diff --git a/src/main-conf.c b/src/main-conf.c
index b938926d31714dd621df316ceeaf836e684d3003..a49b2a9e8928d9fac372f6dfb4b2fcc038f8822d 100644
--- a/src/main-conf.c
+++ b/src/main-conf.c
@@ -1048,7 +1048,7 @@ masscan_set_parameter(struct Masscan *masscan,
struct RangeList ports;
memset(&ports, 0, sizeof(ports));
- rangelist_parse_ports(&ports, value, &is_error);
+ rangelist_parse_ports(&ports, value, &is_error, 0);
/* Check if there was an error in parsing */
if (is_error) {
@@ -1161,7 +1161,10 @@ masscan_set_parameter(struct Masscan *masscan,
|| EQUALS("destination-port", name)
|| EQUALS("target-port", name)) {
unsigned is_error = 0;
- rangelist_parse_ports(&masscan->ports, value, &is_error);
+ if (masscan->scan_type.udp)
+ rangelist_parse_ports(&masscan->ports, value, &is_error, Templ_UDP);
+ else
+ rangelist_parse_ports(&masscan->ports, value, &is_error, 0);
if (masscan->op == 0)
masscan->op = Operation_Scan;
}
@@ -1182,7 +1185,7 @@ masscan_set_parameter(struct Masscan *masscan,
}
else if (EQUALS("exclude-ports", name) || EQUALS("exclude-port", name)) {
unsigned is_error = 0;
- rangelist_parse_ports(&masscan->exclude_port, value, &is_error);
+ rangelist_parse_ports(&masscan->exclude_port, value, &is_error, 0);
if (is_error) {
LOG(0, "FAIL: bad exclude port: %s\n", value);
exit(1);
@@ -2179,7 +2182,7 @@ masscan_command_line(struct Masscan *masscan, int argc, char *argv[])
break;
case 'T': /* TCP connect scan */
fprintf(stderr, "nmap(%s): connect() is too synchronous for cool kids\n", argv[i]);
- fprintf(stderr, "WARNING: doing SYN scan anyway\n");
+ fprintf(stderr, "WARNING: doing SYN scan (-sS) anyway, ignoring (-sT)\n");
break;
case 'U': /* UDP scan */
masscan->scan_type.udp = 1;
diff --git a/src/main.c b/src/main.c
index 198e9dd44e3409ace05acbcf99991acae89c3b3b..750a497f040c2e911389ebfc40395b78acf29240 100644
--- a/src/main.c
+++ b/src/main.c
@@ -1068,7 +1068,7 @@ main_scan(struct Masscan *masscan)
/* If no ports specified on command-line, grab default ports */
is_error = 0;
if (rangelist_count(&masscan->ports) == 0)
- rangelist_parse_ports(&masscan->ports, script->ports, &is_error);
+ rangelist_parse_ports(&masscan->ports, script->ports, &is_error, 0);
/* Kludge: change normal port range to script range */
for (i=0; i<masscan->ports.count; i++) {
diff --git a/src/proto-dns.c b/src/proto-dns.c
index 52f253fe86dc333e0e344d60d475bb5f30993b47..572e675c562d93ae236236636cdb888d6754c7f5 100644
--- a/src/proto-dns.c
+++ b/src/proto-dns.c
@@ -363,6 +363,7 @@ handle_dns(struct Output *out, time_t timestamp,
struct DNS_Incoming dns[1];
unsigned offset;
uint64_t seqno;
+ const char *reason = 0;
ip_them = parsed->ip_src[0]<<24 | parsed->ip_src[1]<<16
| parsed->ip_src[2]<< 8 | parsed->ip_src[3]<<0;
@@ -376,16 +377,47 @@ handle_dns(struct Output *out, time_t timestamp,
if ((seqno & 0xFFFF) != dns->id)
return 1;
+ /*
+ * In practice, DNS queries always have the query count set to 1,
+ * though in theory servers could support multiple queries in a
+ * single request, almost none of them do
+ */
if (dns->qr != 1)
return 0;
- if (dns->rcode != 0)
+
+ /*
+ * If we get back NOERROR, we drop through and extract the strings in
+ * the packet. Otherwise, we report the error here.
+ */
+ switch (dns->rcode) {
+ case 0: reason = 0; break; /* NOERROR */
+ case 1: reason = "1:FORMERR"; break;
+ case 2: reason = "2:SERVFAIL"; break;
+ case 3: reason = "3:NXDOMAIN"; break;
+ case 4: reason = "4:NOTIMP"; break;
+ case 5: reason = "5:REFUSED"; break;
+ case 6: reason = "6:YXDOMAIN"; break;
+ case 7: reason = "7:XRRSET"; break;
+ case 8: reason = "8:NOTAUTH"; break;
+ case 9: reason = "9:NOTZONE"; break;
+ }
+ if (reason != 0) {
+ output_report_banner(
+ out, timestamp,
+ ip_them, 17, port_them,
+ PROTO_DNS_VERSIONBIND,
+ parsed->ip_ttl,
+ (const unsigned char*)reason,
+ (unsigned)strlen(reason));
return 0;
- if (dns->qdcount != 1)
+ }
+
+ /*if (dns->qdcount != 1)
return 0;
if (dns->ancount < 1)
return 0;
if (dns->rr_count < 2)
- return 0;
+ return 0;*/
offset = dns->rr_offset[1];
diff --git a/src/ranges.c b/src/ranges.c
index 366d131a2adf6f072724acb5a14515a4e3e98105..df53fd36ac6e2f3d204d65c5108c61218ae11284 100644
--- a/src/ranges.c
+++ b/src/ranges.c
@@ -598,7 +598,7 @@ regress_pick2()
* handle multiple stuff on the same line
***************************************************************************/
const char *
-rangelist_parse_ports(struct RangeList *ports, const char *string, unsigned *is_error)
+rangelist_parse_ports(struct RangeList *ports, const char *string, unsigned *is_error, unsigned proto_offset)
{
char *p = (char*)string;
@@ -606,7 +606,6 @@ rangelist_parse_ports(struct RangeList *ports, const char *string, unsigned *is_
while (*p) {
unsigned port;
unsigned end;
- unsigned proto_offset = 0;
/* skip whitespace */
while (*p && isspace(*p & 0xFF))
@@ -791,7 +790,7 @@ ranges_selftest(void)
unsigned is_error = 0;
memset(task, 0, sizeof(task[0]));
- rangelist_parse_ports(task, "80,1000-2000,1234,4444", &is_error);
+ rangelist_parse_ports(task, "80,1000-2000,1234,4444", &is_error, 0);
if (task->count != 3 || is_error) {
ERROR();
return 1;
diff --git a/src/ranges.h b/src/ranges.h
index 884657015f834c406a0f3da2dac8885b61049a9b..7285fb289cdca3c28ac93e9fe2e0dbda098c2d74 100644
--- a/src/ranges.h
+++ b/src/ranges.h
@@ -161,7 +161,9 @@ unsigned rangelist_pick(const struct RangeList *targets, uint64_t i);
const char *
rangelist_parse_ports( struct RangeList *ports,
const char *string,
- unsigned *is_error);
+ unsigned *is_error,
+ unsigned proto_offset
+ );
/**
diff --git a/src/templ-payloads.c b/src/templ-payloads.c
index a79db0df7e09470dea79e42e2438189b6374c411..e461e1ba4e6ee315ed8cf48287a9fd8a9ef7cb1f 100644
--- a/src/templ-payloads.c
+++ b/src/templ-payloads.c
@@ -618,7 +618,7 @@ payloads_read_file(FILE *fp, const char *filename,
/* [ports] */
if (!get_next_line(fp, &line_number, line, sizeof(line)))
break;
- p = rangelist_parse_ports(ports, line, &is_error);
+ p = rangelist_parse_ports(ports, line, &is_error, 0);
if (is_error) {
fprintf(stderr, "%s:%u: syntax error, expected ports\n",
filename, line_number);