------------------------------------------------------------------------
r287 | elparis | 2009-11-04 09:20:09 -0500 (Wed, 04 Nov 2009) | 4 lines

Start 0.18 development cycle. My GNU autotools got upgraded to new versions
after the Ubuntu 9.10 upgrade so the are changes to Makefiles and other
autotools-maintained files.

------------------------------------------------------------------------
r288 | elparis | 2009-11-04 09:21:05 -0500 (Wed, 04 Nov 2009) | 2 lines

Add minor diagnostic message to 0trace example.

------------------------------------------------------------------------
r289 | elparis | 2009-11-04 09:24:06 -0500 (Wed, 04 Nov 2009) | 4 lines

Add libwireshark 1.2.x support. Unfortunately this breaks libwireshark 1.0.x
support since 1.2.x and 1.0.x are not ABI or API compatible and it's hard
to work around this via #ifdef's. wireshark 1.2.x is now required.

------------------------------------------------------------------------
r290 | elparis | 2009-11-04 09:32:33 -0500 (Wed, 04 Nov 2009) | 6 lines

Add a PDU field type "PDU_FTYPE_UINT" that stores an integer but
does not have a representation on the wire. Useful for things like
"data(random(length = 10) )" where we want to store a number (in this
case the number of bytes of random data) that is actually not put on the
wire.

------------------------------------------------------------------------
r291 | elparis | 2009-11-05 20:46:13 -0500 (Thu, 05 Nov 2009) | 40 lines

Improvements to the data() PDU: previously, a data() PDU, i.e. raw data,
used the simple syntax "data(data = <a payload specification>)". For
example:

ip(dst = cisco.com)/icmp-echo()/data(data = '1234567890')

If one wanted to include random data it was necessary to specify so
in the payload specification. For example, to have 20 bytes of random
data one would do:

data(data = 'random:20')

While the payload specification is reasonably flexible, a few improvements
to the data() PDU were easy to implement:

1. Many "data" parameters can now be specified. For example:

data(data = '1234', data = '56', data = '7890')

would produce the raw data "1234567890".

2. There is now a "random" parameter that allow to specify... well,
random data. For example:

data(random(length = 20) )

would specify 20 bytes of random data.

The nice thing about random(length = nn) compared to "random:nn" (in
a payload specification) is that in the former case each time a PDU
build new random data is created. In the latter case, the random data is
created at PDU definition time so each time the PDU is built the data is
the same. In other words:

ip(dst = cisco.com)/icmp-echo(id = 1..4)/data(data = 'random:20') ->
4 packets, random data never changes

ip(dst = cisco.com)/icmp-echo(id = 1..4)/data(random(length = 20) ) ->
4 packets, random data is always different

------------------------------------------------------------------------
r292 | elparis | 2009-11-07 00:29:27 -0500 (Sat, 07 Nov 2009) | 5 lines

Add support for Wireshark configuration profiles. This allows to use
different configuration profiles for Wireshark and netexpect. The
configuration profile to use is specified via nexp's -C option (just
like tshark's -C option).

------------------------------------------------------------------------
r293 | elparis | 2009-12-08 11:37:24 -0500 (Tue, 08 Dec 2009) | 12 lines

In the dumbhex module we already handle properly numbers that start with
"0x" but we don't handle properly numbers that start with "\x", i.e.
"\x12\x34\x05". Fix that so we can import from stuff like:

pkt = (
    "\x18\x40\xf9\x12\x01\x00\xc0\xa8"
    "\x01\x23\x06\xb8\x4a\x00\x32\x00"
)

We continue to be dumb, though, which means that "\x1\x23" is converted
to 0x12, 0x30 instead of 0x01, 0x23.

------------------------------------------------------------------------
r294 | elparis | 2010-01-11 10:30:06 -0500 (Mon, 11 Jan 2010) | 12 lines

Allow to specify a raw data PDU without using "data(data = '...')". For
example, now we can do:

send_network ip(dst = cisco.com)/tcp(dst = 80, psh, ack)/'GET / HTTP/1.0\n\r'

instead of:

send_network ip(dst = cisco.com)/tcp(dst = 80, psh, ack)/data(data = 'GET / HTTP/1.0\n\r')

Not a big change but gives a little additional flexibility when defining
PDUs.

