proposal. This only affects Nmap's root directory. We might also need to
modify the code which autogenerates Nmap's source code files such as IPv6
fingerprinting code.
IP ID is an unsigned value. Explicit wrapping checks were needed to
support using a signed int, and a few users were reporting compile
errors because of a large constant:
http://seclists.org/nmap-dev/2013/q4/247
for file in `grep "* including the terms and conditions of this license text as well. \*" * -r --files-with-match `; do sed "s/\* including the terms and conditions of this license text as well. \*/* including the terms and conditions of this license text as well. */g" -i $file; done
Random access into FingerPrints and FingerTests using gettestbyname and
getattrbyname was taking non-negligible time when multiplied by the
number of fingerprints in the database. Instead, sort the tests by name
and sort the attributes within each test. We may then compare two lists
by walking both of them in order, not having to look up the same element
twice.
Not initializing OS_name was causing problems in
parse_single_fingerprint, used by OSassist. I believe the initialization
was being done manually wherever this was used in Nmap itself.
svn merge --ignore-ancestry svn://svn.insecure.org/nmap@26621 svn://svn.insecure.org/nmap-exp/luis/nmap-os6
This is the IPv6 OS detection branch. "nmap -6 -O" works now, though at
this point it only prints fingerprints and not OS guesses, because we
need to collect more submissions.
o Add two new Script scan phases:
Script Pre-scanning phase: before any Nmap scan operation, activated by the new "prerule".
Script Post-scanning phase: after all Nmap scan operations, activated by the new "postrule".
o New environment variables:
SCRIPT_PATH
SCRIPT_NAME
SCRIPT_TYPE: the type of the rule that activated the script.
TCP timestamp clock frequency uses large timestamp values, such that
a naive uptime calculation shows a boot time before the epoch. Also
fixed a printf format specifier mismatch that was revealed by the
overflow. Toby Simmons reported the problem and helped with the fix.
a layer 4 protocol used mostly for telephony related applications.
This brings the following new features:
o SCTP INIT chunk port scan (-sY): open ports return an INIT-ACK
chunk, closed ones an ABORT chunk. This is the SCTP equivalent
of a TCP SYN stealth scan.
o SCTP COOKIE-ECHO chunk port scan (-sZ): open ports are silent,
closed ports return an ABORT chunk.
o SCTP INIT chunk ping probes (-PY): host discovery using SCTP
INIT chunk packets.
o SCTP-specific IP protocol scan (-sO -p sctp).
o SCTP-specific traceroute support (--traceroute).
o The ability to use the deprecated Adler32 algorithm as specified
in RFC 2960 instead of CRC32C from RFC 4960 (--adler32).
o 42 well-known SCTP ports were added to the nmap-services file.
Part of the work on SCTP support was kindly sponsored by
Compass Security AG, Switzerland. [Daniel Roethlisberger]
This adds a new SEQ.CI OS detection test. It is based on the IP IDs of the
responses to the three probes sent to a closed port: T5, T6, and T7. This has
been reported to differ from TI and was observed to do so in Internet scans
using the nmap-closed-ipid branch.
Previously the ping probe data structures were stored in NmapOps,
now they will be stored in the scan_lists struct. All other changes
auxiliary to this reorganization.
