Remove the code from setup.py which augments the module search path with
install directories such as /usr/local/lib/python2.7/dist-packages/
because doing so is unnecessary, and can also be a potential security
risk if distributors do the initial install in world writeable
directories such as /tmp and then copy the resultant zenmap to
non-writeable dirs for installation on other systems.
On OS X, the code in route_loop in route-bsd.c can get a gateway
sockaddr_dl that looks like this:
$1 = {
sdl_len = 20 '\024',
sdl_family = 18 '\022',
sdl_index = 4,
sdl_type = 6 '\006',
sdl_nlen = 0 '\0',
sdl_alen = 0 '\0',
sdl_slen = 0 '\0',
sdl_data = '\0' <repeats 11 times>
}
route_loop would throw these out because there's no hardward address
there. This is a routing table entry that indicates that there is no
gateway, and that packets for this particular destination need to go on
interface #4. It corresponds to this type of line from netstat output:
Destination Gateway Flags Refs Use Netif Expire
192.168.0 link#4 UCS 2 0 en0
I've changed it so that instead of throwing out the entry, it creates an
all-zero address of the same type as the destination address, which is a
convention used (by Nmap at least) to indicate an on-link route.
This is a reversion of r26232 and r26230, which were themselves
reversions of r26201 and r26202 respectively, in
https://svn.nmap.org/nmap-exp/luis/nmap-os6@26232.
This code has gone back and forth a few times. Looking at it again, I
still think this way is more correct. At any rate, the other way
demonstrably leads to rare assertion failures (which are protecting
against a nonsensical subtraction with an all-zero timeval).
This is designed to solve the following problem: On Solaris 10 (maybe other
platforms), doing a select on a pcap fd works, in that it returns true when
there are frames available to be read. However, after finding the fd selectable
and calling pcap_dispatch (or pcap_next, etc.), libpcap may read more than one
frame and buffer them internally. This means that later calls to select will
return false. So there may be a frame to be read, but you can't know without
calling pcap_dispatch to check, and that blocks indefinitely (on Solaris) if
you're wrong.
The way this works is that we do a non-blocking read on the pcap fd to see if
there is anything available. If not, we do a select with a timeout as usual.
(The select is to enforce the timeout and prevent spinning CPU by repeatedly
trying non-blocking reads.)
I don't know if this phenomenon affects other platforms than Solaris 10
(more specifically, platforms using DLPI for libpcap). This same thing may be
safe or necessary on other platforms. But I have limited it to Solaris for now.
Solaris 11 uses BPF, not DLPI, for libpcap, but we can unconditionally follow
this code path on Solaris because BPF pcap fds can't be selected on.
This entails using names like std::vector and std::list rather than bare
vector and list, which was already the prevailing style. The immediate
cause of this is a header file on Solaris 10 that uses a "struct map"
that conflicts with std::map.
In file included from struct_ip.h:40:0,
from tcpip.cc:108:
/usr/include/net/if.h:99:9: error: template argument required for 'struct map'
Previously the "delta" variable, representing the measured rtt, was
cobbered in place to be srtt - delta in one branch. This was confusing
when a later output message printed "delta", which could have a
different meaning depending on which path was taken.
nsock_tod is Nsock's idea of the current time. It is updated when an
nsock_pool is initialized, on each iteration of nsock_loop, and in a few
other places. What could go wrong, with respect to timers, is a sequence
like this:
nsp_new
[... some long delay ...]
nsock_create_timer(timeout)
nsock_loop
The time elapsed after the creatino of the timer until it fires would
not be timeout, but rather timeout - delay. If the delay was long
enough, the timer would fire as loop as nsock_loop was entered.
This showed itself in IPv6 OS detection. We schedule 6 timers
immediately, 100 ms apart. If the pcap_open or anything else took too
long, then the timers would fire all at once. This messed up the
calculation of the TCP_ISR feature.
Perhaps we should do this when any new event is created? It is already
done manually at the beginning of each of the connect functions.
Previously it was taking a random u8 mod 100, which meant that the
numbers 0-55 were 50% more likely to come up than any others. Make it a
u16 instead, so that the numbers 0-35 are only about 0.15% more likely.
