Re: 3.90 won't compile on openbsd 3.6

[Michael Hornung <hornung () cac washington edu>]

Erm, 'configure' gave some warnings that might be related:

configure: WARNING: sys/sysctl.h: present but cannot be compiled
configure: WARNING: sys/sysctl.h:     check for missing prerequisite headers?
configure: WARNING: sys/sysctl.h: see the Autoconf documentation
configure: WARNING: sys/sysctl.h:     section "Present But Cannot Be Compiled"
configure: WARNING: sys/sysctl.h: proceeding with the preprocessor's result
configure: WARNING: sys/sysctl.h: in the future, the compiler will take precedence
configure: WARNING:     ## ------------------------------------------ ##
configure: WARNING:     ## Report this to the AC_PACKAGE_NAME lists.  ##
configure: WARNING:     ## ------------------------------------------ ##

...

configure: WARNING: net/if.h: present but cannot be compiled
configure: WARNING: net/if.h:     check for missing prerequisite headers?
configure: WARNING: net/if.h: see the Autoconf documentation
configure: WARNING: net/if.h:     section "Present But Cannot Be Compiled"
configure: WARNING: net/if.h: proceeding with the preprocessor's result
configure: WARNING: net/if.h: in the future, the compiler will take precedence
configure: WARNING:     ## ------------------------------------------ ##
configure: WARNING:     ## Report this to the AC_PACKAGE_NAME lists.  ##
configure: WARNING:     ## ------------------------------------------ ##

...

configure: WARNING: net/if_arp.h: present but cannot be compiled
configure: WARNING: net/if_arp.h:     check for missing prerequisite headers?
configure: WARNING: net/if_arp.h: see the Autoconf documentation
configure: WARNING: net/if_arp.h:     section "Present But Cannot Be Compiled"
configure: WARNING: net/if_arp.h: proceeding with the preprocessor's result
configure: WARNING: net/if_arp.h: in the future, the compiler will take precedence
configure: WARNING:     ## ------------------------------------------ ##
configure: WARNING:     ## Report this to the AC_PACKAGE_NAME lists.  ##
configure: WARNING:     ## ------------------------------------------ ##

...

configure: WARNING: net/pfvar.h: present but cannot be compiled
configure: WARNING: net/pfvar.h:     check for missing prerequisite headers?
configure: WARNING: net/pfvar.h: see the Autoconf documentation
configure: WARNING: net/pfvar.h:     section "Present But Cannot Be Compiled"
configure: WARNING: net/pfvar.h: proceeding with the preprocessor's result
configure: WARNING: net/pfvar.h: in the future, the compiler will take precedence
configure: WARNING:     ## ------------------------------------------ ##
configure: WARNING:     ## Report this to the AC_PACKAGE_NAME lists.  ##
configure: WARNING:     ## ------------------------------------------ ##

...

configure: WARNING: net/route.h: present but cannot be compiled
configure: WARNING: net/route.h:     check for missing prerequisite headers?
configure: WARNING: net/route.h: see the Autoconf documentation
configure: WARNING: net/route.h:     section "Present But Cannot Be Compiled"
configure: WARNING: net/route.h: proceeding with the preprocessor's result
configure: WARNING: net/route.h: in the future, the compiler will take precedence
configure: WARNING:     ## ------------------------------------------ ##
configure: WARNING:     ## Report this to the AC_PACKAGE_NAME lists.  ##
configure: WARNING:     ## ------------------------------------------ ##

...

configure: WARNING: netinet/in_var.h: present but cannot be compiled
configure: WARNING: netinet/in_var.h:     check for missing prerequisite headers?
configure: WARNING: netinet/in_var.h: see the Autoconf documentation
configure: WARNING: netinet/in_var.h:     section "Present But Cannot Be Compiled"
configure: WARNING: netinet/in_var.h: proceeding with the preprocessor's result
configure: WARNING: netinet/in_var.h: in the future, the compiler will take precedence
configure: WARNING:     ## ------------------------------------------ ##
configure: WARNING:     ## Report this to the AC_PACKAGE_NAME lists.  ##
configure: WARNING:     ## ------------------------------------------ ##


-Mike

On Thu, 8 Sep 2005 at 09:56, Michael Hornung wrote:

|It doesn't appear to compile cleanly on OpenBSD 3.6 (stable).  I ran 
|configure as:
|
|       ./configure --without-nmapfe --with-openssl=/usr/lib
|
|I got a bunch of warnings about redefinitions in the dnet headers, but the 
|real compile error seems to be:
|
|tcpip.cc: In function `char * readip_pcap(pcap_t *, unsigned int *, long 
|int, timeval *, link_header *)':
|tcpip.cc:1610: no match for `timeval & = bpf_timeval &'
|/usr/include/sys/time.h:47: candidates are: struct timeval & 
|timeval::operator = (const timeval &)
|tcpip.cc: In function `int read_arp_reply_pcap(pcap_t *, u8 *, in_addr *, 
|long int, timeval *)':
|tcpip.cc:1781: no match for `timeval & = bpf_timeval &'
|/usr/include/sys/time.h:47: candidates are: struct timeval & 
|timeval::operator = (const timeval &)
|gmake: *** [tcpip.o] Error 1
|
|Let me know if there's more I can send to be of value.
|
|-Mike
|
|On Thu, 8 Sep 2005 at 03:56, Fyodor wrote:
|
||Several anxious people have reminded me lately that it has been 7
||months since the last formal Nmap release (3.81).  While that is quite
||a stretch, I have been working non-stop and made some fundamental
||changes to Nmap that took a while to stabilize.  I have also
||integrated some work from the Google SoC students (and more is
||coming).  I am pleased to present the results in the form of Nmap
||3.90.  I think you'll find it worth the wait.  A version number
||increase of 0.09 may not sound like much, but ls indicates the true
||extent of changes:
||
||-rw-------  1 fyodor fyodor  7987200 Feb  7 05:41 nmap-3.81.tar
||-rw-------  1 fyodor fyodor 10608640 Sep  8 03:16 nmap-3.90.tar
||
||At a high level, changes include the ability to send and properly
||route raw ethernet frames, ARP scanning (for faster and more reliable
||local LAN host discovery), MAC address spoofing, enormous version
||detection and OS detection updates, dramatic Windows performance and
||stability improvements, 'l33t ASCII art, OS/hostname/device type
||detection via service fingerprinting, dozens of bug fixes and much
||more.  Linux binary RPMs are now available for x86_64 (AMD
||Athlon64/Opteron) and Windows users _must_ upgrade to WinPcap 3.1 from
||winpcap.org.
||
||We have now gone through and integrated all of your service detection
||fingerprint submissions and are ready to handle more.  So if Nmap
||spits out a service detection fingerprint and you are certain what is
||running, please submit it to the URL it gives you.  OS detection
||fingerprints aren't as important right now because we are considering
||major changes to that subsystem.
||
||Here are the details from the Changelog:
||
||o Added the ability for Nmap to send and properly route raw ethernet
||  packets cointaining IP datagrams rather than always sending the
||  packets via raw sockets. This is particularly useful for Windows,
||  since Microsoft has disabled raw socket support in XP for no good
||  reason.  Nmap tries to choose the best method at runtime based on
||  platform, though you can override it with the new --send_eth and
||  --send_ip options.
||
||o Added ARP scanning (-PR). Nmap can now send raw ethernet ARP requests to
||  determine whether hosts on a LAN are up, rather than relying on
||  higher-level IP packets (which can only be sent after a successful
||  ARP request and reply anyway).  This is much faster and more
||  reliable (not subject to IP-level firewalling) than IP-based probes.
||  The downside is that it only works when the target machine is on the
||  same LAN as the scanning machine.  It is now used automatically for
||  any hosts that are detected to be on a local ethernet network,
||  unless --send_ip was specified.  Example usage: nmap -sP -PR
||  192.168.0.0/16 .
||
||o Added the --spoof_mac option, which asks Nmap to use the given MAC
||  address for all of the raw ethernet frames it sends.  The MAC given
||  can take several formats.  If it is simply the string "0", Nmap
||  chooses a completely random MAC for the session.  If the given
||  string is an even number of hex digits (with the pairs optionally
||  separated by a colon), Nmap will use those as the MAC.  If less than
