Nmap Development mailing list archives
3.90 won't compile on openbsd 3.6
From: Michael Hornung <hornung () cac washington edu>
Date: Thu, 8 Sep 2005 09:56:40 -0700 (PDT)
It doesn't appear to compile cleanly on OpenBSD 3.6 (stable). I ran configure as: ./configure --without-nmapfe --with-openssl=/usr/lib I got a bunch of warnings about redefinitions in the dnet headers, but the real compile error seems to be: tcpip.cc: In function `char * readip_pcap(pcap_t *, unsigned int *, long int, timeval *, link_header *)': tcpip.cc:1610: no match for `timeval & = bpf_timeval &' /usr/include/sys/time.h:47: candidates are: struct timeval & timeval::operator = (const timeval &) tcpip.cc: In function `int read_arp_reply_pcap(pcap_t *, u8 *, in_addr *, long int, timeval *)': tcpip.cc:1781: no match for `timeval & = bpf_timeval &' /usr/include/sys/time.h:47: candidates are: struct timeval & timeval::operator = (const timeval &) gmake: *** [tcpip.o] Error 1 Let me know if there's more I can send to be of value. -Mike On Thu, 8 Sep 2005 at 03:56, Fyodor wrote: |Several anxious people have reminded me lately that it has been 7 |months since the last formal Nmap release (3.81). While that is quite |a stretch, I have been working non-stop and made some fundamental |changes to Nmap that took a while to stabilize. I have also |integrated some work from the Google SoC students (and more is |coming). I am pleased to present the results in the form of Nmap |3.90. I think you'll find it worth the wait. A version number |increase of 0.09 may not sound like much, but ls indicates the true |extent of changes: | |-rw------- 1 fyodor fyodor 7987200 Feb 7 05:41 nmap-3.81.tar |-rw------- 1 fyodor fyodor 10608640 Sep 8 03:16 nmap-3.90.tar | |At a high level, changes include the ability to send and properly |route raw ethernet frames, ARP scanning (for faster and more reliable |local LAN host discovery), MAC address spoofing, enormous version |detection and OS detection updates, dramatic Windows performance and |stability improvements, 'l33t ASCII art, OS/hostname/device type |detection via service fingerprinting, dozens of bug fixes and much |more. Linux binary RPMs are now available for x86_64 (AMD |Athlon64/Opteron) and Windows users _must_ upgrade to WinPcap 3.1 from |winpcap.org. | |We have now gone through and integrated all of your service detection |fingerprint submissions and are ready to handle more. So if Nmap |spits out a service detection fingerprint and you are certain what is |running, please submit it to the URL it gives you. OS detection |fingerprints aren't as important right now because we are considering |major changes to that subsystem. | |Here are the details from the Changelog: | |o Added the ability for Nmap to send and properly route raw ethernet | packets cointaining IP datagrams rather than always sending the | packets via raw sockets. This is particularly useful for Windows, | since Microsoft has disabled raw socket support in XP for no good | reason. Nmap tries to choose the best method at runtime based on | platform, though you can override it with the new --send_eth and | --send_ip options. | |o Added ARP scanning (-PR). Nmap can now send raw ethernet ARP requests to | determine whether hosts on a LAN are up, rather than relying on | higher-level IP packets (which can only be sent after a successful | ARP request and reply anyway). This is much faster and more | reliable (not subject to IP-level firewalling) than IP-based probes. | The downside is that it only works when the target machine is on the | same LAN as the scanning machine. It is now used automatically for | any hosts that are detected to be on a local ethernet network, | unless --send_ip was specified. Example usage: nmap -sP -PR | 192.168.0.0/16 . | |o Added the --spoof_mac option, which asks Nmap to use the given MAC | address for all of the raw ethernet frames it sends. The MAC given | can take several formats. If it is simply the string "0", Nmap | chooses a completely random MAC for the session. If the given | string is an even number of hex digits (with the pairs optionally | separated by a colon), Nmap will use those as the MAC. If less than | 12 hex digits are provided, Nmap fills in the remainder of the 6 | bytes with random values. If the argument isn't a 0 or hex string, | Nmap looks through the nmap-mac-prefixes to find a vendor name | containing the given string (it is case insensitive). If a match is | found, Nmap uses the vendor's OUI (3-byte prefix) and fills out the | remaining 3 bytes randomly. Valid --spoof_mac argument examples are | "Apple", "0", "01:02:03:04:05:06", "deadbeefcafe", "0020F2", and | "Cisco". | |o Applied an enormous nmap-service-probes (version detection) update | from SoC student Doug Hoyte (doug(a)hcsw.org). Version 3.81 had | 1064 match lines covering 195 service protocols. Now we have 2865 | match lines covering 359 protocols! So the database size has nearly | tripled! This should make your -sV scans quicker and more | accurate. Thanks also go to the (literally) thousands of you who | submitted service fingerprints. Keep them coming! | |o Applied a massive OS fingerprint update from Zhao Lei | (zhaolei(a)gmail.com). About 350 fingerprints were added, and many | more were updated. Notable additions include Mac OS X 10.4 (Tiger), | OpenBSD 3.7, FreeBSD 5.4, Windows Server 2003 SP1, Sony AIBO (along | with a new "robotic pet" device type category), the latest Linux 2.6 | kernels Cisco routers with IOS 12.4, a ton of VoIP devices, Tru64 | UNIX 5.1B, new Fortinet firewalls, AIX 5.3, NetBSD 2.0, Nokia IPSO | 3.8.X, and Solaris 10. Of course there are also tons of new | broadband routers, printers, WAPs and pretty much any other device | you can coax an ethernet cable (or wireless card) into! | |o Added 'leet ASCII art to the confugrator! ARTIST NOTE: If you think | the ASCII art sucks, feel free to send me alternatives. Note that | only people compiling the UNIX source code get this. (ASCII artist | unknown). | |o Added OS, device type, and hostname detection using the service | detection framework. Many services print a hostname, which may be | different than DNS. The services often give more away as well. If | Nmap detects IIS, it reports an OS family of "Windows". If it sees | HP JetDirect telnetd, it reports a device type of "printer". Rather | than try to combine TCP/IP stack fingerprinting and service OS | fingerprinting, they are both printed. After all, they could | legitimately be different. An IP that gives a stack fingerprint | match of "Linksys WRT54G broadband router" and a service fingerprint | of Windows based on Kazaa running is likely a common NAT setup rather | than an Nmap mistake. | |o Nmap on Windows now compiles/links with the new WinPcap 3.1 | header/lib files. So please upgrade to 3.1 from | http://www.winpcap.org before installing this version of Nmap. | While older versions may still work, they aren't supported with Nmap. | |o The official Nmap RPM files are now compiled statically for better | compatability with other systems. X86_64 (AMD Athlon64/Opteron) | binaries are now available in addition to the standard i386. NmapFE | RPMs are no longer distributed by Insecure.Org. | |o Nmap distribution signing has changed. Release files are now signed | with a new Nmap Project GPG key (KeyID 6B9355D0). Fyodor has also | generated a new key for himself (KeyID 33599B5F). The Nmap key has | been signed by Fyodor's new key, which has been signed by Fyodor's | old key so that you know they are legit. The new keys are available | at http://www.insecure.org/nmap/data/nmap_gpgkeys.txt , as | docs/nmap_gpgkeys.txt in the Nmap source tarball, and on the public | keyserver network. Here are the fingerprints: | pub 1024D/33599B5F 2005-04-24 | Key fingerprint = BB61 D057 C0D7 DCEF E730 996C 1AF6 EC50 3359 9B5F | uid Fyodor <fyodor () insecure org> | sub 2048g/D3C2241C 2005-04-24 | | pub 1024D/6B9355D0 2005-04-24 | Key fingerprint = 436D 66AB 9A79 8425 FDA0 E3F8 01AF 9F03 6B93 55D0 | uid Nmap Project Signing Key (http://www.insecure.org/) | sub 2048g/A50A6A94 2005-04-24 | |o Fixed a crash problem related to non-portable varargs (vsnprintf) | usage. Reports of this crash came from Alan William Somers | (somers(a)its.caltech.edu) and Christophe (chris.branch(a)gmx.de). | This patch was prevalent on Linux boxes running an Opteron/Athlon64 | CPU in 64-bit mode. | |o Fixed crash when Nmap is compiled using gcc 4.X by adding the | --fno-strict-aliasing option when that compiler is detected. Thanks | to Greg Darke (starstuff(a)optusnet.com.au) for discovering that | this option fixes (hides) the problem and to Duilio J. Protti | (dprotti(a)flowgate.net) for writing the configure patch to detect | gcc 4 and add the option. A better fix is to identify and rewrite | lines that violate C99 alias rules, and we are looking into that. | |o Added "rarity" feature to Nmap version detection. This causes | obscure probes to be skipped when they are unlikely to help. Each | probe now has a "rarity" value. Probes that detect dozens of | services such as GenericLines and GetRequest have rarity values of | 1, while the WWWOFFLEctrlstat and mydoom probes have a rarity of 9. | When interrogating a port, Nmap always tries probes registered to | that port number. So even WWWOFFLEctrlstat will be tried against | port 8081 and mydoom will be tried against open ports between 3127 | and 3198. If none of the registered ports find a match, Nmap tries | probes that have a rarity less than or equal to its current | intensity level. The intensity level defaults to 7 (so that most of | the probes are done). You can set the intensity level with the new | --version_intensity option. Alternatively, you can just use | --version_light or --version_all which set the intensity to 2 (only | try the most important probes and ones registered to the port | number) and 9 (try all probes), respectively. --version_light is | much faster than default version detection, but also a bit less | likely to find a match. This feature was designed and implemented | by Doug Hoyte (doug(a)hcsw.org). | |o Added a "fallback" feature to the nmap-service-probes database. | This allows a probe to "inherit" match lines from other probes. It | is currently only used for the HTTPOptions, RTSPRequest, and | SSLSessionReq probes to inherit all of the match lines from | GetRequest. Some servers don't respond to the Nmap GetRequest (for | example because it doesn't include a Host: line) but they do respond | to some of those other 3 probes in ways that GetRequest match lines | are general enough to match. The fallback construct allows us to | benefit from these matches without repeating hundreds of signatures | in the file. This is another feature designed and implemented | by Doug Hoyte (doug(a)hcsw.org). | |o Fixed crash with certain --excludefile or | --exclude arguments. Thanks to Kurt Grutzmacher | (grutz(a)jingojango.net) and pijn trein (ptrein(a)gmail.com) for | reporting the problem, and to Duilio J. Protti | (dprotti(a)flowgate.net) for debugging the issue and sending the | patch. | |o Updated random scan (ip_is_reserved()) to reflect the latest IANA | assignments. This patch was sent in by Felix Groebert | (felix(a)groebert.org). | |o Included new Russian man page translation by | locco_bozi(a)Safe-mail.net | |o Applied pach from Steve Martin (smartin(a)stillsecure.com) which | standardizes many OS names and corrects typos in nmap-os-fingerprints. | |o Fixed a crash found during certain UDP version scans. The crash was | discovered and reported by Ron (iago(a)valhallalegends.com) and fixed | by Doug Hoyte (doug(a)hcsw.com). | |o Added --iflist argument which prints a list of system interfaces and | routes detected by Nmap. | |o Fixed a protocol scan (-sO) problem which led to the error message: | "Error compiling our pcap filter: syntax error". Thanks to Michel | Arboi (michel(a)arboi.fr.eu.org) for reporting the problem. | |o Fixed an Nmap version detection crash on Windows which led to the | error message "Unexpected error in NSE_TYPE_READ callback. Error | code: 10053 (Unknown error)". Thanks to Srivatsan | (srivatsanp(a)adventnet.com) for reporting the problem. | |o Fixed some misspellings in docs/nmap.xml reported by Tom Sellers | (TSellers(a)trustmark.com). | |o Applied some changes from Gisle Vanem (giva(a)bgnett.no) to make | Nmap compile with Cygwin. | |o XML "osmatch" element now has a "line" attribute giving the | reference fingerprint line number in nmap-os-fingerprints. | |o Added a distcc probes and a bunch of smtp matches from Dirk Mueller | (mueller(a)kde.org) to nmap-service-probes. Also added AFS version | probe and matches from Lionel Cons (lionel.cons(a)cern.ch). And | even more probes and matches from Martin Macok | (martin.macok(a)underground.cz) | |o Fixed a problem where Nmap compilation would use header files from | the libpcap included with Nmap even when it was linking to a system | libpcap. Thanks to Solar Designer (solar(a)openwall.com) and Okan | Demirmen (okan(a)demirmen.com) for reporting the problem. | |o Added configure option --with-libpcap=included to tell Nmap to use | the version of libpcap it ships with rather than any that may already be | installed on the system. You can still use --with-libpcap=[dir] to | specify that a system libpcap be installed rather than the shipped | one. By default, Nmap looks at both and decides which one is likely | to work best. If you are having problems on Solaris, try | --with-libpcap=included . | |o Changed the --no-stylesheet option to --no_stylesheet to be | consistant with all of the other Nmap options. Though I'm starting to | like hyphens a bit better than underscores and may change all of the | options to use hyphens instad at some point. | |o Added "Exclude" directive to nmap-service-probes grammar which | causes version detection to skip listed ports. This is helpful for | ports such as 9100. Some printers simply print any data sent to | that port, leading to pages of HTTP requests, SMB queries, X Windows | probes, etc. If you really want to scan all ports, specify | --allports. This patch came from Doug Hoyte (doug(a)hcsw.org). | |o Added a stripped-down and heavily modified version of Dug Song's | libdnet networking library (v. 1.10). This helps with the new raw | ethernet features. My (extensive) changes are described in | libdnet-stripped/NMAP_MODIFICATIONS | |o Removed WinIP library (and all Windows raw sockets code) since MS | has gone and broken raw sockets. Maybe packet receipt via raw | sockets will come back at some point. As part of this removal, the | Windows-specific --win_help, --win_list_interfaces, --win_norawsock, | --win_forcerawsock, --win_nopcap, --win_nt4route, --win_noiphlpapi, | and --win_trace options have been removed. | |o Chagned the interesting ports array from a 65K-member array of | pointers into an STL list. This noticeable reduces memory usage in | some cases, and should also give a slight runtime performance | boost. This patch was written by Paul Tarjan (ptarjan(a)gmail.com). | |o Removed the BSDFIX/BSDUFIX macros. The underlying bug in | FreeBSD/NetBSD is still there though. When an IP packet is sent | through a raw socket, these platforms require the total length and | fragmentation offset fields of an IP packet to be in host byte order | rather than network byte order, even though all the other fields | must be in NBO. I believe that OpenBSD fixed this a while back. | Other platforms, such as Linux, Solaris, Mac OS X, and Windows take | all of the fields in network byte order. While I removed the macro, | I still do the munging where required so that Nmap still works on | FreeBSD. | |o Integrated many nmap-service-probes changes from Bo Jiang | (jiangbo(a)brandeis.edu) | |o Added a bunch of RPC numbers from nmap-rpc maintainer Eilon Gishri | (eilon(a)aristo.tau.ac.il) | |o Added some new RPC services to nmap-rpc thanks to a patch from | vlad902 (vlad902(a)gmail.com). | |o Fixed a bug where Nmap would quit on Windows whenever it encountered | a raw scan of localhost (including the local ethernet interface | address), even when that was just one address out of a whole network | being scanned. Now Nmap just warns that