Comment 1 Olli Hauer 2017-08-14 18:35:23 UTC

I'm having the same patch in my tree, but there is an issue with raw socket scans.

Unless started with --unprivileged, a raw socket scan will fail with the following error message.

> nmap $network/$mask
> route_dst_generic: Failed to obtain system routes: getsysroutes_dnet: route_open() failed

Any news here?

Comment 3 Ben Woods 2018-01-22 10:27:31 UTC

Created attachment 189961 [details]
Patch to update security/nmap to 7.60

This updates patch includes a fix to the ${WRKSRC}/libdnet-stripped/configure script to include <sys/socket.h> when testing the functionality of various networking headers including <net/route.h>.

This fixes the problem previously mentioned by ohauer@ when running nmap as root. This now works, and can be tested by ensuring the below command successfully prints the system routing table:
# nmap --iflist

Requesting maintainer approval to commit this update from ohauer@.

Comment 4 Daniel Engberg 2018-01-29 14:06:14 UTC

Hi,

Many thanks for working on this however I think we need some additional fixes to this port.

* libpcre actually fails by default and nmap reverts to using the bundled version
* Use libpcap from ports tree instead of the bundled version
* Make libssh2 support optional and use port instead of bundled version
* Bundled libdnet should always be used

However, I can't manage to make nmap find libssh2 using the port so if you could have a look at that it would be great. I'm sure it's some minor issue that I'm  overlooking.

I'm not sure what's the best way to provide the changes so I'll just attach the source files.

I'm new to this so please have that in mind.

Best regards,
Daniel

Comment 5 Daniel Engberg 2018-01-29 14:07:58 UTC

Created attachment 190161 [details]
Additional fixes

Addtional fixes mentioned in the comments, libssh2 support needs some work however.

Created attachment 190180 [details]
Proposed patch (since 441214 revision)

Hello.

(In reply to daniel.engberg.lists from comment #5)
I merged some of your changes with what Ben Woods proposed in attachment #189961 [details].
Also proposed some fix for libssh2, as a patch for configure file. The ac_cv_header_libssh2_h=yes for LIBSSH2_CONFIGURE_ON also may work.

Comment on attachment 190180 [details]
Proposed patch (since 441214 revision)

Please review additional patch. There is following warning for default options, if not use libssh2 (the Nmap used included libssh2 version before these changes):
WARNING: You are compiling without LibSSH2

I just merged some of what daniel.engberg.lists proposed with a fix for configure file.

Comment on attachment 190180 [details]
Proposed patch (since 441214 revision)

(In reply to comment #7)
> (the Nmap used included libssh2 version before these changes)
Or not exactly. In case of attachment #189961 [details] it uses libssh2 from security/libssh2 port, if it was installed.

Comment 9 Olli Hauer 2018-01-30 20:49:38 UTC

Sorry for the long delay!

I found last week a small time frame to test patch 185406 but not the new ones, will commit the update with this patch and the rest if I have the time to test them.

Comment 10 commit-hook 2018-01-30 21:03:23 UTC

A commit references this bug:

Author: ohauer
Date: Tue Jan 30 21:02:56 UTC 2018
New revision: 460437
URL: https://svnweb.freebsd.org/changeset/ports/460437

Log:
  - update to 7.60
  - regenerate patches with makepatch

  PR:		ports/221522

Changes:
  head/security/nmap/Makefile
  head/security/nmap/distinfo
  head/security/nmap/files/patch-Makefile.in
  head/security/nmap/files/patch-configure
  head/security/nmap/files/patch-intf.c
  head/security/nmap/files/patch-libdnet-stripped__configure
  head/security/nmap/files/patch-libdnet-stripped__src__eth-bsd.c
  head/security/nmap/files/patch-libdnet-stripped_configure
  head/security/nmap/files/patch-libdnet-stripped_src_eth-bsd.c
  head/security/nmap/files/patch-libdnet-stripped_src_intf.c
  head/security/nmap/files/patch-liblua_Makefile
  head/security/nmap/files/patch-liblua__Makefile
  head/security/nmap/files/patch-liblua__liolib.c
  head/security/nmap/files/patch-liblua_liolib.c
  head/security/nmap/files/patch-ncat_test_test-wildcard.c
  head/security/nmap/files/patch-nmap.cc
  head/security/nmap/files/patch-output.cc
  head/security/nmap/files/patch-tcpip.cc
  head/security/nmap/pkg-plist

Created attachment 190213 [details]
Proposed patch (since 460437 revision)

(In reply to comment #9)
Updated patch with some of daniel.engberg.lists changes after ports r460437, just in case.