------------------------------------------------------------------------
r295 | elparis | 2010-02-18 17:51:52 -0500 (Thu, 18 Feb 2010) | 30 lines

tsammut ran into an out of memory condition during a simple send_network
command. Turns out that a malloc() was being called for a huge number.

We found that sizeof(int) is 4 and sizeof(size_t) is 8 on x86_64, and
the following code was failing:

85      str = Tcl_GetStringFromObj(strobj, (int *) &len);
86
87      if (len == 0)
88          return NULL;
89    
90          buf = xmalloc(len + 1);

where len was declared as:

size_t len;

So, Tcl_GetStringFromObj() was putting the length in the first 4
bytes but 8 bytes (the size of the len variable is 8) where used in
"xmalloc(len + 1)", which resulted in a huge number being passed to
malloc() due to garbage in the second half of the 8-byte word.

I believe declaring len as int instead of size_t will not cause any
other problems here since the compiler will automatically cast from int
to size_t where appropriate.

Ah, the joys of code running on different architectures.

Thanks Tim!

------------------------------------------------------------------------
r299 | elparis | 2010-02-25 14:34:30 -0500 (Thu, 25 Feb 2010) | 8 lines

Add an SNTP PDU builder to pbuild. As part of this, added new pbuild
field types for 32- and 64-bit fixed point numbers (which are used by
NTP).

Example of an SNTP PDU definition:

sntp(version = 3, delay = -1.5, dispersion = 65535.4, orig = 35.4, tx = 2.4)

------------------------------------------------------------------------
r300 | elparis | 2010-03-01 11:59:32 -0500 (Mon, 01 Mar 2010) | 4 lines

Handle disposal and presentation of PDU_FTYPE_FIXEDP32 and
PDU_FTYPE_FIXEDP64 field types. Forgot to do this when these new field
types were introduced in the last commit.

------------------------------------------------------------------------
r301 | elparis | 2010-03-01 12:00:31 -0500 (Mon, 01 Mar 2010) | 3 lines

Use pcap_stats() to provide additional details on live capture network
listener when "spawn_network -info" is executed.

------------------------------------------------------------------------
r302 | elparis | 2010-03-05 18:17:57 -0500 (Fri, 05 Mar 2010) | 9 lines

Add pbuild support for Dynamic Trunking Protocol (DTP). This should
allow for negotiating a trunk port with a switch, just like one of the
Yersinia attacks, although I haven't tried it yet.

Here's an example of how to create a valid DTP PDU:

dot3(dst = 01:00:0c:cc:cc:cc)/llc(dsap=0xaa, ssap=0xaa, ctrl = 0x3)/snap(oui='\\x00\\x00\\x0c', code = 0x2004)/dtp(options(tlv(type='DTPDomain', value="mydomain"), tlv(type='DTPType', value="\\xa5"), tlv(type = 'DTPStatus', value="\\x10") ) )


------------------------------------------------------------------------
r305 | elparis | 2010-03-08 08:48:11 -0500 (Mon, 08 Mar 2010) | 1 line

Rename packet_fieldname() to packet_varname()
------------------------------------------------------------------------
r306 | elparis | 2010-03-08 08:50:39 -0500 (Mon, 08 Mar 2010) | 5 lines

We can't use Tcl_NewStringObj() to produce a string that contains binary
data since the string may undergo character set conversion, which we
definitely do not want. Use Tcl_NewByteArrayObj() instead, as documented
in Tcl_NewStringObj()'s man page.

------------------------------------------------------------------------
r307 | elparis | 2010-03-08 08:53:08 -0500 (Mon, 08 Mar 2010) | 6 lines

New "ws" Tcl command that allows to change behavior of some parts of
libwireshark. Right now the only thing that is possible is to set
Wireshark preferences. For example:

ws setprefs ip.defragment:FALSE

------------------------------------------------------------------------
r308 | elparis | 2010-03-08 09:23:03 -0500 (Mon, 08 Mar 2010) | 57 lines

Create Tcl BArray (byte array) objects for libwireshark fields of type
FT_PROTOCOL. This is important because it allows netexpect script to
get full and direct access to a dissected layer/protocol. If a PDU is
fragmented/segmented across multiple packets, and libwireshark is doing
re-assembly then this change means that we get access to re-assembled
data in a very sinple manner.

Re-assembling fragmented/segmented data (IP, TCP, etc.) is not an
easy task given that fragments can arrive out of order, can be
re-transmitted, etc, but leveraging libwireshark for this makes this an
easy job.

As an example, the following script looks in a PCAP file for PNG, JPEG,
or just generic binaries that have been transferred over HTTP, and saves
anything it finds to separate files on disk. It doesn't matter if the
binaries are fragmented/segmented across multiple packets; libwireshark
will re-assemble for us and give us the final, re-assembled data.

----------------------------------------------------------------------
set input [lindex $argv 0]
set fname_prefix [lindex $argv 1]

set findex 0

proc write_file {ws_proto} {
    global findex fname_prefix $ws_proto

    set f [open "$fname_prefix$findex.bin" w]
    fconfigure $f -translation binary
    puts -nonewline $f [barray string $ws_proto] ;# write data to disk
    close $f
    puts "Created $fname_prefix$findex.bin: [barray length $ws_proto] bytes"
    unset $ws_proto
    incr findex
}

spawn_network -fullspeed -r $input ;# Open input PCAP file

expect_network {1} {
    # The expect_network command will create Tcl variables for each
    # dissected protocol. We check for the existance of the variables
    # and if we find something we write the contents of the variable
    # to a disk file.
    if {[info exists media]} {
	write_file media
    } elseif {[info exists png]} {
	write_file png
    } elseif {[info exists image-jfif]} {
	write_file image-jfif
    }
    nexp_continue;
} eof {
    # Do nothing (this is needed to be able to exit the expect_network
    # statement) when reading from a PCAP file
}


------------------------------------------------------------------------
r309 | elparis | 2010-03-08 09:23:30 -0500 (Mon, 08 Mar 2010) | 1 line

Update dates
------------------------------------------------------------------------
r310 | elparis | 2010-03-08 09:24:12 -0500 (Mon, 08 Mar 2010) | 1 line

Example of how to extract files from HTTP conversations
------------------------------------------------------------------------
r311 | elparis | 2010-03-21 22:24:38 -0400 (Sun, 21 Mar 2010) | 8 lines

Set a libwireshark configuration profile only if the user specified a
specific profile via nexp's -C option. If no configuration profile was
specified then we don't set a specific profile and use libwireshark
defaults instead.

This fixes the annoying problem of nexp refusing to run if a default
wireshark configuration profile does not exist on disk.

------------------------------------------------------------------------
r312 | elparis | 2010-03-22 20:06:37 -0400 (Mon, 22 Mar 2010) | 5 lines

A sample script from a failed attempt at figuring out how the Cisco VTP
MD5 hash is calculated. There are some good techniques and tricks so
while the attempt was a failure this example is a good read and worth
including with other examples.

------------------------------------------------------------------------
r313 | elparis | 2010-03-22 20:08:00 -0400 (Mon, 22 Mar 2010) | 2 lines

Example that shows how to extract HTTP requests from a packet capture.

------------------------------------------------------------------------
r314 | elparis | 2010-03-22 22:24:46 -0400 (Mon, 22 Mar 2010) | 6 lines

For the send_tcl command, we can't use Tcl_NewStringObj() to produce
a string that contains binary data since the string may undergo
character set conversion, which we definitely do not want. Use
Tcl_NewByteArrayObj() instead, as documented in Tcl_NewStringObj()'s man
page.

------------------------------------------------------------------------
r315 | elparis | 2010-03-23 09:37:21 -0400 (Tue, 23 Mar 2010) | 2 lines

Remove unnecessary cast.

------------------------------------------------------------------------
r316 | elparis | 2010-03-23 09:37:49 -0400 (Tue, 23 Mar 2010) | 2 lines

New "packet length" command that returns the length of a Tcl "packet" object.

