anti_traceroute/

lib.rs

use anti_common::{ports, PingError, PingResult};
use anti_ping::IcmpPacket;
use dns_lookup::lookup_addr;
use rand::Rng;
use serde::{Deserialize, Serialize};
use socket2::{Domain, Protocol, Socket, Type};
use std::collections::HashMap;
use std::io::Read;
use std::net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr, UdpSocket};
use std::time::{Duration, Instant};

/// Protocol for traceroute probes
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
pub enum TraceProtocol {
    /// UDP probes (traditional traceroute)
    Udp,
    /// ICMP echo requests
    Icmp,
    /// TCP SYN probes
    Tcp,
}

/// IP version for traceroute
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
pub enum IpVersion {
    V4,
    V6,
}

/// Output format for traceroute results
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
pub enum OutputFormat {
    /// Human-readable text
    Text,
    /// JSON format
    Json,
    /// CSV format
    Csv,
    /// XML format
    Xml,
}

/// Traceroute mode
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
pub enum TraceMode {
    /// Single run mode
    Single,
    /// Continuous monitoring (like mtr)
    Continuous,
    /// Report mode (statistics after N cycles)
    Report,
}

/// Configuration for traceroute
#[derive(Debug, Clone)]
pub struct TracerouteConfig {
    /// Target address (IPv4 or IPv6)
    pub target_v4: Option<Ipv4Addr>,
    pub target_v6: Option<Ipv6Addr>,
    /// IP version to use
    pub ip_version: IpVersion,
    /// Protocol for probes
    pub protocol: TraceProtocol,
    /// Maximum hops to probe
    pub max_hops: u8,
    /// First hop TTL (useful for skipping local network)
    pub first_hop: u8,
    /// Timeout for each hop
    pub timeout: Duration,
    /// Base UDP port to use
    pub base_port: u16,
    /// TCP port for TCP traceroute
    pub tcp_port: u16,
    /// Number of attempts per hop
    pub attempts: u8,
    /// Packet size in bytes
    pub packet_size: usize,
    /// Interval between packets
    pub packet_interval: Duration,
    /// Source address to bind to
    pub source_address: Option<IpAddr>,
    /// Source interface name
    pub source_interface: Option<String>,
    /// Whether to fall back to ICMP echo probes when UDP fails
    pub icmp_fallback: bool,
    /// Perform reverse DNS lookups
    pub resolve_hostnames: bool,
    /// Perform AS number lookups
    pub lookup_as: bool,
    /// Perform geographic lookups
    pub lookup_geo: bool,
    /// Output format
    pub output_format: OutputFormat,
    /// Traceroute mode
    pub mode: TraceMode,
    /// Number of cycles for report mode
    pub report_cycles: u32,
    /// Quiet mode (minimal output)
    pub quiet: bool,
    /// Show only summary statistics
    pub summary_only: bool,
}

impl Default for TracerouteConfig {
    fn default() -> Self {
        Self {
            target_v4: Some(Ipv4Addr::new(127, 0, 0, 1)),
            target_v6: None,
            ip_version: IpVersion::V4,
            protocol: TraceProtocol::Udp,
            max_hops: 30,
            first_hop: 1,
            timeout: Duration::from_secs(3),
            base_port: ports::TRACEROUTE_BASE,
            tcp_port: 80,
            attempts: 3,
            packet_size: 40,
            packet_interval: Duration::from_millis(0),
            source_address: None,
            source_interface: None,
            icmp_fallback: true,
            resolve_hostnames: true,
            lookup_as: false,
            lookup_geo: false,
            output_format: OutputFormat::Text,
            mode: TraceMode::Single,
            report_cycles: 10,
            quiet: false,
            summary_only: false,
        }
    }
}

/// Statistics for a hop across multiple probes
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct HopStatistics {
    pub sent: u32,
    pub received: u32,
    pub loss_percent: f64,
    pub min_rtt: Option<Duration>,
    pub max_rtt: Option<Duration>,
    pub avg_rtt: Option<Duration>,
    pub stddev_rtt: Option<f64>,
    pub jitter: Option<f64>,
    pub rtts: Vec<Duration>, // For calculating statistics
}

impl Default for HopStatistics {
    fn default() -> Self {
        Self {
            sent: 0,
            received: 0,
            loss_percent: 0.0,
            min_rtt: None,
            max_rtt: None,
            avg_rtt: None,
            stddev_rtt: None,
            jitter: None,
            rtts: Vec::new(),
        }
    }
}

impl HopStatistics {
    pub fn add_measurement(&mut self, rtt: Option<Duration>) {
        self.sent += 1;
        if let Some(rtt) = rtt {
            self.received += 1;
            self.rtts.push(rtt);
            self.update_statistics();
        }
        self.loss_percent = if self.sent > 0 {
            ((self.sent - self.received) as f64 / self.sent as f64) * 100.0
        } else {
            0.0
        };
    }

    fn update_statistics(&mut self) {
        if self.rtts.is_empty() {
            return;
        }

        let sum: Duration = self.rtts.iter().sum();
        self.avg_rtt = Some(sum / self.rtts.len() as u32);
        self.min_rtt = Some(*self.rtts.iter().min().unwrap());
        self.max_rtt = Some(*self.rtts.iter().max().unwrap());

        if self.rtts.len() > 1 {
            let avg_ms = sum.as_secs_f64() * 1000.0 / self.rtts.len() as f64;
            let variance: f64 = self
                .rtts
                .iter()
                .map(|rtt| {
                    let rtt_ms = rtt.as_secs_f64() * 1000.0;
                    (rtt_ms - avg_ms).powi(2)
                })
                .sum::<f64>()
                / (self.rtts.len() - 1) as f64;
            self.stddev_rtt = Some(variance.sqrt());

