Version 1.5beta7 (2006-03-28) Added check to ensure pcap_fd is within the range of select(2) to avoid any potential FD_SET overflows, by Shaun Colley Rebuilt autoconf files with a more recent version of autoconf from a Debian Sarge system, to resolve Debian Bug#333827. Updated the man page and examples.txt files to document the new --dnat detection features. Updated the (unofficial) debian/control file to build-depend on libnet1-dev rather than libnet0-dev. Version 1.5beta6 (2005-01-03) New --dnat, --no-dnat (default), and --no-dnat-strict command line arguments. --dnat enabled Destination NAT detection, which works by comparing the quoted IP address in an ICMP payload with the destination a probe packet was addressed to. Numeric IP address in parenthesis is now only displayed if the content in the parenthesis is different than the non-parenthesized content, making the output less busy. The SYN ISN (Initial Sequence Number) now set to a random 32bit value; previously had always been zero. Added missing htons() call around the arguments to getservbyport(), which resulted in the destination port service name not being correctly reported on some architectures, by Dmitry Karasik Improved the configure.ac so that it is less likely to link against unnecessary libraries by "Dmitry V. Levin" --no-select is now the default under NetBSD, based on a report and data collected by Ed Ravin . Split the tcptraceroute.c file into main.c, datalink.c, probe.c, capture.c, util.c, and a number of include files, which should make things much more manageable. Version 1.5beta5 (2003-07-02) Now functions properly with libpcap when using an interface without a valid IPv4 addresss. Reported by Kris Shannon in Debian Bug#183456. Improved autoconf handling of the --with-libpcap= command line argument, by Richard van den Berg . Moved the tcptraceroute man page to section 1 from section 8 now that tcptraceroute is installed in /usr/bin by default, as suggested by James Ralston . Added a missing call to pcap_freecode() to free up memory utilized by the bpf_program struct, after applying it with pcap_setfilter(). Should now deal better (and skip over) unconfigured interface under NetBSD. Version 1.5beta4 (2003-06-29) A call to seteuid() has been replaced with a call to setuid() to fully drop root privileges. As there are currently no known exploitable portions of tcptraceroute, older versions are still believed to be safe even without fully dropping privileges, however users are still encouraged to upgrade to provide a measure of containment in the event that an exploitable flaw is discovered in the future. Reported by Matt Zimmerman , and published in Debian Security Advisory DSA 330-1. AC_FUNC_REALLOC was commented out of configure.ac, which was failing on HP/UX badly systems. The xrealloc() function in tcptraceroute already works around the realloc(0,0) case that AC_FUNC_REALLOC is attempting to prevent against, anyway. Reported by Petter Reinholdtsen . Version 1.5beta3 (2003-06-01) Added some additional AC_CHECK_LIB lines to the configure.ac file, required for Solaris systems, by Petter Reinholdtsen . Fixed a number of type warnings under non-gcc compilers by adding a few casts; reported by Petter Reinholdtsen . Version 1.5beta2 (2003-05-25) Added an autoconf check to detect MacOS X systems by looking to see if __APPLE__ and __MACH__ are defined. Also added an autoconf configure command line argument --enable-noselect-default to control the default behavior of the tcptraceroute --noselect command line argument, and enabled it by default on MacOS X systems if not otherwise specified. Version 1.5beta1 (2003-05-24) Most substantially, support for both autoconf and libnet-1.1.x has been added, based on patches from (in alphabetical order): jbash@velvet.com Jon Allen Boone James Ralston Darren Tucker Matt Weidner Added linklayer support for PPPoE interfaces, by Darren Tucker . Improved the round trip time calculations, by Amgad Zeitoun . Removed a number of multi-line strings, which apparently causes trouble for some compilers, based on patches from: jbash@velvet.com Richard van den Berg Petter Reinholdtsen Version 1.4 (2002-07-30) Added linklayer support for Linux ISDN Sync-PPP interfaces, by Dr. Peter Bieringer . Adds support back for DLT_RAW interfaces, which was inadvertently removed sometime between 1.2 and 1.3beta1, and as a result caused tcptraceroute to fail over PPP interfaces. Reported in Debian Bug#154793 by David Harris . Version 1.3 (2002-05-19) Now detects (and ignores) IP packets with IP options. Packets are now properly aligned by allocating new space and copying the packet data there before casting packet header structs against them. New, undocumented --no-select command line argument added to never call select(), which fails to indicate that a BPF socket is ready for reading on some BSD systems. Now sets a non-zero exit code if the destination was not reached, as suggested by Arndt Schoenewald Fixes an off-by-one error in getinterfaces(), discovered by Kit Knox . probe() and capture() now use a new proberecord structure which contains information about each probe in a modularized way. Added a new command line argument, --track-port, which causes each probe to have a unique source port so that something other than the IP ID can be used to track it, and also a corresponding --track-id argument to specify the old behavior of tracking IP ID's. If a source port is specified with -p, --track-id is implied. The compile-time default on Solaris is --track-port, enabling tcptraceroute to work out-of-the-box, and --track-id on all other platforms. probe() now calls allocateid() to generate an IP ID, which caches the last ALLOCATEID_CACHE_SIZE allocations to prevent against duplicates. Display "!" instead of "!?" for unknown ICMP codes, as suggested by Kevin McAllister Attempts to find virtual addresses under OpenBSD, based on a patch by Scott Gifford Moves the datalinkoffset and datalinkname information into a single data structure, which is much more logical, and less prone to error. Improved command line argument handling a good deal, based on suggestions by Scott Fenton . First, a pass through is made to process and shift out long command line arguments, then the remaining command line is passed to getopt(). It is now possible to traceroute to yourself, by switching the device to the loopback interface if the destination matches the address of a local interface. Additionally, as learned by looking through the nmap source, we now never set a libpcap filter on the loopback interface to avoid apparent libpcap bugs which previously made it impossible to traceroute to 127.0.0.1 Added -S and -A command line arguments to control the SYN and ACK flags in outgoing packets. By using -A, it is now possible to traceroute through stateless firewalls which permit hosts behind the firewalls to establish outgoing TCP connections. In the absence of either -A or -S, -S is set. Added -N command line argument which takes the place of the previous RESOLVE_RFC1918 #define. Now displays if the remote host is ECN capable when using -E Version 1.2 (2001-07-31) Contains large portions of code and ideas contributed by Scott Gifford Attempt to determine what outgoing interface to use based on the destination address and the local system's interface list. Could still use a good deal of work on BSD systems, though, especially when it comes to virtual addresses which reside on subnets different than the primary address. The timeout code has been reworked significantly, and should now be much more reliable. Added -E command line argument to send ECN (RFC2481) packets. Requested by Christophe Barb and Jim Penny Added -l command line argument to set the total packet length, including IP header. Added support for sending more than one probe to each hop, and the -q command line option to specify the number of probes. Added -F command line argument to set the IP_DF bit. Added -t command line argument to set the IP TOS. Now properly checks the length of the packets returned by libpcap before blindly assuming that the entire header structure we happen to be looking for is there. This could have been very ugly had the snaplen not been set so conservatively. Print banner information to stderr, not stdout, to be compatible with traceroute(8). Reported by Scott Fenton Fixed an endian bug reported by Zoran Dzelajlija , which prevented users from specifying the destination port number by name. Version 1.1 (2001-06-30) Now drops root privileges after sockets have been opened. Must now be root to use -s or -p, making it now safe to to install tcptraceroute suid root, without fear that users can generate arbitrary SYN packets. Version 1.0 (2001-04-10) Initial Release. # vim:set ts=4 sw=4 tw=75 ai syntax=off: