diff -r -u nmap-3.10ALPHA9/NmapOps.cc nmap-3.10ALPHA9_maxttl/NmapOps.cc --- nmap-3.10ALPHA9/NmapOps.cc 2002-12-25 02:13:04.000000000 -0600 +++ nmap-3.10ALPHA9_maxttl/NmapOps.cc 2002-12-29 08:10:26.000000000 -0600 @@ -127,6 +127,7 @@ magic_port = 33000 + (get_random_uint() % 31000); magic_port_set = 0; num_ping_synprobes = num_ping_ackprobes = 0; + max_ttl = 0; max_parallelism = 0; min_parallelism = 0; max_rtt_timeout = MAX_RTT_TIMEOUT; diff -r -u nmap-3.10ALPHA9/NmapOps.h nmap-3.10ALPHA9_maxttl/NmapOps.h --- nmap-3.10ALPHA9/NmapOps.h 2002-12-25 01:58:57.000000000 -0600 +++ nmap-3.10ALPHA9_maxttl/NmapOps.h 2002-12-29 07:50:50.000000000 -0600 @@ -95,6 +95,9 @@ int num_ping_ackprobes; u16 ping_ackprobes[MAX_PROBE_PORTS]; + /* max ttl hack */ + int max_ttl; + /* Scan timing/politeness issues */ int max_parallelism; // 0 means it has not been set int min_parallelism; // 0 means it has not been set Only in nmap-3.10ALPHA9/libpcap-possiblymodified: bpf_filter.c Only in nmap-3.10ALPHA9/libpcap-possiblymodified: net Only in nmap-3.10ALPHA9_maxttl/nbase: Makefile Only in nmap-3.10ALPHA9_maxttl/nbase: nbase_config.h diff -r -u nmap-3.10ALPHA9/nmap.cc nmap-3.10ALPHA9_maxttl/nmap.cc --- nmap-3.10ALPHA9/nmap.cc 2002-12-25 01:57:59.000000000 -0600 +++ nmap-3.10ALPHA9_maxttl/nmap.cc 2002-12-29 08:14:28.000000000 -0600 @@ -178,6 +178,7 @@ {"max_parallelism", required_argument, 0, 'M'}, {"min_parallelism", required_argument, 0, 0}, {"timing", required_argument, 0, 'T'}, + {"max_ttl", required_argument, 0, 0}, {"max_rtt_timeout", required_argument, 0, 0}, {"min_rtt_timeout", required_argument, 0, 0}, {"scanflags", required_argument, 0, 0}, @@ -255,12 +256,14 @@ fatal("--scanflags option must be a number between 0 and 255 (inclusive) or a string like \"URGPSHFIN\"."); } } else if (strcmp(long_options[option_index].name, "min_parallelism") == 0 ) { - o.min_parallelism = atoi(optarg); - if (o.min_parallelism < 1) fatal("Argument to --min_parallelism must be at least 1!"); - if (o.min_parallelism > 100) { - error("Warning: Your --min_parallelism option is absurdly high! Don't complain to Fyodor if all hell breaks loose!"); - } - } else if (strcmp(long_options[option_index].name, "host_timeout") == 0) { + o.min_parallelism = atoi(optarg); + if (o.min_parallelism < 1) fatal("Argument to --min_parallelism must be at least 1!"); + if (o.min_parallelism > 100) { + error("Warning: Your --min_parallelism option is absurdly high! Don't complain to Fyodor if all hell breaks loose!"); + } + } else if (strcmp(long_options[option_index].name, "max_ttl") == 0 ) { + o.max_ttl = atoi(optarg); + } else if (strcmp(long_options[option_index].name, "host_timeout") == 0) { o.host_timeout = strtoul(optarg, NULL, 10); if (o.host_timeout <= 200) { fatal("host_timeout is given in milliseconds and must be greater than 200"); diff -r -u nmap-3.10ALPHA9/nmap_rpc.cc nmap-3.10ALPHA9_maxttl/nmap_rpc.cc --- nmap-3.10ALPHA9/nmap_rpc.cc 2002-08-27 16:43:22.000000000 -0500 +++ nmap-3.10ALPHA9_maxttl/nmap_rpc.cc 2002-12-29 08:29:18.000000000 -0600 @@ -204,6 +204,10 @@ if ((tcp_rpc_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) pfatal("Socket troubles in send_rpc_query"); /* I should unblock the socket here and timeout the connect() */ + + if(o.max_ttl) + setsockopt(tcp_rpc_socket, IPPROTO_IP, IP_TTL, (void *)&o.max_ttl, sizeof(o.max_ttl)); + res = connect(tcp_rpc_socket, (struct sockaddr *) &sock, sizeof(struct sockaddr_in)); if (res == -1) { Only in nmap-3.10ALPHA9_maxttl/nmapfe: Makefile Only in nmap-3.10ALPHA9_maxttl/nmapfe: config.log Only in nmap-3.10ALPHA9_maxttl/nmapfe: config.status diff -r -u nmap-3.10ALPHA9/osscan.cc nmap-3.10ALPHA9_maxttl/osscan.cc --- nmap-3.10ALPHA9/osscan.cc 2002-08-27 16:43:22.000000000 -0500 +++ nmap-3.10ALPHA9_maxttl/osscan.cc 2002-12-29 07:52:30.000000000 -0600 @@ -1507,6 +1507,7 @@ return NULL; } +myttl = o.max_ttl; if (!myttl) myttl = (time(NULL) % 14) + 51; /* It was a tough decision whether to do this here for every packet or let the calling function deal with it. In the end I grudgingly decided