mirror of
https://github.com/nmap/nmap.git
synced 2025-12-21 23:19:03 +00:00
improve R (responsiveness) test merging in fingerfix
This commit is contained in:
fyodor
@@ -128,8 +128,8 @@ int main(int argc, char *argv[]) {
|
|||||||
double accuracy;
|
double accuracy;
|
||||||
char sourcefile[MAXPATHLEN];
|
char sourcefile[MAXPATHLEN];
|
||||||
int sourceline=-1;
|
int sourceline=-1;
|
||||||
char referenceFPString[2048];
|
char referenceFPString[8192];
|
||||||
char observedFPString[2048];
|
char observedFPString[8192];
|
||||||
char line[512];
|
char line[512];
|
||||||
char *p, *endptr;
|
char *p, *endptr;
|
||||||
int i;
|
int i;
|
||||||
|
|||||||
@@ -163,6 +163,49 @@ static void merge_gcd(struct AVal *result, char values[][AVLEN], int num) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* The "R" tests designate whether a response was
|
||||||
|
received. These can be tricky because packets (probe
|
||||||
|
or response) may have been dropped on the network
|
||||||
|
between the source and target host. So in a merge
|
||||||
|
between an "N" and a "Y", the result is simply "Y".
|
||||||
|
But if we are given an "R=N|Y" (which would have been
|
||||||
|
done manually), we preserve it rather than dropping the
|
||||||
|
N. */
|
||||||
|
static void merge_response_element(const char *testname, struct AVal *result,
|
||||||
|
char values[][AVLEN], int num) {
|
||||||
|
bool yesrequired = false;
|
||||||
|
bool norequired = false;
|
||||||
|
bool foundno = false;
|
||||||
|
int i;
|
||||||
|
|
||||||
|
assert(num > 0);
|
||||||
|
|
||||||
|
// look at the values
|
||||||
|
for(i = 0; i < num; i++) {
|
||||||
|
if (strcmp(values[i], "Y") == 0)
|
||||||
|
yesrequired = true;
|
||||||
|
else if (strcmp(values[i], "N|Y") == 0 || strcmp(values[i], "Y|N") == 0)
|
||||||
|
yesrequired = norequired = true;
|
||||||
|
else if (strcmp(values[i], "N") == 0)
|
||||||
|
foundno = true;
|
||||||
|
else fatal("[ERRO] Bogus R value \"%s\" discuvered (should be N, Y, or N|Y)", values[i]);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Now decide on the results
|
||||||
|
if (yesrequired && norequired)
|
||||||
|
Strncpy(result->value, "N|Y", AVLEN);
|
||||||
|
else if (yesrequired) {
|
||||||
|
Strncpy(result->value, "Y", AVLEN);
|
||||||
|
if (foundno)
|
||||||
|
printf("[WARN] Ignoring test %s.%s \"N\" value because it was found \"Y\" in another instance\n", testname, result->attribute);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
Strncpy(result->value, "N", AVLEN);
|
||||||
|
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
static void merge_sp_or_isr(struct AVal *result, char values[][AVLEN], int num) {
|
static void merge_sp_or_isr(struct AVal *result, char values[][AVLEN], int num) {
|
||||||
// Fingerfix should expand elements based on observed deviation.
|
// Fingerfix should expand elements based on observed deviation.
|
||||||
// So if a fingerprint comes in with SP=0x9C (and that is the only
|
// So if a fingerprint comes in with SP=0x9C (and that is the only
|
||||||
@@ -273,7 +316,7 @@ int main(int argc, char *argv[]) {
|
|||||||
FingerPrint *observedFP;
|
FingerPrint *observedFP;
|
||||||
FingerPrint *resultFP;
|
FingerPrint *resultFP;
|
||||||
FingerPrint *resultFPLine, *observedFPLine;
|
FingerPrint *resultFPLine, *observedFPLine;
|
||||||
char observedFPString[10240];
|
char observedFPString[8192];
|
||||||
char resultTemplate[] = {"SEQ(SP=%GCD=%ISR=%TI=%II=%SS=%TS=)\n"
|
char resultTemplate[] = {"SEQ(SP=%GCD=%ISR=%TI=%II=%SS=%TS=)\n"
|
||||||
"OPS(O1=%O2=%O3=%O4=%O5=%O6=)\n"
|
"OPS(O1=%O2=%O3=%O4=%O5=%O6=)\n"
|
||||||
"WIN(W1=%W2=%W3=%W4=%W5=%W6=)\n"
|
"WIN(W1=%W2=%W3=%W4=%W5=%W6=)\n"
|
||||||
@@ -387,12 +430,22 @@ int main(int argc, char *argv[]) {
|
|||||||
// SEQ.GCD
|
// SEQ.GCD
|
||||||
merge_gcd(resultAV, values, avnum);
|
merge_gcd(resultAV, values, avnum);
|
||||||
} else if(strcmp(resultFPLine->name, "SEQ") == 0 &&
|
} else if(strcmp(resultFPLine->name, "SEQ") == 0 &&
|
||||||
(strcmp(resultAV->attribute, "SP") == 0 || strcmp(resultAV->attribute, "ISR") == 0)) {
|
(strcmp(resultAV->attribute, "SP") == 0 || strcmp(resultAV->attribute, "ISR") == 0)) {
|
||||||
// SEQ.SP or SEQ.ISR
|
// SEQ.SP or SEQ.ISR
|
||||||
merge_sp_or_isr(resultAV, values, avnum);
|
merge_sp_or_isr(resultAV, values, avnum);
|
||||||
|
} else if (strcmp(resultAV->attribute, "R") == 0) {
|
||||||
|
/* The "R" tests designate whether a response was
|
||||||
|
received. These can be tricky because packets (probe
|
||||||
|
or response) may have been dropped on the network
|
||||||
|
between the source and target host. So in a merge
|
||||||
|
between an "N" and a "Y", the result is simply "Y".
|
||||||
|
But if we are given an "R=N|Y" (which would have been
|
||||||
|
done manually), we preserve it rather than dropping the
|
||||||
|
N. */
|
||||||
|
merge_response_element(resultFPLine->name, resultAV, values, avnum);
|
||||||
} else {
|
} else {
|
||||||
// common merge
|
// common merge
|
||||||
sort_and_merge(resultAV, values, avnum, STR);
|
sort_and_merge(resultAV, values, avnum, STR);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -314,6 +314,7 @@ int remove_duplicate_tests(FingerPrint *FP) {
|
|||||||
inner->next = inner->next->next;
|
inner->next = inner->next->next;
|
||||||
free(tmp);
|
free(tmp);
|
||||||
}
|
}
|
||||||
|
if (!inner->next) break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -121,7 +121,7 @@ int main(int argc, char *argv[]) {
|
|||||||
FingerPrint **reference_FPs = NULL;
|
FingerPrint **reference_FPs = NULL;
|
||||||
FingerPrint *testFP;
|
FingerPrint *testFP;
|
||||||
struct FingerPrintResults FPR;
|
struct FingerPrintResults FPR;
|
||||||
char fprint[2048];
|
char fprint[8192];
|
||||||
int i, rc;
|
int i, rc;
|
||||||
char gen[128]; /* temporary buffer for os generation part of classification */
|
char gen[128]; /* temporary buffer for os generation part of classification */
|
||||||
if (argc != 2)
|
if (argc != 2)
|
||||||
|
|||||||
Reference in New Issue
Block a user