We should have the multiprotocol version be the main version, with
IPv4-only code being a noted exception. Also these functions are almost
the same so one can call the other.
returning floating-point seconds. Everywhere o.TimeSinceStartMS was
called, the return value was being divided by 1000.0, which had the same
effect but would overflow when the difference exceeded about 25 days
(2^31 milliseconds). This patch is by Daniel Miller.
changes. The first is that Port objects don't allocate memory for
service and RPC results unless that information is set. This reduces the
size of a bare Port from 92 to 40 bytes on my machine. The second change
is that PortList now has the notion of a "default port state," which is
the state of any ports that didn't receive a response. These ports don't
need an allocated Port object, which saves a lot of memory in scans
where most ports didn't get a response.
FingerTest structures are supposed to have an array of AVals that are
allocated as a block and linked internally. But for OPS and WIN, each
AVal was allocated individually and linked together. When the FingerTest
was later freed, it freed only the first link in the chain.
TCP timestamp clock frequency uses large timestamp values, such that
a naive uptime calculation shows a boot time before the epoch. Also
fixed a printf format specifier mismatch that was revealed by the
overflow. Toby Simmons reported the problem and helped with the fix.
the network distance in SCAN.DS was calculated. Its value can be "L"
for localhost, "D" for a direct connection, "I" for an ICMP TTL
calculation, and "T" for a traceroute hop count. This is mainly for
the benefit of OS integration, when it is sometimes important to
distinguish between DS=1%DC=I (probably the result of forged TTLs)
and DS=1%DC=D (a true one-hop connection.) [David]
including alias extension, in several places to avoid this error message
when an alias has an IP address but the primary interface doesn't:
Failed to lookup subnet/netmask for device (venet0): venet0: no IPv4 address assigned
The patch also considers an interface alias if the primary interface
does not appear in the list of interfaces (perhaps because it does not
have an IP address assigned) when building the table of routes.
should prevent name collisions with internal but exported functions
in shared libraries Nmap links against (e.g. adler32() in zlib).
Such collisions seem to confuse the runtime linker on some platforms.
[Daniel Roethlisberger]
fingerprints: U1.RUL, U1.TOS, IE.DLI, IE.SI, and IE.TOSI. URL, DLI,
and SI were found not be helpful in distinguishing operating systems
because they didn't vary. TOS and TOSI were disabled in 4.85BETA1
but now they are not included in prints at all.
response was received, not zero. Because four responses are sufficient, the
message will be printed if one, two, or three reponses were received. The
message started being printed with zero responses in r12285, with an unrelated
change.
The message also now includes the IP address of the relevant host and requires
debugging to be enabled.
This adds a new SEQ.CI OS detection test. It is based on the IP IDs of the
responses to the three probes sent to a closed port: T5, T6, and T7. This has
been reported to differ from TI and was observed to do so in Internet scans
using the nmap-closed-ipid branch.