diff -r -u nmap-3.10ALPHA9/scan_engine.cc nmap-3.10ALPHA9_maxttl/scan_engine.cc --- nmap-3.10ALPHA9/scan_engine.cc 2002-12-18 00:10:07.000000000 -0600 +++ nmap-3.10ALPHA9_maxttl/scan_engine.cc 2002-12-29 08:28:19.000000000 -0600 @@ -859,6 +859,10 @@ ss.numqueries_outstanding++; } res = socket(o.af(), SOCK_STREAM, IPPROTO_TCP); + + if(o.max_ttl) + setsockopt(res, IPPROTO_IP, IP_TTL, (void *)&o.max_ttl, sizeof(o.max_ttl)); + if (res == -1) pfatal("Socket troubles in pos_scan 143"); csi.socklookup[res] = current; unblock_socket(res); @@ -934,6 +938,10 @@ } } else { /* CONNECT SCAN */ res = socket(o.af(), SOCK_STREAM, IPPROTO_TCP); + + if(o.max_ttl) + setsockopt(res, IPPROTO_IP, IP_TTL, (void *)&o.max_ttl, sizeof(o.max_ttl)); + if (res == -1) pfatal("Socket troubles in pos_scan 11234"); #ifdef WIN32 if(res > 2047) diff -r -u nmap-3.10ALPHA9/targets.cc nmap-3.10ALPHA9_maxttl/targets.cc --- nmap-3.10ALPHA9/targets.cc 2002-12-25 02:00:20.000000000 -0600 +++ nmap-3.10ALPHA9_maxttl/targets.cc 2002-12-29 08:24:48.000000000 -0600 @@ -574,6 +574,11 @@ /* Since we know we now have a free s0cket, lets take it */ assert(tqi->sockets[seq] == -1); tqi->sockets[seq] = socket(o.af(), SOCK_STREAM, IPPROTO_TCP); + + if(o.max_ttl) + setsockopt(tqi->sockets[seq], IPPROTO_IP, IP_TTL, (void *)&o.max_ttl, sizeof(o.max_ttl)); + + if (tqi->sockets[seq] == -1) fatal("Socket creation in sendconnecttcpquery"); tqi->maxsd = MAX(tqi->maxsd, tqi->sockets[seq]); @@ -696,6 +701,7 @@ int datalen = sizeof(pingpkt.data); int icmplen=0; int decoy; +int myttl; int res; struct sockaddr_in sock; char *ping = (char *) &pingpkt; @@ -731,12 +737,18 @@ pingpkt.checksum = 0; pingpkt.checksum = in_cksum((unsigned short *)ping, icmplen); +myttl = o.max_ttl; + /* Now for our sock */ if (ptech.icmpscan) { bzero((char *)&sock, sizeof(sock)); sock.sin_family= AF_INET; sock.sin_addr = target->v4host(); + /* if a max ttl is defined, use it */ + if (myttl) + setsockopt(sd, IPPROTO_IP, IP_TTL, (void *)&myttl, sizeof(myttl)); + o.decoys[o.decoyturn].s_addr = target->v4source().s_addr; } diff -r -u nmap-3.10ALPHA9/tcpip.cc nmap-3.10ALPHA9_maxttl/tcpip.cc --- nmap-3.10ALPHA9/tcpip.cc 2002-12-24 22:08:15.000000000 -0600 +++ nmap-3.10ALPHA9_maxttl/tcpip.cc 2002-12-29 08:22:52.000000000 -0600 @@ -477,7 +477,7 @@ fatal("send_tcp_raw called with an option length argument of %d which is illegal because it is not divisible by 4", optlen); } - +myttl = o.max_ttl; if (!myttl) myttl = (get_random_uint() % 23) + 37; /* It was a tough decision whether to do this here for every packet @@ -777,7 +777,7 @@ return -1; } - +myttl = o.max_ttl; if (!myttl) myttl = (get_random_uint() % 23) + 37; /* It was a tough decision whether to do this here for every packet @@ -901,6 +901,7 @@ struct sockaddr_in sock; int id; +myttl = o.max_ttl; if (!myttl) myttl = (time(NULL) % 14) + 51; /* It was a tough decision whether to do this here for every packet @@ -1041,6 +1042,7 @@ return -1; } +myttl = o.max_ttl; if (!myttl) myttl = (get_random_uint() % 23) + 37; /* It was a tough decision whether to do this here for every packet @@ -1140,6 +1142,10 @@ unblock_socket(sd2); if ((sd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {perror("Socket troubles"); return 0;} + + if(o.max_ttl) + setsockopt(sd, IPPROTO_IP, IP_TTL, (void *)&o.max_ttl, sizeof(o.max_ttl)); + sock.sin_family = AF_INET; sock.sin_addr = *dst; sock.sin_port = htons(p1); @@ -1216,6 +1222,10 @@ if ((sd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {perror("Socket troubles"); return 0;} + + if(o.max_ttl) + setsockopt(sd, IPPROTO_IP, IP_TTL, (void *)&o.max_ttl, sizeof(o.max_ttl)); + sock.sin_family = AF_INET; sock.sin_addr = *dst; sock.sin_port = htons(p1); @@ -1891,10 +1901,14 @@ int sd; struct sockaddr_in sock; int res; + if ((sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {perror("Socket troubles"); exit(1);} + if (o.max_ttl) + setsockopt(sd, IPPROTO_IP, IP_TTL, (void *)&o.max_ttl, sizeof(o.max_ttl)); + sock.sin_family = AF_INET; sock.sin_addr.s_addr = target.s_addr; sock.sin_port = htons(o.magic_port);