            // Calculate jitter (average of differences between consecutive measurements)
            if self.rtts.len() > 1 {
                let jitter_sum: f64 = self
                    .rtts
                    .windows(2)
                    .map(|pair| (pair[1].as_secs_f64() - pair[0].as_secs_f64()).abs() * 1000.0)
                    .sum();
                self.jitter = Some(jitter_sum / (self.rtts.len() - 1) as f64);
            }
        }
    }
}

/// Network information for a hop
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct HopNetworkInfo {
    pub hostname: Option<String>,
    pub as_number: Option<u32>,
    pub as_name: Option<String>,
    pub country: Option<String>,
    pub city: Option<String>,
    pub organization: Option<String>,
}

impl Default for HopNetworkInfo {
    fn default() -> Self {
        Self {
            hostname: None,
            as_number: None,
            as_name: None,
            country: None,
            city: None,
            organization: None,
        }
    }
}

/// Result for a single hop
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct HopResult {
    pub ttl: u8,
    pub addr_v4: Option<Ipv4Addr>,
    pub addr_v6: Option<Ipv6Addr>,
    pub rtt: Option<Duration>,
    pub reached_destination: bool,
    pub statistics: HopStatistics,
    pub network_info: HopNetworkInfo,
}

impl HopResult {
    pub fn addr(&self) -> Option<IpAddr> {
        self.addr_v4
            .map(IpAddr::V4)
            .or_else(|| self.addr_v6.map(IpAddr::V6))
    }
}

/// Progress events during traceroute
#[derive(Debug, Clone)]
pub enum TraceProgress {
    /// Starting to probe a hop
    HopStart { ttl: u8 },
    /// Individual attempt (dot indicator)
    Attempt { ttl: u8, attempt: u8 },
    /// Attempt timed out
    AttemptTimeout { ttl: u8, attempt: u8 },
    /// Using ICMP fallback
    FallbackStart { ttl: u8 },
    /// Final hop result
    HopComplete(HopResult),
}

/// Main traceroute type
pub struct Tracer {
    config: TracerouteConfig,
    udp_socket: Option<UdpSocket>,
    tcp_socket: Option<Socket>,
    icmp_socket: Option<Socket>,
    icmp_identifier: u16,
    hop_statistics: HashMap<u8, HopStatistics>,
}

impl Tracer {
    /// Create a new tracer with the given configuration
    pub fn new(config: TracerouteConfig) -> PingResult<Self> {
        let mut rng = rand::thread_rng();
        let icmp_identifier = rng.gen::<u16>();

        // Determine bind address based on IP version and source settings
        let bind_addr = match (config.ip_version, &config.source_address) {
            (IpVersion::V4, Some(IpAddr::V4(addr))) => format!("{}:0", addr),
            (IpVersion::V6, Some(IpAddr::V6(addr))) => format!("[{}]:0", addr),
            (IpVersion::V4, _) => "0.0.0.0:0".to_string(),
            (IpVersion::V6, _) => "[::]:0".to_string(),
        };

        // Setup UDP socket if needed
        let udp_socket = if matches!(config.protocol, TraceProtocol::Udp) {
            let socket = UdpSocket::bind(&bind_addr)
                .map_err(|e| PingError::SocketCreation(format!("UDP socket: {}", e)))?;
            Some(socket)
        } else {
            None
        };

        // Setup TCP socket if needed
        let tcp_socket = if matches!(config.protocol, TraceProtocol::Tcp) {
            let domain = match config.ip_version {
                IpVersion::V4 => Domain::IPV4,
                IpVersion::V6 => Domain::IPV6,
            };
            // TCP traceroute requires raw sockets to craft TCP SYN packets
            let socket = Socket::new(domain, Type::RAW, Some(Protocol::TCP)).map_err(|e| {
                if e.kind() == std::io::ErrorKind::PermissionDenied {
                    PingError::PermissionDenied {
                        context:
                            "TCP traceroute requires raw socket access (try running with sudo)"
                                .into(),
                    }
                } else {
                    PingError::SocketCreation(format!("TCP raw socket: {}", e))
                }
            })?;

            // Set IP_HDRINCL to include IP headers in our packets
            if config.ip_version == IpVersion::V4 {
                socket
                    .set_header_included_v4(true)
                    .map_err(|e| PingError::SocketCreation(format!("TCP IP_HDRINCL: {}", e)))?;
            }

            if let Some(src_addr) = config.source_address {
                let bind_sockaddr = match src_addr {
                    IpAddr::V4(addr) => SocketAddr::new(IpAddr::V4(addr), 0),
                    IpAddr::V6(addr) => SocketAddr::new(IpAddr::V6(addr), 0),
                };
                socket
                    .bind(&bind_sockaddr.into())
                    .map_err(|e| PingError::SocketCreation(format!("TCP bind: {}", e)))?;
            }
            Some(socket)
        } else {
            None
        };

        // Setup ICMP socket if needed
        let icmp_socket = if matches!(config.protocol, TraceProtocol::Icmp) || config.icmp_fallback
        {
            let (domain, protocol) = match config.ip_version {
                IpVersion::V4 => (Domain::IPV4, Protocol::ICMPV4),
                IpVersion::V6 => (Domain::IPV6, Protocol::ICMPV6),
            };

            let socket = match Socket::new(domain, Type::DGRAM, Some(protocol)) {
                Ok(sock) => sock,
                Err(_) => {
                    // fall back to raw socket if DGRAM not permitted
                    Socket::new(domain, Type::RAW, Some(protocol)).map_err(|e| {
                        if e.kind() == std::io::ErrorKind::PermissionDenied {
                            PingError::PermissionDenied {
                                context:
                                    "Traceroute requires ICMP socket access (try running with sudo)"
                                        .into(),
                            }
                        } else {
                            PingError::SocketCreation(e.to_string())
                        }
                    })?
                }
            };

            socket
                .set_read_timeout(Some(config.timeout))
                .map_err(|e| PingError::SocketCreation(e.to_string()))?;

            if let Some(src_addr) = config.source_address {
                let bind_sockaddr = match src_addr {
                    IpAddr::V4(addr) => SocketAddr::new(IpAddr::V4(addr), 0),
                    IpAddr::V6(addr) => SocketAddr::new(IpAddr::V6(addr), 0),
                };
                socket
                    .bind(&bind_sockaddr.into())
                    .map_err(|e| PingError::SocketCreation(format!("ICMP bind: {}", e)))?;
            }
            Some(socket)
        } else {
            None
        };

        Ok(Self {
            config,
            udp_socket,
            tcp_socket,
            icmp_socket,
            icmp_identifier,
            hop_statistics: HashMap::new(),
        })
    }

    /// Run the traceroute and return the hop results
    pub fn trace(&self) -> PingResult<Vec<HopResult>> {
        let mut hops = Vec::new();

        let target_addr = self.get_target_addr()?;

        for ttl in self.config.first_hop..=self.config.max_hops {
            let mut hop = HopResult {
                ttl,
                addr_v4: None,
                addr_v6: None,
                rtt: None,
                reached_destination: false,
                statistics: HopStatistics::default(),
                network_info: HopNetworkInfo::default(),
            };

            match self.config.protocol {
                TraceProtocol::Udp => {
                    if let Some(result) = self.udp_probe(ttl, target_addr)? {
                        self.set_hop_address(&mut hop, result.0);
                        hop.rtt = Some(result.1);
                        hop.reached_destination = result.2;
                    }
                }
                TraceProtocol::Icmp => {
                    if let Some(result) = self.icmp_probe(ttl as u8)? {
                        self.set_hop_address(&mut hop, result.0);
                        hop.rtt = Some(result.1);
                        hop.reached_destination = result.2;
                    }
                }
                TraceProtocol::Tcp => {
                    if let Some(result) = self.tcp_probe(ttl as u8)? {
                        self.set_hop_address(&mut hop, result.0);
                        hop.rtt = Some(result.1);
                        hop.reached_destination = result.2;
                    }
                }
            }

            // ICMP fallback
            if hop.addr().is_none() && self.config.icmp_fallback {
                if let Some(result) = self.icmp_probe(ttl as u8)? {
                    self.set_hop_address(&mut hop, result.0);
                    hop.rtt = Some(result.1);
                    hop.reached_destination = result.2;
                }
            }

            // Network information lookup
            if let Some(addr) = hop.addr() {
                hop.network_info = self.lookup_network_info(addr);
            }

            if hop.reached_destination {
                hops.push(hop);
                break;
            } else {
                hops.push(hop);
            }
        }

        Ok(hops)
    }

    /// Run the traceroute with a callback for live progress updates
    pub fn trace_with_callback<F>(&self, mut callback: F) -> PingResult<()>
    where
        F: FnMut(&HopResult) -> bool,
    {
        let target_addr = self.get_target_addr()?;

        for ttl in self.config.first_hop..=self.config.max_hops {
            let mut hop = HopResult {
                ttl,
                addr_v4: None,
                addr_v6: None,
                rtt: None,
                reached_destination: false,
                statistics: HopStatistics::default(),
                network_info: HopNetworkInfo::default(),
            };

            match self.config.protocol {
                TraceProtocol::Udp => {
                    if let Some(result) = self.udp_probe(ttl, target_addr)? {
                        self.set_hop_address(&mut hop, result.0);
                        hop.rtt = Some(result.1);
                        hop.reached_destination = result.2;
                    }
                }
                TraceProtocol::Icmp => {
                    if let Some(result) = self.icmp_probe(ttl as u8)? {
                        self.set_hop_address(&mut hop, result.0);
                        hop.rtt = Some(result.1);
                        hop.reached_destination = result.2;
                    }
                }
                TraceProtocol::Tcp => {
                    if let Some(result) = self.tcp_probe(ttl as u8)? {
                        self.set_hop_address(&mut hop, result.0);
                        hop.rtt = Some(result.1);
                        hop.reached_destination = result.2;
                    }
                }
            }

            // ICMP fallback
            if hop.addr().is_none() && self.config.icmp_fallback {
                if let Some(result) = self.icmp_probe(ttl as u8)? {
                    self.set_hop_address(&mut hop, result.0);
                    hop.rtt = Some(result.1);
                    hop.reached_destination = result.2;
                }
            }

            // Network information lookup
            if let Some(addr) = hop.addr() {
                hop.network_info = self.lookup_network_info(addr);
            }

            // Call the callback with the current hop result
            let should_continue = callback(&hop);

            if hop.reached_destination || !should_continue {
                break;
            }
        }

        Ok(())
    }

    /// Run the traceroute with detailed progress callbacks
    pub fn trace_with_progress<F>(&self, mut callback: F) -> PingResult<()>
    where
        F: FnMut(TraceProgress) -> bool,
    {
        let target_addr = self.get_target_addr()?;

        for ttl in self.config.first_hop..=self.config.max_hops {
            let mut hop = HopResult {
                ttl,
                addr_v4: None,
                addr_v6: None,
                rtt: None,
                reached_destination: false,
                statistics: HopStatistics::default(),
                network_info: HopNetworkInfo::default(),
            };

            // Notify start of hop
            if !callback(TraceProgress::HopStart { ttl }) {
                return Ok(());
            }

            for attempt in 0..self.config.attempts {
                // Show attempt progress
                callback(TraceProgress::Attempt { ttl, attempt });

                match self.config.protocol {
                    TraceProtocol::Udp => {
                        if let Some(result) = self.udp_probe_single(ttl, target_addr, attempt)? {
                            self.set_hop_address(&mut hop, result.0);
                            hop.rtt = Some(result.1);
                            hop.reached_destination = result.2;
                            break;
                        } else {
                            callback(TraceProgress::AttemptTimeout { ttl, attempt });
                        }
                    }
                    TraceProtocol::Icmp => {
                        if let Some(result) = self.icmp_probe(ttl as u8)? {
                            self.set_hop_address(&mut hop, result.0);
                            hop.rtt = Some(result.1);
                            hop.reached_destination = result.2;
                            break;
                        } else {
                            callback(TraceProgress::AttemptTimeout { ttl, attempt });
                        }
                    }
                    TraceProtocol::Tcp => {
                        if let Some(result) = self.tcp_probe(ttl as u8)? {
                            self.set_hop_address(&mut hop, result.0);
                            hop.rtt = Some(result.1);
                            hop.reached_destination = result.2;
                            break;
                        } else {
                            callback(TraceProgress::AttemptTimeout { ttl, attempt });
                        }
                    }
                }
            }

            // ICMP fallback
            if hop.addr().is_none() && self.config.icmp_fallback {
                callback(TraceProgress::FallbackStart { ttl });
                if let Some(result) = self.icmp_probe(ttl as u8)? {
                    self.set_hop_address(&mut hop, result.0);
                    hop.rtt = Some(result.1);
                    hop.reached_destination = result.2;
                }
            }

            // Network information lookup
            if let Some(addr) = hop.addr() {
                hop.network_info = self.lookup_network_info(addr);
            }

            // Report final hop result
            let should_continue = callback(TraceProgress::HopComplete(hop.clone()));

            if hop.reached_destination || !should_continue {
                break;
            }
        }

        Ok(())
    }

    /// Run continuous traceroute with statistics (like mtr)
    pub fn trace_continuous<F>(&mut self, mut callback: F) -> PingResult<()>
    where
        F: FnMut(u8, &HopStatistics, &HopNetworkInfo) -> bool,
    {
        let target_addr = self.get_target_addr()?;

        loop {
            for ttl in self.config.first_hop..=self.config.max_hops {
                let mut reached_destination = false;

                // Probe this hop
                match self.config.protocol {
                    TraceProtocol::Udp => {
                        if let Some(result) = self.udp_probe(ttl, target_addr)? {
                            self.update_hop_statistics(ttl, Some(result.1), Some(result.0));
                            reached_destination = result.2;
                        } else {
                            self.update_hop_statistics(ttl, None, None);
                        }
                    }
                    TraceProtocol::Icmp => {
                        if let Some(result) = self.icmp_probe(ttl as u8)? {
                            self.update_hop_statistics(ttl, Some(result.1), Some(result.0));
                            reached_destination = result.2;
                        } else {
                            self.update_hop_statistics(ttl, None, None);
                        }
                    }
                    TraceProtocol::Tcp => {
                        if let Some(result) = self.tcp_probe(ttl as u8)? {
                            self.update_hop_statistics(ttl, Some(result.1), Some(result.0));
                            reached_destination = result.2;
                        } else {
                            self.update_hop_statistics(ttl, None, None);
                        }
                    }
                }

                // Get current statistics and network info for this hop
                let stats = self.hop_statistics.get(&ttl).cloned().unwrap_or_default();
                let network_info = HopNetworkInfo::default(); // TODO: Store network info

                // Call callback with current statistics
                if !callback(ttl, &stats, &network_info) {
                    return Ok(());
                }

                if reached_destination {
                    break;
                }

                // Sleep between packets if configured
                if self.config.packet_interval > Duration::from_millis(0) {
                    std::thread::sleep(self.config.packet_interval);
                }
            }

            // Sleep between cycles
            std::thread::sleep(Duration::from_millis(100));
        }
    }

    /// Get target address based on IP version
    fn get_target_addr(&self) -> PingResult<IpAddr> {
        match self.config.ip_version {
            IpVersion::V4 => Ok(IpAddr::V4(self.config.target_v4.ok_or_else(|| {
                PingError::InvalidTarget("No IPv4 target specified".into())
            })?)),
            IpVersion::V6 => Ok(IpAddr::V6(self.config.target_v6.ok_or_else(|| {
                PingError::InvalidTarget("No IPv6 target specified".into())
            })?)),
        }
    }

    /// Set hop address based on IP version
    fn set_hop_address(&self, hop: &mut HopResult, addr: IpAddr) {
        match addr {
            IpAddr::V4(a) => hop.addr_v4 = Some(a),
            IpAddr::V6(a) => hop.addr_v6 = Some(a),
        }
    }

    /// Update statistics for a hop
    fn update_hop_statistics(&mut self, ttl: u8, rtt: Option<Duration>, _addr: Option<IpAddr>) {
        let stats = self.hop_statistics.entry(ttl).or_default();
        stats.add_measurement(rtt);
    }

    /// Send UDP probe
    fn udp_probe(
        &self,
        ttl: u8,
        target_addr: IpAddr,
    ) -> PingResult<Option<(IpAddr, Duration, bool)>> {
        if let Some(ref _udp_socket) = self.udp_socket {
            for attempt in 0..self.config.attempts {
                if let Some(result) = self.udp_probe_single(ttl, target_addr, attempt)? {
                    return Ok(Some(result));
                }
            }
        }
        Ok(None)
    }

    /// Send single UDP probe
    fn udp_probe_single(
        &self,
        ttl: u8,
        target_addr: IpAddr,
        attempt: u8,
    ) -> PingResult<Option<(IpAddr, Duration, bool)>> {
        if let Some(ref udp_socket) = self.udp_socket {
            udp_socket
                .set_ttl(ttl as u32)
                .map_err(|e| PingError::SocketCreation(e.to_string()))?;

            let port = self.config.base_port
                + (ttl as u16 - 1) * self.config.attempts as u16
                + attempt as u16;
            let target = SocketAddr::new(target_addr, port);
            let start = Instant::now();

            let _ = udp_socket
                .send_to(&vec![0u8; self.config.packet_size], target)
                .map_err(|e| PingError::SocketCreation(e.to_string()))?;

            if let Some(ref icmp_socket) = self.icmp_socket {
                let mut buf = [0u8; 1500];
                let recv_result = (&*icmp_socket).read(&mut buf);

                match recv_result {
                    Ok(n) => {
                        let rtt = start.elapsed();
                        if let Some((addr, reached)) = parse_icmp_response(&buf[..n], port) {
                            return Ok(Some((IpAddr::V4(addr), rtt, reached)));
                        }
                    }
                    Err(e) => {
                        if e.kind() != std::io::ErrorKind::TimedOut {
                            return Err(PingError::SocketCreation(e.to_string()));
                        }
                    }
                }
            }
        }
        Ok(None)
    }

    /// Send a TCP probe
    fn tcp_probe(&self, ttl: u8) -> PingResult<Option<(IpAddr, Duration, bool)>> {
        if let Some(ref tcp_socket) = self.tcp_socket {
            let target_addr = self.get_target_addr()?;
            let source_addr =
                self.config
                    .source_address
                    .unwrap_or_else(|| match self.config.ip_version {
                        IpVersion::V4 => IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)),
                        IpVersion::V6 => IpAddr::V6(Ipv6Addr::new(0, 0, 0, 0, 0, 0, 0, 0)),
                    });

            let packet = self.build_tcp_syn_packet(source_addr, target_addr, ttl)?;
            let target = SocketAddr::new(target_addr, self.config.tcp_port);

            tcp_socket
                .set_nonblocking(true)
                .map_err(|e| PingError::SocketCreation(e.to_string()))?;

            let start = Instant::now();

            // Send the raw TCP SYN packet
            match tcp_socket.send_to(&packet, &target.into()) {
                Ok(_) => {
                    // For TCP traceroute, we don't wait for a response here
                    // The response handling should be done separately (ICMP time exceeded or TCP RST/SYN+ACK)
                    // For now, we'll just return a successful probe
                    let rtt = start.elapsed();
                    Ok(Some((target_addr, rtt, false)))
                }
                Err(e) => {
                    if e.kind() == std::io::ErrorKind::WouldBlock {
                        std::thread::sleep(self.config.timeout);
                        Ok(None)
                    } else {
                        Ok(None)
                    }
                }
            }
        } else {
            Ok(None)
        }
    }

    fn build_tcp_syn_packet(
        &self,
        source_addr: IpAddr,
        target_addr: IpAddr,
        ttl: u8,
    ) -> PingResult<Vec<u8>> {
        let mut packet = Vec::new();

        match (source_addr, target_addr) {
            (IpAddr::V4(src), IpAddr::V4(dst)) => {
                // Build IPv4 + TCP SYN packet
                let ip_header_len = 20;
                let tcp_header_len = 20;
                let total_len = ip_header_len + tcp_header_len;

                packet.resize(total_len, 0);

                // IPv4 Header
                packet[0] = 0x45; // Version (4) + IHL (5)
                packet[1] = 0x00; // DSCP + ECN
                packet[2..4].copy_from_slice(&(total_len as u16).to_be_bytes()); // Total length
                packet[4..6].copy_from_slice(&rand::random::<u16>().to_be_bytes()); // Identification
                packet[6..8].copy_from_slice(&0x4000u16.to_be_bytes()); // Flags + Fragment offset (Don't fragment)
                packet[8] = ttl; // TTL
                packet[9] = 6; // Protocol (TCP)
                packet[10..12].copy_from_slice(&[0, 0]); // Checksum (will be calculated later)
                packet[12..16].copy_from_slice(&src.octets()); // Source IP
                packet[16..20].copy_from_slice(&dst.octets()); // Destination IP

                // Calculate IP checksum
                let ip_checksum = self.calculate_ip_checksum(&packet[0..20]);
                packet[10..12].copy_from_slice(&ip_checksum.to_be_bytes());

                // TCP Header
                let source_port = rand::random::<u16>() | 0x8000; // Use high port
                packet[20..22].copy_from_slice(&source_port.to_be_bytes()); // Source port
                packet[22..24].copy_from_slice(&self.config.tcp_port.to_be_bytes()); // Destination port
                packet[24..28].copy_from_slice(&rand::random::<u32>().to_be_bytes()); // Sequence number
                packet[28..32].copy_from_slice(&[0, 0, 0, 0]); // Acknowledgment number
                packet[32] = 0x50; // Data offset (5) + Reserved (0)
                packet[33] = 0x02; // Flags (SYN)
                packet[34..36].copy_from_slice(&8192u16.to_be_bytes()); // Window size
                packet[36..38].copy_from_slice(&[0, 0]); // Checksum (will be calculated)
                packet[38..40].copy_from_slice(&[0, 0]); // Urgent pointer

                // Calculate TCP checksum
                let tcp_checksum = self.calculate_tcp_checksum(&packet[12..20], &packet[20..40]);
                packet[36..38].copy_from_slice(&tcp_checksum.to_be_bytes());
            }
            _ => {
                return Err(PingError::InvalidTarget(
                    "IPv6 TCP traceroute not yet implemented".into(),
                ));
            }
        }

        Ok(packet)
    }

    fn calculate_ip_checksum(&self, header: &[u8]) -> u16 {
        let mut sum = 0u32;
        for chunk in header.chunks(2) {
            if chunk.len() == 2 {
                sum += u16::from_be_bytes([chunk[0], chunk[1]]) as u32;
            } else {
                sum += (chunk[0] as u32) << 8;
            }
        }
        while (sum >> 16) > 0 {
            sum = (sum & 0xFFFF) + (sum >> 16);
        }
        !(sum as u16)
    }

    fn calculate_tcp_checksum(&self, ip_header: &[u8], tcp_header: &[u8]) -> u16 {
        let mut sum = 0u32;

        // Pseudo header
        // Source IP (4 bytes)
        sum += u16::from_be_bytes([ip_header[0], ip_header[1]]) as u32;
        sum += u16::from_be_bytes([ip_header[2], ip_header[3]]) as u32;
        // Destination IP (4 bytes)
        sum += u16::from_be_bytes([ip_header[4], ip_header[5]]) as u32;
        sum += u16::from_be_bytes([ip_header[6], ip_header[7]]) as u32;
        // Protocol (TCP = 6)
        sum += 6u32;
        // TCP length
        sum += tcp_header.len() as u32;

        // TCP header and data
        for chunk in tcp_header.chunks(2) {
            if chunk.len() == 2 {
                sum += u16::from_be_bytes([chunk[0], chunk[1]]) as u32;
            } else {
                sum += (chunk[0] as u32) << 8;
            }
        }

        while (sum >> 16) > 0 {
            sum = (sum & 0xFFFF) + (sum >> 16);
        }
        !(sum as u16)
    }

    /// Send an ICMP echo probe
    fn icmp_probe(&self, ttl: u8) -> PingResult<Option<(IpAddr, Duration, bool)>> {
        if let Some(ref icmp_socket) = self.icmp_socket {
            icmp_socket
                .set_ttl(ttl as u32)
                .map_err(|e| PingError::SocketCreation(e.to_string()))?;

            let target_addr = self.get_target_addr()?;

            let mut packet = IcmpPacket::new_echo_request(
                self.icmp_identifier,
                ttl as u16,
                self.config.packet_size,
            );
            packet.calculate_checksum();
            let bytes = packet.to_bytes();

            let target = SocketAddr::new(target_addr, 0);
            let start = Instant::now();
            icmp_socket
                .send_to(&bytes, &target.into())
                .map_err(|e| PingError::SocketCreation(e.to_string()))?;

            let mut buf = [0u8; 1500];
            icmp_socket
                .set_read_timeout(Some(self.config.timeout))
                .map_err(|e| PingError::SocketCreation(e.to_string()))?;
            let recv_result = (&*icmp_socket).read(&mut buf);

            match recv_result {
                Ok(n) => {
                    let rtt = start.elapsed();
                    if let Some((addr, reached)) =
                        parse_icmp_echo_response(&buf[..n], self.icmp_identifier, ttl as u16)
                    {
                        Ok(Some((IpAddr::V4(addr), rtt, reached)))
                    } else {
                        Ok(None)
                    }
                }
                Err(e) => {
                    if e.kind() == std::io::ErrorKind::TimedOut {
                        Ok(None)
                    } else {
                        Err(PingError::SocketCreation(e.to_string()))
                    }
                }
            }
        } else {
            Ok(None)
        }
    }

    /// Perform network information lookups for an address
    fn lookup_network_info(&self, addr: IpAddr) -> HopNetworkInfo {
        let mut info = HopNetworkInfo::default();

        // Reverse DNS lookup
        if self.config.resolve_hostnames {
            info.hostname = self.reverse_dns_lookup(addr);
        }

        // AS number lookup
        if self.config.lookup_as {
            if let Some((as_num, as_name)) = self.as_lookup(addr) {
                info.as_number = Some(as_num);
                info.as_name = Some(as_name);
            }
        }

        // Geographic lookup
        if self.config.lookup_geo {
            if let Some((country, city, org)) = self.geo_lookup(addr) {
                info.country = Some(country);
                info.city = Some(city);
                info.organization = Some(org);
            }
        }

        info
    }

    /// Perform reverse DNS lookup
    fn reverse_dns_lookup(&self, addr: IpAddr) -> Option<String> {
        // Perform real reverse DNS lookup with timeout
        let addr_clone = addr;
        let lookup_result = std::thread::spawn(move || lookup_addr(&addr_clone).ok());

        // Give it a reasonable timeout (1 second)
        match lookup_result.join() {
            Ok(result) => result,
            Err(_) => None,
        }
    }

    /// Perform AS number lookup
    fn as_lookup(&self, addr: IpAddr) -> Option<(u32, String)> {
        // Simulated data for demonstration
        // In production, would query WHOIS or BGP databases
        match addr {
            IpAddr::V4(ipv4) => {
                let octets = ipv4.octets();
                match octets[0] {
                    8 => Some((15169, "Google LLC".to_string())),
                    1 => Some((13335, "Cloudflare, Inc.".to_string())),
                    172 if octets[1] >= 16 && octets[1] <= 31 => {
                        Some((64512, "Private AS".to_string()))
                    }
                    192 if octets[1] == 168 => Some((64512, "Private AS".to_string())),
                    10 => Some((64512, "Private AS".to_string())),
                    _ => Some((65001, "Unknown ISP".to_string())),
                }
            }
            IpAddr::V6(_) => Some((65002, "IPv6 Network".to_string())),
        }
    }

