New features in IPTraf 1.3.0 and changes to IPTraf 1.2.0

	Experimental FDDI support.  High thanks to Paonia Ezrine 
	<paonia@massart.edu> for the initial tests on the FDDI code.  More 
	feedback is requested on the FDDI functionality.  Bugs may still
	be present.

	Reestablished ippp interfaces (synchronous PPP over ISDN) after
	reports that the ISDN problem was fixed with Linux 2.0.34.

	Fixed fragmentation oversight in TCP/UDP service monitor.

	Applied the bind() system call to the raw socket to have the
	kernel filter out packets from interfaces we're not interested in.
	Makes for better capture times on multiple-interfaced machines.
	However, a strncmp() is still performed on the returned interface
	name to counter the race condition between the socket() and bind()
	calls.
	
	Fixed interface statistics print routines to print unsigned
	rather than signed numbers.

	Added additional option to adjust screen updates.  Useful for
	IPTraf sessions run on remote terminals (thanks to Lutz Vieweg
	<lkv@isg.de> for the suggestion and Dean Gaudet
	<dgaudet@arctic.org> for the base patch.  I modified it a bit,
	Dean.)

	Discovered terrible performance penalty due to screen refresh with
	heavily loaded LAN segments.  Therefore, with the new screen
	update interval option set to 0, all facilities have a 50 ms delay
	between refreshes (exception: the LAN station monitor has a delay 
	of 100 ms). This is still visually fast (although updates
	look kinda slower), but this gives more time to packet capture,
	therefore increasing accuracy and capture performance.  Thanks to
	everyone who responded to my request for advice on this matter and
	to Ronald Wahl <rwahl@gmx.net> for giving me the symptom report.

	Modified IP traffic monitor to mark TCP connection entries for reuse
	once one side is fully closed and acknowledged ("CLOSED" on the
	screen) and the other closed but even if not acknowledged ("DONE" 
	on the screen.  This is because many times, the last ACK gets lost.
	
	Included an additional parameter used together with the other
	command-line arguments to specify an amount of time for which the
	selected facility would run before automatically terminating (on a
	suggestion by Linux HOWTO coordinator Tim Bynum
	<tjbynum@wallybox.cei.net)>.

	Supplemented the main data structure for the IP traffic monitor
	with an open hash table for increased search efficiency,
	especially after the facility has been running for quite some
	time (the other facilities, which don't grow as much still use
	linearly-searched linked lists.  I'll probably hash them depending
	on feedback.)

	Fixed rare bugs in various facilities that caused IPTraf to
	attempt to proceed even in the event of a raw socket open failure.

	Fixed SEGV condition when IPTraf is invoked with a command-line
	parameter that cannot be parsed with getopt().

	Added labels to LAN address description selection box.

	Fixed unsightly LAN address description dialog scrolling.

	Added a separator feature to the menurt.c module, allowing
	separation lines within menus.

	Added separator lines between related groups of menu items in both
	main and configuration menus.

	Changed the Options main menu item to Configure.

	Added the space bar and the '-' key as "unofficial" alternates to
	the PgUp and PgDn keys.

	Transferred Ethernet description facility option to the Configure
	submenu, and added a related facility for FDDI addresses.

	Removed Ethernet-specific references where FDDI and (potentially)
	other LAN technologies also fit.  We'll just use "LAN" as a
	general term.

	Adjusted detailed statistics screen to automatically generate the
	appropriate packet size distribution brackets based on interface
	MTU.  This means the brackets may no longer end on numbers
	divisible by 10, but rather on boundaries based on the MTU divided
	by 16 (the number of brackets).  But at least 1500 is not
	hardcoded anymore as the maximum.

	Related to the immediately preceeding change: packet size
	distribution updates are done one at a time now, no longer as a
	whole bunch.  In other words, as a frame arrives, only the
	appropriate bracket is updated.

	Also related to previous two: changed basis for packet size
	distribution to the Ethernet frame length from the IP datagram
	length (which really doesn't matter except for a few frames).

	Fixed bug which causes the existing log interval to multiply by 60
	when the dialog is aborted (instead of retaining the current
	setting).  Thanks to Chris Higgins <chiggins@pobox.com> for the
	bug report and the patch.  (I had to modify it a bit to fit in
	with the screen update interval patch sent in by Dean Gaudet.)

	Potentially large counts have been changed to type "unsigned long
	long" to significantly increase running time on heavily loaded
	networks, plus automatic switching of denominations (from exact
	counts to K(ilo) to M(ega) to G(iga) to T(era)) to prevent screen
	disruption (on a suggestion by Lutz Vieweg <lkv@isg.de>).
	
	Separated log file into different logs for each facility.

	Moved log files to /var/log/iptraf to avoid mixing them with the
	mess in the /var/local/iptraf directory.  At least that way,
	we humans don't have to look in /var/local/iptraf anymore.

	Relaxed multiple-instance restriction from a
	no-multiple-instances-of-IPTraf requirement to a
	no-multiple-instance-of-the-same-facility.  In other words,
	several copies of IPTraf can run, but only one instance of each 
	facility can run at any one time.  The -f parameter removes the
	tags, overriding the restrictions on that IPTraf instance.  This 
	modification was done to  address needs indicated by Chris Panayis
	<chris@freedom2surf.net>).

	Added a startup warning box if IPTraf detects IP Masquerading 
	enabled on the computer.  IPTraf will continue to work, but its
	results may be quite confusing.  The detection is done by
	opening /proc/net/ip_masquerade.
	
	Modified additional port facility to accept ranges of ports rather
	than several single port numbers (on a suggestion by Lutz Vieweg
	<lkv@isg.de>)

	Reduced minimum number of lines from 25 to 24 for better VT100
	terminal compliance.

	Miscellaneous cosmetic retouches.  (I consider user interface an
	important factor too, ya know!  :)

	Distribution binary now comes statically linked with ncurses 4.2
	and libc 5.4.44.  You may recompile to suit your system.

	Included manual pages derived from the Debian GNU/Linux 2.0
	distribution.  Man pages written by Frederic Peters
	<fpeters@debian.org> who is now maintaining the Debian IPTraf
	package.

	Reversed version order (newest first) in the CHANGES file.

New features in IPTraf 1.2.0 and changes to IPTraf 1.1.0 

	Increased buffer size in ifstats.c for /proc/net/dev lines to 161
	to better accomodate the longer lines in the new 2.1.x kernels
	(which will be carried over to the new stable kernel series).  
	Based on bug reports by Dop Ganger <DopG@sprint.ca> and Christoph
	Lameter <christoph@lameter.com> et al. 

	Fixed rarely occuring high CPU utilization bug occuring whenever
	a terminal connection is lost, resulting in a SIGHUP which is 
	ignored.  (This is an example of a software author's temporary 
	insanity.  I mean, what sane programmer would set SIGHUP to 
	SIG_IGN for a terminal-based program huh?  Thought so :) Thanks
	to Dop Ganger <DopG@sprint.ca> for the symptom report.

	Refined Ethernet station monitor rate updates and scrolling code.

	Fixed autosave bug for non-TCP filters (this was working before
	1.1.0.  All of a sudden, the function call disappeared
	mysteriously.  Must have been sleepy that time :)

	Fixed bug in UDP filter default settings.

	Added option to display TCP and UDP ports in either name form or
	numeric form (on a suggestion by Felix von Leitner
	<leitner@math.fu-berlin.de> and others).

	Added facility to describe Ethernet addresses for the Ethernet
	station monitor (to address needs as presented by Erlend Middtun
	<erlendbm@funcom.com> via James Ullman <james@irc.ingok.hitos.no>)

	Added an additional field to the TCP/UDP filter dialogs to allow
	the user to "exclude" certain addresses from the display allowing
	all others.  Details on the new behavior are in the manual (on a
	suggestion by Sean Hough <seh@javanet.com>)

	Relaxed screen management code to better adjust to the number of
	lines on the screen.  As of this release, columns are still based
	on a maximum number of 80 though.  Also under study is a
	SIGWINCH handler, but this will have to come later (on comments and
	suggestions by a *lot* of users...thanks guys :-) ).

	Fixed a subtle bug in the rvnamed interface IPC code, resulting in 
	an accurate transfer of data but causing recvfrom() to return an
	EINVAL at unpredictable intervals.  Bug was an uninitialized address
	structure length parameter.  Code in both iptraf and rvnamed was
	fixed.

	Eliminated unsupported interfaces from interface selection lists.

	Included enforced restriction disallowng multiple instances of
	IPTraf and an overriding command-line parameter.  (This may
	just be temporary, in lieu of a more elegant solution).

	Included autosave for TCP and UDP filters.  Filters now survive
	IPTraf exits and restarts without requiring manual reapplication
	(on a suggestion by Chad Clark <cclark@comstar.net>).

	Included upgrade program and makefile rule to convert IPTraf 1.1.0 
	configuration and filter files to 1.2.0 format.