------------------------------------------------------------------------
r317 | elparis | 2010-03-23 09:40:15 -0400 (Tue, 23 Mar 2010) | 11 lines

Example of creating and sending an ICMP echo request with a large ICMP
payload. This example shows two things:

1. How to create a large PDU that later gets used as payload for
another PDU. Specifically, we create a large ICMP echo request that
will later be delivered by IP packets. The ICMP checksum is calculated
automatically and transparently.

2. How to send a large IP payload, greater than the interface's MTU,
that then requires to be fragmented.

------------------------------------------------------------------------
r318 | elparis | 2010-03-25 15:18:31 -0400 (Thu, 25 Mar 2010) | 3 lines

Do not crash if a PDU's pdu_t (the PDU definition) does not have a
pointer to an array of fields that that PDU's definition takes.

------------------------------------------------------------------------
r319 | elparis | 2010-03-25 16:18:51 -0400 (Thu, 25 Mar 2010) | 3 lines

Add missing fields to pdu_icmpunreachable. Build pdu_icmpunreachable
using the generic builder. Misc. ICMP fixes.

------------------------------------------------------------------------
r320 | elparis | 2010-03-27 00:42:07 -0400 (Sat, 27 Mar 2010) | 6 lines

Add an "exists" subcommand to commands that operate on our own, custom
defined Tcl types.

Misc. improvements to code that implements our own, custom defined Tcl
types.

------------------------------------------------------------------------
r321 | elparis | 2010-03-27 00:43:19 -0400 (Sat, 27 Mar 2010) | 3 lines

Add an "exists" subcommand to the "packet" command. Misc. improvements
to code that implements our "packet" Tcl type.

------------------------------------------------------------------------
r322 | elparis | 2010-03-30 19:50:51 -0400 (Tue, 30 Mar 2010) | 39 lines

Lots of (hopefully good) changes to the libpackets module (netexpect's
interface to libwireshark):

- Big change in the naming of Tcl variables created by the dissection
process: before we were handling name collisions by keeping track of the
position of the layer the dissection variable belonged to. For example,
ip.src in IP transported by Ethernet (eth:ip) would get the variable
name ip.src, but IP inside an ICMP message (eth:ip:icmp:ip) would get
ip.src3. This was not intuitive, incorrect (since libwireshark may
insert non-data protocols like "expert" in some places), and really hard
to handle from Tcl scripts. Now we don't keep track of layer positions
and just name a variable by pre-pending the names of the protocols all
the way to the root of the dissection tree. For example, for ip.src in
eth:ip:icmp:ip, the name of ip.src in the embedded IP packet would be
"icmp.ip.src".

- Create Tcl dissection variables in a specific Tcl namespace.
The actual namespace to use is specified via the global variable
"dissection_ns". This may help prevent pollution of the global
namespace.

- Do not create a "data" variable with no data if a "data" protocol has
not been dissected. This aligns things better with how libwireshark
dissects packets.

- Do not offer a global Tcl variable that can control whether Tcl
variables created during packet dissection are overwritten if
libwireshark variables with the same name already exist. Instead, we now
never overwrite a variable, and if a variable with the same name exists,
we convert the variable to a Tcl list so we have all different values of
the same variable.

- Standardize on "pkt_xxxx" for functions offered by libpackets to
external users and on "_pkt_xxxx" for functions reserved for internal
use only.

- Relocate some code from outside of libpackets to libpackets, where it
is more appropriate.

------------------------------------------------------------------------
r323 | elparis | 2010-04-02 17:58:12 -0400 (Fri, 02 Apr 2010) | 2 lines

Create Tcl object types to hold libwireshark's field types.

------------------------------------------------------------------------
r324 | elparis | 2010-04-02 18:01:06 -0400 (Fri, 02 Apr 2010) | 5 lines

When making libwireshark dissection results available to the Tcl world
in the form of Tcl variables, make the Tcl variables hold initially a
binary representation instead of a string representation. This should
make dissection faster and make it easier to handle dissection results.

------------------------------------------------------------------------
r325 | elparis | 2010-04-02 18:01:53 -0400 (Fri, 02 Apr 2010) | 2 lines

Register the new Tcl object types to handle libwireshark field types.

