const all the things!

2025-12-06 12:41:29 +00:00 · 2021-04-23 20:37:41 +00:00
parent 1717b4a9a9
commit 1fd272f8dd
19 changed files with 215 additions and 219 deletions
--- a/Target.cc
+++ b/Target.cc
@@ -373,7 +373,7 @@ const char *Target::NameIP() const {
  /* Returns the next hop for sending packets to this host.  Returns true if
     next_hop was filled in.  It might be false, for example, if
     next_hop has never been set */
-bool Target::nextHop(struct sockaddr_storage *next_hop, size_t *next_hop_len) {
+bool Target::nextHop(struct sockaddr_storage *next_hop, size_t *next_hop_len) const {
  if (nexthopsocklen <= 0)
    return false;
  assert(nexthopsocklen <= sizeof(*next_hop));
@@ -402,7 +402,7 @@ bool Target::directlyConnected() const {
 /* Note that it is OK to pass in a sockaddr_in or sockaddr_in6 casted
     to sockaddr_storage */
-void Target::setNextHop(struct sockaddr_storage *next_hop, size_t next_hop_len) {
+void Target::setNextHop(const struct sockaddr_storage *next_hop, size_t next_hop_len) {
  assert(next_hop_len > 0 && next_hop_len <= sizeof(nexthopsock));
  memcpy(&nexthopsock, next_hop, next_hop_len);
  nexthopsocklen = next_hop_len;
@@ -414,7 +414,7 @@ void Target::setMTU(int devmtu) {
 }
 /* Get MTU (to correspond with devname) */
-int Target::MTU(void) {
+int Target::MTU(void) const {
  return mtu;
 }
@@ -443,7 +443,7 @@ void Target::stopTimeOutClock(const struct timeval *now) {
     running, counts elapsed time for that.  Pass NULL if you don't have the
     current time handy.  You might as well also pass NULL if the
     clock is not running, as the func won't need the time. */
-bool Target::timedOut(const struct timeval *now) {
+bool Target::timedOut(const struct timeval *now) const {
  unsigned long used = htn.msecs_used;
  struct timeval tv;
@@ -502,7 +502,7 @@ const u8 *Target::NextHopMACAddress() const {
  return (NextHopMACaddress_set)? NextHopMACaddress : NULL;
 }
-int Target::osscanPerformed(void) {
+int Target::osscanPerformed(void) const {
        return osscan_flag;
 }
--- a/Target.h
+++ b/Target.h
@@ -108,7 +108,7 @@ struct TracerouteHop {
  int ttl;
  float rtt; /* In milliseconds. */
-  int display_name(char *buf, size_t len) {
+  int display_name(char *buf, size_t len) const {
    if (name.empty())
      return Snprintf(buf, len, "%s", inet_ntop_ez(&addr, sizeof(addr)));
    else
@@ -192,21 +192,21 @@ class Target {
  /* If the host is NOT directly connected, you can set the next hop
     value here. It is OK to pass in a sockaddr_in or sockaddr_in6
     casted to sockaddr_storage*/
-  void setNextHop(struct sockaddr_storage *next_hop, size_t next_hop_len);
+  void setNextHop(const struct sockaddr_storage *next_hop, size_t next_hop_len);
  /* Returns the next hop for sending packets to this host.  Returns true if
     next_hop was filled in.  It might be false, for example, if
     next_hop has never been set */
-  bool nextHop(struct sockaddr_storage *next_hop, size_t *next_hop_len);
+  bool nextHop(struct sockaddr_storage *next_hop, size_t *next_hop_len) const;
  void setMTU(int devmtu);
-  int MTU(void);
+  int MTU(void) const;
  /* Sets the interface type to one of:
     devt_ethernet, devt_loopback, devt_p2p, devt_other
   */
  void setIfType(devtype iftype) { interface_type = iftype; }
  /* Returns -1 if it has not yet been set with setIfType() */
-  devtype ifType() { return interface_type; }
+  devtype ifType() const { return interface_type; }
  /* Starts the timeout clock for the host running (e.g. you are
     beginning a scan).  If you do not have the current time handy,
     you can pass in NULL.  When done, call stopTimeOutClock (it will
@@ -215,15 +215,15 @@ class Target {
  /* The complement to startTimeOutClock. */
  void stopTimeOutClock(const struct timeval *now);
  /* Is the timeout clock currently running? */
-  bool timeOutClockRunning() { return htn.toclock_running; }
+  bool timeOutClockRunning() const { return htn.toclock_running; }
  /* Returns whether the host is timedout.  If the timeoutclock is
     running, counts elapsed time for that.  Pass NULL if you don't have the
     current time handy.  You might as well also pass NULL if the
     clock is not running, as the func won't need the time. */
-  bool timedOut(const struct timeval *now);
+  bool timedOut(const struct timeval *now) const;
  /* Return time_t for the start and end time of this host */
-  time_t StartTime() { return htn.host_start; }
+  time_t StartTime() const { return htn.host_start; }
-  time_t EndTime() { return htn.host_end; }
+  time_t EndTime() const { return htn.host_end; }
  /* Takes a 6-byte MAC address */
  int setMACAddress(const u8 *addy);
@@ -243,7 +243,7 @@ class Target {
  const char *deviceName() const;
  const char *deviceFullName() const;
-  int osscanPerformed(void);
+  int osscanPerformed(void) const;
  void osscanSetFlag(int flag);
  struct seq_info seq;
--- a/nmap_dns.h
+++ b/nmap_dns.h
@@ -234,7 +234,7 @@ public:
  void addFlags(FLAGS fl){ flags |= fl; }
  void removeFlags(FLAGS fl){ flags &= ~fl; }
  void resetFlags() { flags = 0; }
-  size_t writeToBuffer(u8 *buf, size_t maxlen);
+  //size_t writeToBuffer(u8 *buf, size_t maxlen);
  size_t parseFromBuffer(const u8 *buf, size_t maxlen);
  u16 id;
--- a/osscan.cc
+++ b/osscan.cc
@@ -772,9 +772,9 @@ const char *mergeFPs(FingerPrint *FPs[], int numFPs, bool isGoodFP,
  }
 }
-const char *fp2ascii(FingerPrint *FP) {
+const char *fp2ascii(const FingerPrint *FP) {
  static char str[2048];
-  std::vector<FingerTest>::iterator iter;
+  std::vector<FingerTest>::const_iterator iter;
  char *p = str;
  if (!FP)
@@ -868,7 +868,7 @@ static void parse_cpeline(FingerPrint *FP, char *thisline, int lineno) {
   which some partial fingerpritns are OK. */
 /* This function is not currently used by Nmap, but it is present here because
   it is used by fingerprint utilities that link with Nmap object files. */
-FingerPrint *parse_single_fingerprint(char *fprint_orig) {
+FingerPrint *parse_single_fingerprint(const char *fprint_orig) {
  int lineno = 0;
  char *p, *q;
  char *thisline, *nextline;
--- a/osscan.h
+++ b/osscan.h
@@ -149,14 +149,14 @@ struct FingerPrintDB {
 /**********************  PROTOTYPES  ***********************************/
-const char *fp2ascii(FingerPrint *FP);
+const char *fp2ascii(const FingerPrint *FP);
 /* Parses a single fingerprint from the memory region given.  If a
 non-null fingerprint is returned, the user is in charge of freeing it
 when done.  This function does not require the fingerprint to be 100%
 complete since it is used by scripts such as scripts/fingerwatch for
 which some partial fingerpritns are OK. */
-FingerPrint *parse_single_fingerprint(char *fprint_orig);
+FingerPrint *parse_single_fingerprint(const char *fprint_orig);
 /* These functions take a file/db name and open+parse it, returning an
   (allocated) FingerPrintDB containing the results.  They exit with
--- a/osscan2.cc
+++ b/osscan2.cc
@@ -276,7 +276,7 @@ int identify_sequence(int numSamples, u32 *ipid_diffs, int islocalhost) {
 /* Calculate the distances between the ipids and write them
   into the ipid_diffs array. If the sequence class can be determined
   immediately, return it; otherwise return -1 */
-int get_diffs(u32 *ipid_diffs, int numSamples, u32 *ipids, int islocalhost) {
+int get_diffs(u32 *ipid_diffs, int numSamples, const u32 *ipids, int islocalhost) {
  int i;
  bool allipideqz = true;