	Clarified TCP/UDP and non-TCP/UDP filter error messages.

	Color-coded the TCP and UDP protocol/port indicators in the
	TCP/UDP service monitor for better identification.

	Revised IP traffic monitor to query rvnamed only once per
	invocation of the facility.  Less overhead.

	Revised IP traffic monitor to open and close the rvnamed 
	communication socket only once per invocation of the facility.
	Less overhead.

	Added a 2-second delay after the rvnamed invocation to give
	the daemon more than enough time to open its sockets.

	Fixed SEGV condition which occurs when an attempt is made to
	destroy an interface list never loaded (which could only occur
	if the /proc system is unreadable, something which shouldn't
	happen on any decent Linux system).

	Moved filter list load routine to fltmgr.c, for better linking with
	the cfconv module.

	Makefile now installs rvnamed together with the iptraf executable
	in /usr/local/bin by default.

	Added table of contents (hyperlinked in the HTML version) to the
	manual.

	Cleaned up the Makefile.

New features in IPTraf 1.1.0 and changes to IPTraf 1.0.3

	Added command-line options for direct facility access from the
	shell, and an appropriate help screen for IPTraf invocation (on a
	suggestion by BJ Goodwin <latency@radiolink.net>).

	Added separate DNS reverse name lookup program (rvnamed) for
	quicker response time on reverse DNS lookups.  Subsequently
        modified the revname function to use the new functionality.
	This also required additions of address resolution state fields 
	to struct tcptableent in tcptable.h.

	Added checkrvnamed() and killrvnamed() to revname.c, used by
	itrafmon.c to query and stop the rvnamed daemon.

	Added scrolling capability to the general interface statistics.
	Interface list will now grow as packets from newly created
	interfaces are received (e.g. PPP interfaces).  This now makes
	IPTraf better suited to monitor Linux machines configured as
	access servers.
	
	Interface selection lists can now be scrolled.

	Increased maximum number of entries in for the non-TCP window
	in the IP traffic monitor from 256 to 512.

	Fixed SEGV condition in itrafmon.c that happens whenever the
	Down cursor key is pressed with the lower window active, but
	not yet full.

	Added elapsed time indicators to each facility, showing the
	hours and minutes that have passed since the start of the
        monitor (on a suggestion by James Ullman
	<james@irc.Ingok.Hitos.No>)

	Changed ncurses include file references from <ncurses.h>
	to <curses.h>

	Cleaned up preprocessor code for glibc2 support.  Thanks for
	help and suggestions from John Labovitz <johnl@meer.net>.  Thanks 
	also for a test account on debs.fuller.edu opened by Christoph 
	Lameter <christoph@lameter.com>.

	Fixed SEGV condition which may occur when trying to close the
	log file which may never have opened (thanks to John Labovitz
	<johnl@meer.net> for the patch).

	Adjusted cosmetic code to better indicate the closed status in
	the TCP monitor.

	TCP and UDP filters now accept host names in in place of IP
	addresses.  Host names will be resolved and can still be used
	with wildcard masks (may be useful for names that resolve to
  	several IP addresses)

	Distribution now includes an HTML-formatted manual.

Changes to IPTraf 1.0.2

	Fixed SEGV condition when scrolling commands are applied to
	an empty Ethernet station monitor

	Distribution executable now comes compiled with -m486 by default.
	Binary will still execute on a 386, but a 486 or higher is still
	preferred.

Changes to IPTraf 1.0.1

	Fixed conflicting hotkey for non-TCP filter menu items RARP and
	IGRP  (the "R" key).  Changed the shortcut key for RARP to "P".

	Modified layer-2 header stripping code to cleanly ignore packets
	from unrecognized interfaces (see README).

	Fixed "duplicate port" misbehavior for the "Additional port"
	dialog's Cancel command

	Added error-checking for the port list file open sequence.
 
	Added PgUp/PgDn capability to the facilities that can be scrolled
	(IP traffic monitor, TCP/UDP services, and Ethernet station
	monitor).

	Cleaned up scrolling code a bit.

	Fixed bug in the non-TCP logging facility that caused extraneous
	log entries whenever the window is scrolled.

	Sent non-fancy messages to standard error rather than standard
	output.

	Changed a few messages

Changes to IPTraf 1.0.0

	Fixed X/Ctrl-X keystroke bug in the General Interface Statistics
	module (thanks to BJ Goodwin <latency@radiolink.net>).  This was
	kinda an emergency, so I fixed this and released 1.0.1 
	immediately.