The reason for MASTER_SITES changes is redirection:
% curl -sLI http://nmap.org/dist/nmap-7.60.tar.bz2 | grep -e Moved -e ^Location
HTTP/1.1 301 Moved Permanently
Location: https://nmap.org/dist/nmap-7.60.tar.bz2

Created attachment 190214 [details]
Proposed patch (since 460437 revision)

(In reply to comment #11)
Sorted variables for options.

Build tests on FreeBSD 10.3 shows, that LIBSSH2 option may require SSL port's option enabled, otherwise ignored by configure script. But not sure, if LIBSSH2_IMPLIES=SSL is required, in case of changed defaults.

Comment 13 Daniel Engberg 2018-01-31 19:21:24 UTC

Looking at my 11.1 box I see the following....
To make sure it doesn't to anything funny I added a patch that removes libs provided by the system in the nmap's source dir.

=== pcre === (as it is right now)
* Configure stage
....
checking pcre/pcre.h usability... no
checking pcre/pcre.h presence... no
checking for pcre/pcre.h... no

ldd work/stage/usr/local/bin/nmap
....
libpcre.so.1 => /usr/local/lib/libpcre.so.1 (0x800993000)

So it manages to find the installed version of pcre desite not telling the user.

=== libpcap === (https://bugs.freebsd.org/bugzilla/attachment.cgi?id=190214)
* Configure stage
....
checking if libpcap is suitable... checking whether pcap_get_selectable_fd is de
yes
checking if PCAP_NETMASK_UNKNOWN is defined/handled by libpcap... yes

ldd work/stage/usr/local/bin/nmap
....
libpcap.so.8 => /lib/libpcap.so.8 (0x800c0e000)

=== libssh2 === (https://bugs.freebsd.org/bugzilla/attachment.cgi?id=190214)
SSL enabled

* Configure stage
...
checking for libssh2.h... yes
checking for libssh2_version in -lssh2... yes

* Compilation
...
nmap.cc:186:10: fatal error: 'libssh2/libssh2v.h' file not found
#include "libssh2/libssh2v.h"
         ^~~~~~~~~~~~~~~~~~~~
1 error generated.

So in short, everything works except libssh2 on my side.

(In reply to comment #13)
> So it manages to find the installed version of pcre despite not telling the
> user.

The --with-libpcre=${LOCALBASE}:
https://github.com/nmap/nmap/blob/3f8baf17b229e53504ffa8b3d636a49c50d26630/configure#L6439-L6456
defines have_pcre=yes:
https://github.com/nmap/nmap/blob/3f8baf17b229e53504ffa8b3d636a49c50d26630/configure#L6452
Since have_prce=yes was defined, the configure script ignores auto-detection:
https://github.com/nmap/nmap/blob/3f8baf17b229e53504ffa8b3d636a49c50d26630/configure#L6459-L6554
and check for pcre/pcre.h include file:
https://github.com/nmap/nmap/blob/3f8baf17b229e53504ffa8b3d636a49c50d26630/configure#L6568-L6580
to add "#define HAVE_PCRE_PCRE_H 1" for confdefs.h, if found:
https://github.com/nmap/nmap/blob/3f8baf17b229e53504ffa8b3d636a49c50d26630/configure#L6575
but it wasn't found, the ac_cv_header_pcre_pcre_h=no:
https://github.com/nmap/nmap/blob/3f8baf17b229e53504ffa8b3d636a49c50d26630/configure#L6572
> checking pcre/pcre.h usability... no
https://github.com/nmap/nmap/blob/3f8baf17b229e53504ffa8b3d636a49c50d26630/configure#L1765
https://github.com/nmap/nmap/blob/3f8baf17b229e53504ffa8b3d636a49c50d26630/configure#L1774-L1778
> checking pcre/pcre.h presence... no
https://github.com/nmap/nmap/blob/3f8baf17b229e53504ffa8b3d636a49c50d26630/configure#L1782
https://github.com/nmap/nmap/blob/3f8baf17b229e53504ffa8b3d636a49c50d26630/configure#L1790-L1794
> checking for pcre/pcre.h... no
https://github.com/nmap/nmap/blob/3f8baf17b229e53504ffa8b3d636a49c50d26630/configure#L1818
https://github.com/nmap/nmap/blob/3f8baf17b229e53504ffa8b3d636a49c50d26630/configure#L1821-L1826
So, it defines some variables, including LIBPCRE_LIBS="-lpcre"
https://github.com/nmap/nmap/blob/3f8baf17b229e53504ffa8b3d636a49c50d26630/configure#L6582-L6585

There are no reports about pcre.h for such a case, because if HAVE_PCRE_PCRE_H wasn't defined, the pcre.h include used otherwise in source code:
https://github.com/nmap/nmap/blob/0bb1dc6dc23fdcabd5bbfa0ddc3a8b68bf84d5b1/nse_pcrelib.cc#L20-L24
https://github.com/nmap/nmap/blob/9c7ea727a73527b4ddbae60a359cca4f678e8e0b/service_scan.h#L142-L146

(In reply to comment #13)
> * Compilation
> ...
> nmap.cc:186:10: fatal error: 'libssh2/libssh2v.h' file not found
> #include "libssh2/libssh2v.h"
>          ^~~~~~~~~~~~~~~~~~~~
> 1 error generated.
> 
> So in short, everything works except libssh2 on my side.

I may suggest to apply proposed patch in attachment #190214 [details] for unchanged files from ports r460437:
-8<--
% svn co -r 460437 https://svn.FreeBSD.org/ports/head/security/nmap
% fetch -qo nmap.diff "https://bugs.freebsd.org/bugzilla/attachment.cgi?id=190214"
% cd nmap
% svn patch ../nmap.diff
% make WITH="LIBSSH2 SSL" check-plist
<..>
====> Checking for pkg-plist issues (check-plist)
===> Parsing plist
===> Checking for items in STAGEDIR missing from pkg-plist
===> Checking for items in pkg-plist which are not in STAGEDIR
===> No pkg-plist issues found (check-plist)
% ls work/nmap-7.60/libssh2/libssh2v.h 
work/nmap-7.60/libssh2/libssh2v.h
% ldd work/stage/usr/local/bin/nmap | grep libssh2 | sed -e 's| (.*)$||'
	libssh2.so.1 => /usr/local/lib/libssh2.so.1
% make clean
<..>
-->8-

The "libssh2/libssh2v.h" file is included for nmap v7.60, which defines LIBSSH2_VERSION_TEXT.
https://github.com/nmap/nmap/blob/0c142333bb356b6ff15fff5c95522c4cfc410a9c/libssh2/libssh2v.h#L1
Used in nmap.cc file for nmap v7.60:
https://github.com/nmap/nmap/blob/0c142333bb356b6ff15fff5c95522c4cfc410a9c/nmap.cc#L184-L186
https://github.com/nmap/nmap/blob/0c142333bb356b6ff15fff5c95522c4cfc410a9c/nmap.cc#L2845-L2849
But not for latest changes:
https://github.com/nmap/nmap/search?q=LIBSSH2_VERSION_TEXT
https://github.com/nmap/nmap/blob/ff623002492e50a7412c32c7a083bdec4f10b929/nmap.cc#L184-L186
https://github.com/nmap/nmap/blob/ff623002492e50a7412c32c7a083bdec4f10b929/nmap.cc#L2725-L2729

Created attachment 190237 [details]
Proposed patch (since 460437 revision)

(In reply to comment #14)
Actually, there are some fixes for configure file, related to libssh2 detection, if check newer changes after 7.60 version release:
https://github.com/nmap/nmap/commit/53e4e92e32721b1fa4490fbcd7ea6bb62f283839
Looks like, some of the proposed changes is similar to following line:
https://github.com/nmap/nmap/commit/53e4e92e32721b1fa4490fbcd7ea6bb62f283839#diff-e2d5a00791bce9a01f99bc6fd613a39dL6804
https://github.com/nmap/nmap/commit/53e4e92e32721b1fa4490fbcd7ea6bb62f283839#diff-e2d5a00791bce9a01f99bc6fd613a39dR6839
https://github.com/nmap/nmap/blob/53e4e92e32721b1fa4490fbcd7ea6bb62f283839/configure#L6839

and for "Report appropriate zlib/libssh2 versions":
https://github.com/nmap/nmap/commit/fd0db097498d5ff29f647508a80915d4d0e8d84a

Attached new proposed patch with mentioned fixes.

Also renamed LIBSSH2 to SSH2 option, as used in /usr/ports/Mk/bsd.options.desc for SSH option:
https://github.com/freebsd/freebsd-ports/blob/be9bcb76c2f8f50ac58900e983b935a89acf6b3c/Mk/bsd.options.desc.mk#L460
Added SSH2_IMPLIES=SSL (e.g. even if build/install security/libssh2 with using GCRYPT option, the configure script may ignore --with-libssh2 option, if --without-openssl used; and security/libssh2 may be installed as unused dependency, in this case).
Added SSH2 to default port's options, because of configure warning message. But try to consider what said in comment #4 about optional libssh2 dependency, if needed.
Fixed WWW for pkg-descr file, because of redirection.

(In reply to daniel.engberg.lists from comment #13)
> So it manages to find the installed version of pcre despite not telling the
> user.
I may agree, that detection of pcre.h include file and -lpcre usage on configure stage maybe reasonable (and you proposed some variant of changes in attachment #190161 [details] for this case). On the other hand, if installed devel/pcre port was incomplete (or some build related file(s) was deleted after install), then might be build errors with own (informative) message(s).

I guess, some of the reason(s) of current changes possible to check in configure.ac file, instead of generated configure file (for 7.60 version):
https://github.com/nmap/nmap/blob/3f8baf17b229e53504ffa8b3d636a49c50d26630/configure.ac#L498-L552
For example, the possible reason of "AC_CHECK_HEADERS(pcre/pcre.h)" (related to some of messages which you mentioned):
https://github.com/nmap/nmap/blob/3f8baf17b229e53504ffa8b3d636a49c50d26630/configure.ac#L541
is to add "#define HAVE_PCRE_PCRE_H 1" for confdefs.h file, if pcre/pcre.h was found (e.g. in include directories for some other operating system(s)):
https://github.com/nmap/nmap/blob/3f8baf17b229e53504ffa8b3d636a49c50d26630/configure#L6572-L6575
https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Generic-Headers.html
There are no checks for -lpcre usage on this stage also, even if pcre/pcre.h include file was found.

(In reply to comment #15)
> Fixed WWW for pkg-descr file, because of redirection.
https://github.com/nmap/nmap/commit/f4619edece53dcf1cfa91f08227189a2e1dd1f1f

Created attachment 190263 [details]
Proposed patch (since 460437 revision)

Fixed additional links.

Created attachment 191781 [details]
Proposed patch (since 460437 revision)

Updated to 7.70 version:
http://seclists.org/nmap-announce/2018/0

Removed CONFIGURE_ARGS+=--with-libdnet=included from proposed patch, because "--with-libdnet=included" enabled by default:
"Add --with-libdnet=included to the configure --help output and clarify that it is the default."
https://github.com/nmap/nmap/commit/cfb8d878744bd295bc7dee2cdb33b09b19621b60

Changed "libpcap.so:net/libpcap" to "libpcap.so.1:net/libpcap" for LIB_DEPENDS, because libpcap.so also available in /usr/lib (on FreeBSD 10.3 amd64, at least). This excludes following message, when creating package:
actual-package-depends: dependency on /usr/lib/libpcap.so not registered (normal if it belongs to base)

This approach also used in following ports:
net/daq:
https://github.com/freebsd/freebsd-ports/blob/48c5188f5982608571b2f04b900bbd60e0f71738/net/daq/Makefile#L18
net/ipdecap:
https://github.com/freebsd/freebsd-ports/blob/a93a0d5e009ad98c57ff56a21b29e6e92505792a/net/ipdecap/Makefile#L16
net/libtrace:
https://github.com/freebsd/freebsd-ports/blob/0ae8b5428d5216dd02a371e91c18726598d9f0ea/net/libtrace/Makefile#L13

Possible to use "BUILD_DEPENDS=${LOCALBASE}/include/pcap.h:net/libpcap" and "LIB_DEPENDS=libpcap.so:net/libpcap", but mentioned "actual-package-depends" message remains, even if
 0x0000000000000001 (NEEDED)             Shared library: [libpcap.so.1]
for "shared library dependencies" in poudriere testport log and
% make package
<..>
% pkg info --file work/pkg/nmap-7.70.txz | grep libpcap
	libpcap.so.1

- Update security/nmap to 7.70 version
- Use libpcap from ports tree, instead of the bundled version
- Add SSH2 option
- Fix stripping of nmap and nping after ports r400749 changes
- Regenerate files/patch-libdnet-stripped_configure
- Add upstream patch for libdnet-stripped/src/arp-ioctl.c [1]
- Update http urls for nmap.org to https [2]
- Adapt pkg-plist

1 - https://github.com/nmap/nmap/commit/36a6d897a584013d25e51ac339fe45ffc45df9df
2 - https://github.com/nmap/nmap/commit/f4619edece53dcf1cfa91f08227189a2e1dd1f1f

Created attachment 191782 [details]
The poudriere testport log (FreeBSD 10.3 amd64)

Added poudriere testport log for FreeBSD 10.3 amd64, just in case.

(In reply to comment #18)
> Removed CONFIGURE_ARGS+=--with-libdnet=included from proposed patch,
> because "--with-libdnet=included" enabled by default
Probably, it is not enabled, but used algorithm shows that DNET_INCLUDED defined in config.log and nmap_config.h (#define DNET_INCLUDED 1):
https://github.com/nmap/nmap/blob/53e4e92e32721b1fa4490fbcd7ea6bb62f283839/configure.ac#L729-L775
https://github.com/nmap/nmap/blob/53e4e92e32721b1fa4490fbcd7ea6bb62f283839/configure.ac#L763
independent from installed net/libdnet port.

Possible to explicitly add "--with-libdnet=included" to CONFIGURE_ARGS, if needed.

(In reply to comment #18)
> - Use libpcap from ports tree, instead of the bundled version
Above description is not very correct, at least on FreeBSD 10.3 amd64, because if net/libpcap port installed, then it uses libpcap.so from ${LOCALBASE}/lib (/usr/local/lib):
% readlink /usr/local/lib/libpcap.so
libpcap.so.1
otherwise from base (/usr/lib):
% readlink /usr/lib/libpcap.so
/lib/libpcap.so.8
and no PCAP_INCLUDED was defined in config.log and nmap_config.h:
https://github.com/nmap/nmap/blob/53e4e92e32721b1fa4490fbcd7ea6bb62f283839/configure.ac#L481

Probably, following description is more correct:
- Use libpcap from ports tree

Created attachment 191786 [details]
Proposed patch (since 460437 revision)

Fixed additional link.

(In reply to comment #18)
> - Fix stripping of nmap and nping after ports r400749 changes
Probably, it was ok in ports r400749, when ".include <bsd.port.options.mk>" was available between "SSL_VARS=STRIP_FILES=ncat" and "STRIP_FILES+=nmap nping". The ".include <bsd.port.options.mk>" was removed in ports r422291, but SSL_VARS wasn't changed, therefore "SSL_VARS=STRIP_FILES=ncat" overwrote previous STRIP_FILES value, even if it was as addition. So, probably, more correct is following statement:
- Fix stripping of nmap and nping after ports r422291 changes

Comment 24 commit-hook 2018-03-31 22:22:59 UTC

A commit references this bug:

Author: ohauer
Date: Sat Mar 31 22:22:17 UTC 2018
New revision: 466083
URL: https://svnweb.freebsd.org/changeset/ports/466083

Log:
  - update to 7.70
  - add option for bundled libssh2
  - add option for bundled libpcap
  - add upstream patch for arp-ioctl.c
  - change URL's from http to https

  PR:		221522
  Submitted by:	lightside

Changes:
  head/security/nmap/Makefile
  head/security/nmap/distinfo
  head/security/nmap/files/patch-libdnet-stripped_src_arp-ioctl.c
  head/security/nmap/pkg-descr
  head/security/nmap/pkg-plist

Comment 25 Olli Hauer 2018-03-31 22:38:09 UTC

Thanks for the patch!
I decided to use the bundled versions of libssh and libpcap from nmap because libssh2 is the same version as we have in ports and the libpcap version should be also OK instead using libpcap from ports or the OS.
However if libpcap is disabled the ports falls back to libpcap provided by the OS.

re-open, fails with:
libtool: compile:  /usr/local/libexec/ccache/world/cc -DHAVE_CONFIG_H -I. -I../include -I../include -O2 -pipe -I/usr/local/include -fstack-protector -fno-strict-aliasing -Wall -c blob.c -o blob.o
/usr/local/libexec/ccache/world/c++ -c -I../liblinear -I../liblua -I../libdnet-stripped/include -I../libssh2/include -I/usr/local/include  -I/usr/local/include -I../libpcap -I../nbase -I../nsock/include -DHAVE_CONFIG_H -D_FORTIFY_SOURCE=2 -O2 -pipe -I/usr/local/include -fstack-protector -fno-strict-aliasing  -Wall -fno-strict-aliasing UDPHeader.cc -o UDPHeader.o
./pcap.c:1387:1: error: conflicting types for 'pcap_perror'
pcap_perror(pcap_t *p, char *prefix)
^
/usr/local/include/pcap/pcap.h:392:15: note: previous declaration is here
PCAP_API void   pcap_perror(pcap_t *, const char *);
                ^
1 error generated.

Compiles with:
-  PCAP_CONFIGURE_ON=     --with-libpcap=included \
+ PCAP_CONFIGURE_ON=     LIB_DEPENDS+=libpcap.so:net/libpcap

correct syntax:
+ PCAP_LIB_DEPENDS+=      libpcap.so:net/libpcap

(In reply to w.schwarzenfeld from comment #26)
Does it works for you, when using patch from attachment #191786 [details]?
-8<--
% fetch -qo nmap.diff "https://bugs.freebsd.org/bugzilla/attachment.cgi?id=191786"
% svn co -r 460437 https://svn.FreeBSD.org/ports/head/security/nmap
<..>
% cd nmap
% svn patch ../nmap.diff
<..>
% make check-plist
<..>
====> Running Q/A tests (stage-qa)
====> Checking for pkg-plist issues (check-plist)
===> Parsing plist
===> Checking for items in STAGEDIR missing from pkg-plist
===> Checking for items in pkg-plist which are not in STAGEDIR
===> No pkg-plist issues found (check-plist)
% ldd work/stage/usr/local/bin/nmap | grep libpcap | sed | sed -e 's| (.*)$||'
	libpcap.so.1 => /usr/local/lib/libpcap.so.1
% make clean
===>  Cleaning for nmap-7.70
-->8-

(In reply to comment #29)
> % ldd work/stage/usr/local/bin/nmap | grep libpcap | sed | sed -e 's| (.*)$||'
% ldd work/stage/usr/local/bin/nmap | grep libpcap | sed -e 's| (.*)$||'

This works.

Also works (I guess the knob is for the bundled version): 
PCAP_CONFIGURE_ON=     --with-libpcap=included \
                        --with-libpcap=${WRKSRC}

(In reply to w.schwarzenfeld from comment #31)
> This works.
If you read comment #25 and comment #18, there are differences between what was committed in ports r466083 and was proposed in attachment #191786 [details].

The first one is with the bundled version, the other one with libpcap from the ports. I don't know what the difference is and it does not matter for me (It should only build without error).

(In reply to comment #32)
But security/nmap from ports r466083 builds fine on FreeBSD 10.3 amd64, in my case (even if net/libpcap and security/libssh2 was installed):
-8<--
% svn co -r466083 https://svn.FreeBSD.org/ports/head/security/nmap
% cd nmap
% make check-plist
<..>
====> Running Q/A tests (stage-qa)
====> Checking for pkg-plist issues (check-plist)
===> Parsing plist
===> Checking for items in STAGEDIR missing from pkg-plist
===> Checking for items in pkg-plist which are not in STAGEDIR
===> No pkg-plist issues found (check-plist)
% ldd work/stage/usr/local/bin/nmap | sed -e 's| (.*)$||'
work/stage/usr/local/bin/nmap:
	libpcre.so.1 => /usr/local/lib/libpcre.so.1
	libssl.so.7 => /usr/lib/libssl.so.7
	libcrypto.so.7 => /lib/libcrypto.so.7
	libz.so.6 => /lib/libz.so.6
	libc++.so.1 => /usr/lib/libc++.so.1
	libcxxrt.so.1 => /lib/libcxxrt.so.1
	libm.so.5 => /lib/libm.so.5
	libgcc_s.so.1 => /lib/libgcc_s.so.1
	libc.so.7 => /lib/libc.so.7
	libthr.so.3 => /lib/libthr.so.3
-->8-
% make clean
===>  Cleaning for nmap-7.70
-->8-

(In reply to w.schwarzenfeld from comment #33)
> The first one is with the bundled version, the other one with libpcap from
> the ports.
Probably, your issue related to other FreeBSD version and/or environment.

