Re: [nmap-svn] r21603 - nmap/todo

[David Fifield <david () bamsoftware com>]

(I meant to send this a few days ago but mistyped the address.)

On Mon, Jan 10, 2011 at 02:13:18PM -0800, Fyodor wrote:
> On Sun, Jan 09, 2011 at 08:54:15PM -0800, David Fifield wrote:
> > On Tue, Jan 04, 2011 at 06:11:52PM -0800, commit-mailer () insecure org wrote:
> > > +o A trivial change: we currently print some lines about NSE
> > > +  pre-scanning and post-scanning in verbose mode even when no such
> > > +  scripts are being run.  We should not print those in that case.  For
> > > +  example, nmap -A -v scanme.nmap.org gives me these superfluous lines:
> > > +  NSE: Starting runlevel 1 (of 2) scan.
> > > +  Initiating NSE at 18:09
> > > +  NSE: Script Pre-scanning.
> > > +  Completed NSE at 18:09, 0.00s elapsed
> > > +  NSE: Starting runlevel 2 (of 2) scan.
> > > +  Initiating NSE at 18:09
> > > +  NSE: Script Pre-scanning.
> > > +  Completed NSE at 18:09, 0.00s elapsed
> > > +  [...]
> > > +  NSE: Starting runlevel 1 (of 2) scan.
> > > +  Initiating NSE at 18:09
> > > +  NSE: Script Post-scanning.
> > > +  Completed NSE at 18:09, 0.00s elapsed
> > > +  NSE: Starting runlevel 2 (of 2) scan.
> > > +  Initiating NSE at 18:09
> > > +  NSE: Script Post-scanning.
> > > +  Completed NSE at 18:09, 0.00s elapsed
> >
> > I removed the messages
> >
> > Initiating NSE at 18:09
> > Completed NSE at 18:09, 0.00s elapsed
> >
> > when there are no scripts to be run. The others are more difficult,
> > because when we enter a run level we don't yet know how many scripts
> > will be run. It used to be the case that we loaded all the script
> > instances in advance, but we now load them on demand in chunks to bound
> > memory use. http://seclists.org/nmap-dev/2010/q4/308.
> >
> > It confuses the control flow somewhat, but I'm thinking about buffering
> > these messages and only showing them once the first script will be run.
> > That can have the weird side effect that some runlevels may be announced
> > when others aren't, for example:
> >
> > NSE: Starting runlevel 1 (of 4) scan.
> > NSE: Starting runlevel 2 (of 4) scan.
>
> Thanks David, that helps.  Maybe we don't need to print the runlevel
> stuff in plain verbose=1 mode anyway?  For debugging, that information
> can be useful.  But for a simple -v scan, it is probably enough to
> just say that nse scanning is starting, then do the whole NSE scan (or
> pre-scan or post-scan, including all runlevels), and then print that
> it has completed.  Ideally the message will only print for an NSE
> phase if there is at least one script action being run.
>
> Verbosity (-v) is one of the most common options used with Nmap, so we
> need to be extra careful about what we print there.  I'm not quite as
> concerned with -d and multiple -v levels.

I bumped the runlevel messages up to verbosity 2. I made it so that the
"Script Pre-scanning" etc. messages are not printed except when there is
at least one thread to be run. Also, the pre-scanning phase was never
empty because snmp-interfaces had a "return true" prerule. I changed it
to check for the presence of its require script argument in the prerule
instead of the action, like other scripts.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/