Current exclusions list from --excludefile takes linear time to match
against. Using a trie structure, we can do matching in O(log n) time,
with a hard maximum of 32 comparisons for IPv4 and 128 comparisons for
IPv6. Each node of the trie represents an address prefix that all
subsequent nodes share; matching stops when one is matched exactly or
when the candidate address does not match any prefix of the addresses in
the trie.
For now, only numeric addresses without netmask are supported. We plan
to extend this to addresses with netmasks, including resolved names.
Storing IPv4 ranges and wildcards in this structure would be
prohibitively complex, so the existing linear match method will be used
for those. It is unlikely that any users are using large exclusion lists
of these types of specifications, so performance impact is small.
Potential future features could use the trie structure to implement
custom routing or scope-limiting.
This was a todo list item based on this report:
https://seclists.org/nmap-dev/2012/q4/420
for file in `grep "* including the terms and conditions of this license text as well. \*" * -r --files-with-match `; do sed "s/\* including the terms and conditions of this license text as well. \*/* including the terms and conditions of this license text as well. */g" -i $file; done
Because in_addr is stored in network byte order, this function could
extract the octets in MSB-to-LSB order or in LSB-to-MSB order. This
didn't matter in the case of resolved names, because the same order was
used when generating the octet array and later when matching against it.
But the function parse_ipv4_ranges, which handles literal IPv4
addresses, always uses octet[0] as the MSB, so comparisons failed in
later matching.
As it was, the code worked on little-endian architectures but didn't on
big-endian.
If you have trouble updating after this revision you need to follow
these instructions. You have probably just seen an error like this:
svn: URL 'svn://svn.insecure.org/nping' of existing directory 'nping'
does not match expected URL 'svn://svn.insecure.org/nmap/nping'
This is caused by the replacement of SVN externals.
Here's what you need to do. First, save any local changes you might have
in the nping, nsock, nbase, ncat, and zenmap directories. (For example
by running "cd nping; svn diff > ../nping.diff".) If you don't have any
local changes you can skip this step.
Then run these commands:
rm -rf nping/ nsock/ nbase/ ncat/ zenmap/
svn update
svn cleanup
If all else fails, you can just delete your whole working directory and
check out anew:
svn co --username guest --password "" svn://svn.insecure.org/nmap
There may be further discussion in the mailing list thread at
http://seclists.org/nmap-dev/2011/q4/303.