@@ -304,7 +304,7 @@ int get_diffs(u32 *ipid_diffs, int numSamples, u32 *ipids, int islocalhost) {
 }
 /* Indentify the ipid sequence for 32-bit IPID values (IPv6) */
-int get_ipid_sequence_32(int numSamples, u32 *ipids, int islocalhost) {
+int get_ipid_sequence_32(int numSamples, const u32 *ipids, int islocalhost) {
  int ipid_seq = IPID_SEQ_UNKNOWN;
  u32 ipid_diffs[32];
  assert(numSamples < (int) (sizeof(ipid_diffs) / 2));
@@ -318,7 +318,7 @@ int get_ipid_sequence_32(int numSamples, u32 *ipids, int islocalhost) {
 }
 /* Indentify the ipid sequence for 16-bit IPID values (IPv4) */
-int get_ipid_sequence_16(int numSamples, u32 *ipids, int islocalhost) {
+int get_ipid_sequence_16(int numSamples, const u32 *ipids, int islocalhost) {
  int i;
  int ipid_seq = IPID_SEQ_UNKNOWN;
  u32 ipid_diffs[32];
@@ -890,9 +890,9 @@ static void findBestFPs(OsScanInfo *OSI) {
 static void printFP(OsScanInfo *OSI) {
-  std::list<HostOsScanInfo *>::iterator hostI;
+  std::list<HostOsScanInfo *>::const_iterator hostI;
-  HostOsScanInfo *hsi = NULL;
+  const HostOsScanInfo *hsi = NULL;
-  FingerPrintResultsIPv4 *FPR;
+  const FingerPrintResultsIPv4 *FPR;
  for (hostI = OSI->incompleteHosts.begin(); hostI != OSI->incompleteHosts.end(); hostI++) {
    hsi = *hostI;
@@ -959,7 +959,7 @@ OFProbe::OFProbe() {
 }
-const char *OFProbe::typestr() {
+const char *OFProbe::typestr() const {
  switch (type) {
  case OFP_UNSET:
    return "OFP_UNSET";
@@ -1258,7 +1258,7 @@ void HostOsScanStats::moveProbeToUnSendList(std::list<OFProbe *>::iterator probe
 /* Compute the ratio of amount of time taken between sending 1st TSEQ
    probe and 1st ICMP probe compared to the amount of time it should
    have taken.  Ratios far from 1 can cause bogus results */
-double HostOsScanStats::timingRatio() {
+double HostOsScanStats::timingRatio() const {
  if (openTCPPort < 0)
    return 0;
  int msec_ideal = OS_SEQ_PROBE_DELAY * (NUM_SEQ_SAMPLES - 1);
@@ -1278,10 +1278,10 @@ double HostOsScanStats::timingRatio() {
 /* If there are pending probe timeouts, fills in when with the time of
 * the earliest one and returns true.  Otherwise returns false and
 * puts now in when. */
-bool HostOsScan::nextTimeout(HostOsScanStats *hss, struct timeval *when) {
+bool HostOsScan::nextTimeout(HostOsScanStats *hss, struct timeval *when) const {
  assert(hss);
  struct timeval probe_to, earliest_to;
-  std::list<OFProbe *>::iterator probeI;
+  std::list<OFProbe *>::const_iterator probeI;
  bool firstgood = true;
  assert(when);
@@ -1301,7 +1301,7 @@ bool HostOsScan::nextTimeout(HostOsScanStats *hss, struct timeval *when) {
 }
-void HostOsScan::adjust_times(HostOsScanStats *hss, OFProbe *probe, struct timeval *rcvdtime) {
+void HostOsScan::adjust_times(HostOsScanStats *hss, const OFProbe *probe, const struct timeval *rcvdtime) {
  assert(hss);
  assert(probe);
@@ -1531,9 +1531,9 @@ void HostOsScan::updateActiveTUIProbes(HostOsScanStats *hss) {
 /* Check whether the host is sendok. If not, fill _when_ with the time
 * when it will be sendOK and return false; else, fill it with now and
 * return true. */
-bool HostOsScan::hostSendOK(HostOsScanStats *hss, struct timeval *when) {
+bool HostOsScan::hostSendOK(HostOsScanStats *hss, struct timeval *when) const {
  assert(hss);
-  std::list<OFProbe *>::iterator probeI;
+  std::list<OFProbe *>::const_iterator probeI;
  int packTime;
  struct timeval probe_to, earliest_to, sendTime;
  long tdiff;
@@ -1600,9 +1600,9 @@ bool HostOsScan::hostSendOK(HostOsScanStats *hss, struct timeval *when) {
 /* Check whether it is OK to send the next seq probe to the host. If
 * not, fill param "when" with the time when it will be sendOK and return
 * false; else, fill it with now and return true. */
-bool HostOsScan::hostSeqSendOK(HostOsScanStats *hss, struct timeval *when) {
+bool HostOsScan::hostSeqSendOK(HostOsScanStats *hss, struct timeval *when) const {
  assert(hss);
-  std::list<OFProbe *>::iterator probeI;
+  std::list<OFProbe *>::const_iterator probeI;
  int packTime = 0, maxWait = 0;
  struct timeval probe_to, earliest_to, sendTime;
  long tdiff;
@@ -1667,7 +1667,7 @@ bool HostOsScan::hostSeqSendOK(HostOsScanStats *hss, struct timeval *when) {
 }
-unsigned long HostOsScan::timeProbeTimeout(HostOsScanStats *hss) {
+unsigned long HostOsScan::timeProbeTimeout(HostOsScanStats *hss) const {
  assert(hss);
  if (hss->target->to.srtt > 0) {
    /* We have at least one timing value to use.  Good enough, I suppose */
@@ -1886,10 +1886,10 @@ void HostOsScan::sendTUdpProbe(HostOsScanStats *hss, int probeNo) {
 }
-bool HostOsScan::processResp(HostOsScanStats *hss, struct ip *ip, unsigned int len, struct timeval *rcvdtime) {
+bool HostOsScan::processResp(HostOsScanStats *hss, const struct ip *ip, unsigned int len, struct timeval *rcvdtime) {
-  struct ip *ip2;
+  const struct ip *ip2;
-  struct tcp_hdr *tcp;
+  const struct tcp_hdr *tcp;
-  struct icmp *icmp;
+  const struct icmp *icmp;
  int testno;
  bool isPktUseful = false;
  std::list<OFProbe *>::iterator probeI;
@@ -2258,7 +2258,7 @@ ScanStats::ScanStats() {
 /* Returns true if the os scan system says that sending is OK.*/
-bool ScanStats::sendOK() {
+bool ScanStats::sendOK() const {
  if (num_probes_sent - num_probes_sent_at_last_wait >= 50)
    return false;
@@ -2648,10 +2648,10 @@ void HostOsScan::makeTWinFP(HostOsScanStats *hss) {
 }
-bool HostOsScan::processTSeqResp(HostOsScanStats *hss, struct ip *ip, int replyNo) {
+bool HostOsScan::processTSeqResp(HostOsScanStats *hss, const struct ip *ip, int replyNo) {
  assert(replyNo >= 0 && replyNo < NUM_SEQ_SAMPLES);
-  struct tcp_hdr *tcp;
+  const struct tcp_hdr *tcp;
  int seq_response_num; /* response # for sequencing */
  u32 timestamp = 0; /* TCP timestamp we receive back */
@@ -2715,7 +2715,7 @@ bool HostOsScan::processTSeqResp(HostOsScanStats *hss, struct ip *ip, int replyN
 }
-bool HostOsScan::processTOpsResp(HostOsScanStats *hss, struct tcp_hdr *tcp, int replyNo) {
+bool HostOsScan::processTOpsResp(HostOsScanStats *hss, const struct tcp_hdr *tcp, int replyNo) {
  assert(replyNo >= 0 && replyNo < 6);
  char ops_buf[256];
  bool opsParseResult;
@@ -2760,7 +2760,7 @@ bool HostOsScan::processTOpsResp(HostOsScanStats *hss, struct tcp_hdr *tcp, int
 }
-bool HostOsScan::processTWinResp(HostOsScanStats *hss, struct tcp_hdr *tcp, int replyNo) {
+bool HostOsScan::processTWinResp(HostOsScanStats *hss, const struct tcp_hdr *tcp, int replyNo) {
  assert(replyNo >= 0 && replyNo < 6);
  if (hss->FP_TWin || hss->TWin_AVs[replyNo])
@@ -2795,14 +2795,14 @@ bool HostOsScan::processTWinResp(HostOsScanStats *hss, struct tcp_hdr *tcp, int
 }
-bool HostOsScan::processTEcnResp(HostOsScanStats *hss, struct ip *ip) {
+bool HostOsScan::processTEcnResp(HostOsScanStats *hss, const struct ip *ip) {
  std::vector<struct AVal> AVs;
  struct AVal AV;
  char ops_buf[256];
  char quirks_buf[10];
  char *p;
  int numtests = 7;
-  struct tcp_hdr *tcp = ((struct tcp_hdr *) (((char *) ip) + 4 * ip->ip_hl));
+  const struct tcp_hdr *tcp = ((struct tcp_hdr *) (((char *) ip) + 4 * ip->ip_hl));
  bool opsParseResult;
  if (hss->FP_TEcn)
@@ -2886,13 +2886,13 @@ bool HostOsScan::processTEcnResp(HostOsScanStats *hss, struct ip *ip) {
 }
-bool HostOsScan::processT1_7Resp(HostOsScanStats *hss, struct ip *ip, int replyNo) {
+bool HostOsScan::processT1_7Resp(HostOsScanStats *hss, const struct ip *ip, int replyNo) {
  std::vector<struct AVal> AVs;
  struct AVal AV;
  assert(replyNo >= 0 && replyNo < 7);
  int numtests;
