diff -ru tcptraceroute-1.0/Makefile tcptraceroute-1.1/Makefile --- tcptraceroute-1.0/Makefile Thu May 24 11:09:02 2001 +++ tcptraceroute-1.1/Makefile Sun Jul 1 23:57:29 2001 @@ -1,8 +1,11 @@ +# vim:set ts=4 sw=4 ai: + # tcptraceroute -- A traceroute implementation using TCP packets -# Copyright (c) 2001, Michael C. Toren +# Copyright (c) 2001, Michael C. Toren CC = gcc CFLAGS = -O2 -Wall +DESTDIR=/usr/local/bin tcptraceroute: tcptraceroute.c $(CC) $(CFLAGS) `libnet-config --defines` \ @@ -11,6 +14,20 @@ static: $(MAKE) tcptraceroute CFLAGS="$(CFLAGS) -static" + +install: tcptraceroute + install -D tcptraceroute $(DESTDIR)/tcptraceroute + +distrib: clean changelog man + +changelog: tcptraceroute.c Makefile + perl -000 -ne 'next unless (/\*\s+Revision\s+history:/); \ + print "Extracted from tcptraceroute.c:\n\n$$_"; exit;' \ + < tcptraceroute.c | expand -t 4 > changelog + +man: tcptraceroute.8.html Makefile +tcptraceroute.8.html: tcptraceroute.8 + rman -fHTML -r- tcptraceroute.8 > tcptraceroute.8.html clean: rm -f core a.out tcptraceroute diff -ru tcptraceroute-1.0/README tcptraceroute-1.1/README --- tcptraceroute-1.0/README Sat Apr 14 22:46:55 2001 +++ tcptraceroute-1.1/README Sat Jun 30 19:46:41 2001 @@ -1,5 +1,5 @@ tcptraceroute -- A traceroute implementation using TCP packets -Copyright (c) 2001, Michael C. Toren +Copyright (c) 2001, Michael C. Toren Updates are available from http://michael.toren.net/code/tcptraceroute/ Only in tcptraceroute-1.1: changelog Only in tcptraceroute-1.1: debian Only in tcptraceroute-1.1: examples.txt Only in tcptraceroute-1.0: tcptraceroute diff -ru tcptraceroute-1.0/tcptraceroute.8 tcptraceroute-1.1/tcptraceroute.8 --- tcptraceroute-1.0/tcptraceroute.8 Sat Apr 14 23:02:22 2001 +++ tcptraceroute-1.1/tcptraceroute.8 Sun Jul 1 22:55:21 2001 @@ -1,6 +1,6 @@ -.TH TCPTRACEROUTE 8 "2001 April 10" +.TH TCPTRACEROUTE 8 "2001 June 30" .SH NAME -tcptraceroute \- A traceroute implementation using TCP +tcptraceroute \- A traceroute implementation using TCP packets .SH SYNOPSIS .B tcptraceroute [\-n] [ \-i .I interface @@ -25,7 +25,7 @@ .B ] .SH DESCRIPTION .B tcptraceroute -is a traceroute implementation using TCP. +is a traceroute implementation using TCP packets. .P The more traditional .IR traceroute (8) @@ -86,14 +86,13 @@ Enable debugging, which probably isn't very useful to you. .IP \-w Set the timeout, in seconds, to wait for a response for each probe. The -default is 3 seconds. +default is 3. .SH EXAMPLES Please see the .I examples.txt file included in the .B tcptraceroute -distribution for a few real\-life examples with more verbose -explainations. +distribution for a few real\-life examples. .P To trace the path to a webserver listening for connections on port 80: .P @@ -116,14 +115,14 @@ .P .SH BUGS No error checking is performed on the source address specified by the \-s -flag, and therefore +flag, and it is therefore possible for .B tcptraceroute -should never be installed suid root, or unprivledged users will be able to -generate arbitrary TCP SYN packets. +to send out TCP SYN packets for which it has no chance of seeing a response +to. .P Sending more than one probe to each hop is not currently supported, but -should be trivial to implement in the future. +should be trivial to implement in the future if desired. .P Complete portability to other Unix systems has not been tested; specifically, @@ -137,7 +136,7 @@ systems. If you run into complications on another platform, please let me know. .SH AUTHOR -Michael C. Toren +Michael C. Toren .SH AVAILABILITY For updates, please