------------------------------------------------------------------------
r326 | elparis | 2010-04-02 18:02:34 -0400 (Fri, 02 Apr 2010) | 1 line

Rearrange utility functions
------------------------------------------------------------------------
r327 | elparis | 2010-04-06 15:07:46 -0400 (Tue, 06 Apr 2010) | 4 lines

Add convenience functions Tcl_GetUInt8FromObj(), Tcl_GetUInt16FromObj(),
and Tcl_GetIPAddrFromObj() to easily access the internal representation
of some of the Tcl object types created to store libwireshark ftypes.

------------------------------------------------------------------------
r328 | elparis | 2010-04-06 16:03:18 -0400 (Tue, 06 Apr 2010) | 42 lines


Big changes to the packet hash and packet isanswer engines (used by
the "send_expect" command, the equivalent of Scapy's sr() command).
We now rely on more generic pkt_dissect_tcl() function for all packet
dissection tasks instead of dissecting the packet and storing the
results in hackish ways.

* Packet hashes now store fields in the correct lengths, instead of
treating all fields as 32-bit wide.

* pkt_hash() and pkt_isanswer() now receive a Tcl_Interp * parameter.

* pkt_dissect_tcl() now receives a Tcl_Interp * parameter.

* Make pkt_dissect_tcl() receive a Tcl namespace parameter to make it
easier to call in different scenarios (packet hash, isanswer, regular
dissection to Tcl vars).

* Add parameter to pkt_dissect_tcl() so non-libwireshark dissection
variables like "pdu(xxxx)" and "_" are only created on request depending
on the setting of this parameter (called "create_non_ws_vars")

* Create _pkt_get_uint8(), _pkt_get_uint16(), _pkt_get_ipaddr() and
_pkt_get_boolean() utility functions to read dissection variables and
store their values in specific C types.

* Remove from packets/hash.c and packets/isanswer.c all wicked, silly,
hackish and ugly ways of dissecting packets using libwireshark services
and storing dissection results in custom data structures. Now we use
pkt_dissect_tcl() for everything, which stores dissection results in
Tcl variables, and we access the Tcl variables from C when needed. This
makes things slower but makes the code easier to maintain.

* Tweak how we "flatten" a libwireshark display/dissection tree: if
the name of a node is the same as the name of the parent node we do
append the name of the parent node to the name of a Tcl variable as we
traverse the tree on our way to the root. This handles the case of an
ICMP error generated for an ICMP message since without this special
handling we would end up with something like "icmp.type" twice instead
of "icmp.type" and "icmp.icmp.type".


------------------------------------------------------------------------
r329 | elparis | 2010-04-06 16:46:51 -0400 (Tue, 06 Apr 2010) | 3 lines

Take byte endianness into consideration when looking at ARP operation
types in the ARP isanswer function.

------------------------------------------------------------------------
r330 | elparis | 2010-04-06 16:49:10 -0400 (Tue, 06 Apr 2010) | 1 line

Update some examples so they run in latest netexpect version
------------------------------------------------------------------------
r331 | elparis | 2010-04-07 15:06:56 -0400 (Wed, 07 Apr 2010) | 3 lines

Add a "-namespace" option to the Tcl "packet dissect" command that
allows to specify a Tcl namespace that will hold dissection variables.

------------------------------------------------------------------------
r332 | elparis | 2010-04-07 15:07:20 -0400 (Wed, 07 Apr 2010) | 1 line

s/argc/objc/ for better consistency
------------------------------------------------------------------------
r333 | elparis | 2010-04-07 15:14:10 -0400 (Wed, 07 Apr 2010) | 1 line

Make use of namespaces when dissecting packet to eliminate a couple of lines of code
------------------------------------------------------------------------
r334 | elparis | 2010-04-07 16:15:14 -0400 (Wed, 07 Apr 2010) | 1 line

Make sure this works, and make it more generic, i.e. don't hardcode an interface name
------------------------------------------------------------------------
r335 | elparis | 2010-04-08 11:08:03 -0400 (Thu, 08 Apr 2010) | 8 lines

Add "count" suboption to the "ipaddr" and "num" Tcl commands to get the
number of values that a numspec Tcl object type can get. For example:

set ip [ipaddr new 192.168.1.0/24]
set n [ipaddr count ip]

will set "n" to 256.

