Nmap Development mailing list archives
Re: 3.90 won't compile on openbsd 3.6
From: Michael Hornung <hornung () cac washington edu>
Date: Thu, 8 Sep 2005 10:15:36 -0700 (PDT)
Erm, 'configure' gave some warnings that might be related: configure: WARNING: sys/sysctl.h: present but cannot be compiled configure: WARNING: sys/sysctl.h: check for missing prerequisite headers? configure: WARNING: sys/sysctl.h: see the Autoconf documentation configure: WARNING: sys/sysctl.h: section "Present But Cannot Be Compiled" configure: WARNING: sys/sysctl.h: proceeding with the preprocessor's result configure: WARNING: sys/sysctl.h: in the future, the compiler will take precedence configure: WARNING: ## ------------------------------------------ ## configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## configure: WARNING: ## ------------------------------------------ ## ... configure: WARNING: net/if.h: present but cannot be compiled configure: WARNING: net/if.h: check for missing prerequisite headers? configure: WARNING: net/if.h: see the Autoconf documentation configure: WARNING: net/if.h: section "Present But Cannot Be Compiled" configure: WARNING: net/if.h: proceeding with the preprocessor's result configure: WARNING: net/if.h: in the future, the compiler will take precedence configure: WARNING: ## ------------------------------------------ ## configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## configure: WARNING: ## ------------------------------------------ ## ... configure: WARNING: net/if_arp.h: present but cannot be compiled configure: WARNING: net/if_arp.h: check for missing prerequisite headers? configure: WARNING: net/if_arp.h: see the Autoconf documentation configure: WARNING: net/if_arp.h: section "Present But Cannot Be Compiled" configure: WARNING: net/if_arp.h: proceeding with the preprocessor's result configure: WARNING: net/if_arp.h: in the future, the compiler will take precedence configure: WARNING: ## ------------------------------------------ ## configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## configure: WARNING: ## ------------------------------------------ ## ... configure: WARNING: net/pfvar.h: present but cannot be compiled configure: WARNING: net/pfvar.h: check for missing prerequisite headers? configure: WARNING: net/pfvar.h: see the Autoconf documentation configure: WARNING: net/pfvar.h: section "Present But Cannot Be Compiled" configure: WARNING: net/pfvar.h: proceeding with the preprocessor's result configure: WARNING: net/pfvar.h: in the future, the compiler will take precedence configure: WARNING: ## ------------------------------------------ ## configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## configure: WARNING: ## ------------------------------------------ ## ... configure: WARNING: net/route.h: present but cannot be compiled configure: WARNING: net/route.h: check for missing prerequisite headers? configure: WARNING: net/route.h: see the Autoconf documentation configure: WARNING: net/route.h: section "Present But Cannot Be Compiled" configure: WARNING: net/route.h: proceeding with the preprocessor's result configure: WARNING: net/route.h: in the future, the compiler will take precedence configure: WARNING: ## ------------------------------------------ ## configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## configure: WARNING: ## ------------------------------------------ ## ... configure: WARNING: netinet/in_var.h: present but cannot be compiled configure: WARNING: netinet/in_var.h: check for missing prerequisite headers? configure: WARNING: netinet/in_var.h: see the Autoconf documentation configure: WARNING: netinet/in_var.h: section "Present But Cannot Be Compiled" configure: WARNING: netinet/in_var.h: proceeding with the preprocessor's result configure: WARNING: netinet/in_var.h: in the future, the compiler will take precedence configure: WARNING: ## ------------------------------------------ ## configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## configure: WARNING: ## ------------------------------------------ ## -Mike On Thu, 8 Sep 2005 at 09:56, Michael Hornung wrote: |It doesn't appear to compile cleanly on OpenBSD 3.6 (stable). I ran |configure as: | | ./configure --without-nmapfe --with-openssl=/usr/lib | |I got a bunch of warnings about redefinitions in the dnet headers, but the |real compile error seems to be: | |tcpip.cc: In function `char * readip_pcap(pcap_t *, unsigned int *, long |int, timeval *, link_header *)': |tcpip.cc:1610: no match for `timeval & = bpf_timeval &' |/usr/include/sys/time.h:47: candidates are: struct timeval & |timeval::operator = (const timeval &) |tcpip.cc: In function `int read_arp_reply_pcap(pcap_t *, u8 *, in_addr *, |long int, timeval *)': |tcpip.cc:1781: no match for `timeval & = bpf_timeval &' |/usr/include/sys/time.h:47: candidates are: struct timeval & |timeval::operator = (const timeval &) |gmake: *** [tcpip.o] Error 1 | |Let me know if there's more I can send to be of value. | |-Mike | |On Thu, 8 Sep 2005 at 03:56, Fyodor wrote: | ||Several anxious people have reminded me lately that it has been 7 ||months since the last formal Nmap release (3.81). While that is quite ||a stretch, I have been working non-stop and made some fundamental ||changes to Nmap that took a while to stabilize. I have also ||integrated some work from the Google SoC students (and more is ||coming). I am pleased to present the results in the form of Nmap ||3.90. I think you'll find it worth the wait. A version number ||increase of 0.09 may not sound like much, but ls indicates the true ||extent of changes: || ||-rw------- 1 fyodor fyodor 7987200 Feb 7 05:41 nmap-3.81.tar ||-rw------- 1 fyodor fyodor 10608640 Sep 8 03:16 nmap-3.90.tar || ||At a high level, changes include the ability to send and properly ||route raw ethernet frames, ARP scanning (for faster and more reliable ||local LAN host discovery), MAC address spoofing, enormous version ||detection and OS detection updates, dramatic Windows performance and ||stability improvements, 'l33t ASCII art, OS/hostname/device type ||detection via service fingerprinting, dozens of bug fixes and much ||more. Linux binary RPMs are now available for x86_64 (AMD ||Athlon64/Opteron) and Windows users _must_ upgrade to WinPcap 3.1 from ||winpcap.org. || ||We have now gone through and integrated all of your service detection ||fingerprint submissions and are ready to handle more. So if Nmap ||spits out a service detection fingerprint and you are certain what is ||running, please submit it to the URL it gives you. OS detection ||fingerprints aren't as important right now because we are considering ||major changes to that subsystem. || ||Here are the details from the Changelog: || ||o Added the ability for Nmap to send and properly route raw ethernet || packets cointaining IP datagrams rather than always sending the || packets via raw sockets. This is particularly useful for Windows, || since Microsoft has disabled raw socket support in XP for no good || reason. Nmap tries to choose the best method at runtime based on || platform, though you can override it with the new --send_eth and || --send_ip options. || ||o Added ARP scanning (-PR). Nmap can now send raw ethernet ARP requests to || determine whether hosts on a LAN are up, rather than relying on || higher-level IP packets (which can only be sent after a successful || ARP request and reply anyway). This is much faster and more || reliable (not subject to IP-level firewalling) than IP-based probes. || The downside is that it only works when the target machine is on the || same LAN as the scanning machine. It is now used automatically for || any hosts that are detected to be on a local ethernet network, || unless --send_ip was specified. Example usage: nmap -sP -PR || 192.168.0.0/16 . || ||o Added the --spoof_mac option, which asks Nmap to use the given MAC || address for all of the raw ethernet frames it sends. The MAC given || can take several formats. If it is simply the string "0", Nmap || chooses a completely random MAC for the session. If the given || string is an even number of hex digits (with the pairs optionally || separated by a colon), Nmap will use those as the MAC. If less than || 12 hex digits are provided, Nmap fills in the remainder of the 6 || bytes with random values. If the argument isn't a 0 or hex string, || Nmap looks through the nmap-mac-prefixes to find a vendor name || containing the given string (it is case insensitive). If a match is || found, Nmap uses the vendor's OUI (3-byte prefix) and fills out the || remaining 3 bytes randomly. Valid --spoof_mac argument examples are || "Apple", "0", "01:02:03:04:05:06", "deadbeefcafe", "0020F2", and || "Cisco". || ||o Applied an enormous nmap-service-probes (version detection) update || from SoC student Doug Hoyte (doug(a)hcsw.org). Version 3.81 had || 1064 match lines covering 195 service protocols. Now we have 2865 || match lines covering 359 protocols! So the database size has nearly || tripled! This should make your -sV scans quicker and more || accurate. Thanks also go to the (literally) thousands of you who || submitted service fingerprints. Keep them coming! || ||o Applied a massive OS fingerprint update from Zhao Lei || (zhaolei(a)gmail.com). About 350 fingerprints were added, and many || more were updated. Notable additions include Mac OS X 10.4 (Tiger), || OpenBSD 3.7, FreeBSD 5.4, Windows Server 2003 SP1, Sony AIBO (along || with a new "robotic pet" device type category), the latest Linux 2.6 || kernels Cisco routers with IOS 12.4, a ton of VoIP devices, Tru64 || UNIX 5.1B, new Fortinet firewalls, AIX 5.3, NetBSD 2.0, Nokia IPSO || 3.8.X, and Solaris 10. Of course there are also tons of new || broadband routers, printers, WAPs and pretty much any other device || you can coax an ethernet cable (or wireless card) into! || ||o Added 'leet ASCII art to the confugrator! ARTIST NOTE: If you think || the ASCII art sucks, feel free to send me alternatives. Note that || only people compiling the UNIX source code get this. (ASCII artist || unknown). || ||o Added OS, device type, and hostname detection using the service || detection framework. Many services print a hostname, which may be || different than DNS. The services often give more away as well. If || Nmap detects IIS, it reports an OS family of "Windows". If it sees || HP JetDirect telnetd, it reports a device type of "printer". Rather || than try to combine TCP/IP stack fingerprinting and service OS || fingerprinting, they are both printed. After all, they could || legitimately be different. An IP that gives a stack fingerprint || match of "Linksys WRT54G broadband router" and a service fingerprint || of Windows based on Kazaa running is likely a common NAT setup rather || than an Nmap mistake. || ||o Nmap on Windows now compiles/links with the new WinPcap 3.1 || header/lib files. So please upgrade to 3.1 from || http://www.winpcap.org before installing this version of Nmap. || While older versions may still work, they aren't supported with Nmap. || ||o The official Nmap RPM files are now compiled statically for better || compatability with other systems. X86_64 (AMD Athlon64/Opteron) || binaries are now available in addition to the standard i386. NmapFE || RPMs are no longer distributed by Insecure.Org. || ||o Nmap distribution signing has changed. Release files are now signed || with a new Nmap Project GPG key (KeyID 6B9355D0). Fyodor has also || generated a new key for himself (KeyID 33599B5F). The Nmap key has || been signed by Fyodor's new key, which has been signed by Fyodor's || old key so that you know they are legit. The new keys are available || at http://www.insecure.org/nmap/data/nmap_gpgkeys.txt , as || docs/nmap_gpgkeys.txt in the Nmap source tarball, and on the public || keyserver network. Here are the fingerprints: || pub 1024D/33599B5F 2005-04-24 || Key fingerprint = BB61 D057 C0D7 DCEF E730 996C 1AF6 EC50 3359 9B5F || uid Fyodor <fyodor () insecure org> || sub 2048g/D3C2241C 2005-04-24 || || pub 1024D/6B9355D0 2005-04-24 || Key fingerprint = 436D 66AB 9A79 8425 FDA0 E3F8 01AF 9F03 6B93 55D0 || uid Nmap Project Signing Key (http://www.insecure.org/) || sub 2048g/A50A6A94 2005-04-24 || ||o Fixed a crash problem related to non-portable varargs (vsnprintf) || usage. Reports of this crash came from Alan William Somers || (somers(a)its.caltech.edu) and Christophe (chris.branch(a)gmx.de). || This patch was prevalent on Linux boxes running an Opteron/Athlon64 || CPU in 64-bit mode. || ||o Fixed crash when Nmap is compiled using gcc 4.X by adding the || --fno-strict-aliasing option when that compiler is detected. Thanks || to Greg Darke (starstuff(a)optusnet.com.au) for discovering that || this option fixes (hides) the problem and to Duilio J. Protti || (dprotti(a)flowgate.net) for writing the configure patch to detect || gcc 4 and add the option. A better fix is to identify and rewrite || lines that violate C99 alias rules, and we are looking into that. || ||o Added "rarity" feature to Nmap version detection. This causes || obscure probes to be skipped when they are unlikely to help. Each || probe now has a "rarity" value. Probes that detect dozens of || services such as GenericLines and GetRequest have rarity values of || 1, while the WWWOFFLEctrlstat and mydoom probes have a rarity of 9. || When interrogating a port, Nmap always tries probes registered to || that port number. So even WWWOFFLEctrlstat will be tried against || port 8081 and mydoom will be tried against open ports between 3127 || and 3198. If none of the registered ports find a match, Nmap tries || probes that have a rarity less than or equal to its current || intensity level. The intensity level defaults to 7 (so that most of || the probes are done). You can set the intensity level with the new || --version_intensity option. Alternatively, you can just use || --version_light or --version_all which set the intensity to 2 (only || try the most important probes and ones registered to the port || number) and 9 (try all probes), respectively. --version_light is || much faster than default version detection, but also a bit less || likely to find a match. This feature was designed and implemented || by Doug Hoyte (doug(a)hcsw.org). || ||o Added a "fallback" feature to the nmap-service-probes database. || This allows a probe to "inherit" match lines from other probes. It || is currently only used for the HTTPOptions, RTSPRequest, and || SSLSessionReq probes to inherit all of the match lines from || GetRequest. Some servers don't respond to the Nmap GetRequest (for || example because it doesn't include a Host: line) but they do respond || to some of those other 3 probes in ways that GetRequest match lines || are general enough to match. The fallback construct allows us to || benefit from these matches without repeating hundreds of signatures || in the file. This is another feature designed and implemented || by Doug Hoyte (doug(a)hcsw.org). || ||o Fixed crash with certain --excludefile or || --exclude arguments. Thanks to Kurt Grutzmacher || (grutz(a)jingojango.net) and pijn trein (ptrein(a)gmail.com) for || reporting the problem, and to Duilio J. Protti || (dprotti(a)flowgate.net) for debugging the issue and sending the || patch. || ||o Updated random scan (ip_is_reserved()) to reflect the latest IANA || assignments. This patch was sent in by Felix Groebert || (felix(a)groebert.org). || ||o Included new Russian man page translation by || locco_bozi(a)Safe-mail.net || ||o Applied pach from Steve Martin (smartin(a)stillsecure.com) which || standardizes many OS names and corrects typos in nmap-os-fingerprints. || ||o Fixed a crash found during certain UDP version scans. The crash was || discovered and reported by Ron (iago(a)valhallalegends.com) and fixed || by Doug Hoyte (doug(a)hcsw.com). || ||o Added --iflist argument which prints a list of system interfaces and || routes detected by Nmap. || ||o Fixed a protocol scan (-sO) problem which led to the error message: || "Error compiling our pcap filter: syntax error". Thanks to Michel || Arboi (michel(a)arboi.fr.eu.org) for reporting the problem. || ||o Fixed an Nmap version detection crash on Windows which led to the || error message "Unexpected error in NSE_TYPE_READ callback. Error || code: 10053 (Unknown error)". Thanks to Srivatsan || (srivatsanp(a)adventnet.com) for reporting the problem. || ||o Fixed some misspellings in docs/nmap.xml reported by Tom Sellers || (TSellers(a)trustmark.com). || ||o Applied some changes from Gisle Vanem (giva(a)bgnett.no) to make || Nmap compile with Cygwin. || ||o XML "osmatch" element now has a "line" attribute giving the || reference fingerprint line number in nmap-os-fingerprints. || ||o Added a distcc probes and a bunch of smtp matches from Dirk Mueller || (mueller(a)kde.org) to nmap-service-probes. Also added AFS version || probe and matches from Lionel Cons (lionel.cons(a)cern.ch). And || even more probes and matches from Martin Macok || (martin.macok(a)underground.cz) || ||o Fixed a problem where Nmap compilation would use header files from || the libpcap included with Nmap even when it was linking to a system || libpcap. Thanks to Solar Designer (solar(a)openwall.com) and Okan || Demirmen (okan(a)demirmen.com) for reporting the problem. || ||o Added configure option --with-libpcap=included to tell Nmap to use || the version of libpcap it ships with rather than any that may already be || installed on the system. You can still use --with-libpcap=[dir] to || specify that a system libpcap be installed rather than the shipped || one. By default, Nmap looks at both and decides which one is likely || to work best. If you are having problems on Solaris, try || --with-libpcap=included . || ||o Changed the --no-stylesheet option to --no_stylesheet to be || consistant with all of the other Nmap options. Though I'm starting to || like hyphens a bit better than underscores and may change all of the || options to use hyphens instad at some point. || ||o Added "Exclude" directive to nmap-service-probes grammar which || causes version detection to skip listed ports. This is helpful for || ports such as 9100. Some printers simply print any data sent to || that port, leading to pages of HTTP requests, SMB queries, X Windows || probes, etc. If you really want to scan all ports, specify || --allports. This patch came from Doug Hoyte (doug(a)hcsw.org). || ||o Added a stripped-down and heavily modified version of Dug Song's || libdnet networking library (v. 1.10). This helps with the new raw || ethernet features. My (extensive) changes are described in || libdnet-stripped/NMAP_MODIFICATIONS || ||o Removed WinIP library (and all Windows raw sockets code) since MS || has gone and broken raw sockets. Maybe packet receipt via raw || sockets will come back at some point. As part of this removal, the || Windows-specific --win_help, --win_list_interfaces, --win_norawsock, || --win_forcerawsock, --win_nopcap, --win_nt4route, --win_noiphlpapi, || and --win_trace options have been removed. || ||o Chagned the interesting ports array from a 65K-member array of || pointers into an STL list. This noticeable reduces memory usage in || some cases, and should also give a slight runtime performance || boost. This patch was written by Paul Tarjan (ptarjan(a)gmail.com). || ||o Removed the BSDFIX/BSDUFIX macros. The underlying bug in || FreeBSD/NetBSD is still there though. When an IP packet is sent || through a raw socket, these platforms require the total length and || fragmentation offset fields of an IP packet to be in host byte order || rather than network byte order, even though all the other fields || must be in NBO. I believe that OpenBSD fixed this a while back. || Other platforms, such as Linux, Solaris, Mac OS X, and Windows take || all of the fields in network byte order. While I removed the macro, || I still do the munging where required so that Nmap still works on || FreeBSD. || ||o Integrated many nmap-service-probes changes from Bo Jiang || (jiangbo(a)brandeis.edu) || ||o Added a bunch of RPC numbers from nmap-rpc maintainer Eilon Gishri || (eilon(a)aristo.tau.ac.il) || ||o Added some new RPC services to nmap-rpc thanks to a patch from || vlad902 (vlad902(a)gmail.com). || ||o Fixed a bug where Nmap would quit on Windows whenever it encountered || a raw scan of localhost (including the local ethernet interface || address), even when that was just one address out of a whole network || being scanned. Now Nmap just warns that it is skipping raw scans when || it encounters the local IP, but continues on to scan the rest of the || network. Raw scans do not currently work against local IP addresses || because Winpcap doesn't support reading/writing localhost interfaces || due to limitations of Windows. || ||o The OS fingerprint is now provided in XML output if debugging is || enabled (-d) or verbosity is at least 2 (-v -v). This patch was || sent by Okan Demirmen (okan(a)demirmen.com) || ||o Fixed the way tcp connect scan (-sT) respons to ICMP network || unreachable responses (patch by Richard Moore || (rich(a)westpoint.ltd.uk). || ||o Update random host scan (-iR) to support the latest IANA-allocated || ranges, thanks to patch by Chad Loder (cloder(a)loder.us). || ||o Updated GNU shtool (a helper program used during 'make install' to || version 2.0.2, which fixes a predictable temporary filename || weakness discovered by Eric Raymond. || ||o Removed addport element from XML DTD, since it is no longer used || (sugested by Lionel Cons (lionel.cons(a)cern.ch) || ||o Added new --privileged command-line option and NMAP_PRIVILEGED || environmental variable. Either of these tell Nmap to assume that || the user has full privileges to execute raw packet scans, OS || detection and the like. This can be useful when Linux kernel || capabilities or other systems are used that allow non-root users to || perform raw packet or ethernet frame manipulation. Without this || flag or variable set, Nmap bails on UNIX if geteuid() is || nonzero. || ||o Changed the RPM spec file so that if you define "static" to 1 (by || passing --define "static 1" to rpmbuild), static binaries are built. || ||o Fixed Nmap compilation on Solaris x86 thanks to a patch from Simon || Burr (simes(a)bpfh.net). || ||o ultra_scan() now sets pseudo-random ACK values (rather than 0) for || any TCP scans in which the initial probe packet has the ACK flag set. || This would be the ACK, Xmas, Maimon, and Window scans. || ||o Updated the Nmap version number, description, and similar fields || that MS Visual Studio places in the binary. This was done by editing || mswin32/nmap.rc as suggested by Chris Paget (chrisp () ngssoftware com) || ||o Fixed Nmap compilation on DragonFly BSD (and perhaps some other || systems) by applying a short patch by Joerg Sonnenberger which omits || the declaration of errno if it is a #define. || ||o Fixed an integer overflow that prevented Nmap from scanning || 2,147,483,648 hosts in one expression (e.g. 0.0.0.0/1). Problem || noted by Justin Cranford (jcranford(a)n-able.com). While /1 scans || are now possible, don't expect them to finish during your bathroom || break. No matter how constipated you are. || ||o Increased the buffer size allocated for fingerprints to prevent Nmap || from running out and quitting (error message: "Assertion || `servicefpalloc - servicefplen > 8' failed". Thanks to Mike Hatz || (mhatz(a)blackcat.com) for the report. [ Actually this was done in a || previous version, but I forgot which one ] || ||o Changed from CVS to Subversion source control system (which || rocks!). Neither repository is public (I'm paranoid because both CVS || and SVN have had remotely exploitable security holes), so the main || change users will see is that "Id" tags in file headers use the SVN || format for version numbering and such. || ||As always, you can download Nmap from ||http://www.insecure.org/nmap/nmap_download.html . The paranoid ||(smart) list members will check the cryptographic hashes and GPG ||signatures available from ||http://www.insecure.org/nmap/dist/sigs/?C=M&O=D . || ||Enjoy! And please let me know if you encounter any problems. || ||Cheers, ||Fyodor || || ||_______________________________________________ ||Sent through the nmap-hackers mailing list ||http://cgi.insecure.org/mailman/listinfo/nmap-hackers || || | | |_______________________________________________ |Sent through the nmap-dev mailing list |http://cgi.insecure.org/mailman/listinfo/nmap-dev | | _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- 3.90 won't compile on openbsd 3.6 Michael Hornung (Sep 08)
- Re: 3.90 won't compile on openbsd 3.6 Michael Hornung (Sep 08)
- Re: 3.90 won't compile on openbsd 3.6 Okan Demirmen (Sep 08)
- Re: 3.90 won't compile on openbsd 3.6 Fyodor (Sep 09)