-  struct tcp_hdr *tcp = ((struct tcp_hdr *) (((char *) ip) + 4 * ip->ip_hl));
+  const struct tcp_hdr *tcp = ((struct tcp_hdr *) (((char *) ip) + 4 * ip->ip_hl));
  int i;
  bool opsParseResult;
@@ -3054,20 +3054,20 @@ bool HostOsScan::processT1_7Resp(HostOsScanStats *hss, struct ip *ip, int replyN
 }
-bool HostOsScan::processTUdpResp(HostOsScanStats *hss, struct ip *ip) {
+bool HostOsScan::processTUdpResp(HostOsScanStats *hss, const struct ip *ip) {
  std::vector<struct AVal> AVs;
  struct AVal AV;
  assert(hss);
  assert(ip);
-  struct icmp *icmp;
+  const struct icmp *icmp;
-  struct ip *ip2;
+  const struct ip *ip2;
  int numtests;
  unsigned short checksum;
  unsigned short *checksumptr;
-  struct udp_hdr *udp;
+  const struct udp_hdr *udp;
-  unsigned char *datastart, *dataend;
+  const unsigned char *datastart, *dataend;
 #if !defined(SOLARIS) && !defined(SUNOS) && !defined(IRIX) && !defined(HPUX)
  numtests = 10;
@@ -3210,14 +3210,14 @@ bool HostOsScan::processTUdpResp(HostOsScanStats *hss, struct ip *ip) {
 }
-bool HostOsScan::processTIcmpResp(HostOsScanStats *hss, struct ip *ip, int replyNo) {
+bool HostOsScan::processTIcmpResp(HostOsScanStats *hss, const struct ip *ip, int replyNo) {
  assert(replyNo == 0 || replyNo == 1);
  std::vector<struct AVal> AVs;
  struct AVal AV;
  int numtests = 4;
-  struct ip *ip1, *ip2;
+  const struct ip *ip1, *ip2;
-  struct icmp *icmp1, *icmp2;
+  const struct icmp *icmp1, *icmp2;
  unsigned short value1, value2;
  if (hss->FP_TIcmp)
@@ -3312,8 +3312,9 @@ bool HostOsScan::processTIcmpResp(HostOsScanStats *hss, struct ip *ip, int reply
 }
-bool HostOsScan::get_tcpopt_string(struct tcp_hdr *tcp, int mss, char *result, int maxlen) {
+bool HostOsScan::get_tcpopt_string(const struct tcp_hdr *tcp, int mss, char *result, int maxlen) const {
-  char *p, *q;
+  char *p;
  const char *q;
  u16 tmpshort;
  u32 tmpword;
  int length;
@@ -3493,9 +3494,9 @@ OsScanInfo::~OsScanInfo()
 /* Find a HostScanStats by IP its address in the incomplete list.  Returns NULL if
   none are found. */
-HostOsScanInfo *OsScanInfo::findIncompleteHost(struct sockaddr_storage *ss) {
+HostOsScanInfo *OsScanInfo::findIncompleteHost(const struct sockaddr_storage *ss) {
  std::list<HostOsScanInfo *>::iterator hostI;
-  struct sockaddr_in *sin = (struct sockaddr_in *) ss;
+  const struct sockaddr_in *sin = (struct sockaddr_in *) ss;
  if (sin->sin_family != AF_INET)
    fatal("%s passed a non IPv4 address", __func__);
--- a/osscan2.h
+++ b/osscan2.h
@@ -181,9 +181,9 @@ void os_scan2(std::vector<Target *> &Targets);
 int get_initial_ttl_guess(u8 ttl);
 int identify_sequence(int numSamples, u32 *ipid_diffs, int islocalhost, int allipideqz);
-int get_diffs(u32 *ipid_diffs, int numSamples, u32 *ipids, int islocalhost);
+int get_diffs(u32 *ipid_diffs, int numSamples, const u32 *ipids, int islocalhost);
-int get_ipid_sequence_16(int numSamples, u32 *ipids, int islocalhost);
+int get_ipid_sequence_16(int numSamples, const u32 *ipids, int islocalhost);
-int get_ipid_sequence_32(int numSamples, u32 *ipids, int islocalhost);
+int get_ipid_sequence_32(int numSamples, const u32 *ipids, int islocalhost);
 const char *ipidclass2ascii(int seqclass);
 const char *tsseqclass2ascii(int seqclass);
@@ -210,7 +210,7 @@ class OFProbe {
  OFProbe();
  /* The literal string for the current probe type. */
-  const char *typestr();
+  const char *typestr() const;
  /* Type of the probe: for what os fingerprinting test? */
  OFProbeType type;
@@ -249,9 +249,9 @@ class HostOsScanStats {
  std::list<OFProbe *>::iterator getActiveProbe(OFProbeType type, int subid);
  void moveProbeToActiveList(std::list<OFProbe *>::iterator probeI);
  void moveProbeToUnSendList(std::list<OFProbe *>::iterator probeI);
-  unsigned int numProbesToSend() {return probesToSend.size();}
+  unsigned int numProbesToSend() const {return probesToSend.size();}
-  unsigned int numProbesActive() {return probesActive.size();}
+  unsigned int numProbesActive() const {return probesActive.size();}
-  FingerPrint *getFP() {return FP;}
+  FingerPrint *getFP() const {return FP;}
  Target *target; /* the Target */
  struct seq_info si;
@@ -275,8 +275,7 @@ class HostOsScanStats {
   * and the last one.  Zero is
   * returned if we didn't send the tseq probes because there was no
   * open tcp port */
-  double timingRatio();
+  double timingRatio() const;
  double cc_scale();
 private:
  /* Ports of the targets used in os fingerprinting. */
@@ -340,8 +339,7 @@ class ScanStats {
 public:
  ScanStats();
-  bool sendOK(); /* Returns true if the system says that sending is OK. */
+  bool sendOK() const; /* Returns true if the system says that sending is OK. */
  double cc_scale();
  struct ultra_timing_vals timing;
  struct timeout_info to;      /* rtt/timeout info                */
@@ -375,7 +373,7 @@ class HostOsScan {
  void sendNextProbe(HostOsScanStats *hss);
  /* Process one response. If the response is useful, return true. */
-  bool processResp(HostOsScanStats *hss, struct ip *ip, unsigned int len, struct timeval *rcvdtime);
+  bool processResp(HostOsScanStats *hss, const struct ip *ip, unsigned int len, struct timeval *rcvdtime);
  /* Make up the fingerprint. */
  void makeFP(HostOsScanStats *hss);
@@ -383,27 +381,27 @@ class HostOsScan {
  /* Check whether the host is sendok. If not, fill _when_ with the
   * time when it will be sendOK and return false; else, fill it with
   * now and return true. */
-  bool hostSendOK(HostOsScanStats *hss, struct timeval *when);
+  bool hostSendOK(HostOsScanStats *hss, struct timeval *when) const;
  /* Check whether it is ok to send the next seq probe to the host. If
   * not, fill _when_ with the time when it will be sendOK and return
   * false; else, fill it with now and return true. */
-  bool hostSeqSendOK(HostOsScanStats *hss, struct timeval *when);
+  bool hostSeqSendOK(HostOsScanStats *hss, struct timeval *when) const;
  /* How long I am currently willing to wait for a probe response
   * before considering it timed out.  Uses the host values from
   * target if they are available, otherwise from gstats.  Results
   * returned in MICROseconds.  */
-  unsigned long timeProbeTimeout(HostOsScanStats *hss);
+  unsigned long timeProbeTimeout(HostOsScanStats *hss) const;
  /* If there are pending probe timeouts, fills in when with the time
   * of the earliest one and returns true.  Otherwise returns false
   * and puts now in when. */
-  bool nextTimeout(HostOsScanStats *hss, struct timeval *when);
+  bool nextTimeout(HostOsScanStats *hss, struct timeval *when) const;
  /* Adjust various timing variables based on pcket receipt. */
-  void adjust_times(HostOsScanStats *hss, OFProbe *probe, struct timeval *rcvdtime);
+  void adjust_times(HostOsScanStats *hss, const OFProbe *probe, const struct timeval *rcvdtime);
 private:
  /* Probe send functions. */
@@ -414,13 +412,13 @@ private:
  void sendTUdpProbe(HostOsScanStats *hss, int probeNo);
  void sendTIcmpProbe(HostOsScanStats *hss, int probeNo);
  /* Response process functions. */
-  bool processTSeqResp(HostOsScanStats *hss, struct ip *ip, int replyNo);
+  bool processTSeqResp(HostOsScanStats *hss, const struct ip *ip, int replyNo);
-  bool processTOpsResp(HostOsScanStats *hss, struct tcp_hdr *tcp, int replyNo);
+  bool processTOpsResp(HostOsScanStats *hss, const struct tcp_hdr *tcp, int replyNo);
-  bool processTWinResp(HostOsScanStats *hss, struct tcp_hdr *tcp, int replyNo);
+  bool processTWinResp(HostOsScanStats *hss, const struct tcp_hdr *tcp, int replyNo);
-  bool processTEcnResp(HostOsScanStats *hss, struct ip *ip);
+  bool processTEcnResp(HostOsScanStats *hss, const struct ip *ip);
-  bool processT1_7Resp(HostOsScanStats *hss, struct ip *ip, int replyNo);
+  bool processT1_7Resp(HostOsScanStats *hss, const struct ip *ip, int replyNo);
-  bool processTUdpResp(HostOsScanStats *hss, struct ip *ip);
+  bool processTUdpResp(HostOsScanStats *hss, const struct ip *ip);
-  bool processTIcmpResp(HostOsScanStats *hss, struct ip *ip, int replyNo);
+  bool processTIcmpResp(HostOsScanStats *hss, const struct ip *ip, int replyNo);
  /* Generic sending functions used by the above probe functions. */
  int send_tcp_probe(HostOsScanStats *hss,
@@ -439,7 +437,7 @@ private:
  void makeTOpsFP(HostOsScanStats *hss);
  void makeTWinFP(HostOsScanStats *hss);
-  bool get_tcpopt_string(struct tcp_hdr *tcp, int mss, char *result, int maxlen);
+  bool get_tcpopt_string(const struct tcp_hdr *tcp, int mss, char *result, int maxlen) const;
  int rawsd;    /* Raw socket descriptor */
  eth_t *ethsd; /* Ethernet handle       */
@@ -472,8 +470,8 @@ class OsScanInfo {
   * then add to it again, or you may mess up nextI (I'm not sure) */
  std::list<HostOsScanInfo *> incompleteHosts;
-  unsigned int numIncompleteHosts() {return incompleteHosts.size();}
+  unsigned int numIncompleteHosts() const {return incompleteHosts.size();}
-  HostOsScanInfo *findIncompleteHost(struct sockaddr_storage *ss);
+  HostOsScanInfo *findIncompleteHost(const struct sockaddr_storage *ss);
  /* A circular buffer of the incompleteHosts.  nextIncompleteHost() gives
     the next one.  The first time it is called, it will give the
--- a/payload.cc
+++ b/payload.cc
@@ -242,7 +242,7 @@ static int load_payloads_from_file(FILE *fp) {
      std::map<struct proto_dport, std::vector<struct payload> >::iterator portPayloadIterator;
      std::vector<struct payload> portPayloadVector;
      std::vector<struct payload>::iterator portPayloadVectorIterator;
-      struct proto_dport key(IPPROTO_UDP, ports[p]);
+      const struct proto_dport key(IPPROTO_UDP, ports[p]);
      struct payload portPayload;
      bool duplicate = false;
@@ -314,15 +314,15 @@ int init_payloads(void) {
   length is returned through the length pointer. */
 const char *udp_port2payload(u16 dport, size_t *length, u8 tryno) {
  static const char *payload_null = "";
-  std::map<struct proto_dport, std::vector<struct payload> >::iterator portPayloadIterator;
+  std::map<struct proto_dport, std::vector<struct payload> >::const_iterator portPayloadIterator;
-  std::vector<struct payload>::iterator portPayloadVectorIterator;
+  std::vector<struct payload>::const_iterator portPayloadVectorIterator;
-  proto_dport key(IPPROTO_UDP, dport);
+  const proto_dport key(IPPROTO_UDP, dport);
  int portPayloadVectorSize;
  portPayloadIterator = portPayloads.find(key);
  if (portPayloadIterator != portPayloads.end()) {
-    std::vector<struct payload>& portPayloadVector = portPayloads.find(key)->second;
+    const std::vector<struct payload>& portPayloadVector = portPayloads.find(key)->second;
    portPayloadVectorSize = portPayloadVector.size();
    tryno %= portPayloadVectorSize;
@@ -364,8 +364,8 @@ const char *get_udp_payload(u16 dport, size_t *length, u8 tryno) {
 }
 size_t udp_payload_count(u16 dport) {
-  std::map<struct proto_dport, std::vector<struct payload> >::iterator portPayloadIterator;
+  std::map<struct proto_dport, std::vector<struct payload> >::const_iterator portPayloadIterator;
-  proto_dport key(IPPROTO_UDP, dport);
+  const proto_dport key(IPPROTO_UDP, dport);
  size_t portPayloadVectorSize = 0;
  portPayloadIterator = portPayloads.find(key);
--- a/portreasons.cc
+++ b/portreasons.cc
@@ -157,7 +157,7 @@ reason_map_type reason_map;
 /* Function to Translate ICMP codes and types to *
 * Reason Codes                  */
-static reason_codes icmpv4_to_reason(int icmp_type, int icmp_code) {
+static const reason_codes icmpv4_to_reason(int icmp_type, int icmp_code) {
    switch(icmp_type){
@@ -200,7 +200,7 @@ static reason_codes icmpv4_to_reason(int icmp_type, int icmp_code) {
    return ER_UNKNOWN;
 };
-static reason_codes icmpv6_to_reason(int icmp_type, int icmp_code) {
+static const reason_codes icmpv6_to_reason(int icmp_type, int icmp_code) {
    switch(icmp_type){
@@ -235,7 +235,7 @@ static reason_codes icmpv6_to_reason(int icmp_type, int icmp_code) {
    return ER_UNKNOWN;
 };
-reason_codes icmp_to_reason(u8 proto, int icmp_type, int icmp_code) {
+const reason_codes icmp_to_reason(u8 proto, int icmp_type, int icmp_code) {
        if (proto == IPPROTO_ICMP)
                return icmpv4_to_reason(icmp_type, icmp_code);
        else if (proto == IPPROTO_ICMPV6)
@@ -388,12 +388,12 @@ state_reason_summary_t *get_state_reason_summary(PortList *Ports, int state) {
 * string representation. If 'number' is equal to 1 then the
 * singular is used, otherwise the plural */
 const char *reason_str(reason_t reason_code, unsigned int number) {
-    std::map<reason_codes,reason_string>::iterator itr = reason_map.find((reason_codes)reason_code);
+    std::map<reason_codes,reason_string>::const_iterator itr = reason_map.find((reason_codes)reason_code);
-    reason_string temp = (*itr).second;
+    const reason_string *temp = &itr->second;
    if (number == SINGULAR){
-        return temp.singular;
+        return temp->singular;
    }
-    return temp.plural;
+    return temp->plural;
 }
 void state_reason_init(state_reason_t *reason) {
@@ -404,7 +404,7 @@ void state_reason_init(state_reason_t *reason) {
 /* converts target into reason message for ping scans. Uses a static
 * buffer so new values overwrite old values */
-char *target_reason_str(Target *t) {
+const char *target_reason_str(Target *t) {
        static char reason[128];
        memset(reason,'\0', 128);
        Snprintf(reason, 128, "received %s", reason_str(t->reason.reason_id, SINGULAR));
@@ -414,7 +414,7 @@ char *target_reason_str(Target *t) {
 /* Build an output string based on reason and source ip address.
 * uses a static return value so previous values will be over
 * written by subsequent calls */
-char *port_reason_str(state_reason_t r) {
+const char *port_reason_str(state_reason_t r) {
        static char reason[128];
        memset(reason,'\0', 128);
        if (r.ip_addr.sockaddr.sa_family == AF_UNSPEC) {
--- a/portreasons.h
+++ b/portreasons.h
@@ -137,8 +137,8 @@ private:
    std::map<reason_codes,reason_string > reason_map;
 public:
    reason_map_type();
-    std::map<reason_codes,reason_string>::iterator find(const reason_codes& x){
+    std::map<reason_codes,reason_string>::const_iterator find(const reason_codes& x) const {
-        std::map<reason_codes,reason_string>::iterator itr = reason_map.find(x);
+        std::map<reason_codes,reason_string>::const_iterator itr = reason_map.find(x);
        if(itr == reason_map.end())
            return reason_map.find(ER_UNKNOWN);
        return itr;
@@ -146,7 +146,7 @@ public:
 };
 /* Function to translate ICMP code and typ to reason code */
-reason_codes icmp_to_reason(u8 proto, int icmp_type, int icmp_code);
+const reason_codes icmp_to_reason(u8 proto, int icmp_type, int icmp_code);
 /* Passed to reason_str to determine if string should be in
 * plural of singular form */
@@ -168,8 +168,8 @@ void state_reason_summary_dinit(state_reason_summary_t *r);
 /* Build an output string based on reason and source ip address.
