Nmap Development mailing list archives
[NSE] ipOps.isPrivate new special use assignments, performance improvement, return value enhancement
From: jah <jah () zadkiel plus com>
Date: Mon, 12 Apr 2010 21:29:13 +0100
Hi folks, Attached is a patch for ipOps.lua which adds some special use IPv4 addresses to isPrivate which are described in RFC 5736 [1] and RFC 5737 [2], published in Jan 2010. These are: 192.0.0.0/24 RFC 5736 IETF Protocol Assignments 192.0.2.0/24 RFC 5737 TEST-NET-1 198.51.100.0/24 RFC 5737 TEST-NET-2 203.0.113.0/24 RFC 5737 TEST-NET-3 In addition, the patch adds: 198.18.0.0/15 RFC 2544 Network Interconnect Device Benchmark Testing 224.0.0/24 RFC 3171 Multicast Local Network Control Block 240.0.0.0/4 RFC 1112 Reserved for Future Use (assignment includes RFC 919 RFC 922 Limited Broadcast) None of these are 'Private Use' addresses as defined in RFC 1918, but neither are Loopback and Link Local addresses currently defined in isPrivate. Nevertheless, they're supposed to be non-routable over the public internet. I welcome any comments on whether they should or should not be included. I reckon we should rename isPrivate to something closer to its current function, such as isRoutable or isSpecialUse - maybe even keep isPrivate and just test for private use addresses. The patch also refactors the isPrivate tests for IPv4 addresses to use string.sub and string.match as much as possible instead of calling ip_in_range so much. The refactored code is two orders of magnitude faster than the existsing code. For one or two tests, this doesn't make much difference, but for 10000 tests of IPv4 addresses it amounts to nearly 30 seconds difference on my x86 machine. I've attached ipprivtest.nse which tests isPrivate by calling it a few times for each special use assignment and also performs a crude speed test: nmap -sn -Pn -n --script=ipprivtest.nse --script-args=n=10000 <any_target> Current ipOps: Host script results: | ipprivtest: Passed 51 of 65 test cases. Failures: | <snip - failures are for assignments not currently handled> |_Speed test: 10000 isPrivate calls in ~ 28.28 seconds. Patched ipOps: Host script results: | ipprivtest: Passed 65 of 65 test cases. |_Speed test: 10000 isPrivate calls in ~ 0.25 seconds. The final feature the patch would add is to complement the return value from isPrivate, when it is true, with a string representing the special use assignment that contains the tested address. So where it currently returns: bool true, nil it would instead return bool true, string <range> e.g. ipOps.isPrivate(192.168.1.1) => true, '192.168/16' The other return cases are unaffected: bool false, nil nil, err I have a use case for this enhancement: In ntp-monlist I want the script output to summarise the 'leaked' internal addresses and this feature allows a single call to isPrivate to both determine whether an IP is 'private' and to inform the caller what kind of 'private'. I think this may be generally useful. None of the included scripts using isPrivate (whois, asn-query) would be adversely affected by this change. Out of the three changes, I most want to see the speed improvement in the next nmap release. Best, jah [1] - http://tools.ietf.org/html/rfc5736 [2] - http://tools.ietf.org/html/rfc5737
Attachment:
ipOps.lua.patch
Description:
Attachment:
ipprivtest.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] ipOps.isPrivate new special use assignments, performance improvement, return value enhancement jah (Apr 12)