Collection.
This Perl5 module is designed as a help for managing (ranges
of) IP addresses. It includes efficient implementations for most
common tasks done to subnets or ranges of IP addresses, namely
verifying if an address is within a subnet, comparing, looping,
splitting subnets into longer prefixes, compacting addresses to
the shortest prefixes, etc. Both IPv4 and IPv6 addresses are
supported.
- Add pcre support
- ok'ed frueauf@
From the website:
In order to avoid a naming conflict with the tcpreplay project, the "capinfo"
utility has been renamed to "capinfos".
New and updated features
Search wrapping is now a configurable option.
A lot of material has been added to the Developer's Guide. The User's Guide
has been updated as well.
The "Decode As..." dialog now supports DCERPC and SCTP.
The "Help" menu now includes a link to the wiki.
H.323 call analysis is now supported.
New protocol support
Cisco PAgP, DAAP, Etheric, Ethernet Configuration Testing Protocol, Ethernet
MAC Control Frame, ICE, Kerberos v4, Netscape certificate extensions, PKINIT,
PKIX1EXPLICIT, PKIX1IMPLICIT,
Updated protocol support
AIM, ARTNET, ASN.1 BER, ASN.1 PER, ASN.1, BGP, BOOTP, CIP, CLNP, COPS, DCERPC
MAPI, DCERPC SAMR, DCERPC, DCOM, DHCP, DHCPv6, DIAMETER, DNS, EAP, ENIP, EPM,
GRE, GSM A, GSM MAP, H.225, H.245, H.248 MEGACO, H.450, ISAKMP, iSCSI, iSNS,
ISUP, JFIF, Kerberos, LDAP, LDP, LLC, LWAPP, M2PA, MEGACO, MPLS, NCP 2222, NCP,
NDMP, NetFlow, NTLMSSP, OSCAR-ICQ, OSPF, RADIUS, RSVP, RTCP, RTP, RTSP, SCTP,
SDP, SES, SIP, Skinny, SMB, SNMP, SUA, T.38, TALI, TCAP, TCP, TDS, Teredo,
Time, X.509, X11,
New and updated capture file support
HP-UX nettl, NG Sniffer
The 3.17.3 release has no external api changes (but does fix a few api
implementation bugs so check the details below).
New minor features:
1) Add new option to spflooder. The -n option allows a fixed
"number of members" to be set. This then activates a multi-sender flow
control algorithm to allow flooding tests with several senders. All of
the processes need to join the group (i.e. they cannot be
-wo (write-only)) but not all processes have to send. This allows easy
testing with differing numbers of senders (just change how many
spflooders start with -ro and how many do not).
2) Modify monitor so it will run correctly on Windows. This was done by
modifying monitor.c so it can also build as a threaded program and
on windows will use multiple threads to send/recv updates and get
user input. (A POSIX thread option is also added).
3) Add new Alarm priority flag to print a line with no datestamp
(for multi-line output).
4) Add new Windows VC++.Net project files to daemon/win32_msvc_net.
The current project files in daemon/win32 remain as they can be used
in VC++ (version 6).
The list of bugfixes is:
1) Fix memory leak in Skiplist. Reported by Taj Khattra, patch by Theo
Schlossnagle.
2) spuser,spflooder, and spmonitor fixed to print correct name in help.
Patch by Daniel Rall.
3) Fix incorrect alarm printing where WARNING messages generated by
older Alarm() interface were not printed.
4) Fix a bug in the Windows build using VC++ of thread-safe libtspread.lib.
Bug and fix by Jacob Green.
5) Fix bug in libspread where if the groups array or message body passed
to SP_recv* was too small, the mess_type field returned would be truncated
and the sender field was not returned. They are both now returned
correctly. Bug report and partial fix provided by John Schultz.
6) Fix bug where SP_Join and SP_Leave do not report an error if a group name
is too long (instead they truncated it) Reported with fix by David Parker.
** Warning, this could break buggy applications who use long groups and
assume the name is truncated.
7) Cleanup compile warnings where E_queue() used with no-parameter
functions
(not all uses fixed) and fix incorrect use of signed int with strlen().
