Re: RFC: patch to skip some service matches

[David Fifield <david () bamsoftware com>]

On Wed, Aug 24, 2016 at 03:52:02PM -0500, Daniel Miller wrote:
> I considered this concept, but didn't get as far as investigating actual
> algorithms because of an important constraint we have: the order of match lines
> matters. We have several cases where we put a more-specific match earlier and a
> more-general match later, so that a single service can stop at the
> most-specific match we can generate. Some examples:
>
> * Nearly all softmatches are very general and can be found near the end of the
> matches in a probe.
> * These comments in nmap-service-probes:
> # Needs to go before the Apache match lines -Doug
> # Needs to go before BaseHTTPServer match lines.
> # These should hopefully match before the more general Ubicom line in
> GenericLines
> # Has to come before BIND matches.
> # Has to come before BIND matches.
> # Sometimes we can get a host name or an IP address; those with come before
> those without.

I thought that just taking the match with the smallest index would
accomplish that, but maybe I'm wrong.
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/