RDP/MSSQL/MongoDB + Windows ARP + store pagination (26.31–26.33)#23
Merged
Conversation
The last deep-probed ports without handlers (3389/1433/27017) left Port.Service empty. Add request/response identification probes: - rdpProbe: X.224 Connection Request -> TPKT reply -> "RDP". - mssqlPrelogin: minimal TDS PRELOGIN -> TDS response (0x04) -> "MSSQL". - mongoProbe: legacy OP_QUERY isMaster -> OP_REPLY/OP_MSG -> "MongoDB". - Shared tcpExchange helper; dispatch the three ports in fingerprint(). Detection-only (no pre-auth version); a non-answering server degrades to "" rather than a false positive. Tests cover each signature + negative case. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
ARP enrichment now covers Linux, macOS, and Windows. The Windows path calls GetIpNetTable from iphlpapi.dll directly (golang.org/x/sys/windows) — no shell, matching the macOS approach. - arp_windows.go: GetIpNetTable -> parse MIB_IPNETTABLE -> 6-byte MAC. - parseIPNetTable factored out and unit-tested with a synthetic table (match / zero MAC / wrong length / absent / truncated). - arp_fallback.go build tag narrowed to !darwin && !windows. - x/sys promoted to a direct dependency. Compile- and vet-verified for windows/amd64 and windows/arm64; not runtime-tested on the build host, degrades safely to "" on any error. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
26.25 bounded the rendered page but still loaded the whole table into memory via List. Page at the database instead: - Add HostStore.ListPage / ScanStore.ListPage (+ ScanStore.Count) with SQLite LIMIT/OFFSET impls (limit<=0 = no limit). - Admin /hosts and /scans handlers use Count + ListPage; remove the unused pageSlice helper. ?limit=/?offset= contract and pager UI unchanged. - sqlite tests for ListPage windowing + Count; store mocks updated. The filterable /api/v1/hosts still lists-then-filters in memory (its filters don't map to one SQL window); that's a separate, larger change. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The three remaining post-backlog items, each its own sprint/version. All build/test/vet/lint green; scanner + ARP changes verified for darwin/linux/windows.
26.31 — RDP / MSSQL / MongoDB fingerprints
The last deep-probed ports (3389/1433/27017) had no handler, leaving
Port.Serviceempty. Added request/response identification probes (rdpProbe,mssqlPrelogin,mongoProbe) sharing a newtcpExchangehelper. Detection-only; a non-answering server degrades to""(no false positives). Tests cover each signature + a negative case.26.32 — Windows MAC/vendor enrichment
ARP enrichment now covers Linux, macOS, and Windows — via
GetIpNetTablefromiphlpapi.dll(golang.org/x/sys/windows), no shell.parseIPNetTableis factored out and unit-tested with a syntheticMIB_IPNETTABLE. Compile/vet-verified for windows/amd64 + arm64; degrades safely to"".x/syspromoted indirect → direct.26.33 — Store-level pagination
26.25 bounded the rendered page but still loaded the whole table into memory. Host/scan list pages now page at the DB with
LIMIT/OFFSET(HostStore.ListPage,ScanStore.ListPage+Count), bounding memory. The?limit=/?offset=contract and pager UI are unchanged. SQLite tests added.Note
The filterable
/api/v1/hostsstill lists-then-filters in memory (its filters don't map to one SQL window) — a separate, larger change, called out in the changelog.🤖 Generated with Claude Code