-
Notifications
You must be signed in to change notification settings - Fork 24
/
ChangeLog
249 lines (178 loc) · 10 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
Version 1.5beta7 (2006-03-28)
Added check to ensure pcap_fd is within the range of select(2) to
avoid any potential FD_SET overflows, by Shaun Colley <[email protected]>
Rebuilt autoconf files with a more recent version of autoconf from a
Debian Sarge system, to resolve Debian Bug#333827.
Updated the man page and examples.txt files to document the new --dnat
detection features.
Updated the (unofficial) debian/control file to build-depend on
libnet1-dev rather than libnet0-dev.
Version 1.5beta6 (2005-01-03)
New --dnat, --no-dnat (default), and --no-dnat-strict command line
arguments. --dnat enabled Destination NAT detection, which works by
comparing the quoted IP address in an ICMP payload with the
destination a probe packet was addressed to.
Numeric IP address in parenthesis is now only displayed if the content
in the parenthesis is different than the non-parenthesized content,
making the output less busy.
The SYN ISN (Initial Sequence Number) now set to a random 32bit value;
previously had always been zero.
Added missing htons() call around the arguments to getservbyport(),
which resulted in the destination port service name not being correctly
reported on some architectures, by Dmitry Karasik <[email protected]>
Improved the configure.ac so that it is less likely to link against
unnecessary libraries by "Dmitry V. Levin" <[email protected]>
--no-select is now the default under NetBSD, based on a report and data
collected by Ed Ravin <[email protected]>.
Split the tcptraceroute.c file into main.c, datalink.c, probe.c,
capture.c, util.c, and a number of include files, which should make
things much more manageable.
Version 1.5beta5 (2003-07-02)
Now functions properly with libpcap when using an interface without a
valid IPv4 addresss. Reported by Kris Shannon <[email protected]>
in Debian Bug#183456.
Improved autoconf handling of the --with-libpcap= command line argument,
by Richard van den Berg <[email protected]>.
Moved the tcptraceroute man page to section 1 from section 8 now that
tcptraceroute is installed in /usr/bin by default, as suggested by
James Ralston <[email protected]>.
Added a missing call to pcap_freecode() to free up memory utilized
by the bpf_program struct, after applying it with pcap_setfilter().
Should now deal better (and skip over) unconfigured interface under
NetBSD.
Version 1.5beta4 (2003-06-29)
A call to seteuid() has been replaced with a call to setuid() to fully
drop root privileges. As there are currently no known exploitable
portions of tcptraceroute, older versions are still believed to be
safe even without fully dropping privileges, however users are still
encouraged to upgrade to provide a measure of containment in the event
that an exploitable flaw is discovered in the future. Reported by Matt
Zimmerman <[email protected]>, and published in Debian Security Advisory
DSA 330-1.
AC_FUNC_REALLOC was commented out of configure.ac, which was failing on
HP/UX badly systems. The xrealloc() function in tcptraceroute already
works around the realloc(0,0) case that AC_FUNC_REALLOC is attempting
to prevent against, anyway. Reported by Petter Reinholdtsen
Version 1.5beta3 (2003-06-01)
Added some additional AC_CHECK_LIB lines to the configure.ac file,
required for Solaris systems, by Petter Reinholdtsen <[email protected]>.
Fixed a number of type warnings under non-gcc compilers by adding a few
casts; reported by Petter Reinholdtsen <[email protected]>.
Version 1.5beta2 (2003-05-25)
Added an autoconf check to detect MacOS X systems by looking to see if
__APPLE__ and __MACH__ are defined. Also added an autoconf configure
command line argument --enable-noselect-default to control the default
behavior of the tcptraceroute --noselect command line argument, and
enabled it by default on MacOS X systems if not otherwise specified.
Version 1.5beta1 (2003-05-24)
Most substantially, support for both autoconf and libnet-1.1.x
has been added, based on patches from (in alphabetical order):
Jon Allen Boone <[email protected]>
James Ralston <[email protected]>
Darren Tucker <[email protected]>
Matt Weidner <[email protected]>
Added linklayer support for PPPoE interfaces, by Darren Tucker
Improved the round trip time calculations, by Amgad Zeitoun
Removed a number of multi-line strings, which apparently causes
trouble for some compilers, based on patches from:
Richard van den Berg <[email protected]>
Petter Reinholdtsen <[email protected]>
Version 1.4 (2002-07-30)
Added linklayer support for Linux ISDN Sync-PPP interfaces,
by Dr. Peter Bieringer <[email protected]>.
Adds support back for DLT_RAW interfaces, which was inadvertently
removed sometime between 1.2 and 1.3beta1, and as a result caused
tcptraceroute to fail over PPP interfaces. Reported in Debian
Bug#154793 by David Harris <[email protected]>.
Version 1.3 (2002-05-19)
Now detects (and ignores) IP packets with IP options.
Packets are now properly aligned by allocating new space and
copying the packet data there before casting packet header
structs against them.
New, undocumented --no-select command line argument added to never
call select(), which fails to indicate that a BPF socket is ready
for reading on some BSD systems.
Now sets a non-zero exit code if the destination was not reached,
as suggested by Arndt Schoenewald <[email protected]>
Fixes an off-by-one error in getinterfaces(), discovered by
Kit Knox <[email protected]>.
probe() and capture() now use a new proberecord structure which
contains information about each probe in a modularized way.
Added a new command line argument, --track-port, which causes each
probe to have a unique source port so that something other than the
IP ID can be used to track it, and also a corresponding --track-id
argument to specify the old behavior of tracking IP ID's. If a
source port is specified with -p, --track-id is implied. The
compile-time default on Solaris is --track-port, enabling
tcptraceroute to work out-of-the-box, and --track-id on all other
platforms.
probe() now calls allocateid() to generate an IP ID, which
caches the last ALLOCATEID_CACHE_SIZE allocations to prevent
against duplicates.
Display "!<N>" instead of "!?" for unknown ICMP codes, as
suggested by Kevin McAllister <[email protected]>
Attempts to find virtual addresses under OpenBSD, based on a
patch by Scott Gifford <[email protected]>
Moves the datalinkoffset and datalinkname information into a
single data structure, which is much more logical, and less
prone to error.
Improved command line argument handling a good deal, based
on suggestions by Scott Fenton <[email protected]>. First,
a pass through is made to process and shift out long command
line arguments, then the remaining command line is passed to
getopt().
It is now possible to traceroute to yourself, by switching the
device to the loopback interface if the destination matches the
address of a local interface. Additionally, as learned by
looking through the nmap source, we now never set a libpcap
filter on the loopback interface to avoid apparent libpcap bugs
which previously made it impossible to traceroute to 127.0.0.1
Added -S and -A command line arguments to control the SYN
and ACK flags in outgoing packets. By using -A, it is now
possible to traceroute through stateless firewalls which
permit hosts behind the firewalls to establish outgoing TCP
connections. In the absence of either -A or -S, -S is set.
Added -N command line argument which takes the place of the
previous RESOLVE_RFC1918 #define.
Now displays if the remote host is ECN capable when using -E
Version 1.2 (2001-07-31)
Contains large portions of code and ideas contributed by
Scott Gifford <[email protected]>
Attempt to determine what outgoing interface to use based on
the destination address and the local system's interface list.
Could still use a good deal of work on BSD systems, though,
especially when it comes to virtual addresses which reside on
subnets different than the primary address.
The timeout code has been reworked significantly, and should
now be much more reliable.
Added -E command line argument to send ECN (RFC2481) packets.
Requested by Christophe Barb <[email protected]> and
Jim Penny <[email protected]>
Added -l command line argument to set the total packet length,
including IP header.
Added support for sending more than one probe to each hop, and
the -q command line option to specify the number of probes.
Added -F command line argument to set the IP_DF bit.
Added -t command line argument to set the IP TOS.
Now properly checks the length of the packets returned by libpcap
before blindly assuming that the entire header structure we happen
to be looking for is there. This could have been very ugly had the
snaplen not been set so conservatively.
Print banner information to stderr, not stdout, to be compatible with
traceroute(8). Reported by Scott Fenton <[email protected]>
Fixed an endian bug reported by Zoran Dzelajlija <[email protected]>,
which prevented users from specifying the destination port number by
name.
Version 1.1 (2001-06-30)
Now drops root privileges after sockets have been opened.
Must now be root to use -s or -p, making it now safe to to install
tcptraceroute suid root, without fear that users can generate arbitrary
SYN packets.
Version 1.0 (2001-04-10)
Initial Release.
# vim:set ts=4 sw=4 tw=75 ai syntax=off: