o Added the undocumented (except here) --nogcc option which disables
global/group congestion control algorithms and so each member of a
scan group of machines is treated separately. This is just an
experimental option for now. [Fyodor]
to reuse an ACK ping probe from host detection during a SYN port scan. This can
greatly speed up a scan if the SYN scan finds only filtered ports.
One difficulty with implementing this is that not all ping probes are
appropriate for all scan types.
nmap -PA -sU scanme.nmap.org
would cache the ACK ping probe and send ACK pings during the UDP scan. But the
pcap filter for the UDP scan doesn't catch TCP packets, so the replies would
not be noticed and they would show up as dropped pings. Likewise,
nmap -PR -sS 192.168.0.1
would segfault when it tried to use an uninitialized Ethernet descriptor to
send an ARP ping during the SYN scan, which would use raw sockets.
To fix this I added a function pingprobe_is_appropriate that determines whether
a given ping probe is appropriate for the current scan type. If not, the
constructor for HostScanStats just erases the ping probe.
More types of ping probes could be made "appropriate." TCP timing pings work
during a UDP scan if only the pcap filter is expanded to include TCP packets.
In r8541 readip_pcap was given the ability to validate packets, and it also
returns a different length in some cases than it used to:
+ /* OK, since the IP header has been validated, we don't want to tell
+ * the caller they have more packet than they really have. This can
+ * be caused by the Ethernet CRC trailer being counted, for example.
+ */
+ if (*len > ntohs(iphdr->ip_len))
+ *len = ntohs(iphdr->ip_len);
which made some tests having to do with packet length invalid. They were
removed but this one was missed.
from ICMP probes during a protocol scan (protoscanicmphack). I don't know why
it was NULL before, but that's wrong. It was probably never noticed because in
the case of a port update, all that happens is a failure to update the timing.
In the case of a ping probe, it would look like a dropped ping probe, but that
woudl be unlikely because protocol scans usually don't take very long. I
discovered it while testing code to allow ping probes to persist between host
discovery and port scanning.
and having close() #defined to my_close() in nbase_winunix.h, I'm just defining close()
to closesocket() in nbase_winunix.h and removing my_close() from winfix.cc. I'm also
defining EWOULDBLOCK to WSAEWOULDBLOCK in nbase_winunix.h.
Nmap builds fine with these changes, and since it's just defining close() to something
that already exists, it shouldn't negatively affect other branches.
These are things I noticed while trying to cleanly "re-port" Ncat to VC++2008.
Remove duplicate indexterms. Some of them were just too close together.
Some of
them were "see also" entries; I didn't realize that
<indexterm><primary>a</primary></indexterm>
<indexterm><primary>a</primary><seealso>b</seealso></indexterm>
would create two entries for "a" on that page. There were also a few
instances
where I had a <primary> definition in an <indexterm class="endofrange"> tag.
book-3.diff (include MJB-* diagrams):
Crop out the titles of packet header diagrams.
book-4.diff:
Miscellaneous index and other fixes.
book-5.diff:
Run indexterms into the same line when they appear in a paragraph. The way I
was doing it before (with indexterms on separate lines) caused an extra space
to be inserted. This was especially visible in the OS detection chapter where
there were long strings of indexterms naming response tests.
book-6.diff:
Do some more cleanup. nmap-intro said it covered export control but it
didn't,
so I removed the mention of it. I thought that -ff made smaller fragments,
but
it makes bigger fragments, so an index entry has been amended. There was a
typo
<optino>; somehow that didn't give an error.
nse_main and nse_nsock. nse_main now uses Lua to create printable output
while a cleaner hexify procedure has been placed in nsock.
nse_string is removed as a result.
book:
From
Nmap output examples in this book usually include a version number
near the top, and they may not work with older versions.
to
Nmap output examples in this book may not match the output produced by
older versions.
packet is OK from the get-go rather than running basic checks of it's own.
In a nutshell this patch checks to make sure:
1) there is enough room for an IP header in the amount of bytes read
2) the IP version number is correct
3) the IP length fields are at least as big as the standard header
4) the IP packet received isn't a fragment, or is the initial fragment
5) that next level headers seem reasonable
For TCP, this checks that there is enough room for the header in the number
of bytes read, and that any option lengths are correct. The options checked
are MSS, WScale, SackOK, Sack, and Timestamp.
This also fixes a bug I discovered while testing. Since the Ethernet CRC
(and other datalink-layer data) could be read and counted, it was being
returned that there was more IP packet than there really was. This didn't
cause an overrun of the buffer or anything, just that garbage data could have
easily been read instead of real packet data. Now, if validity is checked for
and the number of total bytes read is larger than the IP's length, the length
is set to the IP header's total length field.
This seems to work great after doing what testing I could. It's been out on
nmap-dev for a couple of weeks without any bad reports (none at all for that
matter). I reviewed this patch again before committing and it looks good as
well.
and closed ports. [Vladimir]
o Fixed the "resolution errors not showing up" bug. Actually, from now
on, all errors will be displayed properly in the Zenmap window, since
stderr is also redirected there (until now, only stdout was
displayed). [Vladimir]