it is skipping raw scans when | it encounters the local IP, but continues on to scan the rest of the | network. Raw scans do not currently work against local IP addresses | because Winpcap doesn't support reading/writing localhost interfaces | due to limitations of Windows. | |o The OS fingerprint is now provided in XML output if debugging is | enabled (-d) or verbosity is at least 2 (-v -v). This patch was | sent by Okan Demirmen (okan(a)demirmen.com) | |o Fixed the way tcp connect scan (-sT) respons to ICMP network | unreachable responses (patch by Richard Moore | (rich(a)westpoint.ltd.uk). | |o Update random host scan (-iR) to support the latest IANA-allocated | ranges, thanks to patch by Chad Loder (cloder(a)loder.us). | |o Updated GNU shtool (a helper program used during 'make install' to | version 2.0.2, which fixes a predictable temporary filename | weakness discovered by Eric Raymond. | |o Removed addport element from XML DTD, since it is no longer used | (sugested by Lionel Cons (lionel.cons(a)cern.ch) | |o Added new --privileged command-line option and NMAP_PRIVILEGED | environmental variable. Either of these tell Nmap to assume that | the user has full privileges to execute raw packet scans, OS | detection and the like. This can be useful when Linux kernel | capabilities or other systems are used that allow non-root users to | perform raw packet or ethernet frame manipulation. Without this | flag or variable set, Nmap bails on UNIX if geteuid() is | nonzero. | |o Changed the RPM spec file so that if you define "static" to 1 (by | passing --define "static 1" to rpmbuild), static binaries are built. | |o Fixed Nmap compilation on Solaris x86 thanks to a patch from Simon | Burr (simes(a)bpfh.net). | |o ultra_scan() now sets pseudo-random ACK values (rather than 0) for | any TCP scans in which the initial probe packet has the ACK flag set. | This would be the ACK, Xmas, Maimon, and Window scans. | |o Updated the Nmap version number, description, and similar fields | that MS Visual Studio places in the binary. This was done by editing | mswin32/nmap.rc as suggested by Chris Paget (chrisp () ngssoftware com) | |o Fixed Nmap compilation on DragonFly BSD (and perhaps some other | systems) by applying a short patch by Joerg Sonnenberger which omits | the declaration of errno if it is a #define. | |o Fixed an integer overflow that prevented Nmap from scanning | 2,147,483,648 hosts in one expression (e.g. 0.0.0.0/1). Problem | noted by Justin Cranford (jcranford(a)n-able.com). While /1 scans | are now possible, don't expect them to finish during your bathroom | break. No matter how constipated you are. | |o Increased the buffer size allocated for fingerprints to prevent Nmap | from running out and quitting (error message: "Assertion | `servicefpalloc - servicefplen > 8' failed". Thanks to Mike Hatz | (mhatz(a)blackcat.com) for the report. [ Actually this was done in a | previous version, but I forgot which one ] | |o Changed from CVS to Subversion source control system (which | rocks!). Neither repository is public (I'm paranoid because both CVS | and SVN have had remotely exploitable security holes), so the main | change users will see is that "Id" tags in file headers use the SVN | format for version numbering and such. | |As always, you can download Nmap from |http://www.insecure.org/nmap/nmap_download.html . The paranoid |(smart) list members will check the cryptographic hashes and GPG |signatures available from |http://www.insecure.org/nmap/dist/sigs/?C=M&O=D . | |Enjoy! And please let me know if you encounter any problems. | |Cheers, |Fyodor | | |_______________________________________________ |Sent through the nmap-hackers mailing list |http://cgi.insecure.org/mailman/listinfo/nmap-hackers | | _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- 3.90 won't compile on openbsd 3.6 Michael Hornung (Sep 08)
- Re: 3.90 won't compile on openbsd 3.6 Michael Hornung (Sep 08)
- Re: 3.90 won't compile on openbsd 3.6 Okan Demirmen (Sep 08)
- Re: 3.90 won't compile on openbsd 3.6 Fyodor (Sep 09)