8) Fix few cases in flooder.c and user.c that did not use the defined
MAX_MESSLEN constant. Tested to verify that increasing
MAX_SCATTER_ELEMENTS in scatter.h and the MAX_MESSLEN defines in user.c
and flooder.c is sufficient to support arbitrarily large message sizes
with Spread. This is NOT recommended, but several people do it anyway :-)
9) Make E_delay() work on Win32.
10) Added check that a segment using localhost (i.e. 127.0.0.255) is NOT in
a spread.conf with any other segments using real IP addresses. This
configuration will not work correctly and is usually because the example
localhost configuration provided with Spread is added to. This check will
cause the daemon to exit immediately after parsing the config file.
11) Fix bug where if more then 22 daemons start at the same time, some will
crash or the membership will not complete correctly. This bug was
reported by several people including Jesse Noller.
12) Fix Java spread connection problem where several threaded connections
from same process cause unexpected connection failures. Reported by
Brian Moseley, idea of fix by Ryan Caudy, patch by Jonathan Stanton.
13) Fix EVS bug where AGREED messages may be delivered before a transitional
signal on some daemons and after it on others. Bug found and patch
created by Ryan Caudy.
14) Make SP_connect_timeout() calls non-blocking for the actual 'connect()'
call. This should fix the issue reported by Shlomi Yaakobovich where a
hung daemon causes new connections to also hang in connect. Also includes
slight cleanup of connect code path.
Ver 3.17.2:
--------------
1) Fix daemon quit when multiple interfaces are configured as "D" daemon
interfaces in the spread.conf file. Bug reported by Orit Wasserman.
2) Updated url for Java 'ant' build system. Patch by Daniel Rall.
3) Fix group_id bug that causes incorrect vs_sets. Patch by Ryan Caudy.
4) Fix spread.conf parser so it validates the machine names in segments
and forces them to be less then MAX_PROC_NAME. Patch by Mikhail Terekhov.
5) Minor fix to Mac OS X compilation so library softlinks do not fail the
second time make is run.
6) Alarm() changes to support priority levels on each Alarm() call.
7) Fix crash by improving packet accounting when a client connected to a
singleton daemon sends a large broadcast. Reported by David Shaw.
8) Fix bus errors on Sparc & Alpha for message buffer integer assignment.
Reported by Greg Shebert; tested and patched Mikhail Terekhov.
9) Verify daemon names in spread.conf are unique. If non-unique names are
provided in spread.conf, configuration will be rejected and daemon will
not start. Suggested by Tim Peters.
10) Zero buffer in c library before sending multicast.
Reported by Panagiotis Kougiouris.
11) Send fewer lookup probe messages when only a single segment is configured.
12) Remove extra token rotations when no messages are sent. Will decrease
network packet overhead.
13) Make mailbox and service in sp.h a typedef instead of a #define. Suggested
and patched by Steven Dake.
14) Fix small endianness error in sp.c where the mess_type field may not be
correctly converted for different endian platforms when the SP_*_recv calls
return a BUFFER_TOO_SHORT or GROUPS_TOO_SHORT error.
15) Change alarm tag for security prints from SEC to SECURITY because of conflict
with sys/time.h header.
16) Documentation fix to SP_receive man page to correct fields for self-leave
membership messages.
17) Update of email addresses in copyright statements and headers.
18) Windows binary libraries now built as libspread and libtspread like other
platforms.
so that we'd not force dependance on specific MySQL version, and instead pick
the currently installed mysql*-client (or install the default if there
is no mysql-client package installed yet)
this makes package buildable with arbitrary MySQL version, such as 3.23.x,
4.0.x or 4.1.x
so that we'd not force dependance on specific MySQL version, and instead pick
the currently installed mysql*-client (or install the default if there
is no mysql-client package installed yet)
this makes package buildable with arbitrary MySQL version, such as 3.23.x,
4.0.x or 4.1.x
Changes since 0.54:
v0.65 Dancer Vesperman noted that mtr no longer traces past
a section of non-responding hosts. Apparently I added
a line in net.c that didn't make sense in mtr-0.56. I
can't find the reason for adding that line, so someone
who thinks (s)he needs it, should holler.
v0.64 Philippe suggests to do the time_t thingy before socket.h.