------------------------------------------------------------------------
r336 | elparis | 2010-04-08 11:09:04 -0400 (Thu, 08 Apr 2010) | 1 line

Make sure these work with the latest netexpect
------------------------------------------------------------------------
r337 | elparis | 2010-04-16 09:57:40 -0400 (Fri, 16 Apr 2010) | 2 lines

Tweaks to quell some compiler warnings found while building on OS X.

------------------------------------------------------------------------
r338 | elparis | 2010-04-16 09:59:00 -0400 (Fri, 16 Apr 2010) | 1 line

Refresh Bison-generated pbuild/parser.c
------------------------------------------------------------------------
r339 | elparis | 2010-04-16 10:51:20 -0400 (Fri, 16 Apr 2010) | 54 lines

Workaround (or fix, depending on whether the behavior is a conscious
design decision) the problem of the sendto() system call expecting
the IP total length and fragment offset fields in host byte order
when raw IP sockets are used, i.e. when an IP packet with headers
included is passed to sendto().

The fix consists of temporarily converting these two fields to
host byte order so sendto() receives them how it expects them.
This fixes layer 3 injection on OS X (tested on 10.5 but should
apply to all OS X versions).

I think it is a kernel bug, but one of those "historical" bugs that
have been around for so long that there is no point in trying to
get it fixed; it'll be easier to just workaround it and move on.
The issue is actually pretty simple although it is frustrating that
there is no documentation on it.

I found the problem after looking at
http://opensource.apple.com/source/xnu/xnu-1228.15.4/bsd/netinet/raw_ip.c,
specifically the rip_output() function, where they have:

    /* don't allow both user specified and setsockopt options,
       and don't allow packet length sizes that will crash */
    if (((IP_VHL_HL(ip->ip_vhl) != (sizeof (*ip) >> 2))
         && inp->inp_options)
        || (ip->ip_len > m->m_pkthdr.len)
        || (ip->ip_len < (IP_VHL_HL(ip->ip_vhl) << 2))) {
            m_freem(m);
            return EINVAL;

The checks on ip->ip_len without network byte order to host byte order
conversions via ntohs() got me thinking, so I changed my code to leave
the length in the IP header passed to sendto() in host byte order and
things worked! I thought that was pretty crazy because on Linux, when
you pass an IP header to a SOCK_RAW socket with IP_HDRINCL, Linux
expects everything to be in network byte order, just as it'll be on the
wire.

I then looked at the Nmap source code, specifically
tcpip.cc:send_ip_packet_sd(), and found this gem, which explained
everything:

  /* Equally bogus is that the IP total len and IP fragment offset
     fields need to be in host byte order on certain BSD variants.  I
     must deal with it here rather than when building the packet,
     because they should be in NBO when I'm sending over raw
     ethernet */
#if FREEBSD || BSDI || NETBSD || DEC || MACOSX
  ip->ip_len = ntohs(ip->ip_len);
  ip->ip_off = ntohs(ip->ip_off);
#endif

Fyodor must have figured this out a long time ago.

------------------------------------------------------------------------
r340 | elparis | 2010-04-19 13:05:45 -0400 (Mon, 19 Apr 2010) | 55 lines



OS X's (and possibly other BSDs') select() system call is a piece
of shit: it does not work on BPF devices, or at least, it does not
work as we need it to work so the current implementations of the
"expect_network" and "send_expect" commands work on OS X as they work
on Linux. For this reason I've had to write new implementations of
these commands that do not rely on a working select() system call, and
instead, continously poll packet capture descriptors (and regular file
descriptors where necessary) that have been set up for non-blocking
operation.

