Jacek's status report - #2 of 16

[Jacek Wielemborek <wielemborekj1 () gmail com>]

Hi guys,

Below is my report for the week 2/16 of „Bringing Lua to Ncat” GSoC project:

Accomplishments:

* Done a lot of experimenting with git-svn. It took me three or four
days of pulling the whole SVN tree (due to some errors and mistakes –
for example, my Debian box segfaulted while trying to pull the SVN
repository– of course, while I was sleeping) with git-svn before I
found out it's better to just clone my nmap-exp branch.

* Talked with Patrick and bonsaiviking about my project – discussed,
among other things, NSE compability and potential issues that might
arise. The log is available here:
http://seclists.org/nmap-dev/2013/q2/440 ; also asked David for the
„Ncat magic” Patrick mentioned and got a bit of code from him.

* Sparked up a discussion on dev () nmap org about my project. I really
needed feedback and thanks to David I have a pretty good vision of how
exactly I am (or actually was) going to start my coding.

* Read whole Ncat's code and its user guide. I thought it'd give me
the best overview of what Ncat can or can't do. It took me a few
hours, but I'm pretty sure it'll pay off later on. I'll probably also
look at Lua/NBase/NSock code as well since I'll need some work to do
while taking the bus to my university (still got a bit of paperwork to
do there).

* Created a SecWiki page about Ncat-Lua. Gathered all the use cases
from the mailing list there. That took me a while, because apparently
I stumbled upon a bug in MediaWiki that held my registration.

* Wrote an initial implementation of --lua-exec according to David's
idea. Though I admit it's very little code, it actually took me about
three hours of coding. As an example of problems I encountered, I had
to figure out that luaopen_base() isn't enough to run my demo script
that silently crashed because it lacked the IO library (I could
probably use some better debugging facilities).

Priorities:

* Develop a working telnet negotiation demo. I believe it will be an
interesting challenge for the current --lua-exec implementation and I
can't wait to start writing the Websocket script!

* Fix the bug that leaves the child processes of Lua in the background
even after the client disconnects. During the testing it already ate
up 100% of my CPU time a few times (which I noticed because my CPU
temperature went up by 20 Celcius degrees).

* Keep discussing Ncat-Lua design and features. The current idea is
quite limiting (no way to share state between client connections,
decide on whether to accept connections or not or make additional
connections in the runtime) and it is yet to be decided whether it'll
be better if I add new functions on top of the current code or create
another prototype.

* Write some tests perhaps? I have a few ideas for automated test
scenarios that would demonstrate how the current implementation works
(or doesn't).

* Add Windows code? Although I definitely don't feel too happy about
it, I'm also convinced it's necessary to port the Lua functionality
sooner or later. My first attempts at cross-compiling Ncat with MinGW
failed, will probably need to work with Henri in order to figure out
how to build Nsock this way. Hopefully Wine will be enough to test the
builds.

...Of course some of (or all) the priorities could change if a better
design appeared. Feel free to comment them.

Yours,
Jacek Wielemborek
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/