(In reply to w.schwarzenfeld from comment #33)
> I don't know what the difference is and it does not matter for me
> (It should only build without error).
I guess, this related to committer/maintainer.

The daniel.engberg.lists@ proposed in comment #4:
> * Use libpcap from ports tree instead of the bundled version
> * Make libssh2 support optional and use port instead of bundled version
I think, there were reasons for this.

On FreeBSD 11.1-STABLE r331481, the libpcap in the nmap kit caused a compilation error. Turning off the PCAP option in make config solved this issue (using the Port net/libpcap libpcap-1.8.1).
Detected compilation error when PCAP option enabled:

/bin/sh ../libtool --tag=CC   --mode=compile cc -DHAVE_CONFIG_H -I. -I../include  -I../include   -O2 -pipe -fno-omit-frame-pointer  -I/usr/local/include -fstack-pro
tector -fno-strict-aliasing -Wall -c -o route-bsd.lo route-bsd.c                  ./pcap.c:1387:1: error: conflicting types for 'pcap_perror'                       pcap_perror(pcap_t *p, char *prefix)                                              ^
/usr/local/include/pcap/pcap.h:392:15: note: previous declaration is here         PCAP_API void   pcap_perror(pcap_t *, const char *);                                              ^
1 error generated.                                                                gmake[3]: *** [Makefile:77: pcap.o] Error 1                                       gmake[3]: Leaving directory '/usr/ports/security/nmap/work/nmap-7.70/libpcap'     gmake[2]: *** [Makefile:145: build-pcap] Error 2

Created attachment 192037 [details]
Proposed patch (since 466083 revision)

(In reply to w.schwarzenfeld from comment #33)
> I don't know what the difference is and it does not matter for me
> (It should only build without error).
Please test attached patch. It converts ports r466083 changes to attachment #191786 [details] (except TIMESTAMP changes), i.e. some mentioned changes by daniel.engberg.lists from comment #4 (attachment #190161 [details]).

- Bump PORTREVISION
- Use libpcap from net/libpcap
- Use libssh2 from security/libssh2
- Regenerate files/patch-libdnet-stripped_configure

Comment 37 Olli Hauer 2018-04-01 08:34:26 UTC

This is error is related to ccache:
libtool: compile:  /usr/local/libexec/ccache/world/cc 
...
/usr/local/include/pcap/pcap.h:392:15: note: previous declaration is here
PCAP_API void   pcap_perror(pcap_t *, const char *);

Please try without ccache or exclude the port from ccache builds.


If nmap is build with the internal libssh2 / libpcap ldd will not show
any dependency to libssh or libpcap, but you can verify nmap is build 
against both with the command `nm' 

 cd security/nmap
 sed -i.bak -e 's/post-install:/_post-install:/' Makefile
 make
 ./work/stage/usr/local/bin/nmap -V
 nm ./work/stage/usr/local/bin/nmap | grep -e libssh2 -e pcap

I've decided to use the internal libssh2 and libpcap because both containing some optimizations related to nmap and no dependencies to build

(In reply to Olli Hauer from comment #37)
Disabling CCACHE did not clear the error.
/usr/include/pcap/pcap.h on FreeBSD 11.1-STABLE r331481 defined as:
PCAP_API void   pcap_perror(pcap_t *, const char *);
so you need a patch on libpcap/pcap.c anyway.

Created attachment 192042 [details]
svn diff from r466124

Confirm that the error is not related to CCACHE (disable CCACHE does not help).
The patch from comment39 works.
But it is the question if the correct way is the path to the libpcap directory if there is an configure
option like  --with-libpcap=DIR ?

Builds now fine. Close here with fixed.