2.0.9 * info<at>arpalert<dot>org
fix an error message
update script API documentation
API documentation
new API functions : mod conf
set lockfile optional
2.0.8 * info<at>arpalert<dot>org
install API include
close and reopen the logfile on sighup
add graphic module
change type of ip arg passed to module
bug with module options
2.0.7 * info<at>arpalert<dot>org
minor openbsd bugfix (thanks Andy)
very minor code optimization
check string representation of mac adress memory size
allocate static memory for many buffers
openbsd Makefile compatibility
little error in Makefile.in
2.0.6 * info<at>arpalert<dot>org
default config file syntax correction and comments
display list of mac vendor loaded only in debug compil mode
* brmichel<at>free<dot>fr
add vim syntax file
* Joost van Baal
would not require manually editing the script to fix
the sender and receiver's email adress.
2.0.5 * info<at>arpalert<dot>org
bugfix in arp selftest detection
bugfix in scheduler
code cleanup
2.0.4 * info<at>arpalert<dot>org
segfault when config is dumped
compilation error on ppc processors (sign error)
2.0.3 * Jan Wagner waja<at>cyconet<dot>org
BETA man corrections
* info<at>arpalert<dot>org
arpalert don't quit if the leases file is not found
at start. just send an notice.
variable type correction
alerts identifiers defined
alert bug in "reference" field
put also mac address without ip in leases file
2.0.2 * info<at>arpalert<dot>org
BETA serialization of sigchld signal and sigkill, sighup
option for force run in foreground
maj man
2.0.1 * info<at>arpalert<dot>org
BETA retrieve mac vendor name
load leases files and remember the mac already discovered
port on solaris8 ultrasparc IIi
reload "white list", "black list", "authorizations"
and "oui.txt" when a sighup is received
generalise use of errno
code cleaning
change install system
generate default config
scheduler bug in dump leases time
launch a laeses file dump before quit
2.0.0 * info<at>arpalert<dot>org
BETA permit to listen more than one interface
port on solaris10
analyse arp reply (usefull if the arpalert is
running on router)
format of config files updated for use of the ethernet
interfaces name
the option "ignore me" is only used for the "unauth_rq" alerts
new debug format (like tcpdump trace)
new core sheduler for more speed
all internal times in µseconds (in place of seconds)
change internal storage structurs for more speed
clean configure.in file
new defines for more code readability
1.1.3 * info<at>arpalert<dot>org
minor bugfix: harmonie of file arpalert.lock
minor change in arpalert.8
1.1.2 * info<at>arpalert<dot>org
bug in config whith "" file notation
1.1.1 * info<at>arpalert<dot>org
little bug in syntax of config file
1.1.0 * info<at>arpalert<dot>org
new function: permit to lesson only ARP traffic (alert new_mac disabled)
new function: permit to call a .so extension
normalize code with use "struct in_addr" for the ip address
normalize code with use "struct ether_header" for the mac address
normalize code with use "struct arphdr" for decoding ethernet header
changing hash algoritm for homogeneously reparttion of mac adresses
normalize macro case
change test for testing bitfield
flood alert: remove parameter
mac change alert: add parameter
add api for mod alerts
clean code
1.0.3 * info<at>arpalert<dot>org
add option -V to return arpalert version
syntax updates in man
change condition order in alert detection routine
change log syntax for the loading file function
bug in parsing of config file
bug in mac change detection
bug in ip change detection
1.0.2 * info<at>arpalert<dot>org
complete inline help
minor security fix: changes from sprintf to snprintf in data.c
minor bugfix in compilation in debug code
add header at file arpalert.h
add header at sens_timeouts.c (for mac OS X)
add copyright informations at file arpalert.h
1.0.1 * info<at>arpalert<dot>org:
error in log format for "unknow_address" alert
error in pid structur initialization
1.0.0: * info<at>arpalert<dot>org:
rewrite detection code.
rewrite data storage code.
rewrite pid gestion code.
possibility to write comments in allow / deny files.
possibility to ignore mac only new detection
possibility to ignore certains types of detection by mac address
(solution for ip alias)
for developpers:
function "make pdf" makes a sources pdf files with syntax color.
for fun: "make stats" returns the total number of line code (only .c and .h).
"make dependencies" generate dependencies for header file (for writing correctly the Makefile)
* marco.crotta<at>urmetcns<dot>it
add new detection function: detect mac change
* benoit.leroux<at>gmail<dot>com
Add exemple mail alert script.
* pterjan<at>linuxfr<dot>org
Add DESTDIR variable in Makefile.
* robert<dot>perriero<at>gmail<dot>com
Add suse start script
Add FC4 start script
Add 2 management scripts
0.4.15-2: bugfix: bug zombies
0.4.15-1: bugfix: new mac detection error
0.4.15: bugfix: probleme in function data_cmp
rewrite many parts of code.
0.4.14: Anti flood system for unauthorized detection by couple
mac sender / ip requested. This system permit to watch all alerts.
Anti flood system only by mac sender is also available.
Unauthorized request configuration file format change. Now accept the
syntax with network mask.
0.4.13: command line errors more verbose
bugfix: Command line bug with -f parameter corrected
0.4.12: unauthorized request detection: possibility to ignore self request
generated by windows dhcp client
unauthorized request file support comment every where
when the program is not running in deamon mode, the logs are displayed
on standard output
bugfix: segfault problem in sens_hash
bugfix: segfault in debug message
bugfix: error in log function
0.4.11: Use priveleges separation
Use chroot
Apply mask on files
Port on openbsd, freebsd, netbsd
0.4.10: I Write the man file
0.4.9: Reload the authorized_request list if the SIGHUP is send
0.4.8: Don't quit the program with if the link is down ... they're attempt to reconnect
0.4.7: Send an alert code 8 if the new mac adress is detected whithout his ip address
0.4.6: launched floods alerts scripts also if the numbers of launched scripts are excedant
detect global flood
min time from two sames alert (mac source, type of alert)
don't alert if the mac adress is the mac of the lessoning interface
0.4.5: invalid mac adress detection by ethernet arp
different adress in ethernet header and arp request detection
0.4.4: use mac adress in place of ip adress in request detection
0.4.3: permit to ignore a machine in request detection
0.4.2: add specific request detection
0.4.1: Bug patch
0.4.0: More configuration option added
Many bugs patched
Security fail patched
03b: FUNCTION: the use of autoconf / automake is now avalaible
BUG: The soft not inform th user when the config file is not accessible.
02b: FUNCTION: The config is choosable by the command line (-f /config/file)