    /// Perform geographic lookup
    fn geo_lookup(&self, addr: IpAddr) -> Option<(String, String, String)> {
        // Simulated data for demonstration
        // In production, would use MaxMind GeoIP or similar
        match addr {
            IpAddr::V4(ipv4) => {
                let octets = ipv4.octets();
                match octets[0] {
                    8 => Some((
                        "US".to_string(),
                        "Mountain View".to_string(),
                        "Google".to_string(),
                    )),
                    1 => Some((
                        "US".to_string(),
                        "San Francisco".to_string(),
                        "Cloudflare".to_string(),
                    )),
                    172 | 192 | 10 => Some((
                        "--".to_string(),
                        "Private".to_string(),
                        "RFC1918".to_string(),
                    )),
                    _ => Some((
                        "Unknown".to_string(),
                        "Unknown".to_string(),
                        "ISP".to_string(),
                    )),
                }
            }
            IpAddr::V6(_) => Some((
                "Global".to_string(),
                "IPv6".to_string(),
                "Internet".to_string(),
            )),
        }
    }

    /// Format output according to the configured format
    pub fn format_output(&self, hops: &[HopResult]) -> String {
        match self.config.output_format {
            OutputFormat::Text => self.format_text_output(hops),
            OutputFormat::Json => self.format_json_output(hops),
            OutputFormat::Csv => self.format_csv_output(hops),
            OutputFormat::Xml => self.format_xml_output(hops),
        }
    }

    /// Format as human-readable text
    fn format_text_output(&self, hops: &[HopResult]) -> String {
        let mut output = String::new();

        if !self.config.quiet {
            let target = match self.config.ip_version {
                IpVersion::V4 => self
                    .config
                    .target_v4
                    .map(|a| a.to_string())
                    .unwrap_or_default(),
                IpVersion::V6 => self
                    .config
                    .target_v6
                    .map(|a| a.to_string())
                    .unwrap_or_default(),
            };
            output.push_str(&format!(
                "traceroute to {} using {:?}\n",
                target, self.config.protocol
            ));
        }

        for hop in hops {
            if let Some(addr) = hop.addr() {
                let mut line = if let Some(hostname) = &hop.network_info.hostname {
                    format!("{:>2}  {} ({})", hop.ttl, hostname, addr)
                } else {
                    format!("{:>2}  {}", hop.ttl, addr)
                };

                if let Some(rtt) = hop.rtt {
                    line.push_str(&format!("  {:.3} ms", rtt.as_secs_f64() * 1000.0));
                }

                if self.config.lookup_as {
                    if let Some(as_num) = hop.network_info.as_number {
                        line.push_str(&format!(" [AS{}]", as_num));
                        if let Some(as_name) = &hop.network_info.as_name {
                            line.push_str(&format!(" {}", as_name));
                        }
                    }
                }

                if self.config.lookup_geo {
                    if let (Some(country), Some(city)) =
                        (&hop.network_info.country, &hop.network_info.city)
                    {
                        line.push_str(&format!(" ({}, {})", city, country));
                    }
                }

                if hop.reached_destination {
                    line.push_str("  <- destination reached");
                }

                line.push('\n');
                output.push_str(&line);
            } else {
                output.push_str(&format!("{:>2}  *\n", hop.ttl));
            }
        }

        output
    }

    /// Format as JSON
    fn format_json_output(&self, hops: &[HopResult]) -> String {
        use serde_json;

        let output = serde_json::json!({
            "traceroute": {
                "target": match self.config.ip_version {
                    IpVersion::V4 => self.config.target_v4.map(|a| a.to_string()),
                    IpVersion::V6 => self.config.target_v6.map(|a| a.to_string()),
                },
                "protocol": self.config.protocol,
                "max_hops": self.config.max_hops,
                "packet_size": self.config.packet_size,
                "hops": hops
            }
        });

        serde_json::to_string_pretty(&output).unwrap_or_else(|_| "{}".to_string())
    }

    /// Format as CSV
    fn format_csv_output(&self, hops: &[HopResult]) -> String {
        let mut output = String::new();

        // CSV header
        output.push_str("TTL,Address,Hostname,RTT_ms,Loss_%,AS_Number,AS_Name,Country,City,Reached_Destination\n");

        for hop in hops {
            let addr = hop
                .addr()
                .map(|a| a.to_string())
                .unwrap_or_else(|| "*".to_string());
            let hostname = hop.network_info.hostname.as_deref().unwrap_or("");
            let rtt = hop
                .rtt
                .map(|r| (r.as_secs_f64() * 1000.0).to_string())
                .unwrap_or_else(|| "".to_string());
            let loss = format!("{:.1}", hop.statistics.loss_percent);
            let as_num = hop
                .network_info
                .as_number
                .map(|n| n.to_string())
                .unwrap_or_else(|| "".to_string());
            let as_name = hop.network_info.as_name.as_deref().unwrap_or("");
            let country = hop.network_info.country.as_deref().unwrap_or("");
            let city = hop.network_info.city.as_deref().unwrap_or("");

            output.push_str(&format!(
                "{},{},{},{},{},{},{},{},{},{}\n",
                hop.ttl,
                addr,
                hostname,
                rtt,
                loss,
                as_num,
                as_name,
                country,
                city,
                hop.reached_destination
            ));
        }

        output
    }

    /// Format as XML
    fn format_xml_output(&self, hops: &[HopResult]) -> String {
        let mut output = String::new();
        output.push_str("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n");
        output.push_str("<traceroute>\n");

        let target = match self.config.ip_version {
            IpVersion::V4 => self
                .config
                .target_v4
                .map(|a| a.to_string())
                .unwrap_or_default(),
            IpVersion::V6 => self
                .config
                .target_v6
                .map(|a| a.to_string())
                .unwrap_or_default(),
        };