Apparently, MAC OS X doesn't compile socket.h otherwise.
v0.63 Suggestion by RCW: Add -lm at line 70 of Configure.in.
On my system no ill effects ensued, so this version released
so that he can test if it still works on his sytem.
Let me add that it's stupid that I have to specify that this
this program now requires Automake version 1.5 to build, where
Automake was intended to make software independent of different
versions of build software!
For those concerned about the above statement: If you're just
trying to compile and use MTR, there is no need for automake.
Just when you're messing with the configure and build system of
mtr is automake a tool you need.
v0.62 Apparently someone changed gethostbyname into gethostbyname2
in mtr.c in an attempt to add IPV6 support. For systems without
ipv6 support, the old gethostbyname should be used! Linux
has the call even if you don't enable IPV6. Thanks Gary (rsub)
v0.61 Attempt to get/print the local IP address. Now shows as
0.0.0.0 :-( Hints and tips appreciated! -- REW
Lots of blank space reformatting.
moved the interface address setting to net.c (where it
belongs).
v0.60 John Thacker submitted a surprisingly simple patch to
enable linking against GTK2. (up to 2.4.0)
v0.59 Josh Martin suggested to add some bounds checking to
the dynamic field code. This caused me to delve in, and
rewrite some things. Now 50 lines of code less, but cleaner
code. :-)
v0.58 I don't remember. Fogot to update this. :-( Check the
patch.
v0.57 Lots of whitespace cleanups. And a DNS fix: Don't do DNS
lookups in raw mode with -n specified.
v0.56 Fixed compile warnings. Now compiles with -Wall. If your
compiler finds things mine didn't feel free to shout.
v0.55 Cleanup patch. I'm going to do some maintenance on MTR,
but I want to be able to say: Can you see which version
fixed/broke things for you, so you're going to see a
bunch of new releases soon.
* Crashes in smbd triggered by a Windows XP SP2 client sending
a FindNextPrintChangeNotify() request without previously
issuing FindFirstPrintChangeNotify().
* A remote attacker may be able to gain access
to files which exist outside of the share's
defined path. Such files must still be readable
by the account used for the connection.
Note: this is the really last samba 2.x version - 2.x branch was
EOLed 2004/10/01
Changes:
20040820
- (dtucker) [defined.h] Newer FSF bisons will create a y.tab.c that has
conflicting definitions of YYSTYPE. Defining YYSTYPE_IS_DECLARED keeps it
happy. Noted by Q at ping.be.
- (dtucker) [removed ntpd.cat8 ntpd.conf.cat5] Remove catman pages. Noted by
by Q at ping.be.
- (dtucker) [configure.ac ntpd.c] Prevent Linux kernel from whining about
signal(SIGCHLD, SIG_IGN) + wait().
- (dtucker) OpenBSD CVS Sync
- henning@cvs.openbsd.org 2004/08/10 12:41:15
[config.c ntpd.h parse.y ]
move memory allocation for new peers into a new function, makes ID
allocation easier
- henning@cvs.openbsd.org 2004/08/10 12:45:27
[parse.y ]
in the pool case ("servers somepool.somewhere"), we add new peers while
looping over the addresses returned by the dns lookup, as each address
is one new peer.
however, if the lookup fails with a temporary error, we will try to lookup
later again. for that, we obviously need to insert one peer with the
hostname in addr_head... change one for() loop into a do { } while() one
- henning@cvs.openbsd.org 2004/08/10 19:17:10
[ntp_msg.c ]
wrong sizeof; Brian Poole <raj@cerias.purdue.edu>
- henning@cvs.openbsd.org 2004/08/10 19:18:23
[buffer.c ]
order #includes, Brian Poole <raj@cerias.purdue.edu>
- henning@cvs.openbsd.org 2004/08/12 16:33:59
[client.c config.c ntp.c ntpd.c ntpd.h ]
do not try to getaddrinfo() in the unprivileged process, send an imsg
asking the privileged one to do it. sends back an imsg with the
resulting addresses in a bunch of struct sockaddr_storage in the data
part.
this should fix all remaining issues with dns (non-)availability at
ntpd startup, be it due to named on localhost or something else.
tested by marco@ and Chris Paul <chris.paul@sentinare.com>
- otto@cvs.openbsd.org 2004/08/13 12:26:13
[client.c ]
Reset deadline on failed transmit. Avoids a spinning process if
all sends fail. ok henning@
- otto@cvs.openbsd.org 2004/08/16 11:14:15
[client.c ]
Be more careful setting next and deadline, they should not both be != 0
at the same time.
ok henning@
- (dtucker) [configure.ac] libresolv now needed on some platforms (eg
Solaris).
20040730
- (dtucker) OpenBSD CVS Sync
- henning@cvs.openbsd.org 2004/07/25 18:27:58
[config.c ntpd.h ]
remove unused function
- henning@cvs.openbsd.org 2004/07/28 16:38:43
[client.c config.c ntpd.h parse.y ]
when a dns lookup fails at parse time, do not abort but try again
to resolve the hostname every 60 seconds
fixes ntpd invocations before e. g. a dialup link is established and such.
as we want ntpd to be a "fire and forget" background daemon it should
cope with such situations.
tested by many
- henning@cvs.openbsd.org 2004/07/28 16:56:21
[parse.y ]
prevent unresolvable hostnames in "listen on" statements
- henning@cvs.openbsd.org 2004/07/29 11:01:48
[ntpd.h parse.y ]
keep an ID per server we talk to
20040721
- (dtucker) OpenBSD CVS Sync
- henning@cvs.openbsd.org 2004/07/20 16:47:55
[client.c ntpd.h parse.y ]
wrap the heads for the linked list of addresses into a new ntp_addr_wrap
which, besides the head pointer for the list of course, stores the original
address as specified (i. e. as hostname instead of resolved IPs) and flags
and such.
- henning@cvs.openbsd.org 2004/07/21 09:40:55
[parse.y ]
no multiple free(); "John L. Scarfone" <j0@cox.net>
- (dtucker) [Makefile.in] rebuild y.tab.c during distprep too.
20040720
- (dtucker) [Makefile.in] Set @CC@ too.
Protocol: 28 (unchanged)
Changes since 2.6.2:
SECURITY FIXES:
- A bug in the sanitize_path routine (which affects a non-chrooted
rsync daemon) could allow a user to craft a pathname that would get
transformed into an absolute path for certain options (but not for
file-transfer names). If you're running an rsync daemon with chroot
disabled, *please upgrade*, ESPECIALLY if the user privs you run
rsync under is anything above "nobody".
OUTPUT CHANGES (ATTN: those using a script to parse the verbose output):
- Please note that the 2-line footer (output when verbose) now uses the
term "sent" instead of "wrote" and "received" instead of "read". If
you are not parsing the numeric values out of this footer, a script
would be better off using the empty line prior to the footer as the
indicator that the verbose output is over.
- The output from the --stats option was similarly affected to change
"written" to "sent" and "read" to "received".
- Rsync ensures that a filename that contains a newline gets mentioned
with each newline transformed into a question mark (which prevents a
filename from causing an empty line to be output).
- The "backed up ..." message that is output when at least 2 --verbose
options are specified is now the same both with and without the
--backup-dir option.
BUG FIXES:
- Fixed a crash bug that might appear when --delete was used and
multiple source directories were specified.
- Fixed a 32-bit truncation of the file length when generating the
checksums.
- The --backup code no longer attempts to create some directories
over and over again (generating warnings along the way).
- Fixed a bug in the reading of the secrets file (by the daemon) and
the password file (by the client): the files no longer need to be
terminated by a newline for their content to be read in.
- If a file has a read error on the sending side or the reconstructed
data doesn't match the expected checksum (perhaps due to the basis
file changing during the transfer), the receiver will no longer
retain the resulting file unless the --partial option was specified.
(Note: for the read-error detection to work, neither side can be
older than 2.6.3 -- older receivers will always retain the file, and
older senders don't tell the receiver that the file had a read
error.)
- If a file gets resent in a single transfer and the --backup option
is enabled, rsync no longer performs a duplicate backup (it used to
overwrite the original file in the backup area).
- Files specified in the daemon's "exclude" or "exclude from" config
items are now excluded from being uploaded (assuming that the module
allows uploading at all) in addition to the old download exclusion.
- Got rid of a potential hang in the receiver when near the end of a
phase.
- When using --backup without a --backup-dir, rsync no longer preserves
the modify time on directories. This avoids confusing NFS.
- When --copy-links (-L) is specified, we now output a separate error
for a symlink that has no referent instead of claiming that a file
"vanished".
- The --copy-links (-L) option no longer has the side-effect of telling
the receiving side to follow symlinks. See the --keep-dirlinks
option (mentioned below) for a way to specify that behavior.
- Error messages from the daemon server's option-parsing (such as
refused options) are now successfully transferred back to the client
(the server used to fail to send the message because the socket
wasn't in the right state for the message to get through).
- Most transfer errors that occur during a daemon transfer are now
returned to the user in addition to being logged (some messages are
intended to be daemon-only and are not affected by this).
- Fixed a bug in the daemon authentication code when using one of the
batch-processing options.
- We try to work around some buggy IPv6 implementations that fail to
implement IPV6_V6ONLY. This should fix the "address in use" error
that some daemons get when running on an OS with a buggy IPv6
implementation. Also, if the new code gets this error, we might
suggest that the user specify --ipv4 or --ipv6 (if we think it will
help).
- When the remote rsync dies, make a better effort to recover any error
messages it may have sent before dying (the local rsync used to just
die with a socket-write error).
- When using --delete and a --backup-dir that contains files that are
hard-linked to their destination equivalents, rsync now makes sure
that removed files really get removed (avoids a really weird rename()
behavior).
- Avoid a bogus run-time complaint about a lack of 64-bit integers when
the int64 type is defined as an off_t and it actually has 64-bits.
- Added a configure check for open64() without mkstemp64() so that we
can avoid using mkstemp() when such a combination is encountered.
This bypasses a problem writing out large temp files on OSes such as
AIX and HP-UX.
- Fixed an age-old crash problem with --read-batch on a local copy
(rsync was improperly assuming --whole-file for the local copy).
- When --dry-run (-n) is used and the destination directory does not
exist, rsync now produces a correct report of files that would be
sent instead of dying with a chdir() error.
- Fixed a bug that could cause a slow-to-connect rsync daemon to die
with an error instead of waiting for the connection to finish.
- Fixed an ssh interaction that could cause output to be lost when the
user chose to combine the output of rsync's stdout and stderr (e.g.
using the "2>&1").
ENHANCEMENTS:
- Added the --partial-dir=DIR option that lets you specify where to
(temporarily) put a partially transferred file (instead of over-
writing the destination file). E.g. --partial-dir=.rsync-partial
Also added support for the RSYNC_PARTIAL_DIR environment variable
that, when found, transforms a regular --partial option (such as
the convenient -P option) into one that also specifies a directory.
- Added --keep-dirlinks (-K), which allows you to symlink a directory
onto another partition on the receiving side and have rsync treat it
as matching a normal directory from the sender.
- Added the --inplace option that tells rsync to write each destination
file without using a temporary file. The matching of existing data
in the destination file can be severely limited by this, but there
are also cases where this is more efficient (such as appending data).
Use only when needed (see the man page for more details).
- Added the "write only" option for the daemon's config file.
- Added long-option names for -4 and -6 (namely --ipv4 and --ipv6)
and documented all these options in the man page.
- Improved the handling of the --bwlimit option so that it's less
bursty, more accurate, and works properly over a larger range of
values.
- The rsync daemon-over-ssh code now looks for SSH_CONNECTION and
SSH2_CLIENT in addition to SSH_CLIENT to figure out the IP address.
- Added the --checksum-seed=N option for advanced users.
- Batch writing/reading has a brand-new implementation that is simpler,
fixes a few weird problems with the old code (such as no longer
sprinkling the batch files into different dirs or even onto different
systems), and is much less intrusive into the code (making it easier
to maintain for the future). The new code generates just one data
file instead of three, which makes it possible to read the batch on
stdin via a remote shell. Also, the old requirement of forcing the
same fixed checksum-seed for all batch processing has been removed.
- If an rsync daemon has a module set with "list = no" (which hides its
presence in the list of available modules), a user that fails to
authenticate gets the same "unknown module" error that they would get
if the module were actually unknown (while still logging the real
error to the daemon's log file). This prevents fishing for module
names.
- The daemon's "refuse options" config item now allows you to match
option names using wildcards and/or the single-letter option names.
- Each transferred file now gets its permissions and modified-time
updated before the temp-file gets moved into place. Previously, the
finished file would have a very brief window where its permissions
disallowed all group and world access.
- Added the ability to parse a literal IPv6 address in an "rsync:" URL
(e.g. rsync://[2001:638:500:101::21]:873/module/dir).
- The daemon's wildcard expanding code can now handle more than 1000
filenames (it's now limited by memory instead of having a hard-wired
limit).
INTERNAL:
- Some cleanup in the exclude code has saved some per-exclude memory
and made the code easier to maintain.
- Improved the argv-overflow checking for a remote command that has a
lot of args.
- Use rsyserr() in the various places that were still calling rprintf()
with strerror() as an arg.
- If an rsync daemon is listening on multiple sockets (to handle both
IPv4 and IPv6 to a single port), we now close all the unneeded file
handles after we accept a connection (we used to close just one of
them).
- Optimized the handling of larger block sizes (rsync used to slow to a
crawl if the block size got too large).
- Optimized away a loop in hash_search().
- Some improvements to the sanitize_path() and clean_fname() functions
makes them more efficient and produce better results (while still
being compatible with the file-name cleaning that gets done on both
sides when sending the file-list).
- Got rid of alloc_sanitize_path() after adding a destination-buffer
arg to sanitize_path() made it possible to put all the former's
functionality into the latter.
- The file-list that is output when at least 4 verbose options are
specified reports the uid value on the sender even when rsync is
not running as root (since we might be sending to a root receiver).
BUILD CHANGES:
- Added a "gen" target to rebuild most of the generated files,
including configure, config.h.in, the man pages, and proto.h.
- If "make proto" doesn't find some changes in the prototypes, the
proto.h file is left untouched (its time-stamp used to always be
updated).
- The variable $STRIP (that is optionally set by the install-strip
target's rule) was changed to $INSTALL_STRIP because some systems
have $STRIP already set in the environment.
- Fixed a build problem when SUPPORT_HARD_LINKS isn't defined.
- When cross-compiling, the gettimeofday() function is now assumed to
be a modern version that takes two-args (since we can't test it).
DEVELOPER RELATED:
- The scripts in the testsuite dir were cleaned up a bit and a few
new tests added.
- Some new diffs were added to the patches dir, and some accepted
ones were removed.
pkgsrc changes:
o move to bsd.options.mk framework
o add ldap options
package changes:
o On MacOS X Panther and Tiger, clients were sometimes rejected when they
has no reverse DNS entry and DNS resolution was enabled. This has been
fixed. Thanks to Yann Thomas Gerard <inside@parasiterecords.com> .
o The command-line parser was broken on FreeBSD and Solaris in version
1.0.19. This has also been fixed.
- Fix homepage
0.74 Wed Apr 16 Sometime GMT 2003
- Added Pacing
- Added SSL support
- Added Time::HiRes conditional support for fractional times
- Net::IRC::Connection::time -> Net::IRC::Connection::timestamp
- Hopefully this doesn't break anyone, this was an undocumented
access to the IRC 'TIME' command.
- Updated docs slightly, pointing to new webpage, etc.
