3.90 won't compile on openbsd 3.6

[Michael Hornung <hornung () cac washington edu>]

It doesn't appear to compile cleanly on OpenBSD 3.6 (stable).  I ran 
configure as:

        ./configure --without-nmapfe --with-openssl=/usr/lib

I got a bunch of warnings about redefinitions in the dnet headers, but the 
real compile error seems to be:

tcpip.cc: In function `char * readip_pcap(pcap_t *, unsigned int *, long 
int, timeval *, link_header *)':
tcpip.cc:1610: no match for `timeval & = bpf_timeval &'
/usr/include/sys/time.h:47: candidates are: struct timeval & 
timeval::operator = (const timeval &)
tcpip.cc: In function `int read_arp_reply_pcap(pcap_t *, u8 *, in_addr *, 
long int, timeval *)':
tcpip.cc:1781: no match for `timeval & = bpf_timeval &'
/usr/include/sys/time.h:47: candidates are: struct timeval & 
timeval::operator = (const timeval &)
gmake: *** [tcpip.o] Error 1

Let me know if there's more I can send to be of value.

-Mike

On Thu, 8 Sep 2005 at 03:56, Fyodor wrote:

|Several anxious people have reminded me lately that it has been 7
|months since the last formal Nmap release (3.81).  While that is quite
|a stretch, I have been working non-stop and made some fundamental
|changes to Nmap that took a while to stabilize.  I have also
|integrated some work from the Google SoC students (and more is
|coming).  I am pleased to present the results in the form of Nmap
|3.90.  I think you'll find it worth the wait.  A version number
|increase of 0.09 may not sound like much, but ls indicates the true
|extent of changes:
|
|-rw-------  1 fyodor fyodor  7987200 Feb  7 05:41 nmap-3.81.tar
|-rw-------  1 fyodor fyodor 10608640 Sep  8 03:16 nmap-3.90.tar
|
|At a high level, changes include the ability to send and properly
|route raw ethernet frames, ARP scanning (for faster and more reliable
|local LAN host discovery), MAC address spoofing, enormous version
|detection and OS detection updates, dramatic Windows performance and
|stability improvements, 'l33t ASCII art, OS/hostname/device type
|detection via service fingerprinting, dozens of bug fixes and much
|more.  Linux binary RPMs are now available for x86_64 (AMD
|Athlon64/Opteron) and Windows users _must_ upgrade to WinPcap 3.1 from
|winpcap.org.
|
|We have now gone through and integrated all of your service detection
|fingerprint submissions and are ready to handle more.  So if Nmap
|spits out a service detection fingerprint and you are certain what is
|running, please submit it to the URL it gives you.  OS detection
|fingerprints aren't as important right now because we are considering
|major changes to that subsystem.
|
|Here are the details from the Changelog:
|
|o Added the ability for Nmap to send and properly route raw ethernet
|  packets cointaining IP datagrams rather than always sending the
|  packets via raw sockets. This is particularly useful for Windows,
|  since Microsoft has disabled raw socket support in XP for no good
|  reason.  Nmap tries to choose the best method at runtime based on
|  platform, though you can override it with the new --send_eth and
|  --send_ip options.
|
|o Added ARP scanning (-PR). Nmap can now send raw ethernet ARP requests to
|  determine whether hosts on a LAN are up, rather than relying on
|  higher-level IP packets (which can only be sent after a successful
|  ARP request and reply anyway).  This is much faster and more
|  reliable (not subject to IP-level firewalling) than IP-based probes.
|  The downside is that it only works when the target machine is on the
|  same LAN as the scanning machine.  It is now used automatically for
|  any hosts that are detected to be on a local ethernet network,
|  unless --send_ip was specified.  Example usage: nmap -sP -PR
|  192.168.0.0/16 .
|
|o Added the --spoof_mac option, which asks Nmap to use the given MAC
|  address for all of the raw ethernet frames it sends.  The MAC given
|  can take several formats.  If it is simply the string "0", Nmap
|  chooses a completely random MAC for the session.  If the given
|  string is an even number of hex digits (with the pairs optionally
|  separated by a colon), Nmap will use those as the MAC.  If less than
|  12 hex digits are provided, Nmap fills in the remainder of the 6
|  bytes with random values.  If the argument isn't a 0 or hex string,
|  Nmap looks through the nmap-mac-prefixes to find a vendor name
|  containing the given string (it is case insensitive).  If a match is
|  found, Nmap uses the vendor's OUI (3-byte prefix) and fills out the
|  remaining 3 bytes randomly.  Valid --spoof_mac argument examples are
|  "Apple", "0", "01:02:03:04:05:06", "deadbeefcafe", "0020F2", and
|  "Cisco".
|
|o Applied an enormous nmap-service-probes (version detection) update
|  from SoC student Doug Hoyte (doug(a)hcsw.org).  Version 3.81 had
|  1064 match lines covering 195 service protocols.  Now we have 2865
|  match lines covering 359 protocols!  So the database size has nearly
|  tripled!  This should make your -sV scans quicker and more
|  accurate.  Thanks also go to the (literally) thousands of you who
|  submitted service fingerprints.  Keep them coming!
|
|o Applied a massive OS fingerprint update from Zhao Lei
|  (zhaolei(a)gmail.com).  About 350 fingerprints were added, and many
|  more were updated.  Notable additions include Mac OS X 10.4 (Tiger),
|  OpenBSD 3.7, FreeBSD 5.4, Windows Server 2003 SP1, Sony AIBO (along
|  with a new "robotic pet" device type category), the latest Linux 2.6
|  kernels Cisco routers with IOS 12.4, a ton of VoIP devices, Tru64
|  UNIX 5.1B, new Fortinet firewalls, AIX 5.3, NetBSD 2.0, Nokia IPSO
|  3.8.X, and Solaris 10.  Of course there are also tons of new
|  broadband routers, printers, WAPs and pretty much any other device
|  you can coax an ethernet cable (or wireless card) into!
|
|o Added 'leet ASCII art to the confugrator!  ARTIST NOTE: If you think
|  the ASCII art sucks, feel free to send me alternatives.  Note that
|  only people compiling the UNIX source code get this. (ASCII artist
|  unknown).
|
|o Added OS, device type, and hostname detection using the service
|  detection framework.  Many services print a hostname, which may be
|  different than DNS.  The services often give more away as well.  If
|  Nmap detects IIS, it reports an OS family of "Windows".  If it sees
|  HP JetDirect telnetd, it reports a device type of "printer".  Rather
|  than try to combine TCP/IP stack fingerprinting and service OS
|  fingerprinting, they are both printed.  After all, they could
|  legitimately be different.  An IP that gives a stack fingerprint
|  match of "Linksys WRT54G broadband router" and a service fingerprint
|  of Windows based on Kazaa running is likely a common NAT setup rather
|  than an Nmap mistake.
|
|o Nmap on Windows now compiles/links with the new WinPcap 3.1
|  header/lib files. So please upgrade to 3.1 from
|  http://www.winpcap.org before installing this version of Nmap.
|  While older versions may still work, they aren't supported with Nmap.
|
|o The official Nmap RPM files are now compiled statically for better
|  compatability with other systems.  X86_64 (AMD Athlon64/Opteron)
|  binaries are now available in addition to the standard i386.  NmapFE
|  RPMs are no longer distributed by Insecure.Org.
|
|o Nmap distribution signing has changed. Release files are now signed
|  with a new Nmap Project GPG key (KeyID 6B9355D0).  Fyodor has also
|  generated a new key for himself (KeyID 33599B5F).  The Nmap key has
|  been signed by Fyodor's new key, which has been signed by Fyodor's
|  old key so that you know they are legit.  The new keys are available
|  at http://www.insecure.org/nmap/data/nmap_gpgkeys.txt , as
|  docs/nmap_gpgkeys.txt in the Nmap source tarball, and on the public
|  keyserver network.  Here are the fingerprints:
|    pub  1024D/33599B5F 2005-04-24
|         Key fingerprint = BB61 D057 C0D7 DCEF E730  996C 1AF6 EC50 3359 9B5F
|    uid  Fyodor <fyodor () insecure org>
|    sub  2048g/D3C2241C 2005-04-24
|
|    pub  1024D/6B9355D0 2005-04-24
|         Key fingerprint = 436D 66AB 9A79 8425 FDA0  E3F8 01AF 9F03 6B93 55D0
|    uid  Nmap Project Signing Key (http://www.insecure.org/)
|    sub  2048g/A50A6A94 2005-04-24
|
|o Fixed a crash problem related to non-portable varargs (vsnprintf)
|  usage. Reports of this crash came from Alan William Somers
|  (somers(a)its.caltech.edu) and Christophe (chris.branch(a)gmx.de).
|  This patch was prevalent on Linux boxes running an Opteron/Athlon64
|  CPU in 64-bit mode.
|
|o Fixed crash when Nmap is compiled using gcc 4.X by adding the
|  --fno-strict-aliasing option when that compiler is detected.  Thanks
|  to Greg Darke (starstuff(a)optusnet.com.au) for discovering that
|  this option fixes (hides) the problem and to Duilio J. Protti
|  (dprotti(a)flowgate.net) for writing the configure patch to detect
|  gcc 4 and add the option.  A better fix is to identify and rewrite
|  lines that violate C99 alias rules, and we are looking into that.
|
|o Added "rarity" feature to Nmap version detection.  This causes
|  obscure probes to be skipped when they are unlikely to help.  Each
|  probe now has a "rarity" value.  Probes that detect dozens of
|  services such as GenericLines and GetRequest have rarity values of
|  1, while the WWWOFFLEctrlstat and mydoom probes have a rarity of 9.
|  When interrogating a port, Nmap always tries probes registered to
|  that port number.  So even WWWOFFLEctrlstat will be tried against
|  port 8081 and mydoom will be tried against open ports between 3127
|  and 3198.  If none of the registered ports find a match, Nmap tries
|  probes that have a rarity less than or equal to its current
|  intensity level.  The intensity level defaults to 7 (so that most of
|  the probes are done).  You can set the intensity level with the new
|  --version_intensity option.  Alternatively, you can just use
|  --version_light or --version_all which set the intensity to 2 (only
|  try the most important probes and ones registered to the port
|  number) and 9 (try all probes), respectively.  --version_light is
|  much faster than default version detection, but also a bit less
|  likely to find a match.  This feature was designed and implemented
|  by Doug Hoyte (doug(a)hcsw.org).
|
|o Added a "fallback" feature to the nmap-service-probes database.
|  This allows a probe to "inherit" match lines from other probes.  It
|  is currently only used for the HTTPOptions, RTSPRequest, and
|  SSLSessionReq probes to inherit all of the match lines from
|  GetRequest.  Some servers don't respond to the Nmap GetRequest (for
|  example because it doesn't include a Host: line) but they do respond
|  to some of those other 3 probes in ways that GetRequest match lines
|  are general enough to match.  The fallback construct allows us to
|  benefit from these matches without repeating hundreds of signatures
|  in the file.  This is another feature designed and implemented
|  by Doug Hoyte (doug(a)hcsw.org).
|
|o Fixed crash with certain --excludefile or
|  --exclude arguments.  Thanks to Kurt Grutzmacher
|  (grutz(a)jingojango.net) and pijn trein (ptrein(a)gmail.com) for
|  reporting the problem, and to Duilio J. Protti
|  (dprotti(a)flowgate.net) for debugging the issue and sending the
|  patch.
|
|o Updated random scan (ip_is_reserved()) to reflect the latest IANA
|  assignments.  This patch was sent in by Felix Groebert
|  (felix(a)groebert.org).
|
|o Included new Russian man page translation by
|  locco_bozi(a)Safe-mail.net
|
|o Applied pach from Steve Martin (smartin(a)stillsecure.com) which
|  standardizes many OS names and corrects typos in nmap-os-fingerprints.
|
|o Fixed a crash found during certain UDP version scans.  The crash was
|  discovered and reported by Ron (iago(a)valhallalegends.com) and fixed
|  by Doug Hoyte (doug(a)hcsw.com).
|
|o Added --iflist argument which prints a list of system interfaces and
|  routes detected by Nmap.
|
|o Fixed a protocol scan (-sO) problem which led to the error message:
|  "Error compiling our pcap filter: syntax error".  Thanks to Michel
|  Arboi (michel(a)arboi.fr.eu.org) for reporting the problem.
|
|o Fixed an Nmap version detection crash on Windows which led to the
