about to do more os fingerprint integration

CHANGELOG

@@ -1,4 +1,18 @@
 # Nmap Changelog ($Id$); -*-text-*-
+4.20
+
+o Fixed (I hope) the "getinterfaces: intf_loop() failed" error which
+  was seen on Windows Vista.  The problem was apparently in
+  intf-win32.c of libcnet (need to define MIB_IF_TYPE_MAX to
+  MAX_IF_TYPE rather than 32).  Thanks to Dan Griffin
+  (dan(a)jwsecure.com) for tracking this down!
+
+o Applied a couple minor bug fixes from Marek Majkowski to IP options
+  support (which he previously added) and packet tracing.
+
+o Incorporated SLNP (Simple Library Network Protocol) version
+  detection support.  Thanks to Tibor Csogor (tibi(a)tiborius.net) for
+  the patch.
 
 4.20RC1
 

libdnet-stripped/NMAP_MODIFICATIONS

@@ -297,3 +297,16 @@ Index: src/intf.c
                 return (-1);
         entry->intf_mtu = ifr.ifr_mtu;
 
+o Made the following change for Windows Vista support (thanks to Dan
+Griffin):
+--- old/intf-win32.c        2005-12-28 16:30:38.000000000 -0800
++++ intf-win32.c        2006-11-26 20:46:13.000000000 -0800
+@@ -31,7 +31,7 @@
+        int              max;
+ };
+
+-#define MIB_IF_TYPE_MAX         32     /* XXX - ipifcons.h */
++#define MIB_IF_TYPE_MAX                MAX_IF_TYPE     /* XXX - ipifcons.h */
+
+ struct intf_handle {
+        struct ifcombo   ifcombo[MIB_IF_TYPE_MAX];

libdnet-stripped/src/intf-win32.c

@@ -31,7 +31,7 @@ struct ifcombo {
 	int		 max;
 };
 
-#define MIB_IF_TYPE_MAX	 32	/* XXX - ipifcons.h */
+#define MIB_IF_TYPE_MAX		MAX_IF_TYPE	/* XXX - ipifcons.h */
 
 struct intf_handle {
 	struct ifcombo	 ifcombo[MIB_IF_TYPE_MAX];

nmap-os-db

@@ -203,8 +203,7 @@ U1(DF=N%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=0%RUL=G%RUD=G)
 IE(DFI=S%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S)
 
 # Apple Mac OS 10.4.8/ppc (Darwin tetralyre 8.8.0 Darwin Kernel Version 8.8.0: Fri Sep  8 17:18:57 PDT
-# Darwin 8.8.1 Darwin Kernel Version 8.8.1: Mon Sep 25
-19:42:00 PDT 2006; root:xnu-792.13.8.obj~1/RELEASE_I386 i386 i386
+# Darwin 8.8.1 Darwin Kernel Version 8.8.1: Mon Sep 25 19:42:00 PDT 2006; root:xnu-792.13.8.obj~1/RELEASE_I386 i386 i386
 Fingerprint Apple Mac OS X 10.4.8 (Tiger)
 Class Apple | Mac OS X | 10.4.X | general purpose
 SEQ(SP=FB-105%GCD=<7%ISR=FF-10B%TI=I%II=I%SS=S%TS=0|1)
@@ -638,7 +637,8 @@ IE(DFI=S%T=FF%TG=FF%TOSI=S%CD=S%SI=S|OS:S%DLI=S)
 
 # D-Link DI-624 wireless router rev. C, firmware 2.76 (24 Aug 2006)
 # D-Link DI-524 WAP Firmware 1.21
-Fingerprint D-Link DI-624 or DI-524 WAP
+# D-Link DI-604, firmware 3.52
+Fingerprint D-Link DI-524, DI-604, or DI-624 WAP
 Class D-Link | embedded || broadband router
 SEQ(SP=B-15%GCD=FA7F|1F4FE|2EF7D|3E9FC|4E47B|5DEFA%ISR=96-A0%TI=I%II=I%SS=S%TS=U)
 OPS(O1=M5B0%O2=M5B0%O3=M5B0%O4=M5B0%O5=M5B0%O6=M5B0)

nmap-services

@@ -1844,6 +1844,8 @@ ppp               3000/tcp   # User-level ppp daemon, or chili!soft asp
 nessusd           3001/tcp   # Nessus Security Scanner (www.nessus.org) Daemon or chili!soft asp
 deslogin          3005/tcp   # encrypted symmetric telnet/login
 deslogind         3006/tcp   # 
+slnp              3025/tcp   # SLNP (Simple Library Network Protocol) by Sisis Informationssysteme GmbH
+slnp              3045/tcp   # SLNP (Simple Library Network Protocol) by Sisis Informationssysteme GmbH
 cfs               3049/tcp   # cryptographic file system (nfs) (proposed)
 cfs               3049/udp   # cryptographic file system (nfs)
 PowerChute        3052/tcp
@@ -1859,11 +1861,15 @@ ccmail            3264/udp   # cc:mail/lotus
 globalcatLDAP     3268/tcp   # Global Catalog LDAP
 globalcatLDAPssl  3269/tcp   # Global Catalog LDAP over ssl
 meetingmaker      3292/tcp   # Meeting maker time management software
+saprouter         3299/tcp   # SAProuter
 mysql             3306/tcp   # mySQL
 dec-notes         3333/tcp   # DEC Notes
 dec-notes         3333/udp   # DEC Notes
 msdtc             3372/tcp   # MS distributed transaction coordinator
 ms-term-serv      3389/tcp   # Microsoft Remote Display Protocol
+saposs            3397/tcp   # SAP Oss
+sapcomm           3398/tcp   # SAPcomm
+sapeps            3399/tcp   # SAP EPS
 squid-snmp        3401/udp   # Squid proxy SNMP port
 bmap              3421/tcp   # Bull Apprise portmapper
 bmap              3421/udp   # Bull Apprise portmapper
@@ -2119,6 +2125,7 @@ http-alt          8000/tcp   # A common alternative http port
 ajp12             8007/tcp   # Apache JServ Protocol 1.x
 ajp13             8009/tcp   # Apache JServ Protocol 1.3
 ftp-proxy         8021/tcp   # Common FTP proxy port
+slnp              8076/tcp   # SLNP (Simple Library Network Protocol) by Sisis Informationssysteme GmbH
 http-proxy        8080/tcp   # Common HTTP proxy/second web server port
 blackice-icecap   8081/tcp   # ICECap user console
 blackice-alerts   8082/tcp   # BlackIce Alerts sent to this port

tcpip.cc

@@ -487,7 +487,7 @@ static const char *ippackethdrinfo(const u8 *packet, u32 len) {
 	       srchost, ntohs(tcp->th_sport), dsthost, ntohs(tcp->th_dport), ipinfo, tcpinfo);
     } else { // at least first 16 bytes of TCP header are there
 
-      snprintf(tcpinfo, sizeof(tcpinfo), "seq=%lu win=%hi", 
+      snprintf(tcpinfo, sizeof(tcpinfo), "seq=%lu win=%hu", 
 	       (unsigned long) ntohl(tcp->th_seq),
 	       ntohs(tcp->th_win));
       p = tflags;
@@ -500,7 +500,7 @@ static const char *ippackethdrinfo(const u8 *packet, u32 len) {
 	*p++ = 'A';
 	snprintf(buf, sizeof(buf), " ack=%lu", 
 		 (unsigned long) ntohl(tcp->th_ack));
-	strncat(tcpinfo, buf, sizeof(tcpinfo) - 1);
+	strncat(tcpinfo, buf, sizeof(tcpinfo) - strlen(tcpinfo) - 1);
       }
       if (tcp->th_flags & TH_URG) *p++ = 'U';
       if (tcp->th_flags & TH_ECE) *p++ = 'E'; /* rfc 2481/3168 */