0.75 Fri Apr 30 who cares what time? 2004
- Hopefully fixed mysterious LocalAddr-related connection problems
- Rewrote event output system - created EventQueue
- Added add_default_handler for hooking all events at once
- UnrealIrcd events added (thanks to Hendrik Frenzel)
- Conditional require of Time::HiRes now works right in its absence
(thanks to Adam Monsen <adamm@wazamatta.com>)
- Massive readability/maintainability changes
- Subs ordered in logical order, not alphabetical
- Indentation
- Updated current maintainers (should have been changed for 0.74)
Changes:
- Implemented a huge OS fingerprint database update. The number of
signatures have increased more than 20% to 1,353 and many of the
existing ones are much improved. Notable updates include the fourth
edition of Bell Lab's Plan9, Grandstream's BugeTone 101 IP Phone,
and Bart's Network Boot Disk 2.7 (which runs MS-DOS). Oh, and Linux
kernels up to 2.6.8, dozens of new Windows fingerprints including XP
SP2, the latest Longhorn warez, and many modified Xboxes, OpenBSD
3.6, NetBSD up to 2.0RC4, Apple's AirPort Express WAP and OS X 10.3.3
(Panther) release, Novell Netware 6.5, FreeBSD 5.3-BETA, a bunch of
Linksys and D-Link consumer junk, the latest Cisco IOS 12.2
releases, a ton of miscellaneous broadband routers and printers, and
much more.
- Updated nmap-mac-prefixes with the latest OUIs from the IEEE.
[ http://standards.ieee.org/regauth/oui/oui.txt ]
- Updated nmap-protocols with the latest IP protocols from IANA
[ http://www.iana.org/assignments/protocol-numbers ]
- Added a few new Nmap version detection signatures thanks to a patch
from Martin Maèok (martin.macok(a)underground.cz).
- Fixed a crash problem in the Windows version of Nmap, thanks to a
patch from Ganga Bhavani GBhavani(a)everdreamcorp.com).
- Fixed Windows service scan crashes that occur with the error message
"Unexpected nsock_loop error. Error code 10022 (Unknown error)". It
turns out that Windows does not allow select() calls with all three
FD sets empty. Lame. The Linux select() man page even suggests
calling "select with all three sets empty, n zero, and a non-null
timeout as a fairly portable way to sleep with subsecond precision."
Thanks to Gisle Vanem (giva(a)bgnett.no) for debugging help.
- Added --max_scan_delay parameter. Nmap will sometimes increase the
delay itself when it detects many dropped packets. For example,
Solaris systems tend to respond with only one ICMP port unreachable
packet per second during a UDP scan. So Nmap will try to detect
this and lower its rate of UDP probes to one per second. This can
provide more accurate results while reducing network congestion, but
it can slow the scans down substantially. By default (with no -T
options specified), Nmap allows this delay to grow to one second per
probe. This option allows you to set a lower or higher maximum.
The -T4 and -T5 scan modes now limit the maximum scan delay for TCP
scans to 10 and 5 ms, respectively.
- Fixed a bug that prevented RPC scan (-sR) from working for UDP ports
unless service detection (-sV) was used. -sV is still usually a
better approach than -sR, as the latter ONLY handles RPC. Thanks to
Stephen Bishop (sbishop(a)idsec.co.uk) for reporting the problem and
sending a patch.
- Fixed nmap_fetchfile() to better find custom versions of data files
such as nmap-services. Note that the implicitly read directory
should be ~/.nmap rather than ~/nmap . So you may have to move any
customized files you now have in ~/nmap . Thanks to nnposter
(nnposter(a)users.sourceforge.net) for reporting the problem and
sending a patch.
- Changed XML output so that the MAC address [address] element comes
right after the IPv4/IPv6 [address] element. Apparently this is
needed to comply with the DTD (
http://www.insecure.org/nmap/data/nmap.dtd ). Thanks to Adam Morgan
(adam.morgan(a)Q1Labs.com) and Florian Ebner
(Florian.Ebner(a)e-bros.de) for the problem reports.