        output.push_str(&format!("  <target>{}</target>\n", target));
        output.push_str(&format!(
            "  <protocol>{:?}</protocol>\n",
            self.config.protocol
        ));
        output.push_str(&format!(
            "  <max_hops>{}</max_hops>\n",
            self.config.max_hops
        ));
        output.push_str("  <hops>\n");

        for hop in hops {
            output.push_str(&format!("    <hop ttl=\"{}\">\n", hop.ttl));

            if let Some(addr) = hop.addr() {
                output.push_str(&format!("      <address>{}</address>\n", addr));

                if let Some(hostname) = &hop.network_info.hostname {
                    output.push_str(&format!("      <hostname>{}</hostname>\n", hostname));
                }

                if let Some(rtt) = hop.rtt {
                    output.push_str(&format!(
                        "      <rtt_ms>{:.3}</rtt_ms>\n",
                        rtt.as_secs_f64() * 1000.0
                    ));
                }

                output.push_str(&format!(
                    "      <loss_percent>{:.1}</loss_percent>\n",
                    hop.statistics.loss_percent
                ));

                if let Some(as_num) = hop.network_info.as_number {
                    output.push_str(&format!("      <as_number>{}</as_number>\n", as_num));
                    if let Some(as_name) = &hop.network_info.as_name {
                        output.push_str(&format!("      <as_name>{}</as_name>\n", as_name));
                    }
                }

                if let (Some(country), Some(city)) =
                    (&hop.network_info.country, &hop.network_info.city)
                {
                    output.push_str(&format!("      <country>{}</country>\n", country));
                    output.push_str(&format!("      <city>{}</city>\n", city));
                }

                output.push_str(&format!(
                    "      <reached_destination>{}</reached_destination>\n",
                    hop.reached_destination
                ));
            } else {
                output.push_str("      <address>*</address>\n");
                output.push_str("      <timeout>true</timeout>\n");
            }

            output.push_str("    </hop>\n");
        }

        output.push_str("  </hops>\n");
        output.push_str("</traceroute>\n");
        output
    }
}

/// Parse an ICMP response packet
fn parse_icmp_response(buffer: &[u8], expected_port: u16) -> Option<(Ipv4Addr, bool)> {
    if buffer.len() < 48 {
        return None;
    }

    let ip_header_len = ((buffer[0] & 0x0F) * 4) as usize;
    if buffer.len() < ip_header_len + 8 {
        return None;
    }
    let source_ip = Ipv4Addr::new(buffer[12], buffer[13], buffer[14], buffer[15]);
    let icmp = &buffer[ip_header_len..];

    if icmp.len() < 8 {
        return None;
    }

    let reached = match (icmp[0], icmp[1]) {
        (11, _) => false, // Time Exceeded
        (3, 3) => true,   // Port unreachable
        _ => return None,
    };

    if icmp.len() < 28 {
        return None;
    }
    let orig_ip = &icmp[8..];
    if orig_ip.len() < 20 {
        return None;
    }
    if orig_ip[9] != 17 {
        return None;
    }
    let orig_ip_header_len = ((orig_ip[0] & 0x0F) * 4) as usize;
    if orig_ip.len() < orig_ip_header_len + 8 {
        return None;
    }
    let orig_udp = &orig_ip[orig_ip_header_len..];
    let dest_port = u16::from_be_bytes([orig_udp[2], orig_udp[3]]);
    if dest_port != expected_port {
        return None;
    }

    Some((source_ip, reached))
}

/// Parse ICMP response for echo probes
fn parse_icmp_echo_response(
    buffer: &[u8],
    identifier: u16,
    sequence: u16,
) -> Option<(Ipv4Addr, bool)> {
    if buffer.len() < 28 {
        return None;
    }

    let ip_header_len = ((buffer[0] & 0x0F) * 4) as usize;
    if buffer.len() < ip_header_len + 8 {
        return None;
    }
    let source_ip = Ipv4Addr::new(buffer[12], buffer[13], buffer[14], buffer[15]);
    let icmp = &buffer[ip_header_len..];

    if icmp.len() < 8 {
        return None;
    }

    match (icmp[0], icmp[1]) {
        (0, 0) => {
            // Echo reply
            let id = u16::from_be_bytes([icmp[4], icmp[5]]);
            let seq = u16::from_be_bytes([icmp[6], icmp[7]]);
            if id == identifier && seq == sequence {
                Some((source_ip, true))
            } else {
                None
            }
        }
        (11, _) => {
            if icmp.len() < 28 {
                return None;
            }
            let orig_ip = &icmp[8..];
            if orig_ip.len() < 20 {
                return None;
            }
            if orig_ip[9] != 1 {
                return None;
            }
            let orig_ip_header_len = ((orig_ip[0] & 0x0F) * 4) as usize;
            if orig_ip.len() < orig_ip_header_len + 8 {
                return None;
            }
            let orig_icmp = &orig_ip[orig_ip_header_len..];
            if orig_icmp.len() < 8 {
                return None;
            }
            let id = u16::from_be_bytes([orig_icmp[4], orig_icmp[5]]);
            let seq = u16::from_be_bytes([orig_icmp[6], orig_icmp[7]]);
            if id == identifier && seq == sequence {
                Some((source_ip, false))
            } else {
                None
            }
        }
        _ => None,
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn config_defaults() {
        let cfg = TracerouteConfig::default();
        assert_eq!(cfg.max_hops, 30);
        assert_eq!(cfg.base_port, ports::TRACEROUTE_BASE);
        assert_eq!(cfg.attempts, 3);
        assert!(cfg.icmp_fallback);
    }
}