Problems with select() on BPF devices on some platforms have
long been documented in the tcpdump-workers mailing list and in
the pcap(3) man page for pre-1.0 versions of libpcap, and in the
pcap_get_selectable_fd(3) man page for post-1.0 versions of libpcap:

"Note that on most versions of most BSDs (including Mac OS
X) select() and poll() do not work correctly on BPF devices;
pcap_get_selectable_fd() will return a file descriptor on most of those
versions (the exceptions being FreeBSD 4.3 and 4.4), a simple select()
or poll() will not return even after the read timeout expires. To work
around this, an application that uses select() or poll() to wait for
packets to arrive must put the pcap_t in non-blocking mode, and must
arrange that the select() or poll() have a timeout less than or equal
to the read timeout, and must try to read packets after that timeout
expires, regardless of whether select() or poll() indicated that the
file descriptor for the pcap_t is ready to be read or not. (That
workaround will not work in FreeBSD 4.3 and later; however, in FreeBSD
4.6 and later, select() and poll() work correctly on BPF devices, so the
workaround isn't necessary, although it does no harm.)"

Note that the workaround mention above does not seem good enough for
our uses of select() in the "expect_network" and "send_expect" Network
Expect commands.

I've run a few key sample scripts that rely on "expect_network" and
"send_expect" commands, and with this new implementation that does not
rely on select(), things seem to be working nicely on OS X, with the
exception of the higher CPU utilization that is to be expected because
of the continuous polling that is taking place. Next will be to do some
research on some other platforms to determine whether they can use the
select() approach, or they need to use the new polling approach that is
now our default in OS X.

It is important to note that we need non-blocking mode
on BPF devices to work correctly, and according to
http://seclists.org/tcpdump/2010/q1/130, non-blocking mode on BPF
devices is broken on Snow Leopard. My testing took place on Leopard
(10.5).

Gee, what's wrong with OS X and BPF devices; can they not get their act
together???


------------------------------------------------------------------------
r341 | elparis | 2010-04-26 11:50:44 -0400 (Mon, 26 Apr 2010) | 3 lines

Used threads instead of forked processes to perform stimuli injection in
the "send_expect" Tcl command.

------------------------------------------------------------------------
r342 | elparis | 2010-04-26 23:39:13 -0400 (Mon, 26 Apr 2010) | 2 lines

Use timeradd() and timersub() for timer arithmetic instead of doing our own.

------------------------------------------------------------------------
r343 | elparis | 2010-05-12 09:23:13 -0400 (Wed, 12 May 2010) | 1 line

Minor tweaks and one missing break statement
------------------------------------------------------------------------
r344 | elparis | 2010-05-12 09:54:05 -0400 (Wed, 12 May 2010) | 1 line

Use timeradd() and timersub() where possible instead of doing manual timer arithmetic
------------------------------------------------------------------------
r345 | elparis | 2010-05-12 09:54:58 -0400 (Wed, 12 May 2010) | 1 line

Rename variable names to improve readability
------------------------------------------------------------------------
r346 | elparis | 2010-05-13 16:30:07 -0400 (Thu, 13 May 2010) | 7 lines

Use process groups to be able to easily terminate at program exit
children processes spawned during execution of expect_network_background
commands.

Set up a signal handler to handle SIGCHLD to prevent zombie processes
when an expect_network_background command finishes execution.

------------------------------------------------------------------------
r347 | elparis | 2010-05-13 16:45:56 -0400 (Thu, 13 May 2010) | 3 lines

Add a -cancel switch to the expect_network_background command to cancel
all running expect_network_background commands.

------------------------------------------------------------------------
r348 | elparis | 2010-06-23 16:35:35 -0400 (Wed, 23 Jun 2010) | 5 lines

In tgn, defer looking up a speaker specified by the user via the -o
CLI switch until the default speakers have been created. Before this
the default speakers could not be used since they did not exist
at the time the -o option was processed.

------------------------------------------------------------------------
r349 | elparis | 2010-06-30 11:27:26 -0400 (Wed, 30 Jun 2010) | 1 line

Update outdated examples
------------------------------------------------------------------------
r350 | elparis | 2010-06-30 11:28:12 -0400 (Wed, 30 Jun 2010) | 1 line

Update list of similar/related tools. This probably should go somewhere else.
------------------------------------------------------------------------
r351 | elparis | 2010-06-30 15:12:26 -0400 (Wed, 30 Jun 2010) | 4 lines

Bump up version number to 0.18 and update NEWS file in preparation for
new release.


------------------------------------------------------------------------