|  error message "Unexpected error in NSE_TYPE_READ callback.  Error
|  code: 10053 (Unknown error)".  Thanks to Srivatsan
|  (srivatsanp(a)adventnet.com) for reporting the problem.
|
|o Fixed some misspellings in docs/nmap.xml reported by Tom Sellers
|  (TSellers(a)trustmark.com).
|
|o Applied some changes from  Gisle Vanem (giva(a)bgnett.no) to make
|  Nmap compile with Cygwin.
|
|o XML "osmatch" element now has a "line" attribute giving the
|  reference fingerprint line number in nmap-os-fingerprints.
|
|o Added a distcc probes and a bunch of smtp matches from Dirk Mueller
|  (mueller(a)kde.org) to nmap-service-probes.  Also added AFS version
|  probe and matches from Lionel Cons (lionel.cons(a)cern.ch).  And
|  even more probes and matches from Martin Macok
|  (martin.macok(a)underground.cz)
|
|o Fixed a problem where Nmap compilation would use header files from
|  the libpcap included with Nmap even when it was linking to a system
|  libpcap.  Thanks to Solar Designer (solar(a)openwall.com) and Okan
|  Demirmen (okan(a)demirmen.com) for reporting the problem.
|
|o Added configure option --with-libpcap=included to tell Nmap to use
|  the version of libpcap it ships with rather than any that may already be
|  installed on the system.  You can still use --with-libpcap=[dir] to
|  specify that a system libpcap be installed rather than the shipped
|  one.  By default, Nmap looks at both and decides which one is likely
|  to work best.  If you are having problems on Solaris, try
|  --with-libpcap=included .
|
|o Changed the --no-stylesheet option to --no_stylesheet to be
|  consistant with all of the other Nmap options.  Though I'm starting to
|  like hyphens a bit better than underscores and may change all of the
|  options to use hyphens instad at some point.
|
|o Added "Exclude" directive to nmap-service-probes grammar which
|  causes version detection to skip listed ports.  This is helpful for
|  ports such as 9100.  Some printers simply print any data sent to
|  that port, leading to pages of HTTP requests, SMB queries, X Windows
|  probes, etc.  If you really want to scan all ports, specify
|  --allports.  This patch came from Doug Hoyte (doug(a)hcsw.org).
|
|o Added a stripped-down and heavily modified version of Dug Song's
|  libdnet networking library (v. 1.10).  This helps with the new raw
|  ethernet features.  My (extensive) changes are described in
|  libdnet-stripped/NMAP_MODIFICATIONS
|
|o Removed WinIP library (and all Windows raw sockets code) since MS
|  has gone and broken raw sockets.  Maybe packet receipt via raw
|  sockets will come back at some point.  As part of this removal, the
|  Windows-specific --win_help, --win_list_interfaces, --win_norawsock,
|  --win_forcerawsock, --win_nopcap, --win_nt4route, --win_noiphlpapi,
|  and --win_trace options have been removed.
|
|o Chagned the interesting ports array from a 65K-member array of
|  pointers into an STL list.  This noticeable reduces memory usage in
|  some cases, and should also give a slight runtime performance
|  boost. This patch was written by Paul Tarjan (ptarjan(a)gmail.com).
|
|o Removed the BSDFIX/BSDUFIX macros.  The underlying bug in
|  FreeBSD/NetBSD is still there though.  When an IP packet is sent
|  through a raw socket, these platforms require the total length and
|  fragmentation offset fields of an IP packet to be in host byte order
|  rather than network byte order, even though all the other fields
|  must be in NBO.  I believe that OpenBSD fixed this a while back.
|  Other platforms, such as Linux, Solaris, Mac OS X, and Windows take
|  all of the fields in network byte order.  While I removed the macro,
|  I still do the munging where required so that Nmap still works on
|  FreeBSD.
|
|o Integrated many nmap-service-probes changes from Bo Jiang
|  (jiangbo(a)brandeis.edu)
|
|o Added a bunch of RPC numbers from nmap-rpc maintainer Eilon Gishri
|  (eilon(a)aristo.tau.ac.il)
|
|o Added some new RPC services to nmap-rpc thanks to a patch from
|  vlad902 (vlad902(a)gmail.com).
|
|o Fixed a bug where Nmap would quit on Windows whenever it encountered
|  a raw scan of localhost (including the local ethernet interface
|  address), even when that was just one address out of a whole network
|  being scanned.  Now Nmap just warns that it is skipping raw scans when
|  it encounters the local IP, but continues on to scan the rest of the
|  network.  Raw scans do not currently work against local IP addresses
|  because Winpcap doesn't support reading/writing localhost interfaces
|  due to limitations of Windows.
|
|o The OS fingerprint is now provided in XML output if debugging is
|  enabled (-d) or verbosity is at least 2 (-v -v).  This patch was
|  sent by Okan Demirmen (okan(a)demirmen.com)
|
|o Fixed the way tcp connect scan (-sT) respons to ICMP network
|  unreachable responses (patch by Richard Moore
|  (rich(a)westpoint.ltd.uk).
|
|o Update random host scan (-iR) to support the latest IANA-allocated
|  ranges, thanks to patch by Chad Loder (cloder(a)loder.us).
|
|o Updated GNU shtool (a helper program used during 'make install' to
|  version 2.0.2, which fixes a predictable temporary filename
|  weakness discovered by Eric Raymond.
|
|o Removed addport element from XML DTD, since it is no longer used
|  (sugested by Lionel Cons (lionel.cons(a)cern.ch)
|
|o Added new --privileged command-line option and NMAP_PRIVILEGED
|  environmental variable.  Either of these tell Nmap to assume that
|  the user has full privileges to execute raw packet scans, OS
|  detection and the like.  This can be useful when Linux kernel
|  capabilities or other systems are used that allow non-root users to
|  perform raw packet or ethernet frame manipulation.  Without this
|  flag or variable set, Nmap bails on UNIX if geteuid() is
|  nonzero.
|
|o Changed the RPM spec file so that if you define "static" to 1 (by
|  passing --define "static 1" to rpmbuild), static binaries are built.
|
|o Fixed Nmap compilation on Solaris x86 thanks to a patch from Simon
|  Burr (simes(a)bpfh.net).
|
|o ultra_scan() now sets pseudo-random ACK values (rather than 0) for
|  any TCP scans in which the initial probe packet has the ACK flag set.
|  This would be the ACK, Xmas, Maimon, and Window scans.
|
|o Updated the Nmap version number, description, and similar fields
|  that MS Visual Studio places in the binary.  This was done by editing
|  mswin32/nmap.rc as suggested by Chris Paget (chrisp () ngssoftware com)
|
|o Fixed Nmap compilation on DragonFly BSD (and perhaps some other
|  systems) by applying a short patch by Joerg Sonnenberger which omits
|  the declaration of errno if it is a #define.
|
|o Fixed an integer overflow that prevented Nmap from scanning
|  2,147,483,648 hosts in one expression (e.g. 0.0.0.0/1).  Problem
|  noted by Justin Cranford (jcranford(a)n-able.com).  While /1 scans
|  are now possible, don't expect them to finish during your bathroom
|  break.  No matter how constipated you are.
|
|o Increased the buffer size allocated for fingerprints to prevent Nmap
|  from running out and quitting (error message: "Assertion
|  `servicefpalloc - servicefplen > 8' failed".  Thanks to Mike Hatz
|  (mhatz(a)blackcat.com) for the report. [ Actually this was done in a
|  previous version, but I forgot which one ]
|
|o Changed from CVS to Subversion source control system (which
|  rocks!). Neither repository is public (I'm paranoid because both CVS
|  and SVN have had remotely exploitable security holes), so the main
|  change users will see is that "Id" tags in file headers use the SVN
|  format for version numbering and such.
|
|As always, you can download Nmap from
|http://www.insecure.org/nmap/nmap_download.html . The paranoid
|(smart) list members will check the cryptographic hashes and GPG
|signatures available from
|http://www.insecure.org/nmap/dist/sigs/?C=M&O=D .
|
|Enjoy!  And please let me know if you encounter any problems.
|
|Cheers,
|Fyodor 
|
|
|_______________________________________________
|Sent through the nmap-hackers mailing list
|http://cgi.insecure.org/mailman/listinfo/nmap-hackers
|
|


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev