Nmap Development mailing list archives
Re: [NSE] ntp-monlist
From: jah <jah () zadkiel plus com>
Date: Fri, 04 Jun 2010 11:12:14 +0100
On 03/06/2010 19:14, David Fifield wrote:
Here's some things I noticed while reviewing ntp-monlist. This code in getPrivateMode is roundabout: local imp = ('00%x'):format(impl or 0x03):sub(-2,-1) local rc = ('00%x'):format(requestCode or 0x2a):sub(-2,-1) pay = bin.pack('H', ('17 00 %s %s 00 00 00 00'):format(imp, rc)) A better way is to use printf width specifiers. pay = bin.pack('H', ('17 00 %02x %02x 00 00 00 00'):format(impl or 0x02, requestCode or 0x2a)) I still don't think this is the clearest way to do what you're trying to do--converting a number to hex and then back to a number. I think I would use this: pay = string.char( 0x17, 0x00, impl or 0x03, requestCode or 0x2a, 0x00, 0x00, 0x00, 0x00 )
Yeah, printf width specifiers - not sure why I didn't use them... As you say, string.char is much simpler.
All your comments in getPrivateMode are appropriate. You need to do something similar in obj_from_response. I didn't understand the purpose of the obj_from_response function. I suppose it's so you can use the u8 and u16 methods on the packet. That's justifiable, but a little out of the ordinary. You at least need a comment saying that's what you're doing.
Quite right; the packet methods are really useful and uncomplicated to use and I didn't want to implement them again for this script. It might be useful to allow packet objects to be created without IP and TCP or UDP headers, but in the absence of this ability I chose simply to add dummy headers before creating the object. I've renamed obj_from_response to make_udp_packet, simplified it in the same vein as getPrivateMode and added comment to clarify its purpose.
What does the 0xFFF mean here? Is it supposed to be 0xFFFF? -- length checks local icount = bit.band(pkt:u16(off+4), 0xFFF) local isize = bit.band(pkt:u16(off+6), 0xFFF)
These values are 12 (least significant) bits wide. I'll add a comment here to make this clear.
The comment here makes sense, but does that code really work? -- flags may be wrong-endian. why? I really don't know. Some implementations not doing htonl? if t.flags > 0xFFFFFF then t.flags = t.flags - 0xFFFFFF end
You're right, this is bollocks isn't it! Thanks for catching it and thanks for reviewing. I've committed the changes in r17824. Best, jah _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] ntp-monlist, (continued)
- Re: [NSE] ntp-monlist Richard Miles (May 30)
- Re: [NSE] ntp-monlist jah (May 30)
- Re: [NSE] ntp-monlist Richard Miles (May 30)
- Re: [NSE] ntp-monlist jah (May 31)
- Re: [NSE] ntp-monlist Richard Miles (May 30)
- Re: [NSE] ntp-monlist jah (Jun 03)
- Re: [NSE] ntp-monlist Patrick Donnelly (Jun 03)
- Re: [NSE] ntp-monlist jah (Jun 03)
- Re: [NSE] ntp-monlist jah (Jun 04)
- Re: [NSE] ntp-monlist jah (Jun 04)