Patch development advice: better xml output support

[Till Maas <opensource () till name>]

Hiyas,

I just starting writing some patches for a bette xml output support.
Currently the XML file breaks if nmap is interrupted or killed. I just
wrote a POC patch to run printfinaloutput() on SIGINT and SIGTERM.

But I would also like to enhance the nmap.dtd with a <interrupted> tag
that is used instead of the <finished> tag in case the scan did not
complete, to show this in XML. For this I want to pass an argument to
printfinaloutput. Do you prefer to use a charstring like "finished" or
"interrupted" or to use a int as boolean value or maybe usen enum or constant?

Also to sync the other outputs with the XML output, I would change the
"nmap done at..." line to "nmap finished at..." or "nmap interrupted
at...". How do you like this? It would break the stdout parsing, but
according to the documentation, this is not necessarly a bad thing.

The next enhancement to the dtd and xml output would be to add a
parameter to <nmaprun> that indicates that nmap resumed with a certain
host. E.g. <nmaprun ... resume_after="LAST_SCANNED"> or <nmaprun ...
resume_with="FIRST_TO_BE_SCANNED">. What's your opinion about this?

More far away is a patch to allow to resume using the XML file. I guess
it should be work at least as good as the current way, if just the
lastentry like
<address addr="137.226.139.32" addrtype="ipv4" />
is used to determine which host was scanned last. But I did not really
look into the code to do this.

Then another idea is to create a new tag like <nmaplog> that is the new
most outer xml tag used in the XML file. Then appending to the XML file
could be done as follows to ensure a valid xml file:
given xml file:
<?xml version="1.0" ?>
<?xml-stylesheet href="file:///usr/share/nmap/nmap.xsl"
type="text/xsl"?>
<nmaplog>
<!-- Nmap 5.00 scan initiated ..-->
<nmaprun ...>
...
</nmaprun ...>
</nmaplog>

- Now remove the last line (</nmaplog>)
- create only a new <nmaprun ...>
- in printfinaloutput end the log again with </nmaplog>
I hope it is clear what I mean. The downside of this would be to break
all current nmap XML parsers.

Last but not least: A kind of related problem is, that the sourcecode is not indented
according to the style guide in HACKING. There are several tabs included
at some lines. Do you mind to apply a patch to remove them? I would then
generate one before creating the other patches.

Please comment my ideas and I am happy to send patches. It was a
pleasure to look at the code. :-)

Regards
Till

Attachment: _bin
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/