Miller reported that an EPROTO was causing Nmap to exit after sending
the Sqlping probe during service scan. The error message was
"Unexpected error in NSE_TYPE_READ callback. Error code: 71 (Protocol
error)". We suspect this was caused by a forged ICMP packet sent by an
active firewall.
already open. Rob Nicholls pointed out that setting the state
unconditionally results in multiple messages per port:
Discovered open port 3389/tcp
Discovered open port 3389/tcp
Discovered open port 3389/tcp
Discovered open port 3389/tcp
This is because setPortState has the side effect of printing a message.
scan response, instead of checking for a current state of
PORT_OPENFILTERED. The code calls getPortState, but the port may not
have been assigned a state, again because of the new Port allocation
architecture, so the function returns -1.
It would make sense to have getPortState return the default port state
if a Port has not been allocated, but there are two other places it is
used where the code relies on it returning -1 to indicate that a port
has not received a state yet.
changes. The first is that Port objects don't allocate memory for
service and RPC results unless that information is set. This reduces the
size of a bare Port from 92 to 40 bytes on my machine. The second change
is that PortList now has the notion of a "default port state," which is
the state of any ports that didn't receive a response. These ports don't
need an allocated Port object, which saves a lot of memory in scans
where most ports didn't get a response.
substitutions more explicit. Formerly the number of arguments was
checked implicitly by checking their type (that they had a specific type
and were not SUBSTARGS_ARGTYPE_NONE), but this makes it clearer.
a layer 4 protocol used mostly for telephony related applications.
This brings the following new features:
o SCTP INIT chunk port scan (-sY): open ports return an INIT-ACK
chunk, closed ones an ABORT chunk. This is the SCTP equivalent
of a TCP SYN stealth scan.
o SCTP COOKIE-ECHO chunk port scan (-sZ): open ports are silent,
closed ports return an ABORT chunk.
o SCTP INIT chunk ping probes (-PY): host discovery using SCTP
INIT chunk packets.
o SCTP-specific IP protocol scan (-sO -p sctp).
o SCTP-specific traceroute support (--traceroute).
o The ability to use the deprecated Adler32 algorithm as specified
in RFC 2960 instead of CRC32C from RFC 4960 (--adler32).
o 42 well-known SCTP ports were added to the nmap-services file.
Part of the work on SCTP support was kindly sponsored by
Compass Security AG, Switzerland. [Daniel Roethlisberger]
attempt to reduce the number of warnings like "Warning: Servicescan
failed to fill info_template...". Parts of this change include:
o Improved the text of the warning to be less confusing
o Increased the internal version info buffer to 256 chars from 128
o Increased the final version string length to 160 from 128 chars
o Changed the behavior when constructing the final version string so
that if it runs out of space, rather than dropping the output of that
template it truncates the template with ...
o Fixed the printing of unneeded spaces between templates when one of the
templates isn't going to be printed at all.
and --script-trace. It was set at 5, now it's 2. That's enough to see
all the Nsock events and the contents of reads and writes. At 3 you
start to get messages like
PCAP do_actual_pcap_read READ (IOD #%li) (EID #%li) size=%i
The message "wait_for_events" isn't printed until level 4. Getting rid
of that is the main reason for this change.
SSL-tunneled port didn't respond to any version probes. Now it keeps "ssl/" as
an indication that SSL was discovered, even if the service behind it wasn't
identified. Kristof Boeynaems reported the problem and contributed a patch.
o Nsock now supports binding to a local address and setting IPv4 options
with nsi_set_localaddr() and nsi_set_ipoptions(), respectively. [Kris]
o Nmap's Nsock-utilizing subsystems (DNS, NSE, version detection) have been
updated to support the -S and --ip-options flags. [Kris]
Previously the ping probe data structures were stored in NmapOps,
now they will be stored in the scan_lists struct. All other changes
auxiliary to this reorganization.
Ensuring the safety of assert() calls by keeping NDEBUG undefined throughout
Nmap, Nbase and Nsock.
I've tested this on Linux and Windows XP without problems. On Windows I've
removed the definitions of _DEBUG and NDEBUG from the *.vcproj files.