- Fixed an error in the Nmap RPM spec file reported by Pascal Trouvin
(pascal.trouvin(a)wanadoo.fr)
- Fixed a timing problem in which a specified large --send_delay would
sometimes be reduced to 1 second during a scan. Thanks to Martin
Macok (martin.macok(a)underground.cz) for reporting the problem.
- Fixed a timing problem with sneaky and paranoid modes (-T1 and -T0)
which would cause Nmap to continually scan the same port and never
hit other ports when scanning certain firewalled hosts. Thanks to
Curtis Doty (Curtis(a)GreenKey.net) for reporting the problem.
- Fixed a bug in the build system that caused most Nmap subdirectories
to be configured twice. Changing the variable holding the name of
subdirs from $subdirs to $nmap_cfg_subdirs resolved the problem --
configure must have been using that variable name for its own internal
operations. Anyway, this should reduce compile time significantly.
- Made a trivial change to nsock/src/nsock_event.c to work around a "a
bug in GCC 3.3.1 on FreeBSD/sparc64". I found the patch by digging
around the FreeBSD ports tree repository. It would be nice if the
FreeBSD Nmap port maintainers would report such things to me, rather
than fixing it in their own Nmap tree and then applying the patch to
every future version. On the other hand, they deserve some sort of
"most up-to-date" award. I stuck Nmap 3.71-PRE1 in the dist
directory for a few people to test, and made no announcement or
direct link. The FreeBSD crew found it and upgraded anyway :). The
gcc-workaround patch was apparently submitted to the FreeBSD folks
by Marius Strobl (marius(a)alchemy.franken.de).
- Fixed (I hope) an OS detection timing issue which would in some
cases lead to the warning that "insufficient responses for TCP
sequencing (3), OS detection may be less accurate." Thanks to Adam
Kerrison (adam(a)tideway.com) for reporting the problem.
- Modified the warning given when files such as nmap-services exist in
both the compiled in NMAPDATADIR and the current working directory.
That message should now only appear once and is more clear.
- Fixed ping scan subsystem to work a little bit better when
--scan_delay (or some of the slower -T templates which include a scan
delay) is specified. Thanks to Shahid Khan (khan(a)asia.apple.com)
for suggestions.
- Taught connect() scan to properly interpret ICMP protocol
unreachable messages. Thanks to Alan Bishoff
(abishoff(a)arc.nasa.gov) for the report.
- Improved the nmapfe.desktop file to better comply with standards.
Thanks to Stephane Loeuillet (stephane.loeuillet(a)tiscali.fr) for
sending the patch.
* Updated for a libgcrypt API change between 1.1.9x and 1.2.x that caused a
crash at runtime if you compiled against 1.2.x. [66342]
* SSL certificate validation failure should now always result in a status of
SOUP_STATUS_SSL_FAILED, rather than getting turned into SOUP_STATUS_IO_ERROR.
[64414]
* update config.* to allow configure run on DragonFly BSD (i386 only)
* README: minor OS updates
* os.h: allow compilation on Sun Forte CC systems again
* theme.c: (theme_readfile): remove NOTICE error
* themes/black.theme: new theme
* use better CPP magic to detect OS features
* allow compilation on a few OpenBSD systems again
* add validinterface() check on Mac OS X
* remove version name from OS for 'darwin' aka Mac OS X
* s/VERSION/PACKAGE_VERSION/
* major config subsystem replacement
* mv THEMES THEMES.txt (welcome to Mac OS X :))
* add support for pre 4.5-RELEASE FreeBSD (tested on 4.2-REL :))
* FAQ: added Linux media Q/A
* README: s/raisdorf/wormulon/
* slurm.1: s/raisdorf/wormulon/, added -L option
* slurm.c: (slurm_shutdown): s/raisdorf/wormulon/
* slurm.spec: s/raisdorf/wormulon/
* theme.c: (theme_readfile): added -D__Debian__ to search for
themes in /usr/share rather than /usr/local/share
* add -L switch to enable LED
* reduce overhead in upcoming NetBSD port upgrade
* slurm.spec: initial specfile based on 0.2.3
