proposal. This only affects Nmap's root directory. We might also need to
modify the code which autogenerates Nmap's source code files such as IPv6
fingerprinting code.
I checked the history and it doesn't appear that DB was ever passed in
to this function, but always allocated locally.
Found using the STACK tool: http://css.csail.mit.edu/stack/.
for file in `grep "* including the terms and conditions of this license text as well. \*" * -r --files-with-match `; do sed "s/\* including the terms and conditions of this license text as well. \*/* including the terms and conditions of this license text as well. */g" -i $file; done
Often an OS will respond differently to the second transmission of a
probe than to the first. For example, sometimes after it sends a SYN/ACK
it loses patience and sends a RST. The different second probe often has
different flags and options. In OS integration, I normally want to
compare with the first set of responses whenever they differ, so keep
them in the first position when sorting.
Random access into FingerPrints and FingerTests using gettestbyname and
getattrbyname was taking non-negligible time when multiplied by the
number of fingerprints in the database. Instead, sort the tests by name
and sort the attributes within each test. We may then compare two lists
by walking both of them in order, not having to look up the same element
twice.
svn merge --ignore-ancestry svn://svn.insecure.org/nmap@26621 svn://svn.insecure.org/nmap-exp/luis/nmap-os6
This is the IPv6 OS detection branch. "nmap -6 -O" works now, though at
this point it only prints fingerprints and not OS guesses, because we
need to collect more submissions.
This is nice for its own sake, but it's really so that the error message
makes sense. The string had had a bunch of '\0' bytes inserted and the
string in the error message didn't match the argument.
appear in reference fingerprint" and the code used to support it. This
happens all the time with submitted fingerprints and is nothing to worry
about. I don't want to be distracted from other warnings. This code was
only used by the OS fingerprint integration tools, not by Nmap itself.
test teh return value, not the (unchanged) value we passed in. This
would cause a segmentation fault instead of a fatal error if nmap-os-db
ended in a Fingerprint line that didn't have a terminating newline.
the network distance in SCAN.DS was calculated. Its value can be "L"
for localhost, "D" for a direct connection, "I" for an ICMP TTL
calculation, and "T" for a traceroute hop count. This is mainly for
the benefit of OS integration, when it is sometimes important to
distinguish between DS=1%DC=I (probably the result of forged TTLs)
and DS=1%DC=D (a true one-hop connection.) [David]
little bit bigger, so some seriously wrong distances aren't truncated. The
buffer size used to be 8, which couldn't hold an observed network distance of
-190:
%DS=-19\0
01234567
I increased it to 10.
Previously the code checked for a zero (or negative) return value, but I want
to assign some tests a value of 0 during OS scan refinement. Now it checks
errno, makes sure the entire value was consumed, and errors on negative
numbers. In addition to allowing values of 0, this change catches bogus values
where garbage follows the number.