 * Uses static return value so previous values will be over
 * written by subsequent calls */
-char *port_reason_str(state_reason_t r);
+const char *port_reason_str(state_reason_t r);
-char *target_reason_str(Target *t);
+const char *target_reason_str(Target *t);
 #endif
--- a/scan_engine.cc
+++ b/scan_engine.cc
@@ -109,7 +109,7 @@ int HssPredicate::operator() (const HostScanStats *lhs, const HostScanStats *rhs
 }
 struct sockaddr_storage *HssPredicate::ss = NULL;
-void UltraScanInfo::log_overall_rates(int logt) {
+void UltraScanInfo::log_overall_rates(int logt) const {
  log_write(logt, "Overall sending rates: %.2f packets / s", send_rate_meter.getOverallPacketRate(&now));
  if (send_rate_meter.getNumBytes() > 0)
    log_write(logt, ", %.2f bytes / s", send_rate_meter.getOverallByteRate(&now));
@@ -320,7 +320,7 @@ void GroupScanStats::probeSent(unsigned int nbytes) {
 }
 /* Returns true if the GLOBAL system says that sending is OK.*/
-bool GroupScanStats::sendOK(struct timeval *when) {
+bool GroupScanStats::sendOK(struct timeval *when) const {
  int recentsends;
  /* In case it's not okay to send, arbitrarily say to check back in one
@@ -503,7 +503,7 @@ void HostScanStats::probeSent(unsigned int nbytes) {
   considering it timed out.  Uses the host values from target if they
   are available, otherwise from gstats.  Results returned in
   MICROseconds.  */
-unsigned long HostScanStats::probeTimeout() {
+unsigned long HostScanStats::probeTimeout() const {
  if (target->to.srtt > 0) {
    /* We have at least one timing value to use.  Good enough, I suppose */
    return target->to.timeout;
@@ -521,7 +521,7 @@ unsigned long HostScanStats::probeTimeout() {
   really late.  But after probeExpireTime(), I don't waste time
   keeping them around. Give in MICROseconds. The expiry time can
   depend on the type of probe. Pass NULL to get the default time. */
-unsigned long HostScanStats::probeExpireTime(const UltraProbe *probe) {
+unsigned long HostScanStats::probeExpireTime(const UltraProbe *probe) const {
  if (probe == NULL || probe->type == UltraProbe::UP_CONNECT)
    /* timedout probes close socket -- late resp. impossible */
    return probeTimeout();
@@ -535,9 +535,9 @@ unsigned long HostScanStats::probeExpireTime(const UltraProbe *probe) {
   will be OK assuming no pending probes are resolved by responses
   (call it again if they do).  when will become now if it returns
   true. */
-bool HostScanStats::sendOK(struct timeval *when) {
+bool HostScanStats::sendOK(struct timeval *when) const {
  struct ultra_timing_vals tmng;
-  std::list<UltraProbe *>::iterator probeI;
+  std::list<UltraProbe *>::const_iterator probeI;
  struct timeval probe_to, earliest_to, sendTime;
  long tdiff;
@@ -629,9 +629,9 @@ bool HostScanStats::sendOK(struct timeval *when) {
 /* If there are pending probe timeouts, fills in when with the time of
   the earliest one and returns true.  Otherwise returns false and
   puts now in when. */
-bool HostScanStats::nextTimeout(struct timeval *when) {
+bool HostScanStats::nextTimeout(struct timeval *when) const {
  struct timeval probe_to, earliest_to;
-  std::list<UltraProbe *>::iterator probeI;
+  std::list<UltraProbe *>::const_iterator probeI;
  bool firstgood = true;
  assert(when);
@@ -663,8 +663,8 @@ bool HostScanStats::nextTimeout(struct timeval *when) {
   appropriate.  If mayincrease is non-NULL, it is set to whether
   the allowedTryno may increase again.  If it is false, any probes
   which have reached the given limit may be dealt with. */
-unsigned int HostScanStats::allowedTryno(bool *capped, bool *mayincrease) {
+unsigned int HostScanStats::allowedTryno(bool *capped, bool *mayincrease) const {
-  std::list<UltraProbe *>::iterator probeI;
+  std::list<UltraProbe *>::const_iterator probeI;
  UltraProbe *probe = NULL;
  bool allfinished = true;
  bool tryno_mayincrease = true;
@@ -739,7 +739,7 @@ UltraScanInfo::~UltraScanInfo() {
 /* Returns true if this scan is a "raw" scan. A raw scan is ont that requires a
   raw socket or ethernet handle to send, or a pcap sniffer to receive.
   Basically, any scan type except pure TCP connect scans are raw. */
-bool UltraScanInfo::isRawScan() {
+bool UltraScanInfo::isRawScan() const {
  return scantype != CONNECT_SCAN
         && (tcp_scan || udp_scan || sctp_scan || prot_scan || ping_scan_arp || ping_scan_nd
             || (ping_scan && (ptech.rawicmpscan || ptech.rawtcpscan || ptech.rawudpscan
@@ -766,15 +766,15 @@ HostScanStats *UltraScanInfo::nextIncompleteHost() {
 /* Return a number between 0.0 and 1.0 inclusive indicating how much of the scan
   is done. */
-double UltraScanInfo::getCompletionFraction() {
+double UltraScanInfo::getCompletionFraction() const {
-  std::multiset<HostScanStats *, HssPredicate>::iterator hostI;
+  std::multiset<HostScanStats *, HssPredicate>::const_iterator hostI;
  double total;
  /* Add 1 for each completed host. */
  total = gstats->numtargets - numIncompleteHosts();
  /* Get the completion fraction for each incomplete host. */
  for (hostI = incompleteHosts.begin(); hostI != incompleteHosts.end(); hostI++) {
-    HostScanStats *host = *hostI;
+    const HostScanStats *host = *hostI;
    int maxtries = host->allowedTryno(NULL, NULL) + 1;
    double thishostpercdone;
@@ -834,7 +834,7 @@ static void set_default_port_state(std::vector<Target *> &targets, stype scantyp
 /* Order of initializations in this function CAN BE IMPORTANT, so be careful
 mucking with it. */
-void UltraScanInfo::Init(std::vector<Target *> &Targets, struct scan_lists *pts, stype scantp) {
+void UltraScanInfo::Init(std::vector<Target *> &Targets, const struct scan_lists *pts, stype scantp) {
  unsigned int targetno = 0;
  HostScanStats *hss;
  int num_timedout = 0;
@@ -974,7 +974,7 @@ void UltraScanInfo::Init(std::vector<Target *> &Targets, struct scan_lists *pts,
 /* Return the total number of probes that may be sent to each host. This never
   changes after initialization. */
-unsigned int UltraScanInfo::numProbesPerHost() {
+unsigned int UltraScanInfo::numProbesPerHost() const {
  unsigned int numprobes = 0;
  if (tcp_scan) {
@@ -1025,10 +1025,10 @@ unsigned int UltraScanInfo::numProbesPerHost() {
   can be sent, assuming no probe responses are received (call it
   again if they are).  when will be now, if the function returns
   true */
-bool UltraScanInfo::sendOK(struct timeval *when) {
+bool UltraScanInfo::sendOK(struct timeval *when) const {
  struct timeval lowhtime = {0};
  struct timeval tmptv;
-  std::multiset<HostScanStats *, HssPredicate>::iterator host;
+  std::multiset<HostScanStats *, HssPredicate>::const_iterator host;
  bool ggood = false;
  bool thisHostGood = false;
  bool foundgood = false;
@@ -1085,8 +1085,8 @@ bool UltraScanInfo::sendOK(struct timeval *when) {
 /* Find a HostScanStats by its IP address in the incomplete and completed lists.
   Returns NULL if none are found. */
-HostScanStats *UltraScanInfo::findHost(struct sockaddr_storage *ss) {
+HostScanStats *UltraScanInfo::findHost(struct sockaddr_storage *ss) const {
-  std::multiset<HostScanStats *, HssPredicate>::iterator hss;
+  std::multiset<HostScanStats *, HssPredicate>::const_iterator hss;
  HssPredicate::ss = ss;
  HostScanStats *fakeHss = NULL;
@@ -1111,8 +1111,8 @@ HostScanStats *UltraScanInfo::findHost(struct sockaddr_storage *ss) {
 /* Check if incompleteHosts list contains less than n elements. This function
   is here to replace numIncompleteHosts() < n, which would have to walk
   through the entire list. */
-bool UltraScanInfo::numIncompleteHostsLessThan(unsigned int n) {
+bool UltraScanInfo::numIncompleteHostsLessThan(unsigned int n) const {
-  std::multiset<HostScanStats *, HssPredicate>::iterator hostI;
+  std::multiset<HostScanStats *, HssPredicate>::const_iterator hostI;
  unsigned int count;
  count = 0;
@@ -1195,7 +1195,7 @@ int UltraScanInfo::removeCompletedHosts() {
                  num_outstanding_probes == 1 ? "probe" : "probes");
        if (o.debugging > 3) {
          char tmpbuf[64];
-          std::list<UltraProbe *>::iterator iter;
+          std::list<UltraProbe *>::const_iterator iter;
          for (iter = hss->probes_outstanding.begin(); iter != hss->probes_outstanding.end(); iter++)
            log_write(LOG_PLAIN, "* %s\n", probespec2ascii((probespec *) (*iter)->pspec(), tmpbuf, sizeof(tmpbuf)));
        }
@@ -1236,7 +1236,7 @@ int UltraScanInfo::removeCompletedHosts() {
   number of hosts scanned in parallel, though rarely to significant
   levels. */
 int determineScanGroupSize(int hosts_scanned_so_far,
-                           struct scan_lists *ports) {
+                           const struct scan_lists *ports) {
  int groupsize = 16;
  if (o.UDPScan())
@@ -1471,7 +1471,7 @@ static int get_next_target_probe(UltraScanInfo *USI, HostScanStats *hss,
 }
 /* Returns whether there are ports remaining to probe */
-bool HostScanStats::freshPortsLeft() {
+bool HostScanStats::freshPortsLeft() const {
  if (USI->tcp_scan) {
    return (next_portidx < USI->ports->tcp_count);
  } else if (USI->udp_scan) {
@@ -1512,7 +1512,7 @@ bool HostScanStats::freshPortsLeft() {
 }
 /* Returns the number of ports remaining to probe */
-int HostScanStats::numFreshPortsLeft() {
+int HostScanStats::numFreshPortsLeft() const {
  if (USI->tcp_scan) {
    if (next_portidx >= USI->ports->tcp_count)
      return 0;
@@ -1712,7 +1712,7 @@ void HostScanStats::markProbeTimedout(std::list<UltraProbe *>::iterator probeI)
  }
 }
-bool HostScanStats::completed() {
+bool HostScanStats::completed() const {
  /* If there are probes active or awaiting retransmission, we are not done. */
  if (num_probes_active != 0 || num_probes_waiting_retransmit != 0
      || !probe_bench.empty() || !retry_stack.empty()) {
@@ -1735,7 +1735,7 @@ bool HostScanStats::completed() {
   have been received for this host, may look at others in the group.
