if there was only one extraports state, would create a Port object for
each scanned port that was not listed explictly. So for example, if a
scan of 100 ports had 5 open ports and an extraports of "filtered",
Ndiff would create 95 port records in the "filtered" state in addition
to the 5 "open". If there was more than one extraports state this was
not possible.
This turned out to be a slow operation, out of all proportion to its
utility. Here are times for a diff of random-1.xml and random-2.xml,
before and after:
real 0m11.912s
user 0m10.970s
sys 0m0.249s
real 0m0.773s
user 0m0.726s
sys 0m0.046s
In most cases extraports are not shown in the output, so this was wasted
effort. I know of only one place where it affected the output, when an
extraports in the A scan because a non-extraports in a different state
in the B scan. Then the previous state would be included in the <a>
port, where now it will just be listed without a state.
was that if a host had multiple addresses of the same type, they should
be sorted numerically, not alphabetically. So 20.0.0.1 should come
before 100.0.0.1. But the way Nmap works, I don't think a host can have
more than one address of the same type, and it's not worth the code it
would take to make them sort properly if it did.
from
21/tcp is open, was filtered.
23/tcp is open, was filtered.
80/tcp is open, was filtered.
8701/tcp is filtered, was open.
to
-21/tcp filtered
+21/tcp open ftp Netgear broadband router ftpd 1.0
-23/tcp filtered
+23/tcp open telnet Netgear broadband router admin telnetd
-80/tcp filtered
+80/tcp open http Embedded Allegro RomPager webserver 4.07 UPnP/1.0 (ZyXEL ZyWALL 2)
-8701/tcp open unknown
+8701/tcp filtered
the DiffHunk class with a type tag. Now output is handled with polymorphism
rather than dispatching with if/else. It also better shows what members each
hunk type has.
happens when a host was scanned in the A scan but wasn't scanned in the B scan.
I previously had it ignore such changes using the logic that the diff should be
like scan aggregation: no new information means no state change. But I think
it's more useful to see those changes in which hosts were scanned.
This is analogous to r10263, which did the same thing for port state changes.