see: .br Only in tcptraceroute-1.1: tcptraceroute.8.html diff -ru tcptraceroute-1.0/tcptraceroute.c tcptraceroute-1.1/tcptraceroute.c --- tcptraceroute-1.0/tcptraceroute.c Sat Apr 14 16:41:48 2001 +++ tcptraceroute-1.1/tcptraceroute.c Sun Jul 1 15:37:57 2001 @@ -1,8 +1,8 @@ /* vim:set ts=4 sw=4 ai nobackup nocindent: */ /* - * tcptraceroute -- A traceroute implementation using TCP - * Copyright (c) 2001, Michael C. Toren + * tcptraceroute -- A traceroute implementation using TCP packets + * Copyright (c) 2001, Michael C. Toren * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the Free @@ -21,14 +21,6 @@ */ /* - * Revision history: - * - * Version 1.0 (2001-04-10) Initial Release - * - * Updates are available from http://michael.toren.net/code/tcptraceroute/ - */ - -/* * Requires libnet (http://www.packetfactory.net/libnet) and libpcap * (http://www.tcpdump.org/). To compile, try something like: * @@ -37,17 +29,34 @@ */ /* + * Revision history: + * + * Version 1.1 (2001-06-30) + * + * Now drops root privileges after sockets have been opened. + * + * Must now be root to use -s or -p, making it now safe to to + * install tcptraceroute suid root, without fear that users can + * generate arbitrary SYN packets. + * + * Version 1.0 (2001-04-10) + * + * Initial Release + * + * Updates are available from http://michael.toren.net/code/tcptraceroute/ + */ + +/* * TODO: * * - There needs to be a better way to detect a timeout from pcap_next() - * - Add support for sending more than one probe - * - The size of the packets returned by libpcap should be checked before - * assuming that the entire header structure is there. + * - Add support for sending more than one probe. + * - RESOLVE_1918 should be a runtime, command line option. */ -#define VERSION "tcptraceroute 1.0 (2001-04-10)" +#define VERSION "tcptraceroute 1.1 (2001-06-30)" #define BANNER "\ -Copyright (c) 2001, Michael C. Toren +Copyright (c) 2001, Michael C. Toren Updates are available from http://michael.toren.net/code/tcptraceroute/ " @@ -590,7 +599,6 @@ printf("Tracing the path to %s on TCP port %s, %d hops max\n", dst_name, dst_prt_name, maxttl); - initcapture(); for (ttl = minttl, done = 0; !done && ttl <= maxttl; ttl++) { @@ -683,6 +691,7 @@ case 'p': if (argc < 2) fatal("Argument required for -p\n"); + if (getuid()) fatal("Sorry, must be root to use -p\n"); src_prt = atoi(argv[1]); argc--, argv++; break; @@ -695,6 +704,7 @@ case 's': if (argc < 2) fatal("Argument required for -s\n"); + if (getuid()) fatal("Sorry, must be root to use -s\n"); src = argv[1]; argc--, argv++; break; @@ -727,6 +737,8 @@ dst_prt = 80; defaults(); + initcapture(); + seteuid(getuid()); trace(); free(buf); diff -ru tcptraceroute-1.0/tcptraceroute.lsm tcptraceroute-1.1/tcptraceroute.lsm --- tcptraceroute-1.0/tcptraceroute.lsm Sat Apr 14 17:13:20 2001 +++ tcptraceroute-1.1/tcptraceroute.lsm Sun Jul 1 21:09:05 2001 @@ -1,11 +1,11 @@ Begin4 Title: tcptraceroute -Version: 1.0 -Entered-date: 2001-04-10 -Description: A traceroute implementation using TCP -Keywords: network, traceroute, tcp, firewall -Author: michael@toren.net (Michael C. Toren) -Maintained-by: michael@toren.net (Michael C. Toren) +Version: 1.1 +Entered-date: 2001-06-30 +Description: A traceroute implementation using TCP packets +Keywords: network, traceroute, firewall +Author: mct@toren.net (Michael C. Toren) +Maintained-by: mct@toren.net (Michael C. Toren) Primary-site: http://michael.toren.net/code/tcptraceroute/ Platforms: Requires libnet and libpcap Copying-policy: GPL Only in tcptraceroute-1.0: tcptraceroute.txt