Since the number, names, and preferred order of OS detection tests are
known, we can use fixed indices to put each test/value type in a
predictable location. Previously, we would insert the tests in an
arbitrary order, sort them, and then use strcmp() in each comparison to
ensure the sort order holds and any missing tests are skipped over.
Keeping test names in one location (MatchPoints) saves memory and keeps
the string pool small, which improves performance by reducing lookups
and making existing lookups faster.
Using a dedicated class (FingerPrintDef) for MatchPoints avoids calling
strtol() to obtain the points value for every comparison.
expr_match was wasting cycles implementing syntax not used or documented
elsewhere (boolean AND, "+" to mean non-zero), copying and allocating new
strings. Replacement reduces number of comparisons and performs parsing
in-place on the const input expression.
proposal. This only affects Nmap's root directory. We might also need to
modify the code which autogenerates Nmap's source code files such as IPv6
fingerprinting code.
I checked the history and it doesn't appear that DB was ever passed in
to this function, but always allocated locally.
Found using the STACK tool: http://css.csail.mit.edu/stack/.
for file in `grep "* including the terms and conditions of this license text as well. \*" * -r --files-with-match `; do sed "s/\* including the terms and conditions of this license text as well. \*/* including the terms and conditions of this license text as well. */g" -i $file; done
Often an OS will respond differently to the second transmission of a
probe than to the first. For example, sometimes after it sends a SYN/ACK
it loses patience and sends a RST. The different second probe often has
different flags and options. In OS integration, I normally want to
compare with the first set of responses whenever they differ, so keep
them in the first position when sorting.
Random access into FingerPrints and FingerTests using gettestbyname and
getattrbyname was taking non-negligible time when multiplied by the
number of fingerprints in the database. Instead, sort the tests by name
and sort the attributes within each test. We may then compare two lists
by walking both of them in order, not having to look up the same element
twice.
