Nmap Development mailing list archives

Re: [NSE] ASN ipOps and whois

From: jah <jah () zadkiel plus com>
Date: Sat, 06 Sep 2008 15:33:49 +0100

On 06/09/2008 04:54, David Fifield wrote:

This looks really good. I have checked in the new ipOps.lua and ASN.nse,
and the patch to dns.lua. I modified ASN.nse and whois.nse to use the
library instead of duplicating the functions. It appears to work okay
but I'd like you to check my work. I was surprised once when a function
I deleted out of the *** UTILITY FUNCTIONS *** section wasn't in ipOps
(get_prefix_length). I left it duplicated in both scripts.

Nice!
I don't think get_prefix_length would be very useful as part of the
ipOps library as it's really only any use in the context of IP address
assignments/BGP where the prefix length of a range can be determined by
comparing the host bits.

I found two functions in ipOps.nse that don't appear to be used
anywhere: todword and get_parts_as_number. Am I right that they are
unused, or did I miss something? I guess they were in the old ipOps, but
if we don't use them let's get rid of them. Especially as todword
doesn't support IPv6 addresses.

get_parts_as_number was used in the previous isPrivate. Nothing is
apparently using either that or todword.  I kept their functionality
(modifying get_parts_as_number for IPv6) because they're documented
functions and also because people might be using them in unknown scripts.

Why did you have compare_ip take two addresses and an operator? Maybe
there's a good reason for it. I would have expected the function to
return negative, zero, or positive like strcmp.

I did it this way because both compare_ip and expand_ip are based on
perl functions in Net::IP and the code was straightforward.  compare_ip
is a bit cumbersome, but it works well in conditional statements.  Do
you think strcmp-like return values would suit most people better? 
Could do it both ways and choose your output based on whether the
operator is given...

If you scan a whole netblock with ASN.nse you get a ton of the same
answers. Is there a way to make it say "See the result for" like
whois.nse does?

This can be done although it's not completely straightforward and will
require some serious testing.  It's a good idea though and I'll get on it.

Anyway, please check that I integrated everything correctly. This has
been a lot of work over a few months.

It's all good, no problems.

Regards,

jah


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Re: [NSE] ASN made more robust and documented - much more to do., (continued)
- - - Re: [NSE] ASN made more robust and documented - much more to do. David Fifield (Sep 03)
    - Re: [NSE] ASN made more robust and documented - much more to do. jah (Sep 03)
    - Re: [NSE] ASN made more robust and documented - much more to do. Michael Pattrick (Sep 03)
    - Re: [NSE] ASN jah (Sep 05)
    - Re: [NSE] ASN David Fifield (Sep 05)
    - Re: [NSE] ASN David Fifield (Sep 05)
    - Re: [NSE] ASN jah (Sep 06)
    - Re: [NSE] ASN jah (Sep 06)
    - Re: [NSE] ASN David Fifield (Sep 16)
    - Re: [NSE] ASN jah (Sep 06)
    - Re: [NSE] ASN ipOps and whois jah (Sep 06)