   For CHANGING this host's timing, use the timing memberval
   instead. */
-void HostScanStats::getTiming(struct ultra_timing_vals *tmng) {
+void HostScanStats::getTiming(struct ultra_timing_vals *tmng) const {
  assert(tmng);
  /* Use the per-host value if a pingport has been found or very few probes
@@ -2497,8 +2497,8 @@ static void doAnyOutstandingRetransmits(UltraScanInfo *USI) {
 /* Print occasional remaining time estimates, as well as
   debugging information */
 static void printAnyStats(UltraScanInfo *USI) {
-  std::multiset<HostScanStats *, HssPredicate>::iterator hostI;
+  std::multiset<HostScanStats *, HssPredicate>::const_iterator hostI;
-  HostScanStats *hss;
+  const HostScanStats *hss;
  struct ultra_timing_vals hosttm;
  /* Print debugging states for each host being scanned */
@@ -2706,7 +2706,7 @@ static void processData(UltraScanInfo *USI) {
   changed timing information will be stored in it when the function returns. It
   exists so timing can be shared across invocations of this function. If to is
   NULL (its default value), a default timeout_info will be used. */
-void ultra_scan(std::vector<Target *> &Targets, struct scan_lists *ports,
+void ultra_scan(std::vector<Target *> &Targets, const struct scan_lists *ports,
                stype scantype, struct timeout_info *to) {
  o.current_scantype = scantype;
--- a/scan_engine.h
+++ b/scan_engine.h
@@ -81,7 +81,7 @@
 class Target;
 /* 3rd generation Nmap scanning function.  Handles most Nmap port scan types */
-void ultra_scan(std::vector<Target *> &Targets, struct scan_lists *ports,
+void ultra_scan(std::vector<Target *> &Targets, const struct scan_lists *ports,
                stype scantype, struct timeout_info *to = NULL);
 /* Determines an ideal number of hosts to be scanned (port scan, os
@@ -93,7 +93,7 @@ void ultra_scan(std::vector<Target *> &Targets, struct scan_lists *ports,
   number of hosts scanned in parallel, though rarely to significant
   levels. */
 int determineScanGroupSize(int hosts_scanned_so_far,
-                           struct scan_lists *ports);
+                           const struct scan_lists *ports);
 class UltraScanInfo;
@@ -152,13 +152,13 @@ public:
     internal IPProbe.  The relevant probespec is necessary for setIP
     because pspec.type is ambiguous with just the ippacket (e.g. a
     tcp packet could be PS_PROTO or PS_TCP). */
-  void setIP(u8 *ippacket, u32 iplen, const probespec *pspec);
+  void setIP(const u8 *ippacket, u32 iplen, const probespec *pspec);
  /* Sets this UltraProbe as type UP_CONNECT, preparing to connect to given
   port number*/
  void setConnect(u16 portno);
  /* Pass an arp packet, including ethernet header. Must be 42bytes */
-  void setARP(u8 *arppkt, u32 arplen);
+  void setARP(const u8 *arppkt, u32 arplen);
-  void setND(u8 *ndpkt, u32 ndlen);
+  void setND(const u8 *ndpkt, u32 ndlen);
  // The 4 accessors below all return in HOST BYTE ORDER
  // source port used if TCP, UDP or SCTP
  u16 sport() const;
@@ -174,7 +174,7 @@ public:
  u8 protocol() const {
    return mypspec.proto;
  }
-  ConnectProbe *CP() {
+  ConnectProbe *CP() const {
    return probes.CP;  // if type == UP_CONNECT
  }
  // Arpprobe removed because not used.
@@ -205,7 +205,7 @@ public:
  struct timeval sent;
  /* Time the previous probe was sent, if this is a retransmit (tryno > 0) */
  struct timeval prevSent;
-  bool isPing() {
+  bool isPing() const {
    return pingseq > 0;
  }
@@ -253,7 +253,7 @@ public:
  ~GroupScanStats();
  void probeSent(unsigned int nbytes);
  /* Returns true if the GLOBAL system says that sending is OK. */
-  bool sendOK(struct timeval *when);
+  bool sendOK(struct timeval *when) const;
  /* Total # of probes outstanding (active) for all Hosts */
  int num_probes_active;
  UltraScanInfo *USI; /* The USI which contains this GSS.  Use for at least
@@ -318,8 +318,8 @@ public:
  Target *target; /* A copy of the Target that these stats refer to. */
  HostScanStats(Target *t, UltraScanInfo *UltraSI);
  ~HostScanStats();
-  bool freshPortsLeft(); /* Returns true if there are ports remaining to probe */
+  bool freshPortsLeft() const; /* Returns true if there are ports remaining to probe */
-  int numFreshPortsLeft(); /* Returns the number of ports remaining to probe */
+  int numFreshPortsLeft() const; /* Returns the number of ports remaining to probe */
  int next_portidx; /* Index of the next port to probe in the relevant
                       ports array in USI.ports */
  bool sent_arp; /* Has an ARP probe been sent for the target yet? */
@@ -357,25 +357,25 @@ public:
     before considering it timed out.  Uses the host values from
     target if they are available, otherwise from gstats.  Results
     returned in MICROseconds.  */
-  unsigned long probeTimeout();
+  unsigned long probeTimeout() const;
  /* How long I'll wait until completely giving up on a probe.
     Timedout probes are often marked as such (and sometimes
     considered a drop), but kept in the list juts in case they come
     really late.  But after probeExpireTime(), I don't waste time
     keeping them around. Give in MICROseconds */
-  unsigned long probeExpireTime(const UltraProbe *probe);
+  unsigned long probeExpireTime(const UltraProbe *probe) const;
  /* Returns OK if sending a new probe to this host is OK (to avoid
     flooding). If when is non-NULL, fills it with the time that sending
     will be OK assuming no pending probes are resolved by responses
     (call it again if they do).  when will become now if it returns
     true. */
-  bool sendOK(struct timeval *when);
+  bool sendOK(struct timeval *when) const;
  /* If there are pending probe timeouts, fills in when with the time of
     the earliest one and returns true.  Otherwise returns false and
     puts now in when. */
-  bool nextTimeout(struct timeval *when);
+  bool nextTimeout(struct timeval *when) const;
  UltraScanInfo *USI; /* The USI which contains this HSS */
  /* Removes a probe from probes_outstanding, adjusts HSS and USS
@@ -407,7 +407,7 @@ public:
     necessary.  Note that probes on probe_bench are not included
     in this value. */
  unsigned int num_probes_waiting_retransmit;
-  unsigned int num_probes_outstanding() {
+  unsigned int num_probes_outstanding() const {
    return probes_outstanding.size();
  }
@@ -438,7 +438,7 @@ public:
  /* Move all members of bench to retry_stack for probe retransmission */
  void retransmitBench();
-  bool completed(); /* Whether or not the scan of this Target has completed */
+  bool completed() const; /* Whether or not the scan of this Target has completed */
  struct timeval completiontime; /* When this Target completed */
  /* This function provides the proper cwnd and ssthresh to use.  It
@@ -446,7 +446,7 @@ public:
     responses have been received for this host, may look at others in
     the group.  For CHANGING this host's timing, use the timing
     memberval instead. */
-  void getTiming(struct ultra_timing_vals *tmng);
+  void getTiming(struct ultra_timing_vals *tmng) const;
  struct ultra_timing_vals timing;
  /* The most recently received probe response time -- initialized to scan start time. */
  struct timeval lastrcvd;
@@ -466,7 +466,7 @@ public:
     appropriate.  If mayincrease is non-NULL, it is set to whether
     the allowedTryno may increase again.  If it is false, any probes
     which have reached the given limit may be dealt with. */
-  unsigned int allowedTryno(bool *capped, bool *mayincrease);
+  unsigned int allowedTryno(bool *capped, bool *mayincrease) const;
  /* Provides the next ping sequence number.  This starts at one, goes
@@ -520,21 +520,21 @@ public:
 class UltraScanInfo {
 public:
  UltraScanInfo();
-  UltraScanInfo(std::vector<Target *> &Targets, struct scan_lists *pts, stype scantype) {
+  UltraScanInfo(std::vector<Target *> &Targets, const struct scan_lists *pts, stype scantype) {
    Init(Targets, pts, scantype);
  }
  ~UltraScanInfo();
  /* Must call Init if you create object with default constructor */
-  void Init(std::vector<Target *> &Targets, struct scan_lists *pts, stype scantp);
+  void Init(std::vector<Target *> &Targets, const struct scan_lists *pts, stype scantp);
-  unsigned int numProbesPerHost();
+  unsigned int numProbesPerHost() const;
  /* Consults with the group stats, and the hstats for every
     incomplete hosts to determine whether any probes may be sent.
     Returns true if they can be sent immediately.  If when is non-NULL,
     it is filled with the next possible time that probes can be sent
     (which will be now, if the function returns true */
-  bool sendOK(struct timeval *tv);
+  bool sendOK(struct timeval *tv) const;
  stype scantype;
  bool tcp_scan; /* scantype is a type of TCP scan */
  bool udp_scan;
@@ -558,7 +558,7 @@ public:
      rawprotoscan: 1;
  } ptech;
-  bool isRawScan();
+  bool isRawScan() const;
  struct timeval now; /* Updated after potentially meaningful delays.  This can
                         be used to save a call to gettimeofday() */
@@ -575,25 +575,25 @@ public:
  int removeCompletedHosts();
  /* Find a HostScanStats by its IP address in the incomplete and completed
     lists.  Returns NULL if none are found. */
-  HostScanStats *findHost(struct sockaddr_storage *ss);
+  HostScanStats *findHost(struct sockaddr_storage *ss) const;
-  double getCompletionFraction();
+  double getCompletionFraction() const;
-  unsigned int numIncompleteHosts() {
+  unsigned int numIncompleteHosts() const {
    return incompleteHosts.size();
  }
  /* Call this instead of checking for numIncompleteHosts() == 0 because it
     avoids a potential traversal of the list to find the size. */
-  bool incompleteHostsEmpty() {
+  bool incompleteHostsEmpty() const {
    return incompleteHosts.empty();
  }
-  bool numIncompleteHostsLessThan(unsigned int n);
+  bool numIncompleteHostsLessThan(unsigned int n) const;
-  unsigned int numInitialHosts() {
+  unsigned int numInitialHosts() const {
    return numInitialTargets;
  }
-  void log_overall_rates(int logt);
+  void log_overall_rates(int logt) const;
  void log_current_rates(int logt, bool update = true);
  /* Any function which messes with (removes elements from)
@@ -610,7 +610,7 @@ public:
  ScanProgressMeter *SPM;
  PacketRateMeter send_rate_meter;
-  struct scan_lists *ports;
+  const struct scan_lists *ports;
  int rawsd; /* raw socket descriptor */
  pcap_t *pd;
  eth_t *ethsd;
--- a/scan_engine_raw.cc
+++ b/scan_engine_raw.cc
@@ -111,13 +111,13 @@ u16 UltraProbe::dport() const {
 /* Pass an arp packet, including ethernet header. Must be 42bytes */
-void UltraProbe::setARP(u8 *arppkt, u32 arplen) {
+void UltraProbe::setARP(const u8 *arppkt, u32 arplen) {
  type = UP_ARP;
  mypspec.type = PS_ARP;
  return;
 }
-void UltraProbe::setND(u8 *ndpkt, u32 ndlen) {
+void UltraProbe::setND(const u8 *ndpkt, u32 ndlen) {
  type = UP_ND;
  mypspec.type = PS_ND;
  return;
@@ -127,12 +127,12 @@ void UltraProbe::setND(u8 *ndpkt, u32 ndlen) {
    internal IPProbe.  The relevant probespec is necessary for setIP
    because pspec.type is ambiguous with just the ippacket (e.g. a
    tcp packet could be PS_PROTO or PS_TCP). */
-void UltraProbe::setIP(u8 *ippacket, u32 len, const probespec *pspec) {
+void UltraProbe::setIP(const u8 *ippacket, u32 len, const probespec *pspec) {
-  struct ip *ip = (struct ip *) ippacket;
+  const struct ip *ip = (const struct ip *) ippacket;
-  struct tcp_hdr *tcp = NULL;
+  const struct tcp_hdr *tcp = NULL;
-  struct udp_hdr *udp = NULL;
+  const struct udp_hdr *udp = NULL;
-  struct sctp_hdr *sctp = NULL;
+  const struct sctp_hdr *sctp = NULL;
-  struct ppkt *icmp = NULL;
+  const struct ppkt *icmp = NULL;
  const void *data;
  u8 hdr;
@@ -144,7 +144,7 @@ void UltraProbe::setIP(u8 *ippacket, u32 len, const probespec *pspec) {
    probes.IP.ipid = ntohs(ip->ip_id);
    hdr = ip->ip_p;
  } else if (ip->ip_v == 6) {
-    const struct ip6_hdr *ip6 = (struct ip6_hdr *) ippacket;
+    const struct ip6_hdr *ip6 = (const struct ip6_hdr *) ippacket;
    data = ipv6_get_data_any(ip6, &len, &hdr);
    assert(data != NULL);
    assert(len == (u32) ntohs(ip6->ip6_plen));
@@ -156,21 +156,21 @@ void UltraProbe::setIP(u8 *ippacket, u32 len, const probespec *pspec) {
  if (hdr == IPPROTO_TCP) {
    assert(len >= sizeof(struct tcp_hdr));
-    tcp = (struct tcp_hdr *) data;
+    tcp = (const struct tcp_hdr *) data;
    probes.IP.pd.tcp.sport = ntohs(tcp->th_sport);
    probes.IP.pd.tcp.seq = ntohl(tcp->th_seq);
  } else if (hdr == IPPROTO_UDP) {
    assert(len >= sizeof(struct udp_hdr));
-    udp = (struct udp_hdr *) data;
+    udp = (const struct udp_hdr *) data;
    probes.IP.pd.udp.sport = ntohs(udp->uh_sport);
  } else if (hdr == IPPROTO_SCTP) {
    assert(len >= sizeof(struct sctp_hdr));
-    sctp = (struct sctp_hdr *) data;
+    sctp = (const struct sctp_hdr *) data;
    probes.IP.pd.sctp.sport = ntohs(sctp->sh_sport);
    probes.IP.pd.sctp.vtag = ntohl(sctp->sh_vtag);
  } else if ((ip->ip_v == 4 && hdr == IPPROTO_ICMP) || (ip->ip_v == 6 && hdr == IPPROTO_ICMPV6)) {
    assert(len >= sizeof(struct ppkt));
-    icmp = (struct ppkt *) data;
+    icmp = (const struct ppkt *) data;
    probes.IP.pd.icmp.ident = ntohs(icmp->id);
  }
--- a/service_scan.cc
+++ b/service_scan.cc
@@ -939,7 +939,7 @@ int ServiceProbeMatch::getVersionStr(const u8 *subject, int subjectlen,
                  char *devicetype, int devicetypelen,
                  char *cpe_a, int cpe_alen,
                  char *cpe_h, int cpe_hlen,
-                  char *cpe_o, int cpe_olen) {
+                  char *cpe_o, int cpe_olen) const {
  int rc;
  assert(productlen >= 0 && versionlen >= 0 && infolen >= 0 &&
@@ -1222,8 +1222,8 @@ void ServiceProbe::setProbablePorts(enum service_tunnel_type tunnel,
  /* Returns true if the passed in port is on the list of probable
     ports for this probe and tunnel type.  Use a tunnel of
     SERVICE_TUNNEL_SSL or SERVICE_TUNNEL_NONE as appropriate */
-bool ServiceProbe::portIsProbable(enum service_tunnel_type tunnel, u16 portno) {
+bool ServiceProbe::portIsProbable(enum service_tunnel_type tunnel, u16 portno) const {
-  std::vector<u16> *portv;
+  const std::vector<u16> *portv;
  portv = (tunnel == SERVICE_TUNNEL_SSL)? &probablesslports : &probableports;
@@ -1234,8 +1234,8 @@ bool ServiceProbe::portIsProbable(enum service_tunnel_type tunnel, u16 portno) {
 // Returns true if the passed in service name is among those that can
  // be detected by the matches in this probe;
-bool ServiceProbe::serviceIsPossible(const char *sname) {
+bool ServiceProbe::serviceIsPossible(const char *sname) const {
-  std::vector<const char *>::iterator vi;
+  std::vector<const char *>::const_iterator vi;
  for(vi = detectedServices.begin(); vi != detectedServices.end(); vi++) {
    if (strcmp(*vi, sname) == 0)
@@ -1279,7 +1279,7 @@ void ServiceProbe::addMatch(const char *match, int lineno) {
 /* Parses the given nmap-service-probes file into the AP class Must
   NOT be made static because I have external maintenance tools
   (servicematch) which use this */
-void parse_nmap_service_probe_file(AllProbes *AP, char *filename) {
+void parse_nmap_service_probe_file(AllProbes *AP, const char *filename) {
  ServiceProbe *newProbe = NULL;
  char line[2048];
  int lineno = 0;
@@ -1468,8 +1468,8 @@ AllProbes::~AllProbes() {
  // given name and protocol. If no match is found for the requested
  // protocol it will try to find matches on any protocol.
  // It can return the NULL probe.
-ServiceProbe *AllProbes::getProbeByName(const char *name, int proto) {
+ServiceProbe *AllProbes::getProbeByName(const char *name, int proto) const {
-  std::vector<ServiceProbe *>::iterator vi;
+  std::vector<ServiceProbe *>::const_iterator vi;
  if (proto == IPPROTO_TCP && nullProbe && strcmp(nullProbe->getName(), name) == 0)
    return nullProbe;
@@ -1498,7 +1498,7 @@ ServiceProbe *AllProbes::getProbeByName(const char *name, int proto) {
 // Note that although getpts() can set protocols (for protocol
 // scanning), this is ignored here because you can't version
 // scan protocols.
-int AllProbes::isExcluded(unsigned short port, int proto) {
+int AllProbes::isExcluded(unsigned short port, int proto) const {
  unsigned short *p=NULL;
  int count=-1,i;
@@ -2182,7 +2182,7 @@ static void considerPrintingStats(nsock_pool nsp, ServiceGroup *SG) {
 /* Check if target is done (no more probes remaining for it in service group),
   and responds appropriately if so */
 static void handleHostIfDone(ServiceGroup *SG, Target *target) {
-  std::list<ServiceNFO *>::iterator svcI;
+  std::list<ServiceNFO *>::const_iterator svcI;
  bool found = false;
  for(svcI = SG->services_in_progress.begin();
--- a/service_scan.h
+++ b/service_scan.h
@@ -151,10 +151,10 @@ class ServiceProbeMatch {
  // execution.  If no version matched, that field will be NULL.
  const struct MatchDetails *testMatch(const u8 *buf, int buflen);
 // Returns the service name this matches
-  const char *getName() { return servicename; }
+  const char *getName() const { return servicename; }
  // The Line number where this match string was defined.  Returns
  // -1 if unknown.
-  int getLineNo() { return deflineno; }
+  int getLineNo() const { return deflineno; }
 private:
  int deflineno; // The line number where this match is defined.
  bool isInitialized; // Has InitMatch yet been called?
@@ -196,7 +196,7 @@ class ServiceProbeMatch {
                  char *devicetype, int devicetypelen,
                  char *cpe_a, int cpe_alen,
                  char *cpe_h, int cpe_hlen,
-                  char *cpe_o, int cpe_olen);
+                  char *cpe_o, int cpe_olen) const;
 };
@@ -204,13 +204,10 @@ class ServiceProbe {
 public:
  ServiceProbe();
  ~ServiceProbe();
-  const char *getName() { return probename; }
+  const char *getName() const { return probename; }
  // Returns true if this is the "null" probe, meaning it sends no probe and
  // only listens for a banner.  Only TCP services have this.
-  bool isNullProbe() { return (probestringlen == 0); }
+  bool isNullProbe() const { return (probestringlen == 0); }
  bool isProbablePort(u16 portno); // Returns true if the portnumber given was listed
                                   // as a port that is commonly identified by this
                                   // probe (e.g. an SMTP probe would commonly identify port 25)
 // Amount of time to wait after a connection succeeds (or packet sent) for a responses.
  int totalwaitms;
  // If the connection succeeds but closes before this time, it's tcpwrapped.
@@ -226,11 +223,11 @@ class ServiceProbe {
  // obtains the probe string (in raw binary form) and the length.  The string will be
  // NUL-terminated, but there may be other \0 in the string, so the termination is only
  // done for ease of printing ASCII probes in debugging cases.
-  const u8 *getProbeString(int *stringlen) { *stringlen = probestringlen; return probestring; }
+  const u8 *getProbeString(int *stringlen) const { *stringlen = probestringlen; return probestring; }
  void setProbeString(const u8 *ps, int stringlen);
  /* Protocols are IPPROTO_TCP and IPPROTO_UDP */
-  u8 getProbeProtocol() {
+  u8 getProbeProtocol() const {
    assert(probeprotocol == IPPROTO_TCP || probeprotocol == IPPROTO_UDP);
    return probeprotocol;
  }
@@ -250,10 +247,10 @@ class ServiceProbe {
  /* Returns true if the passed in port is on the list of probable
     ports for this probe and tunnel type.  Use a tunnel of
     SERVICE_TUNNEL_SSL or SERVICE_TUNNEL_NONE as appropriate */
-  bool portIsProbable(enum service_tunnel_type tunnel, u16 portno);
+  bool portIsProbable(enum service_tunnel_type tunnel, u16 portno) const;
  // Returns true if the passed in service name is among those that can
  // be detected by the matches in this probe;
-  bool serviceIsPossible(const char *sname);
+  bool serviceIsPossible(const char *sname) const;
  // Takes a string following a Rarity directive in the probes file.
  // The string should contain a single integer between 1 and 9. The
@@ -308,7 +305,7 @@ public:
  // given name and protocol. If no match is found for the requested
  // protocol it will try to find matches on any protocol.
  // It can return the NULL probe.
-  ServiceProbe *getProbeByName(const char *name, int proto);
+  ServiceProbe *getProbeByName(const char *name, int proto) const;
  std::vector<ServiceProbe *> probes; // All the probes except nullProbe
  ServiceProbe *nullProbe; // No probe text - just waiting for banner
@@ -321,7 +318,7 @@ public:
  // fallbackStrs.
  void compileFallbacks();
-  int isExcluded(unsigned short port, int proto);
+  int isExcluded(unsigned short port, int proto) const;
  bool excluded_seen;
  struct scan_lists excludedports;
@@ -337,7 +334,7 @@ protected:
 /* Parses the given nmap-service-probes file into the AP class Must
   NOT be made static because I have external maintenance tools
   (servicematch) which use this */
-void parse_nmap_service_probe_file(AllProbes *AP, char *filename);
+void parse_nmap_service_probe_file(AllProbes *AP, const char *filename);
 /* Execute a service fingerprinting scan against all open ports of the
   Targets specified. */
--- a/targets.cc
+++ b/targets.cc
@@ -191,12 +191,12 @@ int load_exclude_string(struct addrset *excludelist, const char *s) {
 /* A debug routine to dump some information to stdout. Invoked if debugging is
   set to 4 or higher. */
-int dumpExclude(struct addrset *exclude_group) {
+int dumpExclude(const struct addrset *exclude_group) {
  addrset_print(stdout, exclude_group);
  return 1;
 }
-static void massping(Target *hostbatch[], int num_hosts, struct scan_lists *ports) {
+static void massping(Target *hostbatch[], int num_hosts, const struct scan_lists *ports) {
  static struct timeout_info group_to = { 0, 0, 0 };
  static char prev_device_name[16] = "";
  const char *device_name;
@@ -424,7 +424,7 @@ bail:
 }
 static Target *next_target(HostGroupState *hs, struct addrset *exclude_group,
-  struct scan_lists *ports, int pingtype) {
+  const struct scan_lists *ports, int pingtype) {
  struct sockaddr_storage ss;
  size_t sslen;
  Target *t;
@@ -481,7 +481,7 @@ tryagain:
 }
 static void refresh_hostbatch(HostGroupState *hs, struct addrset *exclude_group,
-  struct scan_lists *ports, int pingtype) {
+  const struct scan_lists *ports, int pingtype) {
  int i;
  bool arpping_done = false;
  struct timeval now;
@@ -575,7 +575,7 @@ static void refresh_hostbatch(HostGroupState *hs, struct addrset *exclude_group,
 }
 Target *nexthost(HostGroupState *hs, struct addrset *exclude_group,
-                 struct scan_lists *ports, int pingtype) {
+                 const struct scan_lists *ports, int pingtype) {
  if (hs->next_batch_no >= hs->current_batch_sz)
    refresh_hostbatch(hs, exclude_group, ports, pingtype);
  if (hs->next_batch_no >= hs->current_batch_sz)
--- a/targets.h
+++ b/targets.h
@@ -107,11 +107,11 @@ public:
 /* ports is used to pass information about what ports to use for host discovery */
 Target *nexthost(HostGroupState *hs, struct addrset *exclude_group,
-                 struct scan_lists *ports, int pingtype);
+                 const struct scan_lists *ports, int pingtype);
 int load_exclude_file(struct addrset *exclude_group, FILE *fp);
 int load_exclude_string(struct addrset *exclude_group, const char *s);
 /* a debugging routine to dump an exclude list to stdout. */
-int dumpExclude(struct addrset *exclude_group);
+int dumpExclude(const struct addrset *exclude_group);
 /* Returns the last host obtained by nexthost.  It will be given again the next
   time you call nexthost(). */
 void returnhost(HostGroupState *hs);
--- a/tcpip.cc
+++ b/tcpip.cc
@@ -1787,7 +1787,7 @@ int recvtime(int sd, char *buf, int len, int seconds, int *timedout) {
   parameters (if non-null) are filled with 0.  Remember that the
   correct way to check for errors is to look at the return value
   since a zero ts or echots could possibly be valid. */
-int gettcpopt_ts(struct tcp_hdr *tcp, u32 *timestamp, u32 *echots) {
+int gettcpopt_ts(const struct tcp_hdr *tcp, u32 *timestamp, u32 *echots) {
  unsigned char *p;
  int len = 0;
--- a/tcpip.h
+++ b/tcpip.h
@@ -369,7 +369,7 @@ const u8 *readip_pcap(pcap_t *pd, unsigned int *len, long to_usec,
   parameters (if non-null) are filled with 0.  Remember that the
   correct way to check for errors is to look at the return value
   since a zero ts or echots could possibly be valid. */
-int gettcpopt_ts(struct tcp_hdr *tcp, u32 *timestamp, u32 *echots);
+int gettcpopt_ts(const struct tcp_hdr *tcp, u32 *timestamp, u32 *echots);
 /* Maximize the receive buffer of a socket descriptor (up to 500K) */
 void max_rcvbuf(int sd);