytes.
	  tarball md5sum: 3fc330e97017ac93bd35fd2973d14e58
	  Note: this is not an official release and no Windows (zip) version
	  was produced.  It is for internal use to test the new pattern
	  matching code.  However, it is available in the public download
	  directory if anyone wants to use it.

2003-07-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-backoff-patterns: Added new patterns "watchguard-soho" and
	  "sonicwall-pro".  These both use the new "/" notation to represent
	  per-entry fuzz values.
	* ike-scan.c: Add fact that per-pattern fuzz entries override the
	  values specified with --fuzz to the help output.
	* Created detached GPG sigs (.asc) for *.tar.gz and *.zip using DSA
	  key ID 567B9F3A Roy Hills <Roy.Hills@nta-monitor.com>.

2003-07-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added check_struct_sizes() to check the size of the
	  ISAKMP structure sizes.
	* ike-scan.h: Added definition of check_struct_sizes().

2003-07-04 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added support for per-pattern-entry fuzz specification
	  in the patterns file.
	* ike-scan.h: New structure to support per-pattern-entry fuzz.

2003-06-27 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Improved backoff pattern display in dump_backoff().
	  Use integer arithmetic in add_pattern() to avoid rounding errors.
	* ike-scan.h: Remove math.h include.  Not needed now that we use
	  integer arithmetic in add_pattern().
	* configure.ac: Removed check for maths library.  Not needed now that
	  we use integer arithmetic in add_pattern().

2003-06-17 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.1: Created man page ike-scan.1.  This is required by some
	  Linux distributions e.g. Debian.
	* Makefile.am: Added support for new man page.
	* NEWS: Added info for v1.0, v1.1 and v1.2.
	* Makefile.am: Changed location of "ike-backoff-patterns" from
	  $datadir to $pkgdatadir.

2003-06-11 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released version v1.2.  Tarball size 108137 bytes, Zip size 620292.
	  tarball md5sum: 25777051bb09306cb0b86e0cf1c48caa
	  zip md5sum: 5c02090900dc3fda7fa374fe99f48af5

2003-06-11 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-backoff-patterns: Minor comment changes.

2003-05-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Added package name and version to AC_INIT.

	* ike-scan.c: Use PACKAGE_STRING and PACKAGE_BUGREPORT symbols rather
	  than hard-coded strings.

2003-05-09 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac, acinclude.m4: Wrote macro AC_NTA_NET_SIZE_T to
	  determine the best type to use for the 3rd argument to accept().
	  This is normally socklen_t, but is sometimes int or size_t.
	  This change allows the program to compile on HP Tru64 Unix.

2003-05-08 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Renamed configure.in to configure.ac to comply with
	  new autoconf naming scheme and ran autoupdate to update from
	  autoconf 2.13 to 2.53.  No C code changes.

2003-02-21 Roy Hills <Roy.Hills@nta-monitor.com>

	* error.c: Changed "syslog(level, buf)" to "syslog(level, "%s", buf)"
	  to fix syslog format string vulnerability.

2003-02-18 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released version v1.1.  Tarball size 91606 bytes, Zip size 578034.
	  tarball md5sum: b87fe14043c43c2897cf309c364574b7
	  zip md5sum: 59db0f1f170aaf50dfb2c05f4f950d00
	* Corrected typo in README-WIN32: know -> known.

2003-02-03 Roy Hills <Roy.Hills@nta-monitor.com>

	* Makefile.am: Changed DATADIR to IKEDATADIR.
	* ike-scan.h: Include <windows.h> if compiling under Cygwin.
	* ike-scan.c: Use ike-scan.exe dir as default patterns file dir
	  if compiling under Cygwin.
	* ike-scan now compiles under Cygwin and can be used as a Windows EXE
	  if CYGWIN1.DLL is present.

2003-01-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* Minor changes to --help output to make use of <> brackets
	  consistent.

2003-01-29 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added output of "Ending:" line showing number of hosts
	  scanned and number of responders after scan completes.
	* ike-scan.c: Only show backoff table if there is at least one
	  handshake responder.
	* ike-scan.c: Don't bother waiting for extra packets after all host
	  entries have been removed if there are no handshake responders.
	* ike-scan.c: Show that notify message 9101 is Firewall-1 4.x or NG
	  in output message.
	* ike-scan.c: Cast value from htonl to uint32_t when used in printf
	  statement to avoid warnings on those platforms which define htonl
	  as returning unsigned long (like FreeBSD).
	* ike-backoff-patterns: Added OpenBSD-isakmpd, discovered by Thomas
	  Walpuski.

2003-01-27 Roy Hills <Roy.Hills@nta-monitor.com>

	* Fixed possible buffer overflow in code which joined argv elements
	  into a fixed-length string which is then written to syslog.
	* Removed RSA 1991 MD5 implementation and replaced with
	  L. Peter Deutsch's MD5 implementation dated 2002.

2003-01-25 Roy Hills <Roy.Hills@nta-monitor.com>

	* Moved all #includes to ike-scan.h.
	* ike-scan.c, ike-scan.h: Changed host_entry element "n" from int to
	  unsigned.
	* ike-scan.c: Changed printf format for unsigned from %d to %u.
	* ike-scan.c: Added exchange type (Main Mode or Aggressive Mode) to
	  "handshake returned" message.
	* ike-scan.h: Make all #includes conditional based on configure findings
	* configure.in: Check for uint_8, uint_16 and u_int32 types using
	  custom macro AC_NTA_CHECK_TYPE (defined in acinclude.m4).  If the
	  types are not defined, then #define them to values that will work on
	  most systems.
	* ike-scan now builds and runs on two new platforms:
	  - Debian Linux 1.3.1 (old libc5 based Linux system with 2.0 kernel)
	  - Cygwin on Windows NT Workstation (only under the cygwin
	    environment; this doesn't produce a standalone windows exe).

2003-01-23 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-backoff-patterns: Changed Cisco Concentrator entry to 0,8,8,8

2003-01-20 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released initial version v1.0. Tarball size 86434 bytes,
	  md5sum: 7299777c7d67d1cea82d9594867b4806