

**** CHANGES (since Drawbridge 1.1):

o Filter now supports FDDI to FDDI filtering. Note however that
	due to the inherent limitations with bridging on FDDI,
	Filter will only work under a very specific and limited
	configuration. This is documented in the file doc/FILTER.
	Please send email to drawbridge@net.tamu.edu if you have
	further questions.

o Filter now uses NDIS 2.01 DOS drivers. Therefore any Ethernet
	cards or FDDI cards with adequate NDIS drivers can be
	used with Drawbridge 2.0.

o Filter now has an IP protocol stack and the management occurs
	via UDP. This allows the Filter Manager to run on just
	about any Unix platform that has BSD sockets. (Note
	that currently I haven't ported it to platforms other
	than Solaris 2.3.)

o Filter now uses an (as far as we know) exportable Pseudo One
	Time Pad cryptographic scheme for authentication and
	privacy over the management channel.

o Filter now provides statistics from both the console and
	Filter Manager. Both Filter specific and NDIS
	statistics are reported.

o Filter is now interrupt driven rather than polling (forced
	because of NDIS) and performance is better.  With the
	previously recommended setup Filter now produces peak
	transfer rates of approximately 5.5 Mb/sec versus the
	previously measured peak of 3.5 Mb/sec. 10 Mb/sec on
	ethernet should be easily achieved with faster cards,
	buses and CPUs.

	Under FDDI with a 60MHz Pentium and two EISA Network
	Peripherals FDDI cards, data rates up to 18Mb/sec have
	been measured. The actual limit is higher but we do
	not have a reliable testbed capable of generating and
	measuring higher data rates at this time.

o Filter now uses XMS to store the network tables in extended
	memory.  A cache is kept in low memory.

o Filter has a new switch which controls whether or not packets
	other than IP/ARP/RARP are transparently bridged.

o Filter Compiler (and Filter) is backward source and binary
	compatible. Other than bug fixes, no changes have
	been made to the Filter Compiler.

	For Filter, the DES key file is no longer used and
	a new file PASSWORD is maintained.  Also Filter
	Manager no longer uses .fmkey.* files.

o The GNU Copyleft has been removed. This material is now
	covered under a Berkeley/MIT style copyright. I.E.
	you can do anything you want with the code but must
	credit us. See the file COPYING.

o A few commands have been added/changed in the Filter
	Manager. The changes are documented under the help
	system.


**** CHANGES (since Drawbridge 2.0 Alpha):

o NDIS 2.1 from Microsoft rather than NDIS 2.0 from 3Com is now
	included. Thanks go to Alex Li for giving me the pointer to the
	newer version.

o Patches have been made so that fc and fm will now run on little
	endian machines. If you can get fc and fm to compile,
	endianness should not be a problem. Thanks go to Danny Thomas
	for generating the fixes for fc.  (Note that due to the
	extensive amount of changes required, fc and fm do not and will
	not any time soon run on 64 bit architectures (e.g. Alpha).)

o An uptime statistic has been added to the statistics reporting.

o The original paper covering the entire TAMU security package has been
	updated to cover Drawbridge 2.0. It is still not up to date on
	Tiger and Netlog but will be soon.

o Added "retries" and "timeout" variables to the fm user interface.
	When managing a Drawbridge installation that uses floppy disk
	for the storage of the tables, a write can easily timeout. The
	default values are 3 retries and 3 seconds.


**** CHANGES (since Drawbridge 2.0 Beta):

o Changed the behaviour of fm when not reading from a terminal. It used
	to throw all output except stderr away. Now it does not throw
	output away. If you wish the output to go to /dev/null use a
	shell redirection.

o Changed the behaviour of the -b switch on fc. Since the tools are
	endian clean now, the only use for the switch is for sneakernet
	transfer of the files to Filter.  Therefore Filter Compiler now
	also modifies the filenames of the output files when -b is
	specified so that they are the filenames that Filter expects.

o Removed some definitions that prevented Filter from compiling under
	Borland C++ version 3.

o Made the Makefiles more portable. You now invoke them with the
	platform desired to build fc and fm. Thanks go to Ralph
	Mitchell for providing patches for compilation on AIX.

o Added in syslog support. Thanks go to Klaus-Peter Kossakowski
	and Uwe Ellermann at DFN-CERT for providing much of the
	implementation.

o Cleaned up the syslog support and added in the LogMask. Some
	of the syslogging may get tortuous depending on the kind
	of traffic on the network that Drawbridge is attached to.

o Added optional filtering of TCP IP fragments with suspicious
	offsets and optional filtering of IP protocols other than
	TCP/UDP/ICMP. Thanks go to Klaus-Peter Kossakowski and
	Uwe Ellermann at DFN-CERT for some of this code.
