From 31bbb65c07e12cb3a89822a561609016b2923fd4 Mon Sep 17 00:00:00 2001
From: david <david@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Mon, 16 Jul 2012 18:11:20 +0000
Subject: [PATCH] Add implicitARPPing option to NmapOps.

---
 NmapOps.cc | 1 +
 NmapOps.h  | 7 +++++++
 targets.cc | 8 ++++----
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/NmapOps.cc b/NmapOps.cc
index 01044e741..35b384b33 100644
--- a/NmapOps.cc
+++ b/NmapOps.cc
@@ -319,6 +319,7 @@ void NmapOps::Initialize() {
   deprecated_xml_osclass = false;
   resolve_all = 0;
   dns_servers = NULL;
+  implicitARPPing = true;
   numhosts_scanned = 0;
   numhosts_up = 0;
   numhosts_scanning = 0;
diff --git a/NmapOps.h b/NmapOps.h
index 120104c62..88b3dead6 100644
--- a/NmapOps.h
+++ b/NmapOps.h
@@ -321,6 +321,13 @@ class NmapOps {
   int resolve_all;
   char *dns_servers;
 
+  /* Do IPv4 ARP or IPv6 ND scan of directly connected Ethernet hosts, even if
+     non-ARP host discovery options are used? This is normally more efficient,
+     not only because ARP/ND scan is faster, but because we need the MAC
+     addresses provided by ARP or ND scan in order to do IP-based host discovery
+     anyway. But when a network uses proxy ARP, all hosts will appear to be up
+     unless you do an IP host discovery on them. This option is true by default. */
+  bool implicitARPPing;
 
   // If true, write <os><osclass/><osmatch/></os> as in xmloutputversion 1.03
   // rather than <os><osmatch><osclass/></osmatch></os> as in 1.04 and later.
diff --git a/targets.cc b/targets.cc
index b058c71c7..3fb12e1ed 100644
--- a/targets.cc
+++ b/targets.cc
@@ -440,7 +440,8 @@ batchfull:
   if (hs->hostbatch[0]->ifType() == devt_ethernet && 
       hs->hostbatch[0]->af() == AF_INET &&
       hs->hostbatch[0]->directlyConnected() && 
-      o.sendpref != PACKET_SEND_IP_STRONG) {
+      o.sendpref != PACKET_SEND_IP_STRONG &&
+      o.implicitARPPing) {
     arpping(hs->hostbatch, hs->current_batch_sz);
     arpping_done = true;
   }
@@ -450,7 +451,8 @@ batchfull:
   if (hs->hostbatch[0]->ifType() == devt_ethernet &&
       hs->hostbatch[0]->af() == AF_INET6 &&
       hs->hostbatch[0]->directlyConnected() &&
-      o.sendpref != PACKET_SEND_IP_STRONG) {
+      o.sendpref != PACKET_SEND_IP_STRONG &&
+      o.implicitARPPing) {
     arpping(hs->hostbatch, hs->current_batch_sz);
     arpping_done = true;
   }
@@ -469,8 +471,6 @@ batchfull:
     }
   }
 
-  /* TODO: Maybe I should allow real ping scan of directly connected
-     ethernet hosts? */
   /* Then we do the mass ping (if required - IP-level pings) */
   if ((pingtype == PINGTYPE_NONE && !arpping_done) || hs->hostbatch[0]->ifType() == devt_loopback) {
     for (i=0; i < hs->current_batch_sz; i++) {