improve R (responsiveness) test merging in fingerfix

scripts/fingerdiff.cc

@@ -128,8 +128,8 @@ int main(int argc, char *argv[]) {
   double accuracy;
   char sourcefile[MAXPATHLEN];
   int sourceline=-1;
-  char referenceFPString[2048];
-  char observedFPString[2048];
+  char referenceFPString[8192];
+  char observedFPString[8192];
   char line[512];
   char *p, *endptr;
   int i;

scripts/fingerfix.cc

@@ -163,6 +163,49 @@ static void merge_gcd(struct AVal *result, char values[][AVLEN], int num) {
   }
 }
 
+  /* The "R" tests designate whether a response was
+	       received.  These can be tricky because packets (probe
+	       or response) may have been dropped on the network
+	       between the source and target host. So in a merge
+	       between an "N" and a "Y", the result is simply "Y".
+	       But if we are given an "R=N|Y" (which would have been
+	       done manually), we preserve it rather than dropping the
+	       N. */
+static void merge_response_element(const char *testname, struct AVal *result, 
+				   char values[][AVLEN], int num) {
+  bool yesrequired = false;
+  bool norequired = false;
+  bool foundno = false;
+  int i;
+
+  assert(num > 0);
+  
+  // look at the values
+  for(i = 0; i < num; i++) {
+    if (strcmp(values[i], "Y") == 0)
+      yesrequired = true;
+    else if (strcmp(values[i], "N|Y") == 0 || strcmp(values[i], "Y|N") == 0)
+      yesrequired = norequired = true;
+    else if (strcmp(values[i], "N") == 0)
+      foundno = true;
+    else fatal("[ERRO] Bogus R value \"%s\" discuvered (should be N, Y, or N|Y)", values[i]);
+  }
+
+  // Now decide on the results
+  if (yesrequired && norequired)
+    Strncpy(result->value, "N|Y", AVLEN);
+  else if (yesrequired) {
+    Strncpy(result->value, "Y", AVLEN);
+    if (foundno)
+      printf("[WARN] Ignoring test %s.%s \"N\" value because it was found \"Y\" in another instance\n", testname, result->attribute);
+  }
+  else
+    Strncpy(result->value, "N", AVLEN);
+
+
+  return;
+}
+
 static void merge_sp_or_isr(struct AVal *result, char values[][AVLEN], int num) {
   // Fingerfix should expand elements based on observed deviation.
   // So if a fingerprint comes in with SP=0x9C (and that is the only
@@ -273,7 +316,7 @@ int main(int argc, char *argv[]) {
   FingerPrint *observedFP;
   FingerPrint *resultFP;
   FingerPrint *resultFPLine, *observedFPLine;
-  char observedFPString[10240];
+  char observedFPString[8192];
   char resultTemplate[] = {"SEQ(SP=%GCD=%ISR=%TI=%II=%SS=%TS=)\n"
 						   "OPS(O1=%O2=%O3=%O4=%O5=%O6=)\n"
 						   "WIN(W1=%W2=%W3=%W4=%W5=%W6=)\n"
@@ -390,6 +433,16 @@ int main(int argc, char *argv[]) {
 		    (strcmp(resultAV->attribute, "SP") == 0 || strcmp(resultAV->attribute, "ISR") == 0)) {
 	    // SEQ.SP or SEQ.ISR
 	    merge_sp_or_isr(resultAV, values, avnum);
+	  } else if (strcmp(resultAV->attribute, "R") == 0) {
+	    /* The "R" tests designate whether a response was
+	       received.  These can be tricky because packets (probe
+	       or response) may have been dropped on the network
+	       between the source and target host. So in a merge
+	       between an "N" and a "Y", the result is simply "Y".
+	       But if we are given an "R=N|Y" (which would have been
+	       done manually), we preserve it rather than dropping the
+	       N. */
+	    merge_response_element(resultFPLine->name, resultAV, values, avnum);
 	  } else {
 	    // common merge
 	    sort_and_merge(resultAV, values, avnum, STR);

scripts/fingerlib.cc

@@ -314,6 +314,7 @@ int remove_duplicate_tests(FingerPrint *FP) {
 	inner->next = inner->next->next;
 	free(tmp);
       }
+      if (!inner->next) break;
     }
   }
 

scripts/fingermatch.cc

@@ -121,7 +121,7 @@ int main(int argc, char *argv[]) {
   FingerPrint **reference_FPs = NULL;
   FingerPrint *testFP;
   struct FingerPrintResults FPR;
-  char fprint[2048];
+  char fprint[8192];
   int i, rc;
   char gen[128]; /* temporary buffer for os generation part of classification */
   if (argc != 2)