||  12 hex digits are provided, Nmap fills in the remainder of the 6
||  bytes with random values.  If the argument isn't a 0 or hex string,
||  Nmap looks through the nmap-mac-prefixes to find a vendor name
||  containing the given string (it is case insensitive).  If a match is
||  found, Nmap uses the vendor's OUI (3-byte prefix) and fills out the
||  remaining 3 bytes randomly.  Valid --spoof_mac argument examples are
||  "Apple", "0", "01:02:03:04:05:06", "deadbeefcafe", "0020F2", and
||  "Cisco".
||
||o Applied an enormous nmap-service-probes (version detection) update
||  from SoC student Doug Hoyte (doug(a)hcsw.org).  Version 3.81 had
||  1064 match lines covering 195 service protocols.  Now we have 2865
||  match lines covering 359 protocols!  So the database size has nearly
||  tripled!  This should make your -sV scans quicker and more
||  accurate.  Thanks also go to the (literally) thousands of you who
||  submitted service fingerprints.  Keep them coming!
||
||o Applied a massive OS fingerprint update from Zhao Lei
||  (zhaolei(a)gmail.com).  About 350 fingerprints were added, and many
||  more were updated.  Notable additions include Mac OS X 10.4 (Tiger),
||  OpenBSD 3.7, FreeBSD 5.4, Windows Server 2003 SP1, Sony AIBO (along
||  with a new "robotic pet" device type category), the latest Linux 2.6
||  kernels Cisco routers with IOS 12.4, a ton of VoIP devices, Tru64
||  UNIX 5.1B, new Fortinet firewalls, AIX 5.3, NetBSD 2.0, Nokia IPSO
||  3.8.X, and Solaris 10.  Of course there are also tons of new
||  broadband routers, printers, WAPs and pretty much any other device
||  you can coax an ethernet cable (or wireless card) into!
||
||o Added 'leet ASCII art to the confugrator!  ARTIST NOTE: If you think
||  the ASCII art sucks, feel free to send me alternatives.  Note that
||  only people compiling the UNIX source code get this. (ASCII artist
||  unknown).
||
||o Added OS, device type, and hostname detection using the service
||  detection framework.  Many services print a hostname, which may be
||  different than DNS.  The services often give more away as well.  If
||  Nmap detects IIS, it reports an OS family of "Windows".  If it sees
||  HP JetDirect telnetd, it reports a device type of "printer".  Rather
||  than try to combine TCP/IP stack fingerprinting and service OS
||  fingerprinting, they are both printed.  After all, they could
||  legitimately be different.  An IP that gives a stack fingerprint
||  match of "Linksys WRT54G broadband router" and a service fingerprint
||  of Windows based on Kazaa running is likely a common NAT setup rather
||  than an Nmap mistake.
||
||o Nmap on Windows now compiles/links with the new WinPcap 3.1
||  header/lib files. So please upgrade to 3.1 from
||  http://www.winpcap.org before installing this version of Nmap.
||  While older versions may still work, they aren't supported with Nmap.
||
||o The official Nmap RPM files are now compiled statically for better
||  compatability with other systems.  X86_64 (AMD Athlon64/Opteron)
||  binaries are now available in addition to the standard i386.  NmapFE
||  RPMs are no longer distributed by Insecure.Org.
||
||o Nmap distribution signing has changed. Release files are now signed
||  with a new Nmap Project GPG key (KeyID 6B9355D0).  Fyodor has also
||  generated a new key for himself (KeyID 33599B5F).  The Nmap key has
||  been signed by Fyodor's new key, which has been signed by Fyodor's
||  old key so that you know they are legit.  The new keys are available
||  at http://www.insecure.org/nmap/data/nmap_gpgkeys.txt , as
||  docs/nmap_gpgkeys.txt in the Nmap source tarball, and on the public
||  keyserver network.  Here are the fingerprints:
||    pub  1024D/33599B5F 2005-04-24
||         Key fingerprint = BB61 D057 C0D7 DCEF E730  996C 1AF6 EC50 3359 9B5F
||    uid  Fyodor <fyodor () insecure org>
||    sub  2048g/D3C2241C 2005-04-24
||
||    pub  1024D/6B9355D0 2005-04-24
||         Key fingerprint = 436D 66AB 9A79 8425 FDA0  E3F8 01AF 9F03 6B93 55D0
||    uid  Nmap Project Signing Key (http://www.insecure.org/)
||    sub  2048g/A50A6A94 2005-04-24
||
||o Fixed a crash problem related to non-portable varargs (vsnprintf)
||  usage. Reports of this crash came from Alan William Somers
||  (somers(a)its.caltech.edu) and Christophe (chris.branch(a)gmx.de).
||  This patch was prevalent on Linux boxes running an Opteron/Athlon64
||  CPU in 64-bit mode.
||
||o Fixed crash when Nmap is compiled using gcc 4.X by adding the
||  --fno-strict-aliasing option when that compiler is detected.  Thanks
||  to Greg Darke (starstuff(a)optusnet.com.au) for discovering that
||  this option fixes (hides) the problem and to Duilio J. Protti
||  (dprotti(a)flowgate.net) for writing the configure patch to detect
||  gcc 4 and add the option.  A better fix is to identify and rewrite
||  lines that violate C99 alias rules, and we are looking into that.
||
||o Added "rarity" feature to Nmap version detection.  This causes
||  obscure probes to be skipped when they are unlikely to help.  Each
||  probe now has a "rarity" value.  Probes that detect dozens of
||  services such as GenericLines and GetRequest have rarity values of
||  1, while the WWWOFFLEctrlstat and mydoom probes have a rarity of 9.
||  When interrogating a port, Nmap always tries probes registered to
||  that port number.  So even WWWOFFLEctrlstat will be tried against
||  port 8081 and mydoom will be tried against open ports between 3127
||  and 3198.  If none of the registered ports find a match, Nmap tries
||  probes that have a rarity less than or equal to its current
||  intensity level.  The intensity level defaults to 7 (so that most of
||  the probes are done).  You can set the intensity level with the new
||  --version_intensity option.  Alternatively, you can just use
||  --version_light or --version_all which set the intensity to 2 (only
||  try the most important probes and ones registered to the port
||  number) and 9 (try all probes), respectively.  --version_light is
||  much faster than default version detection, but also a bit less
||  likely to find a match.  This feature was designed and implemented
||  by Doug Hoyte (doug(a)hcsw.org).
||
||o Added a "fallback" feature to the nmap-service-probes database.
||  This allows a probe to "inherit" match lines from other probes.  It
||  is currently only used for the HTTPOptions, RTSPRequest, and
||  SSLSessionReq probes to inherit all of the match lines from
||  GetRequest.  Some servers don't respond to the Nmap GetRequest (for
||  example because it doesn't include a Host: line) but they do respond
||  to some of those other 3 probes in ways that GetRequest match lines
||  are general enough to match.  The fallback construct allows us to
||  benefit from these matches without repeating hundreds of signatures
||  in the file.  This is another feature designed and implemented
||  by Doug Hoyte (doug(a)hcsw.org).
||
||o Fixed crash with certain --excludefile or
||  --exclude arguments.  Thanks to Kurt Grutzmacher
||  (grutz(a)jingojango.net) and pijn trein (ptrein(a)gmail.com) for
||  reporting the problem, and to Duilio J. Protti
||  (dprotti(a)flowgate.net) for debugging the issue and sending the
||  patch.
||
||o Updated random scan (ip_is_reserved()) to reflect the latest IANA
||  assignments.  This patch was sent in by Felix Groebert
||  (felix(a)groebert.org).
||
||o Included new Russian man page translation by
||  locco_bozi(a)Safe-mail.net
||
||o Applied pach from Steve Martin (smartin(a)stillsecure.com) which
||  standardizes many OS names and corrects typos in nmap-os-fingerprints.
||
||o Fixed a crash found during certain UDP version scans.  The crash was
||  discovered and reported by Ron (iago(a)valhallalegends.com) and fixed
||  by Doug Hoyte (doug(a)hcsw.com).
||
||o Added --iflist argument which prints a list of system interfaces and
||  routes detected by Nmap.
||
||o Fixed a protocol scan (-sO) problem which led to the error message:
||  "Error compiling our pcap filter: syntax error".  Thanks to Michel
||  Arboi (michel(a)arboi.fr.eu.org) for reporting the problem.
||
||o Fixed an Nmap version detection crash on Windows which led to the
||  error message "Unexpected error in NSE_TYPE_READ callback.  Error
||  code: 10053 (Unknown error)".  Thanks to Srivatsan
||  (srivatsanp(a)adventnet.com) for reporting the problem.
||
||o Fixed some misspellings in docs/nmap.xml reported by Tom Sellers
||  (TSellers(a)trustmark.com).
||
||o Applied some changes from  Gisle Vanem (giva(a)bgnett.no) to make
||  Nmap compile with Cygwin.
||
||o XML "osmatch" element now has a "line" attribute giving the
||  reference fingerprint line number in nmap-os-fingerprints.
||
||o Added a distcc probes and a bunch of smtp matches from Dirk Mueller
||  (mueller(a)kde.org) to nmap-service-probes.  Also added AFS version
||  probe and matches from Lionel Cons (lionel.cons(a)cern.ch).  And
||  even more probes and matches from Martin Macok
||  (martin.macok(a)underground.cz)
||
||o Fixed a problem where Nmap compilation would use header files from
||  the libpcap included with Nmap even when it was linking to a system
||  libpcap.  Thanks to Solar Designer (solar(a)openwall.com) and Okan
||  Demirmen (okan(a)demirmen.com) for reporting the problem.
||
||o Added configure option --with-libpcap=included to tell Nmap to use
||  the version of libpcap it ships with rather than any that may already be
||  installed on the system.  You can still use --with-libpcap=[dir] to
||  specify that a system libpcap be installed rather than the shipped
||  one.  By default, Nmap looks at both and decides which one is likely
||  to work best.  If you are having problems on Solaris, try
||  --with-libpcap=included .
||
||o Changed the --no-stylesheet option to --no_stylesheet to be
||  consistant with all of the other Nmap options.  Though I'm starting to
||  like hyphens a bit better than underscores and may change all of the
||  options to use hyphens instad at some point.
||
||o Added "Exclude" directive to nmap-service-probes grammar which
||  causes version detection to skip listed ports.  This is helpful for
||  ports such as 9100.  Some printers simply print any data sent to
||  that port, leading to pages of HTTP requests, SMB queries, X Windows
||  probes, etc.  If you really want to scan all ports, specify
||  --allports.  This patch came from Doug Hoyte (doug(a)hcsw.org).
||
||o Added a stripped-down and heavily modified version of Dug Song's
||  libdnet networking library (v. 1.10).  This helps with the new raw
||  ethernet features.  My (extensive) changes are described in
||  libdnet-stripped/NMAP_MODIFICATIONS
||
||o Removed WinIP library (and all Windows raw sockets code) since MS
||  has gone and broken raw sockets.  Maybe packet receipt via raw
||  sockets will come back at some point.  As part of this removal, the
||  Windows-specific --win_help, --win_list_interfaces, --win_norawsock,
||  --win_forcerawsock, --win_nopcap, --win_nt4route, --win_noiphlpapi,
||  and --win_trace options have been removed.
||
||o Chagned the interesting ports array from a 65K-member array of
||  pointers into an STL list.  This noticeable reduces memory usage in
||  some cases, and should also give a slight runtime performance
||  boost. This patch was written by Paul Tarjan (ptarjan(a)gmail.com).
||
||o Removed the BSDFIX/BSDUFIX macros.  The underlying bug in
||  FreeBSD/NetBSD is still there though.  When an IP packet is sent
||  through a raw socket, these platforms require the total length and
||  fragmentation offset fields of an IP packet to be in host byte order
||  rather than network byte order, even though all the other fields
||  must be in NBO.  I believe that OpenBSD fixed this a while back.
||  Other platforms, such as Linux, Solaris, Mac OS X, and Windows take
||  all of the fields in network byte order.  While I removed the macro,
||  I still do the munging where required so that Nmap still works on
||  FreeBSD.
||
||o Integrated many nmap-service-probes changes from Bo Jiang
||  (jiangbo(a)brandeis.edu)
||
||o Added a bunch of RPC numbers from nmap-rpc maintainer Eilon Gishri
||  (eilon(a)aristo.tau.ac.il)
||
||o Added some new RPC services to nmap-rpc thanks to a patch from
||  vlad902 (vlad902(a)gmail.com).
||
||o Fixed a bug where Nmap would quit on Windows whenever it encountered
||  a raw scan of localhost (including the local ethernet interface
||  address), even when that was just one address out of a whole network
||  being scanned.  Now Nmap just warns that it is skipping raw scans when
||  it encounters the local IP, but continues on to scan the rest of the
||  network.  Raw scans do not currently work against local IP addresses
||  because Winpcap doesn't support reading/writing localhost interfaces
||  due to limitations of Windows.
||
||o The OS fingerprint is now provided in XML output if debugging is
||  enabled (-d) or verbosity is at least 2 (-v -v).  This patch was
||  sent by Okan Demirmen (okan(a)demirmen.com)
||
||o Fixed the way tcp connect scan (-sT) respons to ICMP network
||  unreachable responses (patch by Richard Moore
||  (rich(a)westpoint.ltd.uk).
||
||o Update random host scan (-iR) to support the latest IANA-allocated
||  ranges, thanks to patch by Chad Loder (cloder(a)loder.us).
||
||o Updated GNU shtool (a helper program used during 'make install' to
||  version 2.0.2, which fixes a predictable temporary filename
||  weakness discovered by Eric Raymond.
||
||o Removed addport element from XML DTD, since it is no longer used
||  (sugested by Lionel Cons (lionel.cons(a)cern.ch)
||
||o Added new --privileged command-line option and NMAP_PRIVILEGED
||  environmental variable.  Either of these tell Nmap to assume that
||  the user has full privileges to execute raw packet scans, OS
||  detection and the like.  This can be useful when Linux kernel
||  capabilities or other systems are used that allow non-root users to
||  perform raw packet or ethernet frame manipulation.  Without this
||  flag or variable set, Nmap bails on UNIX if geteuid() is
||  nonzero.
||
||o Changed the RPM spec file so that if you define "static" to 1 (by
||  passing --define "static 1" to rpmbuild), static binaries are built.
||
||o Fixed Nmap compilation on Solaris x86 thanks to a patch from Simon
||  Burr (simes(a)bpfh.net).
||
||o ultra_scan() now sets pseudo-random ACK values (rather than 0) for
||  any TCP scans in which the initial probe packet has the ACK flag set.
||  This would be the ACK, Xmas, Maimon, and Window scans.
||
||o Updated the Nmap version number, description, and similar fields
||  that MS Visual Studio places in the binary.  This was done by editing
||  mswin32/nmap.rc as suggested by Chris Paget (chrisp () ngssoftware com)
||
||o Fixed Nmap compilation on DragonFly BSD (and perhaps some other
||  systems) by applying a short patch by Joerg Sonnenberger which omits
||  the declaration of errno if it is a #define.
||
||o Fixed an integer overflow that prevented Nmap from scanning
||  2,147,483,648 hosts in one expression (e.g. 0.0.0.0/1).  Problem
||  noted by Justin Cranford (jcranford(a)n-able.com).  While /1 scans
||  are now possible, don't expect them to finish during your bathroom
||  break.  No matter how constipated you are.
||
||o Increased the buffer size allocated for fingerprints to prevent Nmap
||  from running out and quitting (error message: "Assertion
||  `servicefpalloc - servicefplen > 8' failed".  Thanks to Mike Hatz
||  (mhatz(a)blackcat.com) for the report. [ Actually this was done in a
||  previous version, but I forgot which one ]
||
||o Changed from CVS to Subversion source control system (which
||  rocks!). Neither repository is public (I'm paranoid because both CVS
||  and SVN have had remotely exploitable security holes), so the main
||  change users will see is that "Id" tags in file headers use the SVN
||  format for version numbering and such.
||
||As always, you can download Nmap from
||http://www.insecure.org/nmap/nmap_download.html . The paranoid
||(smart) list members will check the cryptographic hashes and GPG
||signatures available from
||http://www.insecure.org/nmap/dist/sigs/?C=M&O=D .
||
||Enjoy!  And please let me know if you encounter any problems.
||
||Cheers,
||Fyodor 
||
||
||_______________________________________________
||Sent through the nmap-hackers mailing list
||http://cgi.insecure.org/mailman/listinfo/nmap-hackers
||
||
|
|
|_______________________________________________
|Sent through the nmap-dev mailing list
|http://cgi.insecure.org/mailman/listinfo/nmap-dev
|
|


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev