BPF_TIMEVAL BIOCSRTIMEOUT bug that affects OS X 10.6. If the size of the
parameter to the BIOCSRTIMEOUT ioctl is sizeof(struct timeval) we assume the
workaround is not needed (most platforms). If they are unequal, we assume that
version 1.1.0 or later has a workaround.
of adding -Llibpcap/ -lpcap to LDFLAGS. The latter, at least on OS X, still
links dynamically against the system installation of libpcap. This is
consistent with how --with-libpcre=included works.
upstream (git://bpf.tcpdump.org/libpcap). This is a workaround for the
BIOCSRTIMEOUT bug in 10.6, 10.6.1, and 10.6.3 that doesn't work for
non-integer timeouts. A symptom of being affected by the bug is Nmap
haning forever at the first call to pcap_next. 10.6.2 was somehow not
affected.
This alone still doesn't solve the problem; I still have to make the
default --with-libpcap=included for 64-bit OS X.
The source comment is informative:
/*
* XXX - Mac OS X 10.6 mishandles BIOCSRTIMEOUT in 64-bit userland - it
* takes, as an argument, a "struct BPF_TIMEVAL", which has 32-bit
* tv_sec and tv_usec, rather than a "struct timeval".
*
* If this platform defines "struct BPF_TIMEVAL", we check whether the
* structure size in BIOCSRTIMEOUT is that of a "struct timeval" and, if
* not, we use a "struct BPF_TIMEVAL" rather than a "struct timeval".
* (That way, if the bug is fixed in a future release, we will still do
* the right thing.)
*/
commit 43acbb77a8e0b3346b574b3e28793de2d6985e69
Author: Guy Harris <guy@alum.mit.edu>
Date: Sun Oct 11 11:05:46 2009 -0700
Work around an annoying Snow Leopard BPF bug that causes sub-second
timeouts not to work in 64-bit userland code (Snow Leopard's GCC builds
64-bit by default on 64-bit machines).
and RFC 5737, published in Jan 2010. Improve performance of isPrivate for IPv4
addresses by using ip_in_range less frequently. Add an extra return value to
isPrivate - when the first return value is true, the second return value will
now be a string representing the special use assignment in which the supplied
address is located.
tval2msecs and tval2secs. This affects the following options:
Nmap:
--host-timeout
--max-rtt-timeout --min-rtt-timeout --initial-rtt-timeout
--scan-delay --max-scan-delay
--stats-every
Ncat:
-d --delay
-i --idle-timeout
-w --wait
Nping:
--delay
--host-timeout
--icmp-orig-time --icmp-recv-time --icmp-trans-time
Some sanity checks have been added when it looks like someone is using
the old default of milliseconds. For example,
$ ./nmap --host-timeout 10000
The default unit for --host-timeout is seconds (since April 2010), so your time of "10000" is 2.8 hours. If this is what you want, use "10000s".
QUITTING!
$ ./nmap --scan-delay 1000
The default unit for --scan-delay is seconds (since April 2010), so your time of "1000" is 16.7 minutes. Use "1000ms" for 1000 milliseconds.
QUITTING!
Times with a unit are always taken at face value and will avoid the
error message.
See http://seclists.org/nmap-dev/2010/q2/159 for discussion.
latter would allow you to do this:
$ nmap --max-os-tries 1s localhost
Bogus --max-os-tries argument specified, must be between 1 and 50 (inclusive)
QUITTING!
Because the "1s" became 1000.
atoi isn't right for option parsing because it doesn't catch errors, but
it's what the rest of the option parsing code uses.
top of the first comment, so the entire description got stuffed into the
@author field. I also discovered a limitation in the NSEDoc parser: the
first non-empty line following the first --- comment must be the
"module" call, or else the block isn't recognized as belonging to a
module. This was preventing @args from appearing in certain libraries.
Djalal Harouni told me about this.
o [NSE] Scripts that take an argument for a time duration can now have
the duration be a number followed by a unit, like other times in
Nmap. For example, 10m for 10 minutes. The units understood are ms
for milliseconds, s for seconds, m for minutes, and h for hours.
Seconds are the default if no unit is specified. The new function
stdnse.parse_timespec does the parsing of these formats. The
qscan.delay script argument, which formerly interpreted its argument
as being in milliseconds, now defaults to seconds; append "ms" to
continue using the same numbers. [David]
qscan.delay
dns-fuzz.timelimit
mssql.timelimit
A side effect is that the default units for qscan.delay are seconds, not
milliseconds. 0 is now the magic value to disable the time limit in
dns-fuzz.
It has scoped args in the straight form of "ftp-bounce.<arg>" which is
apparently how this works now (at least what other scripts seem to use) instead
of using actual subtables like in http://seclists.org/nmap-dev/2008/q2/567
o [Zenmap] Made IP addresses be sorted by octet, not by their string
representation. For example, 10.1.1.2 is now sorted before
10.1.1.10, when it was the opposite before. This was reported by
Norris Carden. [David]
