Make current loglevel and current log callback global
to the library. Attaching them to the nsock pool doesn't
bring any benefit and prevents from logging activity in
code sections that don't have access to a pool (such as
proxy chain specification parsing).
Updated external calls and nsock tests accordingly.
The HLIM feature was miscategorizing probes where the route from the
target was shorter than the route to the target. This would result, e.g.
in a distance calculation of 9 and a received hop limit of 57. Adding
the distance to the hop limit remaining gave a guessed initial hop limit
of 66, which would exceed the "64" category. In IPv4 fingerprints, we
put the TG test (initial TTL guess) as a range of 5 up or down from the
expected number to allow for this and other interference. This patch
does the same for IPv6.
proposal. This only affects Nmap's root directory. We might also need to
modify the code which autogenerates Nmap's source code files such as IPv6
fingerprinting code.
see http://seclists.org/nmap-dev/2013/q4/168
Move some includes out of nmap.h: nmap.h gets included lots of places,
and unconditionally included math.h, ctype.h, errno.h, stdio.h,
sys/stat.h, fcntl.h, sys/types.h, and stdarg.h. This commit moves those
includes into the .cc files where they are necessary and out of nmap.h
Remove redundant include global_structures.h, included from nmap.h
Removed redundant code included from nmap.h
Removing #include nbase.h when nmap.h is included (redundant)
Remove duplicate #include lines
Add ifndef guards to a few .h files
for file in `grep "* including the terms and conditions of this license text as well. \*" * -r --files-with-match `; do sed "s/\* including the terms and conditions of this license text as well. \*/* including the terms and conditions of this license text as well. */g" -i $file; done
Reworked the logging infrastructure to make it more flexible
and consistent.
Updated nmap, nping and ncat accordingly. Nsock log level can
now be adjusted at runtime by pressing d/D in nmap.
There was one case where we previously didn't fatal, in nse_dnet.cc.
Move the fatal calls out of nmap_raw_socket and into the calling scope,
with the exception of the one in nse_dnet.cc.
The problem was reported by Rob Nicholls.
http://seclists.org/nmap-dev/2012/q4/186
The exceptions are the calls in ncat/ncat_connect.c and
nping/EchoServer.cc. Ncat doesn't have an option for the interface, and
I think Nping's -e option is only meant to apply to probes, not to the
echo server listener.
This is a reversion of r26232 and r26230, which were themselves
reversions of r26201 and r26202 respectively, in
https://svn.nmap.org/nmap-exp/luis/nmap-os6@26232.
This code has gone back and forth a few times. Looking at it again, I
still think this way is more correct. At any rate, the other way
demonstrably leads to rare assertion failures (which are protecting
against a nonsensical subtraction with an all-zero timeval).
This entails using names like std::vector and std::list rather than bare
vector and list, which was already the prevailing style. The immediate
cause of this is a header file on Solaris 10 that uses a "struct map"
that conflicts with std::map.
In file included from struct_ip.h:40:0,
from tcpip.cc:108:
/usr/include/net/if.h:99:9: error: template argument required for 'struct map'
Previously it was taking a random u8 mod 100, which meant that the
numbers 0-55 were 50% more likely to come up than any others. Make it a
u16 instead, so that the numbers 0-35 are only about 0.15% more likely.
We use as features even the four reserved TCP flags (some of them are no
longer reserved but declared for a particular purpose by some RFCs).
getFlags only returns 8 bits, leading to garbage in the feature vector
in the higher-order positions.
This doesn't affect the integrity of fingerprint submissions, because
they copy the packet contents directly and don't go through the getFlags
accessor.
