PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-01-20 13:19:01 +00:00
Code Issues Projects Releases Wiki Activity

Updated my nsock todo list

Browse Source 
Reworked the nsock roadmap according to what my latest tests and (mostly not
convincing) experiments revealed.
This commit is contained in:
henri
2013-10-09 18:45:59 +00:00
parent 20cf95553b
commit f420761f91
1 changed files with 24 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
todo/henri.txt
View File

@@ -1,17 +1,21 @@
o Replace event lists by more efficient data structures. Consider using
a radix tree to map event IDs to pointers. Another solution would
be to put them all into a single RB-tree (TODO: validate BSD_HACK_MODE
& stuff). Encoding the event type in the ID's MSB would let us do inorder
traversal with connect events first, then read, then write...
o Proper SSL support in proxy mode.
- A naive implementation relying on the current code would probably look
horrible (at least my own attempts did). I believe that nsock should
internally be able to SSLify a plain TCP connection. It doesn't have to be
exported but it should be implemented just like the other operations. Then
it would be trivial (and clean) for the library to SSLify the channel
established by the proxy hooks.
o Don't drop pending writes when deleting the corresponding IOD. For nsock to
behave a bit like standard BSD sockets we should flush writes on close. (OTOH
anything which isn't ack'ed has no meaning, caller can still cancel it
typically...)
o Give IODs their own methods to streamline the code and get rid of all
the special cases in nsock_core.c. This would also make it easier to
hook operations (typically: override the default iod_connect() method
to establish a proxy chain).
o Fix the read API
o Rework the filespace code to avoid unneeded data copy. Scatter/gather
I/O might be useful there.
o Proper SSL support
o Authentication
o Fix the read API (!)
o Profile the pcap code. It needs cleanup (for sure) and optimizations (maybe).
o Proxy authentication
o Handle socks4a
- This requires to figure out how to trigger proxy code without
resolving target hostname first. The problem is that the proxy code
@@ -22,3 +26,13 @@ o Handle socks4a
or if it should simply provide an API to plug an external system.
o Socks5 support
o Some code is copied from ncat. I should move it to nbase.
o Replace event lists by more efficient data structures. Consider using
a radix tree to map event IDs to pointers. Another solution would
be to put them all into a single RB-tree (TODO: validate BSD_HACK_MODE
& stuff). Encoding the event type in the ID's MSB would let us do inorder
traversal with connect events first, then read, then write...
{NOTE: It'd be cool for the beauty of it, but my tests reveal that as of Oct.
2013 there's no big bottleneck there.}
o Rework the filespace code to avoid unneeded data copy. Scatter/gather
I/O might be useful there. Same task can also be expressed as: "profile and
optimize the usual nmap nsock I/O patterns."