Jay's Status Report #1 of 13

[Jay Bosamiya <jaybosamiya () gmail com>]

Hi All!

This week was quite good and I think that it has set a nice pace for the
rest of the GSoC.

Achievements:

 1. Fixed the (rather very irritating) bug in Nmap that prevented it
    from being able to accept any runtime interaction when run from sudo
    or from a shell script. This entailed writing a signal handler to be
    able to cleanly give back control while still being able to preserve
    the ability to core dump, etc. Learnt a lot about tty's and signals
    in the process.
 2. Made multiple commits (r32873 for fixing the sudo bug (above),
    r32881 for adding a feature to Ncat (details below), r32887 for
    fixing some formatting in the code which I noticed when I was
    reading nping/utils.cc, r32893 to ignore the Makefile generated at
    nsock/tests/ when we run the ./configure script).
 3. Ncat, when compiled without OpenSSL, used to just say "unrecognized
    option" when any --ssl option(s) were used. This used to cause
    confusion for users (see [1] for an example). I rectified this. It
    now shows a relevant error message and then quits.
 4. Nmap has had a --data-length option for sending random data as
    payload to the sent packets. I wrote a patch that adds a --comment
    option to send user specified data instead. I got reviews of this
    patch saying that a better idea would be to write --data <hex
    string> and --data-string <string> options (similar to nping). I
    have rewritten the patch with this change and it is waiting for
    comments. (Thread at [2])
 5. I had put in a patch for updating libpcap to 1.5.3 back in March,
    but it was too large a patch (just over 1 MB), so could not be
    reviewed or committed. I have rewritten the patch into a much
    smaller thing (barely 6 kB), but this raised the question of whether
    we really want to continue to bundle along 3rd party libraries with
    Nmap or not. Waiting for a discussion on this. (Thread at [3])
 6. Discussed with Daniel Miller, my mentor for GSoC 2014, as to what I
    should be working on next.
 7. Rewired my whole development environment to be more Nmap focused.
    This included writing scripts etc. so as to be able to work much
    better and faster.

Priorities:

 1. Work on Zenmap to catch the Memory Error and give a message to the
    user indicating the problem. This should reduce the number of
    out-of-memory crash reports that we get on nmap-dev. Once I'm done
    with this, I may try working on reducing Zenmap's memory footprint.
 2. Investigate report of Nmap ARP discovery using the wrong target MAC
    address field in ARP requests. I seem to have fixed the MAC address
    now, but I need to run more tests and make sure that the
    modifications don't break any of Nmap's other routines.
 3. Try to see how some of the other patches that I have submitted
    should be modified (if required) so that they can get committed in.
    This can be done only if I get some feedback or reviews on the patches.
 4. Reread through Nmap's code related to the actual scans. This will
    help me later on for some tasks that I have set, including adding a
    --exclude-ports option (this seems to be one that has quite a lot of
    people requesting for it) and to consider implementing a binary
    decision diagram for --exclude to make it more efficient for large
    lists.

Oh, and btw, I have also started off a formal log of all the
mini-projects I work on at [4]. This will have a very updated list of
all the mini projects that I am working on or have worked on as well as
a moderately detailed description of the progress of each.

Cheers,
Jay

Links:
[1] http://seclists.org/nmap-dev/2013/q3/579
[2] http://seclists.org/nmap-dev/2014/q2/345
[3] http://seclists.org/nmap-dev/2014/q2/341
[4] https://gist.github.com/jaybosamiya/be2cbf25eb84851c32c9
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/