initial

86 files changed, 14187 insertions, 0 deletions

diff --git a/other/b-scan/INSTALL b/other/b-scan/INSTALL
new file mode 100644
index 0000000..d11e398
--- /dev/null
+++ b/other/b-scan/INSTALL
@@ -0,0 +1,23 @@
+
+you need latest 
+  libnet: http://www.packetfactory.net/libnet
+  libpcap: http://www.tcpdump.org
+
+# tar xfvz b-scan.tar.gz
+# make
+# cd modules
+# make
+# cd ..
+# ./bscan -h
+
+Successfully compiled on:
+ Debian Linux fhs 2.4.0-test10 i586 unknown
+ RedHat Linux wu.sec 2.2.17 i586 unknown
+ SunOS 5.7 Generic_106541-04 sun4c sparc
+ SunOS 5.8 Generic sun4m sparc
+ 
+
+
+
+send bug-reports to anonmous@segfault.net
+
diff --git a/other/b-scan/MODULES b/other/b-scan/MODULES
new file mode 100644
index 0000000..29e273d
--- /dev/null
+++ b/other/b-scan/MODULES
@@ -0,0 +1,88 @@
+                                Nothing is more important than to see the
+                                sources of invention, which are, in my
+                                opinion, more interesting than the
+                                invention themselves.
+                                                G.W.Leibniz (1646-1716)
+
+[0] General
+
+ Load modules with the '-L' parameter.
+
+ -L "<modulename> <arg1> <arg2> ..."
+ arg1..argN are passed to the init-functioin
+ of the module (in int argc, char *argv[]-style).
+
+ The arg's are seperated by spaces.
+ If you want to pass an arguement with spaces in it
+ to the module you have to escape them:
+ -L "modules/mod_http.so -r GET\s/cgi-bin/test-cgi\sHTTP/1.0\r\n\r\n"
+  
+ Each module has additional parameters.
+ bscan -h -L "modules/mod_banner.so" -L "modules/mod_ping.so" \
+           -L "modules/mod_bind.so" -L "modules/mod_httpid.so"
+ gives usage information for bscan AND all modules.
+  
+
+
+Bscan comes with the following modules:
+
+[1] mod_banner
+ 
+ This is the "generic" module + banner-scanner module.
+ ./bscan -h -L "modules/mod_banner.so" for help.
+ Use this module alone for banner-scan or tcp-open scan.
+ 
+[2] mod_ping
+ 
+ ICMP_REQUEST module.
+ I always use this module in conjunction with mod_banner.so.
+ As i said....mod_banner.so is not just a tcp-banner module
+ but also a 'gerneric' module handling the tcp-userland stack
+ and icmp-host-unreachable packets.
+
+[3] mod_httpd
+
+ This module requests "HEAD / HTTP/1.0" by default.
+ You can specify requests with the '-r' option:
+ Don't forget to escape ' ', '\n', '\r', '\t'!
+ 
+ for example: -r GET\s/cgi-bin/finger?@127.0.0.1\sHTTP/1.0\r\n\r\n 
+
+[4] mod_bind
+ 
+ Requests version.bind [type=txt, class=chaos] from nameservers.
+ Default sourceport = 53 (udp).
+
+
+-=-
+
+I'll add a small 'howto' on how to code modules for bscan, soon :)
+For now, please take a look into mod_ping.so and mod_banner.so.
+
+A module MUST declare the following shared functions:
+int init (char **, int, char **, void *);            /* init + getopt etc */
+int fini ();                                         /* called on exit(); */
+void musage ();             /* print out usage information for the module */
+int callmdl (int, void *);            /* send first pkg, process rcvd pkg */
+
+callmdl (int, void *) does all the hard work.
+There are two entry points to this function:
+First entry-point is in the bscan parent process [MOD_FIRSTPKG].
+Second entry-point is in the 'snarf'-process [MOD_RCV].
+
+Return values are:
+RMOD_OK: everything is ok. process as usual
+RMOD_SKIP: everythin is fine, but jump to the next module.
+RMOD_ERROR: currently not implemented
+
+Ideas for modules:
+- rpcinfo module [maybe udp (!) version. most ppl only deny tcp/111]
+  source-port = 53
+- mod_avt [telnetd-banner scanner]
+- ftp module [scan for anonymous login and +w /incoming]
+- nmap/queso like os-fingerprint module
+- snmp 'system' or 'system.sysDescr'
+- smbclient -L ? nmblookup -A ?
+- <add your idea here :>
+
+
diff --git a/other/b-scan/Makefile b/other/b-scan/Makefile
new file mode 100644
index 0000000..8306b6c
--- /dev/null
+++ b/other/b-scan/Makefile
@@ -0,0 +1,27 @@
+#
+# Makefile of (m)bscan v0.0, skyper
+# Massiv Banner Scanner
+#
+# GNU-make mandatory!
+
+SUBDIRS=support src modules
+
+# edit support/Makefile
+# edit src/Makefile
+# edit modules/Makefile
+
+all:    
+        for dir in $(SUBDIRS); do \
+            $(MAKE) -C $$dir; \
+        done
+
+clean:
+        for dir in $(SUBDIRS); do \
+            $(MAKE) -C $$dir clean; \
+        done
+
+pack:
+        rm -f bscan.tar.gz
+        tar cfvz bscan.tar.gz support/*.c support/Makefile src/*.c src/*.l src/Makefile include/bscan/*.h Makefile MODULES PROBLEMS INSTALL  README modules/*.c modules/Makefile
+
+
diff --git a/other/b-scan/PROBLEMS b/other/b-scan/PROBLEMS
new file mode 100644
index 0000000..24db576
--- /dev/null
+++ b/other/b-scan/PROBLEMS
@@ -0,0 +1,58 @@
+                                     No one believes an hypothesis except its
+                                     originator, but everyone believes an
+                                     experiment except the experimenter.
+                                                       J.Anon, 1823
+
+
+[0] General
+
+ As larger the target network (10.0.0.0/8 is large) is as
+ faster you can scan (-X -l 5000+).
+
+ Use 'spreadmode' (-X) whereever possible.
+
+ Use an unused ip from your local network for spoofing.
+ (bscan comes with its own arp-daemon to handle arp-requests
+ to the spoofed ip)
+
+ 
+[1] Scanning your own LOCAL network:
+
+ If you get packet loss and missing scan results while
+ scanning your local network, please lower the scan rate.
+ Your host is unable to resolve 1000 arp's per second
+ and therefor drops packets.
+ Try some smaller values at about 50-100 hosts/second.
+
+ 
+[2] Why is 'spreadmode' so much better ?
+ 
+ First: its non-linear and so more 'stealthy'.
+ Default timeout for most IDS is around 4 mins. 
+ If you scan linear [not spreadmode] you hit
+ the target network several thousand times the second.
+
+ Second: The last router has to resolve all mac's for
+ the hosts on the target network.
+ There is no router that can resolve 1000+ mac's per second.
+ 'Spreadmode' tries to guess the 'router distance' and
+ send packets to different routers [non-linear].
+ It tries to achieve the maximum time-distance between
+ two packets hit the same router.
+ It's up to the reader to proof that a random scan 
+ is inadequate in this situation.
+
+
+[3] Does bscan work on other media than ethernet ?
+
+ Short answer: NO!.
+ Long answer: I'll add support for other media's later.
+
+  
+[4] Does it work through NAT ?
+ 
+ Yes. But be aware that most NAT-systems are unable to keep the
+ state of 100.000 seconds. Try reducing the scan-speed (-l 100?)
+ for instance.
+
+ 
diff --git a/other/b-scan/README b/other/b-scan/README
new file mode 100644
index 0000000..7927833
--- /dev/null
+++ b/other/b-scan/README
@@ -0,0 +1,148 @@
+/*
+ * This is unpublished proprietary source code.
+ *
+ * The contents of these coded instructions, statements and computer
+ * programs may not be disclosed to third parties, copied or duplicated in
+ * any form, in whole or in part, without the prior written permission of
+ * the author.
+ * (that includes you hack.co.za and other lame kid sites who dont
+ *  get the point what hacking is about. damn kids.)
+ *
+ * (C) COPYRIGHT by me, 2000
+ * All Rights Reserved
+ */
+
+                            Knowledge is of two kinds,
+                            We know a subject ourselves,
+                            or we know where we can find
+                            information upon it.
+                                  Samuel Johnson, 1775
+
+/*
+ * DEVEL RELEASE - CALL FOR IDEAS - DO NOT DISTRIBUTE
+ */
+
+[0] What is bscan?
+
+   A fast, 100% spoofed, raw-mode scanner with module
+   and application layer support.
+
+   100% spoofed means, that both adresses, IP and MAC, are spoofed.
+
+   Raw-Mode in this case means that Bscan uses its own tcp/ip 
+   userland stack to perfom the scans. It doesn't keep track 
+   of the packets and hence does not waste any kernel 
+   structures, memory or filedescriptors. 
+   It will need about 500kb of memory.
+
+   Modules: You can write, load and add your own modules which
+   will perform specific operations.
+   Bscan comes with some generic modules [see MODULES].
+
+   Application layer means that Bscan won't just scan for open
+   TCP-ports. The Module 'mod_banner.so' for example
+   scans for TCP-banners in raw-mode [ which will get up to 5.000+ 
+   hosts per sec].
+   The module 'mod_bind.so' will requests the bind-version
+   from nameservers (version.bind chaos txt scan).
+   The module 'mod_httpd.so' performs http-requests.
+   'HEAD / HTTP/1.0' by default. You can specify other
+   requests like 'GET /cgi-bin/test-cgi HTTP/1.0' on the
+   command-line.
+   Take a look into 'MODULES' for futher informations.
+
+   The scanner is not bound to any kernel/OS limits [like
+   fd-limit, memory, ...].
+   The scan speed only depends on your connection and
+   the bandwidth of the target network. 
+   You can scan with up to 10.000+ hosts/second on a 100mbit
+   connection without any problems [see PROBLEMS].
+
+    
+
+[1] NEW
+
+   -  module support and application layer support
+   -  tcp.seq bugfix, tty-driven, ...
+ '-r' restore.bscan, resume interrupted scans
+   -  'john'-like status line:
+      10.2.2.1/16 time:  0:00:00:05   7% p/s:   1000 [o:1 r:1 c:0 i:7]
+ '-O' Output the ip's only. Don't scan.
+ '-m' Use specified <mac>, add mac to arp-table and remove it when scan
+      is complete.
+ '-M' Use specified <mac>, dont add mac to arp-table. [use arp -s <ip> <mac>].
+ '-l' limit packets per second
+ '-sS,-sF,-sX,-sN,-sP' Syn halfopen, Fin, Xmas, Null, Push scan
+
+
+[2] How to compile
+
+  see INSTALL
+  You also may want to take a look into PROBLEMS and MODULES.
+
+[3] Usage
+
+  bscan needs root privileges. it only works on ethernet (so far).
+
+  bscan -h for help
+
+  bscan -h -L <module1> for help on bscan mainprogramm and the module1.
+
+
+  You MUST specify an unused source-ip from your local network (-s <ip>).
+
+  '00:20:AF:A3:13:37' is the default mac source address.
+  Your can specify your own with the -m/-M option.
+
+  Press 'space' or send SIGUSR1 to the process to get a statusline.
+ 
+  Press ctrl-c once to abort scanning, twice to stop
+  the process [waiting for outstandig packets].
+  Bscan saves the stata of an interrupted scan to 'restore.bscan'
+  that can be continued with the '-r' option.
+  
+
+
+Simple Examples:
+
+# ./bscan -s 10.2.6.6 -L "mod_banner.so" -X 10.3.0.0/16
+scans for ftp-banners [first line only unless '-a' specified] from
+spoofed source address '10.2.6.6' in spreadmode (-X).
+
+# ./bscan -s 10.2.6.6 -i eth2 -L "mod_banner.so -a -p 25 -o 53" 10.2.0.0/16
+scans for smtp-banners [port 25 (-p 25) and all data (-a) with
+sourceport 53 (-o 53)].
+Listen for packets on eth2 and scan 10.2.0.1-10.2.255.254 linear
+(no recommendet. use spreadmode (-X) whenever possible).
+
+# ./bscan -s 10.2.6.6 -i eth2 -L "mod_banner.so -q" -L "mod_bind.so" -l 1800 \
+    -X 212.0.0.0/8 
+Scan 'version.bind' (udp) with 1800 hosts/second in spreadmode (-X).
+
+# ./bscan -s 10.2.6.6 -L "mod_banner.so -a -p 80 -o 1040" \
+           -L "mod_httpd.so -p 80" -l 1200 -X 195.0.0.0/8 
+Scan 'http HEAD / HTTP/1.0' on port 80 from sourceport 1040 with 
+1200 hosts/second in spreadmode (-X).
+
+# ./bscan -s 10.2.6.6 -L "mod_banner.so -a -p 80" \
+     -L "mod_httpd.so -r GET\s/cgi-bin/test-cgi\sHTTP/1.0\r\n\r\n" \
+     -X 210.0.0.0/8
+Scan the 210-ClassA network for vulnerable test-cgi hosts.
+
+
+
+[4] technical details
+  
+   Nothing here. not done yet. 
+   See source.
+   blah blah here.
+   spoofed tcp 3-way handshake [e.g. userland tcp-stack].
+   Sends out syn-packets (as fast as possible) trough raw-device.
+   captures syn-ack and replies with
+   'best known answer' to get the final banner/data.
+   Handels ICMP unreachable-msg'es correctly.
+
+
+*CALL FOR IDEAS*
+anonymous@segfault.net
+
diff --git a/other/b-scan/TODO b/other/b-scan/TODO
new file mode 100644
index 0000000..977a47e
--- /dev/null
+++ b/other/b-scan/TODO
@@ -0,0 +1,55 @@
+libnet/libpcap
+    Reason:
+        Easier to get bscan running on 'other' systems.
+    Goal/Ideas:
+        Distribute libnet/libpcap-package with bscan-package.
+        ./libnet
+        ./libpcap
+        May install themself into ./lib ?
+
+
+reentrant/thread-safe
+    Reason:
+        We need shared 'garage' and threading is
+        the best solution for this.
+    Goal/Ideas:
+        making bscan threadable.
+
+
+statefull
+    Reason:
+        UDP (and especialy snmp) behaves really bad without statefull
+        capability.
+    Goal/ideas:
+        Retransmit-timeout, retransmit packet x times before giving up.
+        Use mod_garage for this (depends on threaded-bscan).
+
+
+bscand
+    Reason:
+        Making bscan distributed.
+    Goal/Ideas:
+        Making bscan distributed -> faster scanning.
+        One 'master'-host that servers the 'clients' with
+        ip-ranges. 
+        'mod_distri' is the client-site 'd-scan support module'.
+        We can overwrite getnextip() function.
+
+
+mod_rpcinfo
+    Reason:
+        Coz its hot :>
+    Goal/Ideas:
+        Requesting, decoding rpcinfo -p <ip> like informations
+        UDP/TCP request _should_ be possible (many sites only deny 111/tcp). 
+        Source port 53 as  default.
+
+
+autoconf/automake
+    Reason:
+        Better portability
+    Goal/Ideas:
+        Use of 'config.h' and ./configure with known options
+        like --prefix=blah etc.
+
+
diff --git a/other/b-scan/bscanrc b/other/b-scan/bscanrc
new file mode 100644
index 0000000..e1bea5e
--- /dev/null
+++ b/other/b-scan/bscanrc
@@ -0,0 +1,14 @@
+b-scan: Warning! you are using the sample b-scan config
+b-scan: edit bscanrc to get rid of this message!
+
+SourceAddress           127.0.0.1
+StaticSpoofedMacAddress true
+MacAddress              ff:ff:ff:ff:ff:ff
+Interface               dummy0
+SpreadScan              Yes
+PacketsPerSecond        31337
+MaxWaitDelay            7350
+Verbose                 1
+addModule               modules/mod_ping.so -t time -s 64
+
+b-scan: read config file
diff --git a/other/b-scan/contrib/BIND-distribution.awk b/other/b-scan/contrib/BIND-distribution.awk
new file mode 100644
index 0000000..8dae39a
--- /dev/null
+++ b/other/b-scan/contrib/BIND-distribution.awk
@@ -0,0 +1,26 @@
+#!/usr/bin/env awk
+#
+# cat outlog | grep "VERSION.BIND" | awk -f BIND-distribution.awk
+#
+
+BEGIN {
+        FS = "\""
+        hostcount = 0
+}
+
+/^[0-9\.]+ VERSION\.BIND\. \"[^\"]+\"$/ {
+        # count one to the overall distribution countage
+        distribution[$2] += 1
+
+        # count the overall distributions
+        hostcount += 1
+}
+
+END {
+        for (distrib in distribution) {
+                printf ("/%s//%d/%.2f/\n", distrib, \
+                        distribution[distrib], \
+                        (distribution[distrib] * 100) / hostcount)
+        }
+}
+
diff --git a/other/b-scan/contrib/NETBLOCKS.txt b/other/b-scan/contrib/NETBLOCKS.txt
new file mode 100644
index 0000000..7927198
--- /dev/null
+++ b/other/b-scan/contrib/NETBLOCKS.txt
@@ -0,0 +1,96 @@
+# Class A networks in the Internet, with percental distribution of
+# ICMP ECHO responding IPs.
+#
+# 209 6.28 -> 209.0.0.0/8 has 6.28 percent of all pingable IP addresses
+#
+# last update: 2001/02/03
+#
+# based on 150,000 random ICMP ECHO queries send to random addresses
+#
+209 6.28
+216 4.60
+6 3.79
+207 3.35
+210 3.20
+24 3.19
+152 3.00
+195 2.93
+208 2.72
+206 2.40
+212 2.34
+128 2.24
+63 2.00
+194 1.91
+203 1.75
+148 1.72
+129 1.71
+193 1.68
+167 1.68
+131 1.63
+204 1.62
+170 1.58
+157 1.45
+172 1.43
+199 1.42
+130 1.41
+133 1.34
+202 1.32
+171 1.27
+155 1.27
+205 1.21
+137 1.17
+211 1.15
+132 1.12
+168 1.07
+198 1.03
+160 0.98
+158 0.98
+144 0.97
+200 0.95
+146 0.91
+134 0.91
+163 0.89
+142 0.89
+165 0.86
+159 0.85
+139 0.83
+166 0.82
+161 0.82
+164 0.80
+64 0.79
+62 0.79
+151 0.79
+162 0.78
+140 0.78
+192 0.77
+147 0.75
+150 0.71
+143 0.70
+141 0.66
+12 0.66
+38 0.65
+213 0.59
+138 0.53
+196 0.35
+4 0.33
+169 0.33
+149 0.31
+136 0.27
+156 0.24
+153 0.23
+145 0.11
+61 0.08
+32 0.07
+55 0.05
+154 0.05
+35 0.04
+18 0.04
+135 0.03
+9 0.01
+57 0.01
+47 0.01
+33 0.01
+20 0.01
+44 0.00
+36 0.00
+15 0.00
diff --git a/other/b-scan/contrib/README b/other/b-scan/contrib/README
new file mode 100644
index 0000000..45393f3
--- /dev/null
+++ b/other/b-scan/contrib/README
@@ -0,0 +1,17 @@
+
+contrib, external utilities and helper programs
+
+
+BIND-distribution.awk
+
+        Takes a version.bind scanlog and counts the occurance of each BIND
+        version. At the end it outputs a machine parseable log of each version
+        number, the log entries counted with this version and the percentage
+        this version makes up in the IPs counted.
+
+
+NETBLOCKS.txt
+
+        A list of most active IPv4 class A networks on the Internet. Maybe
+        should go to doc/ or something.
+
diff --git a/other/b-scan/doc/bscan.pdf b/other/b-scan/doc/bscan.pdf
new file mode 100644
index 0000000..807b5c9
--- /dev/null
+++ b/other/b-scan/doc/bscan.pdf
diff --git a/other/b-scan/doc/bscan.tex b/other/b-scan/doc/bscan.tex
new file mode 100644
index 0000000..4da94c3
--- /dev/null
+++ b/other/b-scan/doc/bscan.tex
@@ -0,0 +1,125 @@
+% just run: pdflatex bscan.tex

+

+\ifx\pdfoutput\undefined

+\documentclass[11pt,a4paper,twoside]{article}

+\else

+\documentclass[pdftex,11pt,a4paper,twoside]{article}

+\pdfcompresslevel=9

+\fi

+

+\ifx\pdfoutput\undefined

+\else

+\RequirePackage[colorlinks,hyperindex]{hyperref}

+\def\pdfBorderAttrs{/Border [0 0 0] }

+\fi

+

+\usepackage{fancyhdr}

+\pagestyle{fancy}

+%\renewcommand{\chaptermark}[1]{\markboth{#1}{}}

+%\renewcommand{\sectionmark}[1]{\markright{\thesection\ #1}}

+\fancyhf{}

+\fancyhead[LE,RO]{\bfseries\thepage}

+\fancyhead[LO]{\bfseries\rightmark}

+\fancyhead[RE]{\bfseries\leftmark}

+\renewcommand{\headrulewidth}{0.5pt}

+\renewcommand{\footrulewidth}{0pt}

+\addtolength{\headheight}{0.5pt}

+\fancypagestyle{plain}{%

+    \fancyhead{}%

+    \renewcommand{\headrulewidth}{0pt}%

+}

+

+\begin{document}

+

+\title{b-scan manual}

+\author{b-scan team}

+\maketitle

+\begin{center}

+version 0.0

+\end{center}

+

+\tableofcontents

+

+

+\section{Introduction}

+B-scan is a network scan program. It probes a number of hosts for certain

+properties and evaluates the responses, saving interesting data in a easy

+to understand output format. In contrast to most other network scanning

+programs, b-scan aims at being the best in both stability and speed. There are,

+however very popular programs that are neither stable nor fast, but have

+dozens of useless options you will not find in b-scan.

+

+\section{How b-scan works}

+

+\section{The network layout}

+% include graphic how b-scan sees the network

+

+\subsection{Setting up a proper host environment}

+\subsection{Common problems}

+\subsubsection{MAC address}

+In case bscan will complain about `{\tt arp}' not being found, you have to

+include the path to `{\tt arp}' in the {\tt PATH} variable. Often it is

+found in {\tt /usr/sbin} or {\tt /sbin}, so a simple

+`{\tt export PATH=\$PATH:/sbin:/usr/sbin}' before bscan is started will

+solve this issue.

+

+In case it still does not work, check whether bscans ARP daemon is running

+properly and shows up in {\tt ps}. Then proceed by {\tt ping}ing the source

+IP you have choosen and afterwards to a `{\tt arp -n}' to see whether the

+correct MAC address shows up with the source IP. In case it does not show

+up, you may have a device problem or another host in your LAN is using the

+assigned IP.

+

+\section{Options}

+\subsection{Target}

+\subsubsection{Random mode}

+Using the random mode you can scan random IP addresses, for statistical

+purposes. It is not recommended to use this random mode to scan complete

+networks, there the spread mode fits better, since it takes care of

+target-network routers and their load. However if you want to extrapolate

+statistically correct data from randomly scanned hosts, this mode is the

+right choice. It filters nonsense, reserved, private and multicast addresses

+from the random ones and feeds the remaining ones into the scanner. You can

+specify a counter which will stop bscan after having scanned a number of

+random IPs using the `{\tt :}' suffix:

+\begin{verbatim}

+$ bscan ... random:2000

+\end{verbatim}

+Will scan 2000 random IP addresses. If you leave the number out or give

+`{\tt :0}', then bscan will scan forever, until it is terminated.

+

+

+\section{Scans}

+\subsection{ICMP}

+\subsection{TCP}

+\subsection{UDP}

+\subsection{special}

+

+\section{Logs}

+\subsection{Logformat}

+\subsection{Utilities}

+\subsubsection{BIND-distribution.awk}

+This utility parses the output logs of the {\tt VERSION.BIND} scan and shows

+the percentage and count of each BIND version. It expects only properly

+formatted lines, for example:

+

+\begin{verbatim}

+$ grep "VERSION.BIND" out.log | \

+        awk -f contrib/BIND-distribution.awk

+\end{verbatim}

+

+\section{B-Scan internals}

+\subsection{Directory structure}

+\subsection{Code Layout}

+\subsubsection{Structures}

+\subsubsection{Modules}

+

+\label{references}

+\begin{thebibliography}{99}

+\bibitem{blablafooauthor1} ICMP scanning blabla

+\bibitem{foofooblaauthor2} NMAP portalskasa

+\end{thebibliography}

+

+\end{document}

+

+

diff --git a/other/b-scan/include/bscan/arpg.h b/other/b-scan/include/bscan/arpg.h
new file mode 100644
index 0000000..19ebddc
--- /dev/null
+++ b/other/b-scan/include/bscan/arpg.h
@@ -0,0 +1,13 @@
+#include <libnet.h>
+
+struct _libnet
+{
+    int packet_size;
+    u_char *packet;
+    char err_buf[LIBNET_ERRBUF_SIZE];
+    u_char *device;
+    struct libnet_link_int *network;
+};
+
+void prepare_libnet (struct _libnet *lnet);
+int play_arpg (struct _libnet *, u_char *, u_char *, u_char *, u_char *);
diff --git a/other/b-scan/include/bscan/bscan.h b/other/b-scan/include/bscan/bscan.h
new file mode 100644
index 0000000..c1ad9bb
--- /dev/null
+++ b/other/b-scan/include/bscan/bscan.h
@@ -0,0 +1,94 @@
+/*
+ * bscan, lame (and hopefully fast) banner scanner [port 21,25,110,...]
+ *
+ * "<es> skyper its a cool idea"
+ * "<es> i'd like to see the k0ad when ur finished"
+ * HI ES :) 
+ * greetings to all my !el8 brothers :))
+ */
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+#include <pthread.h>
+#ifndef __FAVOR_BSD
+#define __FAVOR_BSD
+#endif
+#ifndef __USE_BSD
+#define __USE_BSD
+#endif
+#ifndef __BSD_SOURCE
+#define __BSD_SOURCE
+#endif
+#include "arpg.h"
+#include "network_raw.h"
+
+
+#define SPF_SMAC        "\x00\x20\xAF\xA3\x13\x37"
+
+#define OPT_VERB        0x1
+#define OPT_RESERV1     0x2
+#define OPT_SETARP      0x4
+#define OPT_SPREADSCAN  0x8
+#define OPT_OUTONLY     0x10
+
+#define OPT_ABRT        0x20
+#define OPT_REST        0x40
+#define OPT_HOSTFILE    0x80
+#define OPT_W8SEMA      0x100
+
+
+struct _opt
+{
+    int (*getnextip) ();
+    int sox;
+    u_char *packet;
+    int pkg_maxlen;
+    int pkg_len;                /* actual length of contructed packet */
+    char *hostfile;
+    char **argvlist;
+    FILE *ffd;                  /* e.g. input file */
+    char *target;
+    unsigned long netmask;      /* depricated */
+    unsigned long network;      /* depricated */
+    unsigned int limit;
+    unsigned short flags;
+    unsigned long random_maxcount;
+    u_int delay;                /* w8 for outstanding packets */
+    u_int pscanstat;            /* scan stats every x pkts, default NEVER */
+    u_long start_ip;            /* in HBO */
+    u_long end_ip;              /* in HBO */
+    u_long ipscan_count;        /* scanned ip's of a SPECIFIC range [temp!] */
+    u_long iptotscan_count;     /* total scan_count over all ranges */
+                                /* used for flood protection */
+    u_long bsent_count;         /* byte-sent counter. TMP (!) variable */
+    u_long ip_offset;           /* spread scan offset */
+    u_long ip_blklen;           /* block-length for spread-scan */
+    u_long ip_pos;              /* position for SPREAD scan, non-linear */
+    struct timeval scan_start;  /* scan start for ALL  ranges */
+                                /* the real beginning */
+    struct timeval tv2;         /* flood protection timer 2 + restore */
+                                /* must be the last gettimeofday() from scan */
+    float sec;                  /* flood protection distance time */
+    struct _libnet lnet;
+    u_char spf_smac[6];         /* spoofed ethernet sender mac */
+    pthread_t bscantid;         /* 'parent' thread id */
+    pthread_t snarftid;         /* snarf thread id */
+    struct _snarf
+    {
+        u_long icmp_c;
+        u_long close_c;
+        u_long open_c;
+        u_long refused_c;
+    }
+    snarf;
+    struct net_tuple nt;
+};
+
+
+void make_iprange (u_long *, u_long *, u_long *, u_long *, char *);
+void init_spreadscan (u_long diff);
+void sigdriver (int);
+void print_scanstat (FILE *);
+void die (int);
diff --git a/other/b-scan/include/bscan/cf_prse.h b/other/b-scan/include/bscan/cf_prse.h
new file mode 100644
index 0000000..6185ab3
--- /dev/null
+++ b/other/b-scan/include/bscan/cf_prse.h
@@ -0,0 +1,11 @@
+struct confFileOpt
+{
+  unsigned short flags;
+  unsigned int limit;
+  char *device;  
+  unsigned long int delay;
+  unsigned long srcAddr;
+  unsigned short mac[5];
+} FileOpt;
+
+int readConfFile (char *);
diff --git a/other/b-scan/include/bscan/dcd_icmp.h b/other/b-scan/include/bscan/dcd_icmp.h
new file mode 100644
index 0000000..215d0c8
--- /dev/null
+++ b/other/b-scan/include/bscan/dcd_icmp.h
@@ -0,0 +1,13 @@
+/* bscan - icmp include file
+ */
+
+#ifndef BS_DCD_ICMP_H
+#define BS_DCD_ICMP_H
+
+#define ICMP_HDRSIZE    8
+
+const char *
+icmp_str (int type, int code);
+
+#endif
+
diff --git a/other/b-scan/include/bscan/garage.h b/other/b-scan/include/bscan/garage.h
new file mode 100644
index 0000000..0d63774
--- /dev/null
+++ b/other/b-scan/include/bscan/garage.h
@@ -0,0 +1,178 @@
+/* bscan - mod_garage.h - per IP storage functions include file
+ *
+ * by scut / teso
+ */
+
+#ifndef _MOD_GARAGE_H
+#define _MOD_GARAGE_H
+
+#include <sys/types.h>
+
+#define GARAGE_VERSION  "1.0.1"
+
+
+typedef struct  ip_elem {
+        struct ip_elem *        next;   /* more then one data stored */
+
+        int                     data_free;      /* 1 = do free() on destroy */
+        size_t                  data_len;
+        void *                  data;   /* must be free() able */
+} ip_elem;
+
+
+typedef struct  ip_list {
+        struct ip_list *        next;   /* another IP, always greater then this ! */
+        unsigned long int       ip;
+
+        ip_elem *               data;
+} ip_list;
+
+
+/* not for use in other code then garage.c
+ */
+typedef struct {
+        char *                  name;
+        ip_list **              garage;
+
+        void                    (* cleaner)(ip_list *);
+
+        unsigned long int       ip_count;
+
+        unsigned long int       timeout_max;
+        unsigned long int       timeout_idx;
+        unsigned long int *     timeout_tbl;
+} garage_hdlr;
+
+
+/* mg_init
+ *
+ * setup the required structures for the garage
+ *
+ * return 0 on success
+ * return 1 on failure
+ */
+
+garage_hdlr *
+mg_init (char *name, unsigned long int max_hosts_in_list,
+        void (* cleaner)(ip_list *));
+
+
+/* mg_destroy
+ *
+ * destroy all data in the garage `g', use the standard handler in case
+ * `do_handler' is not zero, otherwise just free.
+ */
+
+void
+mg_destroy (garage_hdlr *g, int do_handler);
+
+
+/* mg_write
+ *
+ * store pointer `data' with len `data_len' to the garage for IP `ip'
+ * if `data_free' is non-zero the `data' pointer will be freed if mg_clean
+ * or mg_destroy is called.
+ */
+
+void
+mg_write (garage_hdlr *g, unsigned long int ip, void *data, size_t data_len,
+        int data_free);
+
+
+/* mg_read
+ *
+ * return first ip_elem for ip `ip' on success (it is not removed from garage)
+ * return NULL on failure
+ */
+
+ip_elem *
+mg_read (garage_hdlr *g, unsigned long int ip);
+
+
+/* mg_clean
+ *
+ * clean everything stored in the garage for IP `ip'
+ */
+
+void
+mg_clean (garage_hdlr *g, unsigned long int ip, void (*cleaner)(ip_list *));
+
+
+/* mg_show
+ *
+ * DEBUG function, to show IP distribution in garage
+ */
+
+void
+mg_show (garage_hdlr *g);
+
+
+/* mg_count
+ *
+ * count elements in garage
+ */
+
+unsigned long int
+mg_count (garage_hdlr *g);
+
+
+/* mg_ip_isin
+ *
+ * check whether the ip `ip' is stored in the garage pointed to by `g'.
+ *
+ * return zero in case it is not
+ * return != zero if it is
+ */
+
+int
+mg_ip_isin (garage_hdlr *g, unsigned long int ip);
+
+
+/* CIDR routines
+ */
+
+/* mg_cidr_getmask
+ *
+ * convert a netmask (eg 0xfffffc00) or a cidr notation (eg 24) given in
+ * `mask' to a netmask.
+ */
+
+unsigned long int
+mg_cidr_getmask (unsigned long int mask);
+
+
+/* mg_cidr_maskcount
+ *
+ * return the number of hosts that are possible using a mask `mask' in
+ * either CIDR or netmask notation
+ */
+
+unsigned long int
+mg_cidr_maskcount (unsigned long int mask);
+
+
+/* mg_cidr_match
+ *
+ * check whether `ip1' and `ip2' are in the same network, given the network
+ * size by `mask' (CIDR or netmask notation)
+ */
+
+int
+mg_cidr_match (unsigned long int ip1, unsigned long int ip2,
+        unsigned long int mask);
+
+
+/* mg_cidr_count
+ *
+ * count elements in garage `g', that are within the CIDR range build from
+ * ip `ip' and netmask `mask'. `mask' is either the number of bits, if it's in
+ * the range of 0-32, or the real mask, if it is greater then 32. (for the
+ * zero case the netmask is equal to the cidr notation).
+ */
+
+unsigned long int
+mg_cidr_count (garage_hdlr *g, unsigned long int ip, unsigned long int mask);
+
+
+#endif
+
diff --git a/other/b-scan/include/bscan/module.h b/other/b-scan/include/bscan/module.h
new file mode 100644
index 0000000..3ad316b
--- /dev/null
+++ b/other/b-scan/include/bscan/module.h
@@ -0,0 +1,26 @@
+
+#define MAX_MODULES     8
+
+#define MOD_FIRSTPKG    0x00
+#define MOD_RCV         0x01
+
+#define RMOD_OK         0x00
+#define RMOD_SKIP       0x01
+#define RMOD_ERROR      0x02
+#define RMOD_ABRT       0x04
+
+struct _mods
+{
+    int (*init) (char **, int, char **, void *);  /* init the module stuff */
+    int (*fini) ();             /* finish the module */
+    void (*musage) ();          /* print out usage informations */
+    int (*callmdl) (int, void *);       /* call a function */
+    const char *modname;        /* name of the module after init */
+    int modid;                  /* id of the module. who needs this ? */
+    char *modarg;               /* arg to module */
+};
+
+int add_module (char *, char *);
+void split_margs (const char *, char ***, int *);
+int loadinit_mod (char *);
+
diff --git a/other/b-scan/include/bscan/network_raw.h b/other/b-scan/include/bscan/network_raw.h
new file mode 100644
index 0000000..9ffed74
--- /dev/null
+++ b/other/b-scan/include/bscan/network_raw.h
@@ -0,0 +1,57 @@
+
+/*
+ * network_raw.h, depends on libnet.h
+ */
+
+
+#define ETH_SIZE        14
+#define IP_SIZE         20
+#define TCP_SIZE        20
+#define ICMP_SIZE       8
+#define UDP_SIZE        8
+
+/*
+ *  Checksum stuff
+ */
+#define CKSUM_CARRY(x) \
+    (x = (x >> 16) + (x & 0xffff), (~(x + (x >> 16)) & 0xffff))
+#define int_ntoa(x)   inet_ntoa(*((struct in_addr *)&(x)))
+
+
+/*
+ * leet net tuple
+ */
+struct net_tuple
+{
+    uint32_t src;
+    unsigned short int sport;
+    uint32_t dst;
+    unsigned short int dport;
+};
+
+
+/*
+ * pseudo TCP header for calculating the chksum
+ */
+struct _fakehead
+{
+    uint32_t saddr;
+    uint32_t daddr;
+    uint8_t zero;
+    uint8_t protocol;
+    uint16_t tot_len;
+};
+
+int init_network_raw (void);
+int in_cksum (unsigned short *, int);
+int send_ipv4 (int, u_char *, size_t);
+void add_udphdr (unsigned char *, struct net_tuple *, int);
+void add_tcphdr (unsigned char *, struct net_tuple *, uint8_t, int,
+                 tcp_seq *, tcp_seq *);
+void add_icmpping (unsigned char *, int, int);
+void add_iphdr (unsigned char *, uint8_t ip_p, struct net_tuple *, int);
+int answer_tcp (int, struct ip *, struct tcphdr *, uint8_t, u_char *, uint);
+int vrfy_ip (struct ip *, uint32_t, u_short *);
+int vrfy_tcp (struct tcphdr *, uint32_t, u_short *);
+int decode_nvt(u_char *, uint, u_char *, uint *, u_char *, uint *);
+
diff --git a/other/b-scan/include/bscan/restore.h b/other/b-scan/include/bscan/restore.h
new file mode 100644
index 0000000..960efe6
--- /dev/null
+++ b/other/b-scan/include/bscan/restore.h
@@ -0,0 +1,6 @@
+/*
+ * restore.h
+ */
+
+int write_restore (void);
+int read_restore (char *);
diff --git a/other/b-scan/include/bscan/signal.h b/other/b-scan/include/bscan/signal.h
new file mode 100644
index 0000000..fab56f6
--- /dev/null
+++ b/other/b-scan/include/bscan/signal.h
@@ -0,0 +1,10 @@
+/*
+ * this space for rent....
+ */
+
+typedef void (*sighandler_t) (int);
+
+#define SIG_SETALL      0x01
+
+
+int sigctl (int, sighandler_t);
diff --git a/other/b-scan/include/bscan/snarf.h b/other/b-scan/include/bscan/snarf.h
new file mode 100644
index 0000000..fee7047
--- /dev/null
+++ b/other/b-scan/include/bscan/snarf.h
@@ -0,0 +1,31 @@
+
+#define int_ntoa(x)   inet_ntoa(*((struct in_addr *)&(x)))
+
+#define ETH_ALEN        6
+#define PCAP_FILTER     "arp or tcp or icmp or udp"
+
+struct Ether_header
+{
+    uint8_t ether_dhost[ETH_ALEN];
+    uint8_t ether_shost[ETH_ALEN];
+    uint16_t ether_type;
+};
+
+struct Arphdr
+{
+    unsigned short int ar_hrd;  /* Format of hardware address.  */
+    unsigned short int ar_pro;  /* Format of protocol address.  */
+    unsigned char ar_hln;       /* Length of hardware address.  */
+    unsigned char ar_pln;       /* Length of protocol address.  */
+    unsigned short int ar_op;   /* ARP opcode (command).  */
+    /* Ethernet looks like this : This bit is variable sized
+       however...  */
+    unsigned char ar_sha[ETH_ALEN];     /* Sender hardware address.  */
+    unsigned char ar_sip[4];    /* Sender IP address.  */
+    unsigned char ar_tha[ETH_ALEN];     /* Target hardware address.  */
+    unsigned char ar_tip[4];    /* Target IP address.  */
+};
+
+
+void *do_snarf (void *);
+void undo_snarf ();
diff --git a/other/b-scan/include/bscan/system.h b/other/b-scan/include/bscan/system.h
new file mode 100644
index 0000000..6eed6d8
--- /dev/null
+++ b/other/b-scan/include/bscan/system.h
@@ -0,0 +1,38 @@
+/*
+ * generic system functions
+ */
+
+#include <sys/time.h>
+#include <unistd.h>
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+
+#define DEV_ZERO        "/dev/zero"
+
+/*
+ * we use the 'do while' trick to use err_abort as if they were functions
+ */
+#define err_abort(code,text) do { \
+        fprintf (stderr, "%s at \"%s\":%d: %s\n", \
+                text, __FILE__, __LINE__, strerror (code)); \
+        abort(); \
+        } while (0)
+
+#define errno_abort(text) do { \
+        fprintf(stderr, "%s at \"%s\":%d: %s\n", \
+                text, __FILE__, __LINE__, strerror (errno)); \
+        abort(); \
+        } while (0)
+
+
+void *shmalloc (int, size_t);
+void do_nanosleep (time_t, long);
+void xchange (void *, void *, int);
+void time_diff (struct timeval *, struct timeval *);
+int ctoreal(char *, char *);
+void save_write(FILE *, char *, unsigned char *, int);
+int isprintdata(char *, int);
+int dat2hexstr(unsigned char *, unsigned int, unsigned char *, unsigned int);
+int dat2strip(unsigned char *, unsigned int, unsigned char *, unsigned int);
+
diff --git a/other/b-scan/include/bscan/tty.h b/other/b-scan/include/bscan/tty.h
new file mode 100644
index 0000000..09d73c0
--- /dev/null
+++ b/other/b-scan/include/bscan/tty.h
@@ -0,0 +1,7 @@
+/*
+ * tty support functions
+ */
+
+void tty_done ();
+void tty_init ();
+int tty_getchar ();
diff --git a/other/b-scan/include/bscan/version.h b/other/b-scan/include/bscan/version.h
new file mode 100644
index 0000000..39b1298
--- /dev/null
+++ b/other/b-scan/include/bscan/version.h
@@ -0,0 +1,5 @@
+#define VER_MAJOR       0
+#define VER_MINOR       7
+#define VER_SUFFIX      d
+#define VER_EMAIL       "anonymous@segfault.net"
+#define VERSION         "bscan v0.7-dev, anonymous@segfault.net"
diff --git a/other/b-scan/modules/Makefile b/other/b-scan/modules/Makefile
new file mode 100644
index 0000000..ccac359
--- /dev/null
+++ b/other/b-scan/modules/Makefile
@@ -0,0 +1,22 @@
+CC=gcc
+COPT=-Wall -ggdb -shared -fPIC -I../include
+DEFS=`libnet-config --defines` -DUSE_LIBNET #-DDEBUG
+LIBS=
+TARGETS=mod_snmp mod_banner mod_httpd mod_ping mod_bind
+
+# HPUX 10.20
+# DEFS=`libnet-config --defines` -DUSE_LIBNET -DHP10 #-DDEBUG
+
+all:    
+        for trgt in $(TARGETS); do \
+            $(CC) $(COPT) $(DEFS) -o $$trgt.so $$trgt.c; \
+        done
+
+
+clean:
+        for trgt in $(TARGETS); do \
+            rm -f $$trgt.so; \
+        done
+        rm -f core *~
+
+
diff --git a/other/b-scan/modules/mod_banner.c b/other/b-scan/modules/mod_banner.c
new file mode 100644
index 0000000..6f02a39
--- /dev/null
+++ b/other/b-scan/modules/mod_banner.c
@@ -0,0 +1,365 @@
+/*
+ * mod_example.c
+ * Example module for bscan.
+ */
+
+#include <bscan/bscan.h>
+#include <bscan/module.h>
+#include <bscan/dcd_icmp.h>
+#include <bscan/system.h>
+#include <stdio.h>
+#include <unistd.h>
+
+
+#ifndef MOD_NAME
+#define MOD_NAME        "mod_banner"
+#endif
+
+#define SCN_NVT         0x00000001
+#define SCN_HALFOPEN    0x00000002
+#define SCN_XMAS        0x00000004
+#define SCN_FIN         0x00000008
+#define SCN_NULL        0x00000010
+#define SCN_PUSH        0x00000020
+#define SCN_LETOPEN     0x00000040
+#define SCN_NOSCAN      0x00000080
+#define SCN_NOICMP      0x00000100
+
+
+static int isinit=0;
+/*
+ * some variables from the binary-process
+ */
+extern int dlt_len;
+extern u_char *align_buf;
+extern unsigned short ip_options;
+extern struct ip *ip;
+extern struct Ether_header *eth;
+extern u_int plen, pcaplen;
+
+
+struct _mopt
+{
+    u_int scanflags;
+    uint8_t th_flags;
+} static mopt;
+        
+
+/*
+ * static functions prototypes
+ */
+static int mdo_opt(int, char **, struct _opt *);
+static void init_vars(struct _opt *);
+static int process_rcv(struct _opt *);
+static void handle_icmp ();
+
+
+
+/*
+ * print out usage informations
+ */
+void
+musage()
+{
+    printf ("\n"MOD_NAME"\n");
+    printf (" -o <source port>, default 20\n");
+    printf (" -p <port to scan>, default 21\n");
+    printf (" -a grab all data and let the connecten established\n");
+    printf (" -n NVT terminal support (use this for telnetd-scans)\n");
+    printf (" -I dont report ICMP-errors\n");
+    printf (" -q quite, dont send out any initial packages [first-pkg]\n");
+    printf ("    "MOD_NAME" only reports ICMP errors and doesn't start\n");
+    printf ("    scanning. It will still simulate the tcp-stack.\n");
+    printf 
+        (" -sS,-sF,-sX,-sN,-sP TCP SYN stealth, Fin, Xmas, Null, !Push scan\n");
+
+}
+
+
+/*
+ * return 0 on success, != 0 on failure
+ */
+int
+init(char **modname, int argc, char *argv[], struct _opt *opt)
+{
+#ifdef DEBUG
+        printf("MODULE INIT\n");
+#endif
+        if (isinit)
+                return(-1);
+
+        *modname = MOD_NAME;
+        isinit = 1;
+        init_vars(opt);
+
+        if (mdo_opt(argc, argv, opt) != 0)
+                return(-1);
+
+        return(0);
+}
+
+/*
+ * fini-routine. called on cleanup 
+ */
+int
+fini()
+{
+#ifdef DEBUG
+        printf("MODULE FINI\n");
+#endif
+        return(0);
+}
+
+
+/*
+ * 
+ */
+int
+callmdl(int entry, struct _opt *opt)
+{
+#ifdef DEBUG
+        printf("MODULE CALLMDL\n");
+#endif
+        if (entry == MOD_FIRSTPKG)
+        {
+                if (mopt.scanflags & SCN_NOSCAN)
+                        return(RMOD_SKIP);
+
+                add_tcphdr(opt->packet + ETH_SIZE + IP_SIZE, &opt->nt, mopt.th_flags, 0, NULL, NULL);
+                add_iphdr (opt->packet + ETH_SIZE, IPPROTO_TCP, &opt->nt, TCP_SIZE);
+                opt->pkg_len = TCP_SIZE + IP_SIZE;
+                return(RMOD_OK);
+        }
+
+        if (entry == MOD_RCV)
+                process_rcv(opt);
+
+        return(RMOD_OK);
+}
+
+
+/*
+ ***********************************************************
+ *  Our OWN/static functions for THIS module               *
+ ***********************************************************
+ */
+
+/*
+ * initialize all local variables.
+ * We use some 'unused' variables of the masterprogramm
+ */
+static void
+init_vars(struct _opt *opt)
+{
+    opt->nt.sport = htons(20);  /* not used by master programm */
+    opt->nt.dport = htons(21);  /* not used by master programm */
+
+    mopt.scanflags = 0;
+    mopt.th_flags = TH_SYN;
+}
+
+
+/*
+ * LOCAL/STATIC function, only available in the module
+ * return 0 on success, != 0 on failure
+ */
+static int
+mdo_opt(int argc, char *argv[], struct _opt *opt)
+{
+    extern char *optarg;
+    /*extern int optind, opterr, optopt;*/
+    int c;
+
+    while ((c = getopt (argc, argv, "Iqans:p:o:")) != -1)
+    {
+        switch (c)
+        {
+        case 'I':
+           mopt.scanflags |= SCN_NOICMP;
+           break;
+        case 'q':
+           mopt.scanflags |= SCN_NOSCAN; 
+           break;
+        case 'p':
+           opt->nt.dport = htons(strtoul (optarg, (char **) NULL, 10));
+           break;
+        case 'o':
+           opt->nt.sport = htons(strtoul (optarg, (char **) NULL, 10));
+           break;
+        case 'a':
+           mopt.scanflags |= SCN_LETOPEN;
+           break;
+        case 'n':
+           mopt.scanflags |= SCN_NVT;   /* NVT parsing */
+           break;
+        case 's':
+            switch (optarg[0])
+            {
+            case 'S':
+                mopt.scanflags |= SCN_HALFOPEN;
+                mopt.th_flags = TH_SYN;
+                break;
+            case 'X':
+                mopt.scanflags |= SCN_XMAS;
+                mopt.th_flags = (TH_FIN | TH_PUSH | TH_URG);
+                break;
+            case 'F':
+                mopt.scanflags |= SCN_FIN;
+                mopt.th_flags = TH_FIN;
+                break;
+            case 'N':
+                mopt.scanflags |= SCN_NULL;
+                mopt.th_flags = 0;
+                break;
+            case 'P':
+                mopt.scanflags |= SCN_PUSH;
+                break;
+            default:
+                fprintf(stderr, "unrecognized option -s%c\n", optarg[0]);
+                return(-1);
+            }
+            break;
+        case ':':
+            fprintf(stderr, "missing parameter\n");
+            return(-1);
+        default:
+            return(-1);
+        }
+    }
+
+    if ((mopt.scanflags & SCN_NVT) && !(mopt.scanflags & SCN_LETOPEN))
+        fprintf(stderr, "WARNING: NVT used without -a. This is probably not what you want!\n");
+
+    return(0);
+}
+
+
+/*
+ * vrfy the icmp packet and print out 'human readable'-icmp code
+ * dest-unreachable packages only!
+ */
+static void
+handle_icmp (int offset)
+{
+    struct icmp *icmp = (struct icmp *) (align_buf + offset);
+    struct ip *icmpip;
+
+    if (plen < offset + sizeof (*icmp) + dlt_len)
+        return;
+
+    icmpip = (struct ip *) (align_buf + offset + ICMP_HDRSIZE);
+
+    printf ("%s (%d/%d) %s", int_ntoa (icmpip->ip_dst.s_addr),
+            icmp->icmp_type, icmp->icmp_code,
+            icmp_str (icmp->icmp_type, icmp->icmp_code));
+    printf ("(from %s)\n", int_ntoa (ip->ip_src.s_addr));
+}
+
+
+/*
+ * process incoming packets 
+ * IP-packet is verified and variables valid (ip_options, *ip)
+ */
+static int
+process_rcv(struct _opt *opt)
+{
+    struct tcphdr *tcp;
+    unsigned short tcp_options = 0;
+    u_char *data = NULL;
+    u_char *ans = NULL;         /* tcpdata answer */
+    u_char prefix[32];
+    int data_len = 0;
+    uint ans_len = 0;
+    uint res_len = 0;
+    uint tcphdr_len = 0;
+    uint iphdr_len = 0;
+
+
+    if (ip->ip_p == IPPROTO_ICMP)
+    {
+        opt->snarf.icmp_c++;                    /* for statistics       */
+        if (!(mopt.scanflags & SCN_NOICMP))
+                handle_icmp (sizeof (*ip) + ip_options);
+
+        return(0);
+    }
+
+    if (ip->ip_p != IPPROTO_TCP)
+        return(0);
+
+    iphdr_len = sizeof(*ip) + ip_options;
+    tcp = (struct tcphdr *) (align_buf + iphdr_len);
+
+    if (vrfy_tcp(tcp, plen - dlt_len - iphdr_len , &tcp_options) != 0)
+        return(0);
+
+    if (tcp->th_flags & TH_RST)
+    {
+        opt->snarf.refused_c++;
+        printf ("%s:%d refused\n", int_ntoa (ip->ip_src.s_addr),
+                ntohs (tcp->th_sport));
+    }
+    else if (tcp->th_flags & TH_FIN)
+    {
+        opt->snarf.close_c++;
+        answer_tcp (opt->sox, ip, tcp, TH_FIN | TH_ACK, NULL, 0);
+        printf ("%s:%d connection closed by foreig host\n",
+                int_ntoa (ip->ip_src.s_addr), ntohs (tcp->th_sport));
+    }
+    else if ((tcp->th_flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK))
+    {
+
+        if (mopt.scanflags & SCN_HALFOPEN)
+        {
+            if (!(mopt.scanflags & SCN_LETOPEN))
+                answer_tcp (opt->sox, ip, tcp, TH_ACK | TH_RST, NULL, 0);
+            return(0);
+        }
+        else
+            answer_tcp (opt->sox, ip, tcp, TH_ACK, NULL, 0);
+
+        opt->snarf.open_c++;
+        printf ("%s:%d open\n", int_ntoa (ip->ip_src.s_addr),
+                ntohs (tcp->th_sport));
+    }
+
+    /* banner scanner output */
+    tcphdr_len = sizeof(*tcp) + tcp_options;
+    if (plen - dlt_len > ntohs(ip->ip_len))
+        data_len = ntohs(ip->ip_len) - iphdr_len - tcphdr_len;
+    else
+        data_len = plen - dlt_len - iphdr_len - tcphdr_len;
+
+    if (data_len <= 0)
+        return(0);
+    
+    if ( (data = alloca(data_len + 1)) == NULL)
+        return(-1);
+
+    memcpy(data, align_buf + iphdr_len + tcphdr_len, data_len);
+
+    if (mopt.scanflags & SCN_NVT)
+    {
+        if ((ans = alloca(data_len)) == NULL)
+            return(-1);
+
+        decode_nvt(data, data_len, ans, &ans_len, data, &res_len);
+        data_len = res_len;     /* we wrote everything into data */
+    }
+
+    snprintf(prefix, sizeof(prefix) - 1, "%s:%d ", int_ntoa(ip->ip_src), 
+                                                        ntohs (tcp->th_sport));
+    save_write(stdout, prefix, data, data_len);
+
+    if (tcp->th_flags & TH_RST) /* data_len != 0 */
+        return(0);      /* evil peer resetted our connection */
+
+    /* close after first data package or ack last RST if data_len >0 */
+    if (!(mopt.scanflags & SCN_LETOPEN) || (tcp->th_flags & TH_RST))
+        answer_tcp (opt->sox, ip, tcp, TH_ACK | TH_RST, ans, ans_len); 
+    else
+        answer_tcp (opt->sox, ip, tcp, TH_ACK, ans, ans_len);
+
+
+   return(0);
+}
diff --git a/other/b-scan/modules/mod_bind.c b/other/b-scan/modules/mod_bind.c
new file mode 100644
index 0000000..2a09f49
--- /dev/null
+++ b/other/b-scan/modules/mod_bind.c
@@ -0,0 +1,302 @@
+/*
+ * ping-module for bscan.
+ * IDEA: add record-route and source-route feature
+ *       and -p pattern [where can we save our time-struct then ?
+ */
+
+#include <bscan/bscan.h>
+#include <bscan/module.h>
+#include <bscan/system.h>
+#include <stdio.h>
+
+
+#ifndef MOD_NAME
+#define MOD_NAME        "mod_bind"
+#endif
+
+/*
+ * this is our query. This is a DNS-formated string
+ * <length1><string1><length2><string2><0>
+ */
+#define DNSTXTREQ       "\007version\004bind"
+
+static int process_rcv(struct _opt *);
+static void add_dnshdr(unsigned char *);
+static void add_dnstxthdr(unsigned char *, char *, u_int *);
+
+static int isinit=0;
+/*
+ * some variables from the binary-process
+ */
+extern int dlt_len;
+extern u_char *align_buf;
+extern unsigned short ip_options;
+extern struct ip *ip;
+extern struct Ether_header *eth;
+extern u_int plen, pcaplen;
+extern struct timeval *pts;
+
+
+struct _dnshdr
+{
+    u_short id;             /* DNS packet ID */
+    u_short flags;          /* DNS flags */
+    u_short num_q;          /* Number of questions */
+    u_short num_answ_rr;    /* Number of answer resource records */
+    u_short num_auth_rr;    /* Number of authority resource records */
+    u_short num_addi_rr;    /* Number of additional resource records */
+};
+
+struct _dnsanswr
+{
+    u_short type;
+    u_short class;
+    u_short ttl1;
+    u_short ttl2;
+    u_short len;
+};
+
+
+
+/*
+ * static functions prototypes
+ */
+static int mdo_opt(int, char **, struct _opt *);
+static void init_vars(struct _opt *);
+
+/*
+ * print out usage informations
+ */
+void
+musage()
+{
+    printf ("\n"MOD_NAME"\n");
+    printf ("verson.bind chaos txt module\n");
+    printf (" -p <port>, destination port, default 53\n");
+    printf (" -o <port>, source port, default 53\n");
+}
+
+
+/*
+ * return 0 on success, != 0 on failure
+ */
+int
+init(char **modname, int argc, char *argv[], struct _opt *opt)
+{
+#ifdef DEBUG
+        printf("MODULE INIT\n");
+#endif
+        if (isinit)
+                return(-1);
+
+        *modname = MOD_NAME;
+        isinit = 1;
+        init_vars(opt);
+
+        if (mdo_opt(argc, argv, opt) != 0)
+                return(-1);
+
+        return(0);
+}
+
+/*
+ * fini-routine. called on cleanup 
+ */
+int
+fini()
+{
+#ifdef DEBUG
+        printf("MODULE FINI\n");
+#endif
+        return(0);
+}
+
+
+/*
+ * Module entry point [entry]
+ * RMOD_OK: everything allright. send  the packet out [if first]
+ *          or do nothing [MOD_RCV].
+ * RMOD_SKIP: proceed with next IP without sending out the packet.
+ */
+int
+callmdl(int entry, struct _opt *opt)
+{
+#ifdef DEBUG
+        printf("MODULE CALLMDL\n");
+#endif
+        if (entry == MOD_FIRSTPKG)
+        {
+                add_dnstxthdr (opt->packet + ETH_SIZE + IP_SIZE + UDP_SIZE + sizeof(struct _dnshdr), DNSTXTREQ, &opt->pkg_len);
+                add_dnshdr (opt->packet + ETH_SIZE + IP_SIZE + UDP_SIZE);
+                add_udphdr (opt->packet + ETH_SIZE + IP_SIZE, &opt->nt, opt->pkg_len + sizeof(struct _dnshdr));
+                add_iphdr (opt->packet + ETH_SIZE, IPPROTO_UDP, &opt->nt, opt->pkg_len + UDP_SIZE + sizeof(struct _dnshdr));
+                opt->pkg_len += IP_SIZE + UDP_SIZE + sizeof(struct _dnshdr);
+                return(RMOD_OK);
+        }
+
+        if (entry == MOD_RCV)
+                process_rcv(opt);
+
+        return(RMOD_OK);
+}
+
+
+/*
+ ***********************************************************
+ *  Our OWN/static functions for THIS module               *
+ ***********************************************************
+ */
+
+/*
+ * initialize all local variables.
+ * We use some 'unused' variables of the masterprogramm
+ */
+static void
+init_vars(struct _opt *opt)
+{
+    opt->nt.sport = htons(53);
+    opt->nt.dport = htons(53);
+}
+
+
+/*
+ * LOCAL/STATIC function, only available in the module
+ * return 0 on success, != 0 on failure
+ */
+static int
+mdo_opt(int argc, char *argv[], struct _opt *opt)
+{
+    extern char *optarg;
+    /*extern int optind, opterr, optopt;*/
+    int c;
+
+    while ((c = getopt (argc, argv, "p:o:")) != -1)
+    {
+        switch (c)
+        {
+        case 'p':
+           opt->nt.dport = htons(atoi(optarg)); 
+           break;
+        case 'o':
+           opt->nt.sport = htons(atoi(optarg)); 
+           break;
+        case ':':
+            fprintf(stderr, "missing parameter\n");
+            return(-1);
+        default:
+            return(-1);
+        }
+    }
+    return(0);
+}
+
+
+/*
+ * add a DNS header
+ */
+static void
+add_dnshdr(unsigned char *pkt)
+{
+    struct _dnshdr *dnshdr = (struct _dnshdr *)pkt;
+
+    dnshdr->id = htons(6);      /* could be random */
+    dnshdr->flags = htons(0x0100);      /* do query recursivly */
+    dnshdr->num_q = htons(1);
+    dnshdr->num_answ_rr = 0;
+    dnshdr->num_auth_rr = 0;
+    dnshdr->num_addi_rr = 0; 
+/* add request here. class TXT etc */
+}
+
+/*
+ * add DNS-TXT header here
+ * returns length in *len
+ */
+static void
+add_dnstxthdr(unsigned char *pkt, char *name, u_int *len)
+{
+    u_short *type;
+    u_short *class;
+
+    if (name == NULL)
+        return;         /* nah! specifiy "". we need \0 termination */
+
+    memcpy(pkt, name, strlen(name)+1);
+    type = (u_short *)(pkt + strlen(name) + 1);
+    class = (u_short *)(pkt + strlen(name) + 1 + sizeof(*class));
+    
+    *type = htons(0x10);        /* TEXT string */
+    *class = htons(0x03);       /* chaos */
+    *len = strlen(name) + 1 + sizeof(*type) + sizeof(*class);
+}
+
+
+/*
+ * handle incoming DNS udp answers
+ */
+static int
+process_rcv(struct _opt *opt)
+{
+    struct _dnshdr *dns;
+    struct _dnsanswr *dnsanswr;
+    struct udphdr *udp;
+    char *ptr;
+    char buf[128];
+    int len, dnstxtlen;
+    uint iphdr_len = 0;
+
+    if (ip->ip_p != IPPROTO_UDP)
+        return(0);
+
+    iphdr_len = IP_SIZE + ip_options;
+    if (plen < dlt_len + iphdr_len + sizeof(*udp) + sizeof(*dns))
+        return(-1);     /* invalid size */
+    
+    dns = (struct _dnshdr *) (align_buf + iphdr_len + sizeof(*udp));
+    if (ntohs(dns->flags) & 0x000F)     /* dns-error? query refused ? */
+        return(-1);
+
+    ptr = (char *) (align_buf + iphdr_len + sizeof(*udp) + sizeof(*dns));
+    len = dlt_len + iphdr_len + sizeof(*udp) + sizeof(*dns);
+
+    while (len++ < plen)
+        if (*ptr++ == '\0')
+            break;
+
+    if (len >= plen)
+        return(-1);
+
+    len += 4;
+    ptr += 4;
+ 
+    while (len++ < plen)                /* skip VERSION.BIND answer string */
+        if (*ptr++ == '\0')
+            break;
+
+    len += sizeof(*dnsanswr);
+    if (len >= plen)
+        return(-1);
+
+    dnsanswr = (struct _dnsanswr *) (ptr);
+    dnstxtlen = ntohs(dnsanswr->len);
+    if (len + dnstxtlen > plen) 
+        return(0); 
+
+    if ((dnstxtlen == 0) || (dnstxtlen > 128))
+        return(-1);
+
+    memcpy(buf, ptr + sizeof(*dnsanswr) +1, dnstxtlen - 1); 
+    buf[dnstxtlen - 1] = '\0';
+
+    ptr = buf;          /* evil hax0rs sending messed up strings ? */
+    while (*++ptr != '\0')
+        if (!isprint((int)*ptr))
+                *ptr = '_';
+
+    printf("%s VERSION.BIND. \"%s\"\n", int_ntoa(ip->ip_src.s_addr), buf);
+
+    return(0);
+   
+}
+
+
diff --git a/other/b-scan/modules/mod_httpd.c b/other/b-scan/modules/mod_httpd.c
new file mode 100644
index 0000000..275125c
--- /dev/null
+++ b/other/b-scan/modules/mod_httpd.c
@@ -0,0 +1,188 @@
+/*
+ * mod_example.c
+ * Example module for bscan.
+ */
+
+#include <bscan/bscan.h>
+#include <bscan/module.h>
+#include <stdio.h>
+
+
+#ifndef MOD_NAME
+#define MOD_NAME        "mod_httpd"
+#endif
+
+#define HEADREQ         "HEAD / HTTP/1.0\r\n\r\n"
+
+
+static int isinit=0;
+/*
+ * some variables from the binary-process
+ */
+extern int dlt_len;
+extern u_char *align_buf;
+extern unsigned short ip_options;
+extern struct ip *ip;
+extern struct Ether_header *eth;
+extern u_int plen, pcaplen;
+
+struct _mopt
+{
+    unsigned short int dport;   /* dport in NBO */
+    char *request;      /* the http-request */
+} static mopt;
+
+/*
+ * static functions prototypes
+ */
+static int mdo_opt(int, char **, struct _opt *);
+static void init_vars(struct _opt *);
+static int process_rcv(struct _opt *);
+
+/*
+ * print out usage informations
+ */
+void
+musage()
+{
+    printf ("\n"MOD_NAME"\n");
+    printf (" -p <port>, default 80\n");
+    printf (" -r <request>, default 'HEAD / HTTP/1.0'\n");
+}
+
+
+/*
+ * return 0 on success, != 0 on failure
+ */
+int
+init(char **modname, int argc, char *argv[], struct _opt *opt)
+{
+#ifdef DEBUG
+        printf("MODULE INIT\n");
+#endif
+        if (isinit)
+                return(-1);
+
+        *modname = MOD_NAME;
+        isinit = 1;
+        init_vars(opt);
+
+        if (mdo_opt(argc, argv, opt) != 0)
+                return(-1);
+
+        return(0);
+}
+
+/*
+ * fini-routine. called on cleanup 
+ */
+int
+fini()
+{
+#ifdef DEBUG
+        printf("MODULE FINI\n");
+#endif
+        return(0);
+}
+
+
+/*
+ * 
+ */
+int
+callmdl(int entry, struct _opt *opt)
+{
+#ifdef DEBUG
+        printf("MODULE CALLMDL\n");
+#endif
+        if (entry == MOD_FIRSTPKG)
+                return(RMOD_SKIP);
+
+        if (entry == MOD_RCV)
+                process_rcv(opt);
+
+        return(RMOD_OK);
+}
+
+
+/*
+ ***********************************************************
+ *  Our OWN/static functions for THIS module               *
+ ***********************************************************
+ */
+
+/*
+ * initialize all local variables.
+ * We use some 'unused' variables of the masterprogramm
+ */
+static void
+init_vars(struct _opt *opt)
+{
+    mopt.dport = htons(80);
+    mopt.request = HEADREQ;
+}
+
+
+/*
+ * LOCAL/STATIC function, only available in the module
+ * return 0 on success, != 0 on failure
+ */
+static int
+mdo_opt(int argc, char *argv[], struct _opt *opt)
+{
+    extern char *optarg;
+    /*extern int optind, opterr, optopt;*/
+    int c;
+
+    while ((c = getopt (argc, argv, "p:r:")) != -1)
+    {
+        switch (c)
+        {
+        case 'p':
+           mopt.dport = htons(strtoul (optarg, (char **) NULL, 10));
+           break;
+        case 'r':
+           mopt.request = optarg;
+           fprintf(stderr, MOD_NAME ": requesting \"%s\"\n", optarg);
+           break;
+        case ':':
+            fprintf(stderr, "missing parameter\n");
+            return(-1);
+        default:
+            return(-1);
+        }
+    }
+    return(0);
+}
+
+
+/*
+ * process incoming packets 
+ * IP-packet is verified and variables valid (ip_options, *ip)
+ */
+static int
+process_rcv(struct _opt *opt)
+{
+    struct tcphdr *tcp;
+    unsigned short tcp_options = 0;
+    uint iphdr_len = 0;
+
+
+    if (ip->ip_p != IPPROTO_TCP)
+        return(0);
+
+    iphdr_len = sizeof(*ip) + ip_options;
+    tcp = (struct tcphdr *) (align_buf + iphdr_len);
+
+    if (vrfy_tcp(tcp, plen - dlt_len - iphdr_len, &tcp_options) != 0)
+        return(0);
+
+    if (tcp->th_sport != mopt.dport)
+        return(0);
+
+    if ((tcp->th_flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK))
+        answer_tcp (opt->sox, ip, tcp, TH_ACK | TH_PUSH, mopt.request, strlen(mopt.request));
+
+   return(0);
+}
+
diff --git a/other/b-scan/modules/mod_ping.c b/other/b-scan/modules/mod_ping.c
new file mode 100644
index 0000000..73a90a4
--- /dev/null
+++ b/other/b-scan/modules/mod_ping.c
@@ -0,0 +1,205 @@
+/*
+ * ping-module for bscan.
+ * IDEA: add record-route and source-route feature
+ *       and -p pattern [where can we save our time-struct then ?
+ */
+
+#include <bscan/bscan.h>
+#include <bscan/module.h>
+#include <bscan/system.h>
+#include <stdio.h>
+
+
+#ifndef MOD_NAME
+#define MOD_NAME        "mod_ping"
+#endif
+
+static int process_rcv(struct _opt *);
+
+static int isinit=0;
+/*
+ * some variables from the binary-process
+ */
+extern int dlt_len;
+extern u_char *align_buf;
+extern unsigned short ip_options;
+extern struct ip *ip;
+extern struct Ether_header *eth;
+extern u_int plen, pcaplen;
+extern struct timeval *pts;
+
+struct _mopt
+{
+   int type;
+   int size;
+} static mopt;
+
+/*
+ * static functions prototypes
+ */
+static int mdo_opt(int, char **, struct _opt *);
+static void init_vars(struct _opt *);
+
+/*
+ * print out usage informations
+ */
+void
+musage()
+{
+    printf ("\n"MOD_NAME"\n");
+    printf (" -t (echo|time) -s <size>, size of ping-data [default 56].\n");
+}
+
+
+/*
+ * return 0 on success, != 0 on failure
+ */
+int
+init(char **modname, int argc, char *argv[], struct _opt *opt)
+{
+#ifdef DEBUG
+        printf("MODULE INIT\n");
+#endif
+        if (isinit)
+                return(-1);
+
+        *modname = MOD_NAME;
+        isinit = 1;
+        init_vars(opt);
+
+        if (mdo_opt(argc, argv, opt) != 0)
+                return(-1);
+
+        return(0);
+}
+
+/*
+ * fini-routine. called on cleanup 
+ */
+int
+fini()
+{
+#ifdef DEBUG
+        printf("MODULE FINI\n");
+#endif
+        return(0);
+}
+
+
+/*
+ * Module entry point [entry]
+ * RMOD_OK: everything allright. send  the packet out [if first]
+ *          or do nothing [MOD_RCV].
+ * RMOD_SKIP: proceed with next IP without sending out the packet.
+ */
+int
+callmdl(int entry, struct _opt *opt)
+{
+#ifdef DEBUG
+        printf("MODULE CALLMDL\n");
+#endif
+        if (entry == MOD_FIRSTPKG)
+        {
+                add_icmpping (opt->packet + ETH_SIZE + IP_SIZE, mopt.size, mopt.type);
+                add_iphdr (opt->packet + ETH_SIZE, IPPROTO_ICMP, &opt->nt, ICMP_SIZE + mopt.size);
+                opt->pkg_len = IP_SIZE + ICMP_SIZE + mopt.size;
+                return(RMOD_OK);
+        }
+
+        if (entry == MOD_RCV)
+                process_rcv(opt);
+
+        return(RMOD_OK);
+}
+
+
+/*
+ ***********************************************************
+ *  Our OWN/static functions for THIS module               *
+ ***********************************************************
+ */
+
+/*
+ * initialize all local variables.
+ * We use some 'unused' variables of the masterprogramm
+ */
+static void
+init_vars(struct _opt *opt)
+{
+    mopt.size = ICMP_ECHO;
+    mopt.size = 56;
+}
+
+
+/*
+ * LOCAL/STATIC function, only available in the module
+ * return 0 on success, != 0 on failure
+ */
+static int
+mdo_opt(int argc, char *argv[], struct _opt *opt)
+{
+    extern char *optarg;
+    /*extern int optind, opterr, optopt;*/
+    int c;
+
+    while ((c = getopt (argc, argv, "t:s:")) != -1)
+    {
+        switch (c)
+        {
+        case 't':
+           if (strcasecmp (optarg, "echo") == 0)
+             mopt.type = ICMP_ECHO;
+           else if (strcasecmp (optarg, "time") == 0)
+             mopt.type = ICMP_TSTAMP;
+           else
+             return (-1);
+           break;
+        case 's':
+           mopt.size = atoi(optarg);    
+           break;
+        case ':':
+            fprintf(stderr, "missing parameter\n");
+            return(-1);
+        default:
+            return(-1);
+        }
+    }
+    return(0);
+}
+
+
+/*
+ * handle incoming icmp ECHO_REPLY packages
+ */
+static int
+process_rcv(struct _opt *opt)
+{
+    struct icmp *icmp;
+    struct timeval now;
+    double rrt;
+
+    if (ip->ip_p != IPPROTO_ICMP)
+        return(0);
+
+    if (plen < dlt_len + IP_SIZE + ip_options + sizeof(*icmp))
+        return(0);      /* invalid size */
+
+   icmp = (struct icmp *) (align_buf + IP_SIZE + ip_options);
+
+//   if ((icmp->icmp_type != 0) || (icmp->icmp_code != 0))
+//      return(0);
+        
+   memcpy(&now, pts, sizeof(now));
+   time_diff((struct timeval *)icmp->icmp_dun.id_data, &now);
+   rrt = now.tv_sec * 1000.0 + now.tv_usec / 1000.0;
+
+   printf("%d bytes from %s: icmp_seq=%u ttl=%d time=%.3f ms\n",
+        (int)(plen - dlt_len - IP_SIZE - ip_options),
+        int_ntoa(ip->ip_src.s_addr), icmp->icmp_hun.ih_idseq.icd_seq,
+        ip->ip_ttl, rrt);
+
+   return(0);
+   
+}
+
+
diff --git a/other/b-scan/modules/mod_snmp.c b/other/b-scan/modules/mod_snmp.c
new file mode 100644
index 0000000..db56455
--- /dev/null
+++ b/other/b-scan/modules/mod_snmp.c
@@ -0,0 +1,899 @@
+/*
+ * SimpleNetworkManagementProtocol module for bscan.
+ * RFC 1157
+ * <buggy/lame implementation>
+ *
+ * ###fixme todo: port to sparc
+ */
+
+#include <bscan/bscan.h>
+#include <bscan/module.h>
+#include <bscan/system.h>
+#include <stdio.h>
+
+
+#ifndef MOD_NAME
+#define MOD_NAME        "mod_snmp"
+#endif
+
+#define SNMP_DFLT_REQOBJ        "1.3.6.1.2.1.1"
+
+#define MAX_VALSTRLEN   512
+
+#define MOPT_NOOBJ      0x01
+#define MOPT_STRIP      0x02
+
+#define SNMP_GET        0xa0
+#define SNMP_GET_NEXT   0xa1
+#define SNMP_SET        0xa3
+#define ASN_SUBCAT      0x30    /* BER encoding, sub-categorie */
+
+#ifndef ASN_INTEGER
+#define ASN_INTEGER         ((u_char)0x02)
+#endif
+#define ASN_INTEGERSTR          "INTEGER"
+#ifndef ASN_BIT_STR
+#define ASN_BIT_STR         ((u_char)0x03)
+#endif
+#define ASN_BIT_STRSTR          "BITSTRING"
+#ifndef ASN_OCTET_STR
+#define ASN_OCTET_STR       ((u_char)0x04)
+#endif
+#define ASN_OCTET_STRSTR        "STRING"
+#ifndef ASN_NULL
+#define ASN_NULL            ((u_char)0x05)
+#endif
+#define ASN_NULLSTR             "NULL"
+#ifndef ASN_OBJECT_ID
+#define ASN_OBJECT_ID       ((u_char)0x06)
+#endif
+#define ASN_OBJECT_IDSTR        "OBJ"
+#ifndef ASN_APPLICATION
+#define ASN_APPLICATION     ((u_char)0x40)
+#endif
+#ifndef ASN_LONG_LEN
+#define ASN_LONG_LEN         ((u_char)0x80)
+#endif
+#define ASN_APPLICATIONSTR      "APPLICATION"
+#ifndef ASN_IPADDRESS
+#define ASN_IPADDRESS   (ASN_APPLICATION | 0)
+#endif
+#define ASN_IPADDRESSSTR        "IPADDR"
+#ifndef ASN_UNSIGNED
+#define ASN_UNSIGNED    (ASN_APPLICATION | 2)
+#endif
+#define ASN_UNSIGNEDSTR         ASN_INTEGERSTR
+#ifndef ASN_TIMETICKS
+#define ASN_TIMETICKS   (ASN_APPLICATION | 3)
+#endif
+#define ASN_TIMETICKSSTR        "TIMETICKS"
+#ifndef ASN_COUNTER
+#define ASN_COUNTER (ASN_APPLICATION | 1)
+#endif
+#define ASN_COUNTERSTR          "COUNTER"
+
+#define SNMP_ERR_WRONGTYPE              (7)
+#define SNMP_ERR_WRONGLENGTH            (8)
+#define SNMP_ERR_WRONGENCODING          (9)
+#define SNMP_ERR_WRONGVALUE             (10)
+#define SNMP_ERR_NOCREATION             (11)
+#define SNMP_ERR_INCONSISTENTVALUE      (12)
+#define SNMP_ERR_RESOURCEUNAVAILABLE    (13)
+#define SNMP_ERR_COMMITFAILED           (14)
+#define SNMP_ERR_UNDOFAILED             (15)
+#define SNMP_ERR_AUTHORIZATIONERROR     (16)
+#define SNMP_ERR_NOTWRITABLE            (17)
+
+char *snmp_error[] = {
+        "NO ERROR",
+        "TOO BIG",
+        "NO SUCH NAME",
+        "BAD VALUE",
+        "READONLY",
+        "GENERELL ERROR",
+        "NO ACCESS",
+        "WRONG TYPE",
+        "WRONG LENGTH",
+        "WRONG ENCODING",
+        "WRONG VALUE",
+        "NO CREATION",
+        "INCONSISTENT VALUE",
+        "RESOURCE UNAVAILABLE",
+        "COMMIT FAILED",
+        "UNDO FAILED",
+        "AUTORISATION ERROR",
+        "NOT WRITEABLE",
+        "INCONSISTENT NAME" };
+
+#define MAX_SNMP_ERR    18
+
+
+
+#define ADD_DATA(ptr, in, len, totlen) memcpy(ptr, in, len);\
+        *totlen = *totlen + len;
+
+#define min(a,b)       ((a)<(b)?(a):(b))
+
+
+static int isinit=0;
+/*
+ * some variables from the binary-process
+ */
+extern int dlt_len;
+extern u_char *align_buf;
+extern unsigned short ip_options;
+extern struct ip *ip;
+extern struct Ether_header *eth;
+extern u_int plen, pcaplen;
+extern struct timeval *pts;
+
+struct _pdu
+{
+    u_char      *varbuf;
+    int         varlen;
+};
+
+struct _mopt
+{
+    char        *community;
+    u_char      flags;
+    u_char      snmptor;        /* type of request */
+    struct _pdu pdu;
+} static mopt;
+
+struct _pdunfo
+{
+    u_char *community;
+    u_char *pdu_type;
+    u_char *error_status;
+    u_char *error_idx;
+} static pdunfo;
+
+
+/*
+ * static functions prototypes
+ */
+static int mdo_opt(int, char **, struct _opt *);
+static void init_vars(struct _opt *);
+static int process_rcv(struct _opt *);
+static int add_snmp (u_char *, int *);
+static int add_snmpreq (u_char *, int *, u_char, u_char *, struct _pdu *);
+static int add_snmp_var(struct _pdu *, u_char *);
+static int build_snmp_objreq(u_char *, u_char *,u_char *, u_char, u_char *);
+static int str2asnv(u_char *, u_char, u_char *, u_char *);
+static int str2objid(u_char *, u_char *, u_char *);
+
+
+/*
+ * print out usage informations
+ */
+void
+musage()
+{
+    printf ("\n"MOD_NAME"\n");
+    printf ("snmp module\n");
+    printf (" -p <port>, destination port, default 161\n");
+    printf (" -o <port>, source port, default 53\n");
+    printf (" -r <request[:type[:value]]>, default '1.3.6.1.2.1.1 (system)'\n");
+    printf (" -c <community name>, default 'public'\n");
+    printf (" -g <requesttype>, (get|getnext|set), default 'getnext'\n");
+    printf (" -s strip unprintable characters from STRING types, and output as text\n");
+    printf (" -q dont print out OBJ-types\n");
+    printf ("\n");
+    printf ("type: i: INTEGER, s: STRING, n: NULLOBJ, o: OBJID\n");
+    printf ("      t: TIMETICKS, a: IPADDRESS, b: BITSTRING, c: COUNTER\n"); 
+    printf ("\n");
+    printf ("you can request multiple objects with one request:\n");
+    printf ("-g get -r 1.3.6.1.2.1.1.1.0 -r 1.3.6.1.2.1.1.4.0 -r 1.3.6.1.2.1.1.5.0\n");
+}
+
+
+/*
+ * return 0 on success, != 0 on failure
+ */
+int
+init(char **modname, int argc, char *argv[], struct _opt *opt)
+{
+#ifdef DEBUG
+        printf("MODULE INIT\n");
+#endif
+        if (isinit)
+                return(-1);
+
+        *modname = MOD_NAME;
+        isinit = 1;
+        init_vars(opt);
+
+        if (mdo_opt(argc, argv, opt) != 0)
+                return(-1);
+
+        return(0);
+}
+
+/*
+ * fini-routine. called on cleanup 
+ */
+int
+fini()
+{
+#ifdef DEBUG
+        printf("MODULE FINI\n");
+#endif
+        return(0);
+}
+
+
+/*
+ * Module entry point [entry]
+ * RMOD_OK: everything allright. send  the packet out [if first]
+ *          or do nothing [MOD_RCV].
+ * RMOD_SKIP: proceed with next IP without sending out the packet.
+ * RMOD_ERROR: failed to create packet.
+ * RMOD_ABRT: critical failure, abort!
+ */
+int
+callmdl(int entry, struct _opt *opt)
+{
+#ifdef DEBUG
+        printf("MODULE CALLMDL\n");
+#endif
+        if (entry == MOD_FIRSTPKG)
+        {
+            add_snmp(opt->packet+ ETH_SIZE + IP_SIZE + UDP_SIZE, &opt->pkg_len);
+            add_udphdr (opt->packet+ ETH_SIZE+ IP_SIZE, &opt->nt, opt->pkg_len);
+            add_iphdr (opt->packet + ETH_SIZE, IPPROTO_UDP, &opt->nt, opt->pkg_len + UDP_SIZE);
+            opt->pkg_len += UDP_SIZE + IP_SIZE;
+
+            return(RMOD_OK);
+        }
+
+        if (entry == MOD_RCV)
+                process_rcv(opt);
+
+        return(RMOD_OK);
+}
+
+
+/*
+ ***********************************************************
+ *  Our OWN/static functions for THIS module               *
+ ***********************************************************
+ */
+
+/*
+ * initialize all local variables.
+ * We use some 'unused' variables of the masterprogramm
+ */
+static void
+init_vars(struct _opt *opt)
+{
+    opt->nt.sport = htons(32770);
+    opt->nt.dport = htons(161);
+    mopt.flags = 0;
+    mopt.community = "public";
+    mopt.snmptor = SNMP_GET_NEXT;
+}
+
+
+/*
+ * LOCAL/STATIC function, only available in the module
+ * return 0 on success, != 0 on failure
+ */
+static int
+mdo_opt(int argc, char *argv[], struct _opt *opt)
+{
+    extern char *optarg;
+    /*extern int optind, opterr, optopt;*/
+    int c;
+
+    while ((c = getopt (argc, argv, "qsg:c:r:p:o:")) != -1)
+    {
+        switch (c)
+        {
+        case 'q':
+           mopt.flags |= MOPT_NOOBJ;
+           break;
+        case 's':
+           mopt.flags |= MOPT_STRIP;
+           break;
+        case 'p':
+           opt->nt.dport = htons(atoi(optarg)); 
+           break;
+        case 'o':
+           opt->nt.sport = htons(atoi(optarg)); 
+           break;
+        case 'r':
+           add_snmp_var(&mopt.pdu, optarg);
+           break;
+        case 'c':
+           mopt.community = optarg;
+           break;
+        case 'g':
+           if (strcasecmp (optarg, "get") == 0)
+                mopt.snmptor = SNMP_GET;
+           else if (strcasecmp (optarg, "getnext") == 0)
+                mopt.snmptor = SNMP_GET_NEXT;
+           else if (strcasecmp (optarg, "set") == 0)
+                mopt.snmptor = SNMP_SET;
+           else
+                return (-1);
+           break;
+        case ':':
+            fprintf(stderr, "missing parameter\n");
+            return(-1);
+        default:
+            return(-1);
+        }
+    }
+
+    if (mopt.pdu.varbuf == NULL)
+        add_snmp_var(&mopt.pdu, SNMP_DFLT_REQOBJ);
+        
+    return(0);
+}
+
+
+static u_char
+strtoasn_vtype(int src)
+{
+
+    src = tolower(src);
+
+    switch (src)
+    {
+        case 'i':
+            return(ASN_INTEGER);
+        case 's':
+            return(ASN_OCTET_STR);
+        case 'n':
+            return(ASN_NULL);
+        case 'o':
+            return(ASN_OBJECT_ID);
+        case 't':
+            return(ASN_TIMETICKS);
+        case 'b':
+            return(ASN_BIT_STR);
+        case 'a':
+            return(ASN_IPADDRESS);
+        case 'u':
+            return(ASN_UNSIGNED);
+        case 'c':
+            return(ASN_COUNTER);
+        default:
+            fprintf(stderr, "WARNING: unsupported value-type.\n");
+            return(src);
+    }
+    
+    return(ASN_NULL);
+}
+
+/*
+ * add variable to our variable-queue
+ * input: <objid-dodded notation>:<value type>:<value>-format
+ * return 0 on success, !=0 on parse error etc
+ */
+static int
+add_snmp_var(struct _pdu *pdu, u_char *src)
+{
+    u_char *request;
+    u_char vtype = 5;
+    u_char *value = NULL;
+    u_char *ptr = NULL;
+    u_char reqlen=0;
+
+    if (pdu->varbuf == NULL)
+    {
+        pdu->varbuf = calloc(1, 1024);
+        pdu->varlen = 0;
+    }
+
+    request = src;
+
+    if ( (ptr = strchr(src, ':')) != NULL)
+        *ptr++ = '\0';
+
+    src = ptr;
+    if (ptr != NULL)
+    {
+        if ( (ptr = strchr(src, ':')) != NULL)
+        {
+            *ptr++ = '\0';
+            if (strlen(ptr) > 0)
+                value = ptr;
+        }
+        vtype = strtoasn_vtype(*src);
+    }
+
+    if (build_snmp_objreq(pdu->varbuf + pdu->varlen, &reqlen, request, vtype, value) != 0)
+     {
+        fprintf(stderr, "WARNING: error while parsing reqOBJ\n");
+        return(-1);
+     }
+
+    pdu->varlen += reqlen;
+
+    return(0);
+}
+
+/*
+ * convert OBJ-ID and build the snmp-request packet
+ * save the work and reuse [better performance, the snmp
+ * packet is always the same].
+ * return 0 on success
+ */
+static int
+add_snmp(u_char *ptr, int *lenptr)
+{
+    static u_char *buf = NULL;
+    static int buflen;
+
+    if (buf != NULL)    /* fastmode, use old copy of previous build snmppkg */
+    {
+        *lenptr = buflen;
+        memcpy(ptr, buf, buflen);
+        return(0);
+    }
+
+    if (buf == NULL)
+        buf = malloc(1024);
+
+    add_snmpreq (ptr, lenptr, mopt.snmptor, mopt.community, &mopt.pdu); 
+
+    memcpy(buf, ptr, *lenptr);  /* for later reuse */
+    buflen = *lenptr;
+
+    return(0);
+}
+
+/*
+ * convert snmp obj in dotted-notation, 0-terminated string to obj-id in asn.1
+ */
+static int
+str2objid(u_char *dst, u_char *retlen, u_char *src)
+{
+    u_char *dotptr;
+    u_char len;
+
+    if (strncmp(src, "1.3.6.1.", 8) != 0)
+        return(-1);     /* snmp only , iso.org.dot.internet.* */
+
+    src += 8;  /* we know the first 8 bytes. */
+
+    memcpy(dst, "\x2b\x06\x01", 3);     /* yepp, we know this. "1.3.6.1" */
+    dst += 3;
+    dotptr = src;
+    len = 3;    /* 2b-06-01 */
+    while ( (dotptr = strchr (src, '.')) != NULL)
+    {
+        *dotptr = '\0';
+        *dst++ = (u_char)atoi(src);
+        src = ++dotptr;
+        len++;
+    }
+    if (strlen(src) > 0)
+    {
+        *dst++ = (u_char)atoi(src);
+        len++;
+    }
+
+    *retlen = len;
+    return(0);
+}
+
+
+/*
+ * convert input to ASN.1 BER encodet <obj-id><value>
+ * dst: guess what.
+ * ptr: snmp obj in dotted-notation (1.3.6.1.2.1.1....), 0-terminated string
+ * tov: type of value, ASN.1 encodet (int, 8octet string, ...)
+ * value: the value (string, 0-terminated)
+ * return: 0 on success
+ */
+static int 
+build_snmp_objreq(u_char *dst, u_char *retlen, u_char *src, u_char tov, 
+                  u_char *value)
+{
+    u_char *srcw;
+    u_char vlen = 0;
+    u_char *sublen;
+    u_char *subsublen;
+    u_char *subvlen;
+    u_char len;
+
+    srcw = alloca(strlen(src)+1);
+    memcpy(srcw, src, strlen(src)+1);
+    if (strlen(srcw) <= 4)
+        return(-1);
+    
+    *dst++ = ASN_SUBCAT;        
+    sublen = dst++;     /* we set the length later coz we dont know it yet */
+
+    *dst++ = 0x06;      /* OBJ-ID */
+    subsublen = dst++;  /* and this also not */
+
+    if (str2objid(dst, &len, srcw) != 0)
+        return(-1);
+
+    *subsublen = len;   /* length of obj */
+    dst += len;
+
+    *dst++ = tov;       /* type of value */
+    subvlen = dst++;    /* we set this later..we dont know the length yet */
+    str2asnv(value, tov, dst, &vlen);
+
+    *subvlen = vlen;    /* length of value */
+
+    *sublen = len + vlen + 4;   /* length of <obj-id><tov:value> */
+
+    *retlen = len + vlen + 6; 
+    return(0);
+}
+
+
+/*
+ * convert 0-terminated string value to asn encodet value
+ * return 0 on success
+ * on return the length of rvalue < value.
+ * input: value [0 terminated string]
+ *        tov [asn]-type of value
+ * output: rvalue [non 0-terminated string with asn-value]
+ *         vlen [length of rvalue]
+ * return 0 on success
+ * attention: we use full integers (length=4, not reduced in length
+ * to the minimum size). the snmp-lib reduces the length of an
+ * integer to the minimum size...but this is not a must
+ */
+static int
+str2asnv(u_char *value, u_char tov, u_char *rvalue, u_char *vlen)
+{
+    unsigned long int ltmp;
+
+    if (rvalue == NULL)
+        return(0);              /* yes, NULL is allowed */
+    if ((rvalue != NULL) && (vlen == NULL))
+        return(-1);
+
+    switch(tov)
+    {
+        case ASN_INTEGER:
+            ltmp = htonl(strtol(value, NULL, 10));
+            memcpy(rvalue, &ltmp, sizeof(ltmp));
+            *vlen = sizeof(ltmp);
+            break;
+        case ASN_UNSIGNED:
+        case ASN_COUNTER:
+        case ASN_TIMETICKS:
+            ltmp = htonl(strtoul(value, NULL, 10));
+            memcpy(rvalue, &ltmp, sizeof(ltmp));
+            *vlen = (sizeof(ltmp));
+            break;
+        case ASN_IPADDRESS:
+            ltmp = inet_addr(value);
+            memcpy(rvalue, &ltmp, sizeof(ltmp));
+            *vlen = sizeof(ltmp);
+            break;
+        case ASN_OBJECT_ID:
+            str2objid(rvalue, vlen, value);
+            break;
+        case ASN_OCTET_STR:
+            memcpy(rvalue, value, strlen(value));
+            *vlen = strlen(value);
+            break;
+        case ASN_NULL:
+            *vlen = 0;
+            break;
+        default:
+            *vlen = 0;
+            fprintf(stderr, "WARNING, unsupported value type !\n");
+    }
+
+    return(0);
+}
+
+/*
+ * add snmp request
+ * build the entire SNMP packet [version, community, pdu, id, error, idx, ..]
+ * req: objs + values [BER encodet, already with header and \x30 sub start]
+ * reqlen: len of entire req [objs + values]
+ * tor: type of request [get, getnext, set]
+ */
+static int
+add_snmpreq (u_char *pkt, int *len, u_char tor, u_char *community, struct _pdu *pdu)
+{
+    int le = 0;
+
+    *(pkt + le++) = ASN_SUBCAT;
+    *(pkt + le++) = (u_char)(pdu->varlen +  strlen(community) + 18);
+    ADD_DATA(pkt + le, "\x02\x01\x00\x04" , 4, &le);    /* SNMPv1 + STRINGOBJ*/
+    *(pkt + le++) = (u_char)strlen(community);
+    ADD_DATA(pkt + le, community, strlen(community), &le);
+    *(pkt + le++) = tor;                /* PDU GET-NEXTrequest */
+    /* lenof(<req-id> + <err-state> + <err-idx> + <SUB> <obj+values>) */
+    *(pkt + le++) = (u_char)(pdu->varlen + 11);
+    /* <req-id> + <err-state> + <err-idx> <SUB-OBJ> */
+    ADD_DATA(pkt + le, "\x02\x01\x01\x02\x01\00\x02\x01\x00\x30", 10, &le);
+    *(pkt + le++) = (u_char)(pdu->varlen); 
+    ADD_DATA(pkt + le, pdu->varbuf, pdu->varlen, &le);
+
+    *len = le;
+    return(0);
+}
+
+
+/*
+ * convert asn encoded obj to string
+ * input: string of <type of value><length of value><value>
+ * datalen: max len i'm allowed to read from "ptr --> ..."
+ * return:
+ * prefix is the string representation of the value-type e.g. "OCTET-STRING"..
+ *   and '<trunc>' if value got truncated.
+ *   is < 64 chars...
+ * val: the value (0-terminated string)
+ * return 0 on success
+ * 1 if truncated (value-length > size of snmp or val to small)
+ * -1 on error
+ */
+static int
+asn2str(u_char *ptr, u_char *prefix, u_char *val, unsigned int datalen)
+{
+    unsigned long int   len, day, hour, min, sec, msec;
+    u_char              *ptr2;
+    u_char              vlen = *(ptr+1);        /* saved value length */
+    u_char              tov = *ptr;
+    unsigned long int   ltmp;
+    int                 i, slen = 0;
+    u_char              buf[128];
+
+    if (vlen > datalen-2)
+        len = datalen-2;
+    else
+        len = vlen;
+
+    *val = '\0';
+    *prefix = '\0';
+
+    switch(tov)
+    {
+        case ASN_IPADDRESS:
+           if (len > sizeof(ltmp))
+                len = sizeof(ltmp);
+
+           ptr2 = (u_char *)&ltmp;
+           memcpy(ptr2 + sizeof(ltmp) - len, ptr+2, len);
+           sprintf(val, "%s", int_ntoa(ltmp));
+           strcpy(prefix, ASN_IPADDRESSSTR);
+           break;
+        case ASN_NULL:
+           strcpy(prefix, ASN_NULLSTR);
+           break;
+        case ASN_TIMETICKS:
+           if (len > sizeof(ltmp))
+                len = sizeof(ltmp);
+
+            ltmp = 0;
+            ptr2 = (u_char *)&ltmp;
+            memcpy(ptr2 + sizeof(ltmp) - len, ptr+2, len);
+            ltmp = ntohl(ltmp);
+            day = ltmp / 8640000;
+            hour = (ltmp % 8640000) / 360000;
+            min = (ltmp % 360000) / 6000;
+            sec = (ltmp % 6000) / 100;
+            msec = (ltmp % 100);
+            sprintf(val, "(%lu) %d days, %2.2d:%2.2d:%2.2d.%d", ltmp, 
+                        (int)day, (int)hour, (int)min, (int)sec, (int)msec);
+            if (tov == ASN_TIMETICKS)
+                strcpy(prefix, ASN_TIMETICKSSTR);
+            break;
+        case ASN_INTEGER:
+        case ASN_UNSIGNED:
+        case ASN_COUNTER:
+            ltmp = 0;
+            if (len > sizeof(ltmp))
+                len = sizeof(ltmp);
+
+            ptr2 = (u_char *)&ltmp;
+            memcpy(ptr2 + sizeof(ltmp) - len, ptr+2, len);
+
+            if (tov == ASN_INTEGER)
+                sprintf(val, "%lu", (unsigned long int)ntohl(ltmp));
+            else
+                sprintf(val, "%ld", (long int)ntohl(ltmp));
+
+            if (tov == ASN_INTEGER)
+                strcpy(prefix, ASN_INTEGERSTR);
+            if (tov == ASN_UNSIGNED)
+                strcpy(prefix, ASN_UNSIGNEDSTR);
+            if (tov == ASN_COUNTER)
+                strcpy(prefix, ASN_COUNTERSTR);
+            break;
+        case ASN_OCTET_STR:
+            if (isprintdata(ptr+2, len))
+            {
+                if (len > MAX_VALSTRLEN-1)
+                    len = MAX_VALSTRLEN-1;
+                memcpy(val, ptr+2, len);
+                val[len] = '\0';
+            } else if ((mopt.flags & MOPT_STRIP) == MOPT_STRIP) {
+                dat2strip(val, MAX_VALSTRLEN, ptr+2, len);
+            } else {
+                dat2hexstr(val, MAX_VALSTRLEN, ptr+2, len);
+            }
+
+            strcpy(prefix, ASN_OCTET_STRSTR);
+            break;
+        case ASN_OBJECT_ID:
+            i = 0;
+            slen = 0;
+            while(i < len)
+            {
+                if (*(ptr+2+i) == 0x2b)
+                    strcpy(buf, "1.3.");        /* substituate shorts */
+                else
+                    snprintf(buf, sizeof(buf), "%d.", *(ptr+2+i));
+
+                buf[sizeof(buf)-1] = '\0';
+                slen = strlen(val) + strlen(buf);
+
+                if (slen < MAX_VALSTRLEN -1)
+                    strcat(val, buf);
+                else
+                    break;
+
+                i++;
+            }
+            val[slen-1] = '\0';         /* remove last '.' */
+            strcpy(prefix, ASN_OBJECT_IDSTR);
+            break;
+        default:
+            dat2hexstr(val, MAX_VALSTRLEN, ptr+2, len);
+            break;
+    }
+
+    if (*prefix == '\0')
+        strcpy(prefix, "UNKNOWN");
+
+    if (vlen > len)
+    {
+        strcat(prefix, "<trunc>");
+        return(1);
+    }
+
+    return(0);
+}
+
+/*
+ * return TypeOfValue and let next point to the next asn encodet obj
+ * ptr: pointer to asn.1 encodet obj
+ * len: returns the length of the OLD value + suffix [length we skipped]
+ * next: returns a pointer to the next obj.
+ */
+static u_char 
+asn_getnext(u_char *ptr, u_char *len, u_char **next)
+{
+    u_char      vlen = *(ptr+1);
+
+    if (*ptr == ASN_SUBCAT)
+    {
+        if (vlen & ASN_LONG_LEN)
+            vlen = vlen & ~ASN_LONG_LEN;
+        else
+            vlen = 0;
+     }
+
+    *next = ptr + vlen + 2; 
+
+    *len = vlen + 2;
+    return(**next);
+}
+
+#define RETURN_ILLLEN(x,y,r)  if (x >= y) return(r);
+
+/*
+ * handle incoming snmp answers, answer with 'next' if not last record
+ */
+static int
+process_rcv(struct _opt *opt)
+{
+    struct udphdr *udp;
+    u_char *ptr;
+    int len;
+    int snmplen;
+    uint iphdr_len = 0;
+    u_char objlen;
+    u_char buf[MAX_VALSTRLEN];
+    u_char prefix[32];
+    u_char buf2[MAX_VALSTRLEN + 32];
+    u_char asnprefix[128];
+    u_char c;
+
+    if (ip->ip_p != IPPROTO_UDP)
+        return(0);
+
+    iphdr_len = IP_SIZE + ip_options;
+    if (plen < dlt_len + iphdr_len + sizeof(*udp))
+        return(-1);     /* invalid size */
+
+    udp = (struct udphdr *) (align_buf + iphdr_len);
+    ptr = (u_char *) (align_buf + iphdr_len + sizeof(*udp));
+    snmplen = plen - dlt_len - iphdr_len - sizeof(*udp);
+    len = 0;
+  
+    /*
+     * we dont check the value of the ASN_SUBCAT-length coz many buggy
+     * hosts out there return a wrong length [0xff, 0x80, ...]
+     */
+
+    ptr += 2; len += 3; /* pointing on the 3rd element */
+    RETURN_ILLLEN(len, snmplen, 0);
+
+    asn_getnext(ptr, &objlen, &ptr);    /* skip version, get community */
+    len += objlen;
+    RETURN_ILLLEN(len, snmplen, 0);
+    pdunfo.community = ptr;
+    
+    asn_getnext(ptr, &objlen, &ptr);    /* skip community, get pdu */
+    len += objlen;
+    RETURN_ILLLEN(len, snmplen, 0);
+    pdunfo.pdu_type = ptr;
+    ptr += 2;
+    len += 2;                           /* skip pdu, get reqid */
+    RETURN_ILLLEN(len, snmplen, 0);
+
+    asn_getnext(ptr, &objlen, &ptr);    /* skip reqid, get errorstatus */
+    len += objlen;
+    RETURN_ILLLEN(len, snmplen, 0);
+    pdunfo.error_status = ptr;
+
+    asn_getnext(ptr, &objlen, &ptr);    /* skip errorstatus, get erroridx */
+    len += objlen;
+    RETURN_ILLLEN(len, snmplen, 0);
+    pdunfo.error_idx = ptr;
+
+    asn_getnext(ptr, &objlen, &ptr);    /* skip erroridx, get */
+    len += objlen;
+    RETURN_ILLLEN(len, snmplen, 0);
+
+    asn_getnext(ptr, &objlen, &ptr);    /* we reached the SUB section */
+    len += objlen;
+    RETURN_ILLLEN(len, snmplen, 0);
+
+    snprintf(prefix, sizeof(prefix) - 1, "%s:%d ", int_ntoa(ip->ip_src),
+                                ntohs(udp->uh_sport));
+
+    c = *(pdunfo.error_status+2);
+    if (c != 0)
+    {
+        if (c < MAX_SNMP_ERR)
+        {
+            printf("%s%s (%d)\n", prefix, snmp_error[c],
+                        *(pdunfo.error_idx+2));
+        } else {
+            printf("%s UNKNOWN ERROR\n", prefix);
+        }
+    }
+
+    while (1)
+    {
+        asn_getnext(ptr, &objlen, &ptr);
+        if (objlen == 0)
+            return(0);
+
+        len += objlen;
+        RETURN_ILLLEN(len, snmplen, 0);
+        if (*ptr == ASN_SUBCAT)
+            continue;
+
+        if ((mopt.flags & MOPT_NOOBJ) && (*ptr == ASN_OBJECT_ID))
+           continue;
+
+        asn2str(ptr, asnprefix, buf, snmplen - len + 1);
+        snprintf(buf2, sizeof(buf2)-1, "%s %s", asnprefix, buf);
+        buf2[sizeof(buf2)-1] = '\0';
+        save_write(stdout, prefix, buf2, strlen(buf2));
+    }
+
+    return(0);
+   
+}
+
+
diff --git a/other/b-scan/src/Makefile b/other/b-scan/src/Makefile
new file mode 100644
index 0000000..f1688a1
--- /dev/null
+++ b/other/b-scan/src/Makefile
@@ -0,0 +1,88 @@
+#
+# Makefile of (m)bscan v0.0, skyper
+# Massiv Banner Scanner
+#
+
+CC=gcc
+COPT=-Wall -ggdb -I../include -I/usr/include/pcap
+LEX=flex
+LEXOPT=
+OBJS=bscan.o arpg.o snarf.o network_raw.o restore.o
+OBJS2=tty.o system.o signal.o dcd_icmp.o garage.o cf_prse.o module.o
+SUPOBJ=../support/hpuxdl.o ../support/snprintf.o
+TARGET=bscan
+INDENT=indent
+INDENT_OPT=-bap -nbc -bbo -bl -bli0 -bls -ncdb -nce -cp1 -cs -di2 -ndj -nfc1 -nfca -hnl -i4 -ip5 -lp  -psl -nsc -nsob
+
+# LINUX
+#######
+LOPT=-export-dynamic
+DEFS=`libnet-config --defines` -DHAVE_DLSYM -D_SVID_SOURCE #-DDEBUG
+LIBS=-lpcap -ldl -lm `libnet-config --libs` -lpthread
+
+# SunOS 5.7/5.8 + gcc
+#####################
+#LOPT=-export-dynamic
+#DEFS=`libnet-config --defines` -DHAVE_DLSYM #-DDEBUG
+#LIBS=-lpcap -ldl -lm `libnet-config --libs` -lpthread
+
+# HP-UX 11.00
+#############
+#LOPT=-Xlinker -E
+#DEFS=`libnet-config --defines` -DHAVE_DLSYM #-DDEBUG
+#LIBS=-lpcap -ldld -lm `libnet-config --libs` -lpthread
+
+# HP-UX 10.20
+# HP-UX 10.20 is not supported. You need snprintf.c and
+# some hacks to use IP_HDRINCL and the kernel patches
+# to access the link_layer interface.
+#############
+#LOPT=-Xlinker -E
+#DEFS=`libnet-config --defines` -DHAVE_DLSYM -DHP10 #-DDEBUG
+#LIBS=-lpcap -ldld -lm `libnet-config --libs` -lpthread
+
+# OpenBSD
+#########
+#LOPT=
+#DEFS=`libnet-config --defines` -DHAVE_DLSYM #-DDEBUG
+#LIBS=-lpcap -lm `libnet-config --libs` -lpthread
+
+all:    $(SUPOBJ) $(OBJS2) $(OBJS)
+        $(CC) $(SUPOBJ) $(OBJS) $(OBJS2) $(LOPT) $(LIBS) -o $(TARGET)
+
+cf_prse.o:
+        $(LEX) $(LEXOPT) -ocf_prse.c cf_prse.l
+        $(CC) $(COPT) -c cf_prse.c
+
+dcd_icmp.o:     dcd_icmp.c
+        $(CC) $(COPT) -c dcd_icmp.c
+
+garage.o:       garage.c
+        $(CC) $(COPT) -c garage.c
+
+module.o:       module.c
+        $(CC) $(COPT) $(DEFS) -c module.c
+
+system.o:       system.c
+        $(CC) $(COPT) -c system.c 
+
+tty.o:          tty.c
+        $(CC) $(COPT) -c tty.c
+
+signal.o:       signal.c
+        $(CC) $(COPT) -c signal.c
+
+../support/hpuxdl.o:    ../support/hpuxdl.c
+        $(MAKE) -C ../support
+
+../support/snprintf.o:  ../support/snprintf.c
+        $(MAKE) -C ../support
+
+.c.o:
+        $(CC) $(COPT) $(DEFS) -c $<
+
+clean:
+        rm -f $(OBJS) $(OBJS2) $(TARGET) cf_prse.c core *~
+
+indent:
+        $(INDENT) $(INDENT_OPT) *.c *.h
diff --git a/other/b-scan/src/arpg.c b/other/b-scan/src/arpg.c
new file mode 100644
index 0000000..0c8a620
--- /dev/null
+++ b/other/b-scan/src/arpg.c
@@ -0,0 +1,78 @@
+/*
+ * bscan arp routine
+ */
+#include <bscan/arpg.h>
+#include <bscan/snarf.h>
+#include <libnet.h>
+
+
+
+void
+prepare_libnet (struct _libnet *lnet)
+{
+
+    if (lnet->device == NULL)
+    {
+        struct sockaddr_in sin;
+        if (libnet_select_device (&sin, &lnet->device, lnet->err_buf) == -1)
+            libnet_error (LIBNET_ERR_FATAL,
+                          "libnet_select_device failed: %s\n", lnet->err_buf);
+    }
+
+    if (
+        (lnet->network =
+         libnet_open_link_interface (lnet->device, lnet->err_buf)) == NULL)
+        libnet_error (LIBNET_ERR_FATAL,
+                      "libnet_open_link_interface '%s': %s\n", lnet->device,
+                      lnet->err_buf);
+
+
+    lnet->packet_size = 60;     /* min ethernet frame length -4 CRC */
+    if (libnet_init_packet (lnet->packet_size, &lnet->packet) == -1)
+        libnet_error (LIBNET_ERR_FATAL, "libnet_init_packet failed\n");
+
+}
+
+/*
+ * play arp-god: sends out arp-reply
+ * return: same as libnet_write_link_layer
+ * -1 on failure or bytes written 
+ */
+int
+play_arpg (struct _libnet *lnet, u_char spf_sip[4], u_char spf_smac[6],
+           u_char spf_dip[4], u_char spf_dmac[6])
+{
+    int c;
+
+#ifdef DEBUG
+    printf ("sending out arp\n");
+#endif
+    libnet_build_ethernet (spf_dmac,
+                           spf_smac, ETHERTYPE_ARP, NULL, 0, lnet->packet);
+
+    libnet_build_arp (ARPHRD_ETHER, ETHERTYPE_IP,       /* arp for which protocol ? */
+                      6,        /* hardware addr. length */
+                      4,        /* protocol addr. length */
+                      ARPOP_REPLY, spf_smac, spf_sip, spf_dmac, spf_dip, NULL,  /* packet payload */
+                      0,        /* length of payload */
+                      lnet->packet + LIBNET_ETH_H);
+
+    c =
+        libnet_write_link_layer (lnet->network, lnet->device, lnet->packet,
+                                 lnet->packet_size);
+    if (c < lnet->packet_size)
+    {
+        libnet_error (LN_ERR_WARNING,
+                      "libnet_write_link_layer only wrote %d bytes\n", c);
+    }
+#ifdef DEBUG
+    else
+    {
+        printf ("construction and injection completed, wrote all %d bytes\n",
+                c);
+    }
+#endif
+
+    return (c);
+}
+
diff --git a/other/b-scan/src/bscan.c b/other/b-scan/src/bscan.c
new file mode 100644
index 0000000..ed49d1b
--- /dev/null
+++ b/other/b-scan/src/bscan.c
@@ -0,0 +1,851 @@
+/*
+ * This is unpublished proprietary source code.
+ *
+ * The contents of these coded instructions, statements and computer
+ * programs may not be disclosed to third parties, copied or duplicated in
+ * any form, in whole or in part, without the prior written permission of
+ * the author.
+ * (that includes you hack.co.za and other lame kid sites who dont
+ *  get the point what hacking is about. damn kids.)
+ *
+ * (C) COPYRIGHT by me, 2000
+ * All Rights Reserved
+ */
+
+
+#include <stdlib.h>
+#include <math.h>
+#include <bscan/bscan.h>
+#include <bscan/snarf.h>
+#include <bscan/tty.h>
+#include <bscan/system.h>
+#include <bscan/restore.h>
+#include <bscan/module.h>
+#include <bscan/version.h>
+#include <bscan/cf_prse.h>
+#include <sys/types.h>
+#include <signal.h>
+#include <math.h>
+#include <libnet.h>
+
+#ifdef HAVE_DLSYM
+extern const int modcount;
+extern const struct _mods mods[MAX_MODULES];
+#endif
+
+unsigned char packet[1024];
+struct _opt *opt;
+
+#define OPTS    "XOVhavr:C:L:M:m:l:d:p:i:s:f:o:"
+
+static unsigned long int        gennextip (void);
+static unsigned long int        gennext_spreadip (void);
+static unsigned long int        gennext_random (void);
+
+/*
+ * make static mac entry in arp-table.
+ * We use system() here [setting mac entry is heavily system dependent]
+ */
+int
+setarp (uint32_t ip, u_char * mac)
+{
+    char buf[128];
+    u_char *p = (u_char *) mac;
+
+    snprintf (buf, sizeof (buf) - 1,
+              "arp -s %s %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x", int_ntoa (ip),
+              p[0], p[1], p[2], p[3], p[4], p[5]);
+    /* put all your IFL fun in here ! this is the major security hole
+       you were looking for.... */
+
+    return (system (buf));
+}
+
+
+/*
+ * delete the mac entry from the arp-table.
+ * we use system() again
+ */
+int
+unsetarp (uint32_t ip)
+{
+    char buf[128];
+
+    snprintf (buf, sizeof (buf) - 1, "arp -d %s", int_ntoa (ip));
+    /* put all your IFL fun in here ! this is the major security hole
+       you were looking for.... */
+
+    return (system (buf));
+}
+
+
+static void
+usage (int code, char *fmt, ...)
+{
+    char buf[1024];
+    va_list ap;
+    u_char *p = (u_char *) opt->spf_smac;
+    int c;
+
+    printf (VERSION "\n");
+    printf (" b-scan -s <spoofed source ip> [options] <host/network> ...\n");
+    printf ("   format of <host/network>:\n");
+    printf ("      <host>, 10.23.0.1 or\n");
+    printf ("      <start ip>-<end ip>, 10.23.0.1-10.23.255.254 or\n");
+    printf ("      <start network/mask>, 10.23.0.1/16\n\n");
+    printf ("Options:\n");
+    printf (" -r <restore.bscan>\n");
+#ifdef HAVE_DLSYM
+    printf (" -L <module.so, shared library file>\n");
+#endif
+    printf (" -f <hostlist, one ip/line>\n");
+    printf (" -s <spoofed ip address on your LOCAL (!) network>\n");
+    printf (" -m <mac>, make a static arp-entry and spoof from this mac.\n");
+    printf
+        (" -M <mac>, dont make the static arpentry but spoof from this mac.\n");
+    printf ("    Add the mac to your arp-table manually (arp -s ip mac),\n");
+    printf ("    If no mac is given default mac is used:\n");
+    printf ("    MAC : %x:%x:%x:%x:%x:%x\n", p[0], p[1], p[2], p[3], p[4],
+            p[5]);
+    printf (" -i <ethernet interface>, default eth0\n");
+    printf
+        (" -X spreadmode [non-sequential, experimental but recommended]\n");
+    printf (" -O output ip's, dont scan\n");
+    printf
+        (" -l <pps> limit packets per second, default 1000, 0 = unlimited\n");
+    printf
+        (" -d <delay> w8 delay seconds for outstanding packets, default 10\n");
+    printf (" -C <configuration file>\n");
+    printf (" -v verbose output\n\n");
+    printf ("Example:\n");
+    printf ("# bscan -s 10.1.6.6 -i eth2 -L \"modules/mod_banner.so\" -X 2.4.1.0-2.4.9.9\n");
+
+#ifdef HAVE_DLSYM
+    for (c = 0; c < modcount; c++)
+        mods[c].musage ();
+#endif
+
+    if (fmt != NULL)
+    {
+        va_start (ap, fmt);
+        vsnprintf (buf, sizeof (buf) - 1, fmt, ap);
+        va_end (ap);
+        fprintf (stderr, "ERROR: %s\n", buf);
+    }
+
+    exit (code);
+}
+
+/*
+ * read's next ip from file. 
+ * returns ip in NBO
+ * returns -1 (eg. 255.255.255.255) on failure
+ */
+unsigned long int
+readnextip (void)
+{
+    char buf[64];
+
+    if (opt->ffd == NULL)
+    {
+        if ((opt->ffd = fopen (opt->hostfile, "r")) == NULL)
+        {
+            perror ("unable to open hostfile");
+            return (-1);
+        }
+        opt->target = opt->hostfile;
+    }
+    fgets (buf, sizeof (buf), opt->ffd);
+
+    return (inet_addr (buf));
+}
+
+/*
+ * get next ip in NBO from network/mask
+ * [could be random order]
+ * returns -1 [255.255.255.255] if no more ip's
+ * hint: rfc: "the first and last ip in a subnetwork are reserved"
+ */
+static unsigned long int
+gennextip (void)
+{
+
+    if (opt->ip_pos <= opt->end_ip)
+        return (htonl (opt->ip_pos++));
+
+    return (-1);
+
+}
+
+/*
+ * generate next ip in spread-mode
+ * must: ip.end_ip - ip.start_ip > 2 
+ */
+static unsigned long int
+gennext_spreadip (void)
+{
+    u_long pos = opt->ip_pos;
+
+
+    if ((opt->ip_offset + 1 >= opt->ip_blklen) && (opt->ip_pos > opt->end_ip))
+        return (-1);
+
+    if ((opt->ip_pos + opt->ip_blklen > opt->end_ip)
+        && (opt->ip_offset + 1 < opt->ip_blklen))
+        opt->ip_pos = opt->start_ip + (++opt->ip_offset);
+    else
+        opt->ip_pos += opt->ip_blklen;
+
+    return (htonl (pos));
+
+}
+
+
+static unsigned long int
+gennext_random (void)
+{
+    unsigned long int   ip;
+
+    if (opt->random_maxcount != 0) {
+        if (--opt->random_maxcount == 0)
+            return (-1);
+    }
+
+pitch:
+    ip = (random () & 0xffff) << 16;
+    ip |= random () & 0xffff;
+
+    if (((ip & 0xe0000000) >= 0xe0000000) ||    /* 224.0.0.0/3 */
+        ((ip & 0xff000000) == 0x7f000000) ||    /* 127.0.0.0/8 */
+        ((ip & 0xff000000) == 0x0a000000) ||    /* 10.0.0.0/8 */
+        ((ip & 0xffff0000) == 0xc0a80000) ||    /* 192.168.0.0/16 */
+        ((ip & 0xffff0000) == 0xac100000) ||    /* 172.16.0.0/16 */
+        (ip == 0x00000000))                     /* 0.0.0.0/32 */
+        goto pitch;
+
+    return (htonl (ip));
+}
+
+
+/*
+ * process all the options and load/init modules
+ */
+void
+do_opt (int argc, char *argv[])
+{
+    extern char *optarg;
+    extern int optind; /*, opterr, optopt;*/
+    unsigned short int sp[ETH_ALEN];
+    int c;
+    char do_usage = 0;
+
+
+    while ((c = getopt (argc, argv, OPTS)) != -1)
+    {
+        switch (c)
+        {
+        case 'C':               /* process conf file */
+            if (readConfFile (optarg))
+              {
+                opt->flags |= FileOpt.flags;
+                opt->limit = FileOpt.limit;
+                opt->delay = FileOpt.delay;
+                opt->nt.src = FileOpt.srcAddr;
+                opt->lnet.device = FileOpt.device;
+                for (c = 0; c < 6; c++)
+                  opt->spf_smac[c] = FileOpt.mac[c];
+              }
+            else
+              fprintf (stderr, "%s is not a valid vonfig file\n", optarg);
+            break;
+        case 'L':
+            break;              /* process module stuff AFTER main-opts */
+        case 'h':
+            do_usage = 1;
+            break;
+        case 'r':
+            if (read_restore (optarg) != 0)
+            {
+                fprintf (stderr, "unable to read restore file '%s'\n",
+                         optarg);
+                exit (-1);
+            }
+            opt->flags |= OPT_REST;
+            break;
+        case 'l':
+            opt->limit = atoi (optarg);
+            break;
+        case 'v':
+            opt->flags |= OPT_VERB;
+            break;
+        case 'X':
+            opt->flags |= OPT_SPREADSCAN;
+            break;
+        case 'O':
+            opt->flags |= OPT_OUTONLY;  /* dont scan, output ip's only */
+            break;
+        case 'm':
+            opt->flags |= OPT_SETARP;
+            sscanf (optarg, "%hx:%hx:%hx:%hx:%hx:%hx", &sp[0], &sp[1], &sp[2],
+                    &sp[3], &sp[4], &sp[5]);
+            for (c = 0; c < 6; c++)
+                opt->spf_smac[c] = (u_char) sp[c];
+            break;
+        case 'M':
+            opt->flags &= ~OPT_SETARP;
+            sscanf (optarg, "%hx:%hx:%hx:%hx:%hx:%hx", &sp[0], &sp[1], &sp[2],
+                    &sp[3], &sp[4], &sp[5]);
+            for (c = 0; c < 6; c++)
+                opt->spf_smac[c] = (u_char) sp[c];
+            break;
+        case 'd':
+            opt->delay = atoi (optarg);
+            break;
+        case 'i':
+            opt->lnet.device = optarg;
+            break;
+        case 's':
+            opt->nt.src = inet_addr (optarg);
+            break;
+        case 'f':
+            opt->hostfile = optarg;
+            opt->flags |= OPT_HOSTFILE;
+            break;
+        case 'V':
+            printf (VERSION "\n");
+            exit (0);
+        case ':':
+            usage (0, "parameter missing", c);
+            break;
+        default:
+            break;
+            usage (0, "unknown option -%c", c);
+        }
+    }
+
+    /*
+     * init modules AFTER processing main-opts
+     */
+#ifdef HAVE_DLSYM
+    optind = 1;
+    while ((c = getopt (argc, argv, OPTS)) != -1)
+    {
+        switch (c)
+        {
+        case 'L':
+            loadinit_mod(optarg);
+            break;
+        }                       /* eo switch(c) */
+    }                           /* eo while */
+#endif
+    if (do_usage != 0)
+        usage (0, NULL);
+
+    if ((optind < argc) && (!(opt->flags & OPT_REST)))
+        opt->argvlist = &argv[optind];
+    if (opt->flags & OPT_OUTONLY)
+        opt->delay = 0;
+    if (opt->nt.src == -1)
+        usage (0, "you must specify a -s source address");
+    if ((opt->argvlist == NULL) && (opt->hostfile == NULL))
+        usage (0, "you must specify a -f hostfile or an ip-range");
+
+}
+
+/*
+ * called via SIGCHLD and w8 for the pid [to destroy last kernel structure]
+ * OBSOLETE, ###fixme
+ */
+void
+waitchld (int sig)
+{
+    int status;
+    wait (&status);             /* exit status of the child */
+}
+
+void
+sig_handle_abort (int sig)
+{
+
+    if (pthread_self() != opt->bscantid)
+        return;
+
+    fprintf (stderr, "Session aborted ...one more to kill process\n");
+    signal (sig, die);
+    opt->flags |= OPT_ABRT;
+}
+
+/*
+ * generic signal driver :>
+ */
+void
+sigdriver (int sig)
+{
+
+    if (pthread_self() != opt->bscantid)
+        return;
+
+    if (sig == SIGUSR1)
+        print_scanstat (stderr);
+    if ((sig == SIGINT) || (sig == SIGQUIT))    /* ctrl-c */
+        sig_handle_abort (sig);
+}
+
+/*
+ * This function MUST be called on exit (..or use atexit():)
+ * we have threads. Doesnt matter which thread calls this
+ * function...do everything and exit() the process 
+ * (kills all threads...not very gentle...but...).
+ */
+void
+die (int sig)
+{
+    int c = 0;
+
+    print_scanstat (stderr);    /* print before cleanup routines...*/
+
+    if (opt->flags & OPT_ABRT)
+        if (write_restore () != 0)
+            perror ("restorefile failed");
+        if ((opt->flags & OPT_SETARP) && (unsetarp (opt->nt.src) != 0))
+            fprintf (stderr, "unable to unset arpentry. do it manually\n");
+#ifdef HAVE_DLSYM
+        while (c < modcount)
+            mods[c++].fini ();
+#endif
+
+#ifdef DEBUG
+    printf ("calling exit.\n");
+#endif
+
+    fflush (stdout);
+
+    exit (0);
+}
+
+/*
+ * reset all vars used during the scan (counters, ...)
+ * should be called before the call to make_iprange()
+ * If not...make_iprange thinks we use restore-file
+ */
+void
+reset_vars ()
+{
+    opt->target = NULL;
+    opt->ipscan_count = 0;
+    opt->bsent_count = 0;
+    opt->ip_offset = 0;
+    opt->ip_blklen = 0;
+    opt->ip_pos = 0;
+    opt->start_ip = 0;
+    opt->end_ip = 0;
+    opt->snarf.close_c = 0;
+    opt->snarf.open_c = 0;
+    opt->snarf.refused_c = 0;
+    opt->snarf.icmp_c = 0;
+}
+
+
+void
+init_vars (char **nullptr)
+{
+    srandom ((unsigned int) time (NULL));
+
+    if ((opt = calloc (1, sizeof (*opt))) == NULL)
+    {
+        perror ("calloc");
+        exit (-1);
+    }
+    memset (opt, 0, sizeof (struct _opt));
+
+    opt->bscantid = 0;
+    opt->snarftid = 0;
+    opt->packet = packet;
+    opt->pkg_maxlen = sizeof (packet);
+    opt->pkg_len = 0;
+    opt->scan_start.tv_sec = 0;
+    opt->iptotscan_count = 0;
+    opt->scan_start.tv_usec = 0;
+    opt->hostfile = NULL;
+    opt->limit = 1000;
+    opt->flags = OPT_SETARP;
+    opt->ffd = NULL;
+    opt->argvlist = nullptr;
+    opt->lnet.device = NULL;    /* done by libnet and libpcap */
+    memcpy (opt->spf_smac, SPF_SMAC, 6);
+    opt->nt.src = -1;
+    opt->nt.dst = -1;
+    opt->delay = 10;
+    opt->lnet.device = NULL;
+    reset_vars ();
+
+    signal (SIGINT, sigdriver);
+    signal (SIGQUIT, sigdriver);
+    signal (SIGTERM, die);      /* also called by client */
+    signal (SIGCHLD, SIG_IGN);
+    signal (SIGUSR1, sigdriver);
+}
+
+void
+print_opt ()
+{
+    u_char *p = (u_char *) opt->spf_smac;
+
+    fprintf (stderr, "Pid           : %d\n", getpid());
+    fprintf (stderr, "Interface     : %s\n", opt->lnet.device);
+    fprintf (stderr, "Source IP     : %s\n", int_ntoa (opt->nt.src));
+    fprintf (stderr, "Source MAC    : %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x\n",
+             p[0], p[1], p[2], p[3], p[4], p[5]);
+    fprintf (stderr, "pps           : %u\n", opt->limit);
+}
+
+/*
+ * print scanstatistics on filedes
+ */
+void
+print_scanstat (FILE * fd)
+{
+    char perc = 100;
+    struct timeval tv2;
+    time_t timep;
+    struct tm mytm;
+
+    gettimeofday (&tv2, NULL);
+    time_diff (&opt->scan_start, &tv2);
+    if (tv2.tv_sec == 0)
+        tv2.tv_sec = 1;
+    timep = tv2.tv_sec;
+    gmtime_r (&timep, &mytm);
+
+    if ((opt->end_ip - opt->start_ip) != 0)
+        perc =
+            (((float)
+              opt->ipscan_count / (float) (opt->end_ip -
+                                           opt->start_ip)) * 100);
+
+    fprintf (fd,
+             "%2.2d:%2.2d:%2.2d:%2.2d %s %3d%% p/s: %6d [o:%lu r:%lu c:%lu i:%lu]\n",
+             mytm.tm_yday, mytm.tm_hour, mytm.tm_min, mytm.tm_sec, 
+             opt->target, perc, (int) (opt->iptotscan_count / tv2.tv_sec),
+             opt->snarf.open_c, opt->snarf.refused_c, opt->snarf.close_c,
+             opt->snarf.icmp_c);
+
+}
+
+
+/*
+ * calculate beginning and end of ip-range
+ * set start_ip and end_ip and target
+ */
+void
+make_iprange (u_long * network, u_long * netmask, u_long * start_ip,
+              u_long * end_ip, char *str)
+{
+    char buf[64];
+    char *ptr;
+
+    opt->target = str;
+    strncpy (buf, str, sizeof (buf));
+    buf[sizeof (buf) - 1] = '\0';
+    opt->getnextip = NULL;
+    *start_ip = 0;
+
+    if (strncmp (buf, "random", 6) == 0) {
+        opt->getnextip = (void *) gennext_random;
+        if (strchr (buf, ':') != NULL) {
+            sscanf (strchr (buf, ':') + 1, "%lu", &opt->random_maxcount);
+        } else {
+            opt->random_maxcount = 0;
+        }
+        return;
+    }
+
+    /* a.b.c.d/e */
+    if (strchr (buf, '/') != NULL)
+    {
+        *netmask = 0xffffffff;  /* for the lamers who forget the /<netmask> */
+
+        if ((ptr = (char *) strrchr (buf, '/')) != NULL)
+            *netmask = 0xffffffff << (32 - atoi (ptr + 1));
+
+        if ((ptr = (char *) strchr (buf, '/')) != NULL)
+            *ptr = '\0';
+
+        *network = (ntohl (inet_addr (buf)) & *netmask);
+        *start_ip = (*network & *netmask) + 1;
+        *end_ip = (*network | ~*netmask) - 1;
+        if (*netmask >= 0xfffffffe)
+            (*start_ip)--;
+        if (*netmask == 0xffffffff)
+            (*end_ip)++;
+    }
+
+    /* a.b.c.d - w.x.y.z */
+    if ((*start_ip == 0) && ((ptr = (char *) strrchr (buf, '-')) != NULL))
+    {
+        *end_ip = ntohl (inet_addr (ptr + 1));
+        *ptr = '\0';
+        *start_ip = ntohl (inet_addr (buf));
+    }
+
+    /* a.b.c.d */
+    if (*start_ip == 0)
+    {
+        *end_ip = ntohl (inet_addr (buf));
+        *start_ip = ntohl (inet_addr (buf));
+    }
+
+    if (opt->ip_pos == 0)       /* if != 0 we use restore-file */
+        opt->ip_pos = *start_ip;
+
+    /* initialize getnextip-funtion and spread scan variables */
+    if ((opt->flags & OPT_SPREADSCAN) && (opt->end_ip - opt->start_ip > 2))
+    {
+        init_spreadscan (opt->end_ip - opt->start_ip);
+        opt->getnextip = (void *) gennext_spreadip;
+    }
+    else
+    {
+        opt->getnextip = (void *) gennextip;
+    }
+
+}
+
+/*
+ * initialize offset for spread-scan
+ * call make_iprange before
+ *
+ * most networks are /24. dont let ip_blklen get to big
+ */
+void
+init_spreadscan (u_long diff)
+{
+    opt->ip_blklen = (u_long) sqrt (diff);
+
+    if (opt->ip_blklen > 100)   /* range is 100^2 large */
+        opt->ip_blklen = 257 + opt->ip_blklen * 0.2;    /* use a prime# here */
+
+}
+
+
+/*
+ * output the ip's only. dont scan.
+ */
+void
+do_outonly ()
+{
+    uint32_t ip;
+
+    while ((ip = (*opt->getnextip) ()) != -1)
+    {
+        opt->ipscan_count++;
+        printf ("%s\n", int_ntoa (ip));
+    }
+
+}
+
+
+/*
+ * process a scanrange from argv
+ * Return -1 if abort
+ */
+int
+process_iprange ()
+{
+    int         c = 0;
+    int         ret;
+#ifdef HAVE_DLSYM
+    int         mc = 0;
+#endif
+
+    while ((opt->nt.dst = (*opt->getnextip) ()) != -1)
+    {
+        memset (opt->packet, 0, opt->pkg_maxlen);
+
+        opt->pkg_len = 0;
+
+        if (opt->flags & OPT_VERB)
+            fprintf (stderr, "scanning %s:%d\n",
+                     int_ntoa (opt->nt.dst), ntohs (opt->nt.dport));
+
+#ifdef HAVE_DLSYM
+        for (mc = 0; mc < modcount; mc++)
+        {
+            ret = mods[mc].callmdl (MOD_FIRSTPKG, opt);
+            if (ret == RMOD_SKIP)
+                continue;
+            if (ret == RMOD_ABRT)
+            {
+                fprintf(stderr, "oops: callmdl returned RMOD_ABRT\n");
+                return(-1);
+            }
+#endif
+
+            opt->bsent_count +=
+                send_ipv4 (opt->sox, opt->packet + ETH_SIZE, opt->pkg_len);
+            opt->iptotscan_count++;
+            opt->ipscan_count++;   /* linear ipscan-offset */
+
+            if (opt->ipscan_count % opt->limit == 0)    /* every second */
+            {
+                if ((c = tty_getchar ()) != -1)
+                    print_scanstat (stderr);
+                if (opt->flags & OPT_ABRT)
+                    return (-1);        /* sig_abort_handler called */
+            }
+
+            /* do floodprotection */
+            while (opt->limit > 0)
+            {
+                /*
+                 * forgett about the initial value of tv.tv_usec...
+                 * This is called 'optimizing algorithms'. The usec does
+                 * not count if you scan >>10seconds...
+                 */
+                gettimeofday (&opt->tv2, NULL);
+                opt->sec = (opt->tv2.tv_sec - opt->scan_start.tv_sec)
+                    - (opt->scan_start.tv_usec - opt->tv2.tv_usec) / 1000000.0;
+                if ((opt->iptotscan_count / opt->sec) >= opt->limit)
+                    usleep (10);        /* should give up timeslice */
+                else
+                    break;
+            }
+#ifdef HAVE_DLSYM
+        }                       /* modcount-loop */
+#endif
+    }
+    return (0);
+}
+
+void *
+p_doit(void *arg)
+{
+  printf("first thread here\n");
+  sleep(100);
+  return NULL;
+}
+
+
+int
+main (int argc, char *argv[])
+{
+    struct sockaddr_in  saddr;
+    struct timeval      tv;
+    int                 size;
+    int                 pstatus;        /* pthread error status */      
+#ifdef IP_HDRINCL
+    const int           on = 1;
+#endif
+
+    init_vars (&argv[argc]);            /* before do_opt */
+
+    do_opt (argc, argv);
+    tty_init ();
+
+    if (opt->flags & OPT_SETARP)
+        if (setarp (opt->nt.src, opt->spf_smac) != 0)
+        {
+            fprintf (stderr, "unable to set arpentry. do it manually\n");
+            exit (1);
+        }
+
+    init_network_raw ();        
+    prepare_libnet (&opt->lnet); /* used by arpg.c and maybe by bscan.c */
+
+    memset (&saddr, 0, sizeof (saddr));
+
+    if ((opt->sox = socket (AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0)
+    {
+        fprintf (stderr, "error creating socket\n");
+        exit (1);
+    }
+#ifdef IP_HDRINCL
+    if (setsockopt (opt->sox, IPPROTO_IP, IP_HDRINCL, &on, sizeof (on)) < 0)
+    {
+        fprintf (stderr, "error setsockopt\n");
+        exit (1);
+    }
+#endif
+
+    size = 160 * 1024;          /* OK if setsockopt fails */
+    setsockopt (opt->sox, SOL_SOCKET, SO_SNDBUF, &size, sizeof (size));
+
+    opt->flags |= OPT_W8SEMA;
+    opt->bscantid = pthread_self();
+    pstatus = pthread_create(&opt->snarftid, NULL, &do_snarf, opt->lnet.device);
+    if (pstatus != 0)
+        err_abort(pstatus, "pthread_create");
+
+    while (opt->flags & OPT_W8SEMA)
+        usleep(50);
+
+    print_opt ();
+
+    if (opt->scan_start.tv_sec == 0)
+        gettimeofday (&opt->scan_start, NULL);
+
+    while ((*opt->argvlist != NULL) || (opt->flags & OPT_HOSTFILE))
+    {
+        if (!(opt->flags & OPT_REST))
+            reset_vars ();      /* reset all counting variables */
+
+        if (!(opt->flags & OPT_HOSTFILE))
+        {
+            make_iprange (&opt->network, &opt->netmask, &opt->start_ip,
+                          &opt->end_ip, *opt->argvlist++);
+        }
+        else
+        {
+            opt->getnextip = (void *) readnextip;
+            if (opt->flags & OPT_REST)
+            {
+                int c = 0;
+
+                fprintf (stderr, "restore: skipping %lu in '%s'\n",
+                         opt->ipscan_count, opt->hostfile);
+                while (c++ < opt->ipscan_count)
+                        if ((*opt->getnextip) () == -1)
+                                break;
+            }
+        }
+
+        opt->flags &= ~OPT_REST;        /* 2nd.. init not by restorefile */
+
+        if ((opt->getnextip == NULL) || (opt->nt.src == 0)
+            || (opt->nt.src == -1))
+            usage (0, "no ip/range given or nonparseable range, skip");
+        if (opt->flags & OPT_OUTONLY)
+        {
+            do_outonly ();
+            continue;
+        }
+
+        if (process_iprange () == -1)
+        {
+            print_scanstat (stderr);
+            break;              /* abort scan ! */
+        }
+
+        if (opt->flags & OPT_HOSTFILE)
+            break;              /* process only ONE hostfile */
+
+        if (*opt->argvlist != NULL)
+            print_scanstat (stderr);
+    }
+
+    gettimeofday (&tv, NULL);
+    time_diff (&opt->scan_start, &tv);
+    opt->sec = tv.tv_sec + tv.tv_usec / 1000000.0;
+    fprintf (stderr, "scanned %lu ip's in %.3f seconds\n", opt->iptotscan_count,
+             opt->sec);
+    if (opt->delay > 0)
+    {
+        fprintf (stderr, "waiting %d sec for outstanding packets...\n",
+                 opt->delay);
+        signal (SIGINT, die);   /* if waiting exit immediatly on INTR */
+        sleep (opt->delay);
+    }
+
+    die (0);
+    return (0);
+}
diff --git a/other/b-scan/src/cf_prse.l b/other/b-scan/src/cf_prse.l
new file mode 100644
index 0000000..592bf7a
--- /dev/null
+++ b/other/b-scan/src/cf_prse.l
@@ -0,0 +1,172 @@
+VOID_LINE       "b-scan:"
+LOCAL_IP        "SourceAddress"
+STATIC_MAC      "StaticSpoofedMacAddress"
+SPOOF_MAC       "MacAddress"
+INTERFACE       "Interface"
+SPREADMODE      "SpreadScan"
+PACKETS_PS      "PacketsPerSecond"
+PATIENCY        "MaxWaitDelay"
+VERBOSE         "Verbose"
+LOAD_MOD        "addModule"
+
+%{
+/*
+ * options with a "bool" are allowed to take "yes", "1" and "true"
+ * and the negated counterparts (case insensitive) as argument.
+ * all others take their argument as supplyed on the command line.
+ *
+ *
+ * VOID_LINE        lines beginning with this string will be passed directly to stderr
+ * LOCAL_IP         -s option 
+ * STATIC_MAC       -m        bool
+ * SPOOF_MAC        -M
+ * INTERFACE        -i
+ * SPREADMODE       -X        bool
+ * PACKETS_PS       -l
+ * PATIENCY         -d
+ * VERBOSE          -v        bool
+ * MODULE           -L
+ */
+%}
+
+
+%{
+#include <bscan/cf_prse.h>
+#include <bscan/module.h>
+#include <string.h>
+#include <stdlib.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+
+/* defines from bscan.h. why not include? because it sucks! using libnet-config for pff! */
+#define OPT_VERB        0x1
+#define OPT_SETARP      0x4
+#define OPT_SPREADSCAN  0x8
+
+
+char *
+getArg (char *s)
+{
+  int x = strlen (s);
+
+  while (s[x] != ' ' && s[x] != '\t')
+    --x;
+  return (s + x + 1);
+}
+
+
+int
+evaluateBoolArg (char *s)
+{
+  s = getArg (s);
+
+  if (!strcasecmp (s, "yes") || !strcasecmp (s, "true") || !strcasecmp (s, "1"))
+    return (1);
+  else if (!strcasecmp (s, "no") || !strcasecmp (s, "false") || !strcasecmp (s, "0"))
+    return (0);
+  else
+    return (-1);
+}
+
+
+void
+set_s_opt (char *s)
+{
+  s = getArg (s);
+  FileOpt.srcAddr = inet_addr (s);
+}
+
+
+void
+set_m_opt (char *s)
+{
+  s = getArg (s);
+  if (evaluateBoolArg (s))
+    FileOpt.flags |= OPT_SETARP;
+}
+
+
+void set_M_opt (char *s)
+{
+  s = getArg (s);
+  sscanf (s, "%hx:%hx:%hx:%hx:%hx:%hx", &FileOpt.mac[0], &FileOpt.mac[1],
+        &FileOpt.mac[2], &FileOpt.mac[3], &FileOpt.mac[4], &FileOpt.mac[5]);
+}
+
+
+void set_i_opt (char *s)
+{
+  s = getArg (s);
+  FileOpt.device = (char *) malloc (strlen (s) + 1);
+  memset (FileOpt.device, 0, strlen (s) + 1);
+  memcpy (FileOpt.device, s, strlen (s));
+}
+
+void set_X_opt (char *s)
+{
+  s = getArg (s);
+  if (evaluateBoolArg (s))
+    FileOpt.flags |= OPT_SPREADSCAN;
+}
+
+
+void set_l_opt (char *s)
+{
+  s = getArg (s);
+  FileOpt.limit = atoi (s);
+}
+
+
+void set_d_opt (char *s)
+{
+  s = getArg (s);
+  FileOpt.delay = atoi (s);
+}
+
+
+void set_v_opt (char *s)
+{
+  s = getArg (s);
+  if (evaluateBoolArg (s))
+    FileOpt.flags |= OPT_VERB;
+}
+
+void set_L_opt (char *s)
+{
+  s = s + strlen ("addModule") + 1;
+  while (*s == ' ' || *s == '\t')
+    s++;
+  loadinit_mod (s);
+}
+
+%}
+%%
+
+^{VOID_LINE}[\t !-?a-zA-Z0-9]*  fprintf (stderr, "%s\n", yytext);
+^{LOCAL_IP}[\t .0-9]*           set_s_opt (yytext);
+^{STATIC_MAC}[\t a-zA-Z0-9]*    set_m_opt (yytext);
+^{SPOOF_MAC}[\t :a-fA-F0-9]*    set_M_opt (yytext);
+^{INTERFACE}[\t a-zA-Z0-9]*     set_i_opt (yytext);
+^{SPREADMODE}[\t a-zA-Z0-9]*    set_X_opt (yytext);
+^{PACKETS_PS}[\t a-zA-Z0-9]*    set_l_opt (yytext);
+^{PATIENCY}[\t a-zA-Z0-9]*      set_d_opt (yytext);
+^{VERBOSE}[\t a-zA-Z0-9]*       set_v_opt (yytext);
+^{LOAD_MOD}[\t !-?\-_.:,;a-zA-Z0-9]*    set_L_opt (yytext);
+
+[\n\t a-zA-Z0-9]
+.
+
+%%
+
+int yywrap () { return (1);}
+
+int
+readConfFile (char *s)
+{
+  if ((yyin = fopen (s, "r")) == NULL)
+    return 0;
+  yylex ();
+  return 1;
+}
diff --git a/other/b-scan/src/dcd_icmp.c b/other/b-scan/src/dcd_icmp.c
new file mode 100644
index 0000000..c627a56
--- /dev/null
+++ b/other/b-scan/src/dcd_icmp.c
@@ -0,0 +1,166 @@
+/* bscan - icmp decoder
+ *
+ * based on information from
+ *   RFC792 - INTERNET CONTROL MESSAGE PROTOCOL
+ *   RFC950 - Internet Standard Subnetting Procedure
+ *   ??? "ICMP Usage in Scanning" (ICMP_Scanning_v2.5.pdf)
+ */
+
+#include <stdio.h>
+#include <bscan/dcd_icmp.h>
+
+static char *   icmp_echo_reply[] = {
+        "ICMP ECHOREPLY",
+        NULL
+};
+
+static char *   icmp_unreach[] = {
+        "ICMP UNREACH network unreachable",
+        "ICMP UNREACH host unreachable",
+        "ICMP UNREACH protocol unreachable",
+        "ICMP UNREACH port unreachable",
+        "ICMP UNREACH fragmentation needed but don't-fragment bit set",
+        "ICMP UNREACH source route failed",
+        "ICMP UNREACH destination network unknown",
+        "ICMP UNREACH destination host unknown",
+        "ICMP UNREACH source host isolated",
+        "ICMP UNREACH destination network administratively prohibited",
+        "ICMP UNREACH destination host administratively prohibited",
+        "ICMP UNREACH network unreachable for TOS",
+        "ICMP UNREACH host unreachable for TOS",
+        "ICMP UNREACH communication administratively prohibited by filtering",
+        "ICMP UNREACH host precedence violation",
+        "ICMP UNREACH precedence cutoff in effect",
+        NULL
+};
+
+static char *   icmp_quench[] = {
+        "ICMP QUENCH",
+        NULL
+};
+
+static char *   icmp_redirect[] = {
+        "ICMP REDIRECT Redirect datagrams for the Network",
+        "ICMP REDIRECT Redirect datagrams for the Host",
+        "ICMP REDIRECT Redirect datagrams for the Type of Service and Network",
+        "ICMP REDIRECT Redirect datagrams for the Type of Service and Host",
+        NULL
+};
+
+static char *   icmp_alternate[] = {
+        "ICMP ALTERNATEHOSTADDRESS",
+        NULL
+};
+
+static char *   icmp_echo[] = {
+        "ICMP ECHO",
+        NULL
+};
+
+static char *   icmp_routerad[] = {
+        "ICMP ROUTERADVERTISEMENT",
+        NULL
+};
+
+static char *   icmp_routersel[] = {
+        "ICMP ROUTERSELECTION",
+        NULL
+};
+
+static char *   icmp_timeexceed[] = {
+        "ICMP TIMEEXCEED time to live exceeded in transit",
+        "ICMP TIMEEXCEED fragment reassembly time exceeded",
+        NULL
+};
+
+static char *   icmp_parprob[] = {
+        "ICMP PARAMETER pointer indicates the error",
+        "ICMP PARAMETER missing a required option",
+        "ICMP PARAMETER bad length",
+        NULL
+};
+
+static char *   icmp_timestamp[] = {
+        "ICMP TIMESTAMP",
+        NULL
+};
+
+static char *   icmp_timestamp_reply[] = {
+        "ICMP TIMESTAMPREPLY",
+        NULL
+};
+
+static char *   icmp_information[] = {
+        "ICMP INFORMATION",
+        NULL
+};
+
+static char *   icmp_information_reply[] = {
+        "ICMP INFORMATIONREPLY",
+        NULL
+};
+
+static char *   icmp_addressmask[] = {
+        "ICMP ADDRESSMASK",
+        NULL
+};
+
+static char *   icmp_addressmask_reply[] = {
+        "ICMP ADDRESSMASKREPLY",
+        NULL
+};
+
+static char *   icmp_ERR[] = {
+        "ICMP invalid code",
+        NULL
+};
+
+struct icmp_typeelem {
+        int             count;
+        char **         tab;
+};
+
+struct icmp_typeelem    icmp_tab[] = {
+        {  1, icmp_echo_reply },        /*  0  Echo Reply */
+        {  0, icmp_ERR },               /*  1  UNUSED */
+        {  0, icmp_ERR },               /*  2  UNUSED */
+        { 16, icmp_unreach },           /*  3  Destination Unreachable */
+        {  1, icmp_quench },            /*  4  Source Quench */
+        {  4, icmp_redirect },          /*  5  Redirect */
+        {  1, icmp_alternate },         /*  6  Alternate Host Address */
+        {  0, icmp_ERR },               /*  7  UNUSED */
+        {  1, icmp_echo },              /*  8  Echo */
+        {  1, icmp_routerad },          /*  9  Router Advertisement */
+        {  1, icmp_routersel },         /* 10  Router Selection */
+        {  2, icmp_timeexceed },        /* 11  Time Exceeded */
+        {  3, icmp_parprob },           /* 12  Parameter Problem */
+        {  1, icmp_timestamp },         /* 13  Timestamp */
+        {  1, icmp_timestamp_reply },   /* 14  Timestamp Reply */
+        {  1, icmp_information },       /* 15  Information Request */
+        {  1, icmp_information_reply }, /* 16  Information Request */
+        {  1, icmp_addressmask },       /* 17  RFC950: Address Mask Request */
+        {  1, icmp_addressmask_reply }, /* 18  RFC950: Address Mask Reply */
+        {  0, NULL },   /* EOList */ 
+};
+
+int     icmp_type_max = (sizeof (icmp_tab) / sizeof (struct icmp_typeelem)) - 1;
+
+const char *
+icmp_str (int type, int code)
+{
+        struct icmp_typeelem *  it;
+
+        if (type < 0 || type >= icmp_type_max)
+                return ("ICMP invalid type");
+
+        it = &icmp_tab[type];
+        if (it->count == 0)
+                return (it->tab[0]);
+
+        if (code < 0 || code >= it->count)
+                return ("ICMP invalid code");
+
+        return (it->tab[code]);
+}
+
+
diff --git a/other/b-scan/src/garage.c b/other/b-scan/src/garage.c
new file mode 100644
index 0000000..4beba2d
--- /dev/null
+++ b/other/b-scan/src/garage.c
@@ -0,0 +1,508 @@
+/* bscan - garage.c - per IP storage functions
+ *
+ * by scut / teso
+ * by skyper / teso
+ *
+ * this module implements a per-IP storage method to allow other modules
+ * to store state information about hosts (ie for TCP fingerprinting or
+ * stateful protocols).
+ *
+ * 2000/12/31   version 1.0.1 - scut
+ *              - added CIDR helper functions
+ *              - added mg_cidr_getmask function to convert CIDR/netmask
+ *                notation
+ *              - added mg_cidr_maskcount to count max possible hosts in a mask
+ *              - added mg_cidr_count function to count hosts in garage that
+ *                match a mask
+ *              - added ip based counter to the garage structure, this costs
+ *                only few cycles when working with elements, but repays for
+ *                the mg_count and some of the mg_cidr_* functions
+ *              - changed mg_count to take advantage of the garage counter
+ *              - added mg_cidr_match function
+ *              - workaround for some size-dependant misoptimizations of gcc
+ *
+ * 2000/12/31   version 1.0.0 - scut
+ *              - support for storage, retrieval and max-keep counter
+ *                with automatic deallocation
+ */
+
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <bscan/garage.h>
+
+
+/* memory layout:
+ *
+ * each per-ip data is stored in a linked list element. the linked list
+ * can (theoretically) contain up to 2^16 elements, if the entire IP space
+ * is scanned at once.
+ *
+ * up to 2^16 of this linked lists can exist, hence 2^16*2^16 = 2^32 = whole
+ * IPv4 space. to access the correct linked list we calculate a hash value,
+ * to directly read from a one dimensional table of linked list root pointers.
+ *
+ * unsigned long int ip;
+ *
+ * h = ((ip >> 16) + ip) 0xffff)
+ *
+ * the linked list indexed by this two hash values is sorted in ascending
+ * order by the IP as unsigned long int.
+ */
+
+#define MG_H(ip) ((((ip) >> 16) + (ip)) & 0xffff)
+
+
+#ifdef DEBUG
+unsigned long long int  tackall = 0;
+unsigned long long int  tackc = 0;
+#endif
+
+#if 0
+/* unused code
+ */
+static unsigned long int
+mg_count_slot (ip_list *list);
+#endif
+
+
+/* XXX/FIXME/TODO: shouldn't be here
+ */
+void *
+xcalloc (unsigned int factor, unsigned int size)
+{
+        void *  foo = calloc (factor, size);
+
+        if (foo == NULL) {
+                perror ("xcalloc");
+
+                exit (EXIT_FAILURE);
+        }
+
+        return (foo);
+}
+
+
+/* destroy the ip_list element given in `slot'
+ */
+static void
+mg_destroy_slot (garage_hdlr *g, ip_list *slot, void (* cleaner)(ip_list *));
+
+
+garage_hdlr *
+mg_init (char *name, unsigned long int max_hosts_in_list,
+        void (* cleaner)(ip_list *))
+{
+        garage_hdlr *   new = xcalloc (1, sizeof (garage_hdlr));
+
+        new->name = name;
+        new->garage = xcalloc (256 * 256, sizeof (ip_list *));
+        new->cleaner = cleaner;
+        new->ip_count = 0;
+
+        if (max_hosts_in_list == 0) {
+                new->timeout_tbl = NULL;
+                new->timeout_max = 0;
+                new->timeout_idx = 0;
+        } else {
+                new->timeout_tbl = xcalloc (max_hosts_in_list,
+                        sizeof (unsigned long int));
+                new->timeout_max = max_hosts_in_list;
+                new->timeout_idx = 0;
+        }
+
+        memset (new->garage, '\x00', 256 * 256 * sizeof (ip_list *));
+        if (new->timeout_tbl != NULL)
+                memset (new->timeout_tbl, '\x00', max_hosts_in_list *
+                        sizeof (unsigned long int));
+
+        return (new);
+}
+
+
+void
+mg_destroy (garage_hdlr *g, int do_handler)
+{
+        int     h;
+
+
+#ifdef DEBUG
+        printf ("tackcount = %Lu\n", tackc);
+        printf ("tackall = %Lu\n", tackall);
+        printf ("tackmedian = %2.3f\n", (float) ((float) tackall / (float) tackc));
+#endif
+
+        for (h = 0 ; h < (256 * 256) ; ++h) {
+                if (g->garage[h] != NULL) {
+                        /* the IP list structure for the IP will be free'd
+                         * by mg_clean, too, so we don't have to do that
+                         * manually
+                         */
+                        mg_destroy_slot (g, g->garage[h], (do_handler == 0) ?
+                                NULL : g->cleaner);
+                        g->garage[h] = NULL;
+                }
+        }
+
+        free (g->garage);
+        if (g->timeout_tbl == NULL)
+                free (g->timeout_tbl);
+
+        /* g->name is not to be free'd */
+
+        free (g);
+}
+
+
+static void
+mg_destroy_slot (garage_hdlr *g, ip_list *slot, void (* cleaner)(ip_list *))
+{
+        ip_list *       next;
+
+        do {
+                next = slot->next;
+                mg_clean (g, slot->ip, cleaner);
+                slot = next;
+        } while (slot != NULL);
+
+        return;
+}
+
+
+void
+mg_write (garage_hdlr *g, unsigned long int ip, void *data, size_t data_len,
+        int data_free)
+{
+        ip_list *       il;
+        ip_elem *       new = xcalloc (1, sizeof (ip_elem));
+
+
+        new->next = NULL;
+        new->data_free = data_free;
+        new->data_len = data_len;
+        new->data = data;
+
+
+        il = g->garage[MG_H (ip)];
+        if (il == NULL) {
+                il = xcalloc (1, sizeof (ip_list));
+                il->next = NULL;
+                il->ip = ip;
+                il->data = new;
+
+                g->garage[MG_H (ip)] = il;
+                g->ip_count += 1;
+        } else {
+                ip_list **      cw = &g->garage[MG_H (ip)];
+
+                while (il != NULL && ip > il->ip) {
+                        cw = &il->next;
+                        il = il->next;
+                }
+
+                if (il != NULL && ip == il->ip) {
+                        new->next = il->data;
+                        il->data = new;
+                } else {
+                        ip_list *       il_tmp = xcalloc (1, sizeof (ip_list));
+
+                        il_tmp->next = il;
+                        *cw = il_tmp;
+                        il = il_tmp;
+
+                        il->ip = ip;
+                        il->data = new;
+
+                        g->ip_count += 1;
+                }
+        }
+
+        if (g->timeout_tbl != NULL) {
+#ifdef DEBUG
+                printf ("tbl = 0x%08lx   tbl_idx = %5lu   tbl_max = %5lu   tbl_count = %8lu\n",
+                        (unsigned long int) g->timeout_tbl,
+                        (unsigned long int) g->timeout_idx,
+                        (unsigned long int) g->timeout_max,
+                        (unsigned long int) mg_count (g));
+                printf ("g->timeout_tbl[g->timeout_idx] = %lu\n", g->timeout_tbl[g->timeout_idx]);
+                printf ("condition = %s\n", (g->timeout_tbl[g->timeout_idx] != 0) ? "true" : "false");
+#endif
+
+                if (g->timeout_tbl[g->timeout_idx] != 0)
+                        mg_clean (g, g->timeout_tbl[g->timeout_idx], NULL);
+
+                g->timeout_tbl[g->timeout_idx] = il->ip;
+#ifdef DEBUG
+                printf ("g->timeout_idx = %5ld   g->timeout_max = %5ld\n\n",
+                        g->timeout_idx, g->timeout_max);
+#endif
+                g->timeout_idx = (g->timeout_idx + 1) % g->timeout_max;
+        }
+}
+
+
+ip_elem *
+mg_read (garage_hdlr *g, unsigned long int ip)
+{
+#ifdef DEBUG
+        int             tackcount = 0;
+#endif
+        ip_list *       il = g->garage[MG_H (ip)];
+
+        /* no list for this hash value -> no IP stored
+         */
+        if (il == NULL)
+                return (NULL);
+
+        /* walk the list
+         */
+        do {
+                if (il->ip == ip)
+#ifdef DEBUG
+                {
+                        printf ("tackcount = %d\n", tackcount);
+                        tackall += tackcount;
+                        tackc += 1;
+#endif
+                        return (il->data);
+#ifdef DEBUG
+                } else {
+                        tackcount += 1;
+                }
+#endif
+
+                il = il->next;
+
+        } while (il != NULL && il->ip <= ip);
+
+        return (NULL);
+}
+
+
+void
+mg_clean (garage_hdlr *g, unsigned long int ip, void (* cleaner)(ip_list *))
+{
+        ip_elem *       iel;
+        ip_elem *       iel_tmp;
+
+        ip_list **      cw = &g->garage[MG_H (ip)];
+        ip_list *       il;
+
+
+        il = *cw;
+
+        /* walk the list
+         */
+        while (il != NULL && il->ip < ip) {
+                cw = &il->next;
+                il = il->next;
+        }
+
+        if (il == NULL || il->ip != ip)
+                return;
+
+        *cw = il->next;
+
+        /* if a cleaner has been given, or there is a default cleaner in the
+         * garage, then run it
+         */
+        if (cleaner != NULL) {
+                cleaner (il);
+        } else if (g->cleaner != NULL) {
+                g->cleaner (il);
+        }
+
+        iel = il->data;
+        while (iel != NULL) {
+                iel_tmp = iel;
+                if (iel->data_free)
+                        free (iel->data);
+
+                iel = iel->next;
+                free (iel_tmp);
+        }
+
+        g->ip_count -= 1;
+
+        free (il);
+
+        return;
+}
+
+
+void
+mg_show (garage_hdlr *g)
+{
+        int     h1, h2;
+        int     count;
+
+        char    display[] = ".123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+
+        printf ("=== garage = %s === elements in garage = %lu\n", g->name, mg_count (g));
+        printf ("0_________0_________0_________0_________0_________0_________0_________\n");
+
+        for (h1 = 0 ; h1 < 256 ; ++h1) {
+                count = 0;
+                for (h2 = 0 ; h2 < 256 ; ++h2) {
+                        if (g->garage[h1 * 256 + h2] != NULL)
+                                count += 1;
+                }
+
+                printf ("%c", count >= (sizeof (display) - 1) ? '>' : display[count]);
+                if ((h1 + 1) % 70 == 0) {
+                        printf ("\n");
+                        printf ("0_________0_________0_________0_________0_________0_________0_________\n");
+                }
+        }
+        printf ("\n");
+
+}
+
+
+unsigned long int
+mg_count (garage_hdlr *g)
+{
+        return (g->ip_count);
+}
+
+
+#if 0
+/* unused code
+ */
+static unsigned long int
+mg_count_slot (ip_list *list)
+{
+        unsigned long int       count = 0;
+
+        do {
+                count += 1;
+                list = list->next;
+        } while (list != NULL);
+
+        return (count);
+}
+#endif
+
+
+int
+mg_ip_isin (garage_hdlr *g, unsigned long int ip)
+{
+        ip_list *       il = g->garage[MG_H (ip)];
+
+        if (il == NULL)
+                return (0);
+
+        while (il != NULL && ip < il->ip) {
+                il = il->next;
+        }
+
+        if (il != NULL && ip == il->ip)
+                return (1);
+
+        return (0);
+}
+
+
+
+/* CIDR routines
+ *
+ * XXX: maybe move some basic CIDR routines to an extra file for maintance
+ * XXX: beta code, please test
+ */
+
+unsigned long int
+mg_cidr_getmask (unsigned long int mask)
+{
+        /* work around to dumb gcc 'optimizations' (ie compiler bug)
+         */
+        if (mask == 0)
+                return (0);
+
+        if (mask > 32) {
+                return (mask);
+        } else {
+                unsigned long int       nm = 0xffffffff;
+
+                /* clear zero bits
+                 */
+                mask = 32 - mask;
+                nm >>= mask;
+                nm <<= mask;
+
+                return (nm);
+        }
+}
+
+
+unsigned long int
+mg_cidr_maskcount (unsigned long int mask)
+{
+        return ((~mg_cidr_getmask (mask)) + 1);
+}
+
+
+int
+mg_cidr_match (unsigned long int ip1, unsigned long int ip2,
+        unsigned long int mask)
+{
+        mask = mg_cidr_getmask (mask);
+        ip1 &= mask;
+        ip2 &= mask;
+
+        return (ip1 == ip2);
+}
+
+
+unsigned long int
+mg_cidr_count (garage_hdlr *g, unsigned long int ip, unsigned long int mask)
+{
+        unsigned long int       count = 0;
+        unsigned long int       ip_start,
+                                ip_end;
+
+
+        ip_start = ip & mg_cidr_getmask (mask);
+        ip_end = ip_start + mg_cidr_maskcount (mask);
+
+        /* workaround for /0 cidr mask (if sizeof (unsigned long int) == 4)
+         * it will make ip_end = 0, so we have to catch this case)
+         */
+        if (ip_end == 0)
+                return (mg_count (g));
+
+        if ((ip_end - ip_start) >= mg_count (g)) {
+                /* since there are less elements then the ip range contains,
+                 * we go for a count-matching-elements-by-scanning-through-
+                 * the-entire-array like technique
+                 */
+                unsigned long int       h;
+                ip_list *               il;
+
+                for (h = 0 ; h < (256 * 256) ; ++h) {
+                        if (g->garage[h] != NULL) {
+                                il = g->garage[h];
+
+                                do {
+                                        if (mg_cidr_match (il->ip, ip, mask))
+                                                count += 1;
+
+                                        il = il->next;
+                                } while (il != NULL);
+                        }
+                }
+        } else {
+                /* there are more elements in the garage then this range
+                 * contains, so scam this range only
+                 */
+                do {
+                        count += mg_ip_isin (g, ip_start);
+
+                        ip_start += 1;
+                } while (ip_start < ip_end);
+        }
+
+        return (count);
+}
+
+
diff --git a/other/b-scan/src/module.c b/other/b-scan/src/module.c
new file mode 100644
index 0000000..1748914
--- /dev/null
+++ b/other/b-scan/src/module.c
@@ -0,0 +1,214 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <dlfcn.h>
+#include <string.h>
+#include <bscan/module.h>
+#include <bscan/system.h>
+
+struct _mods mods[MAX_MODULES];
+/* modstructures not initialized */
+int modcount = -1;
+
+/*
+#ifdef HAVE_DLSYM
+#define MAKE_DLSYM(x, y) mods[modcount].##x = dlsym(handle, ##y);\
+        if ((error = dlerror()) != NULL) {\
+                fprintf(stderr, ##y":%s\n", error); return(1); }
+#endif
+*/
+
+/* I think this is more correct, and also gets rid of some compile warnings.
+ * hope this doesn't break anything. -typo */
+#ifdef HAVE_DLSYM
+#define MAKE_DLSYM(x, y) mods[modcount].x = dlsym(handle, y);\
+        if ((error = dlerror()) != NULL) {\
+                fprintf(stderr, y":%s\n", error); return(1); }
+#endif
+
+/*  SunOS 4.1.3 support */
+#ifndef RTLD_NOW
+#define RTLD_NOW        0x00001
+#endif
+/* OpenBSD support */
+#ifndef RTLD_GLOBAL
+#define RTLD_GLOBAL     0x00000
+#endif
+
+/* we really hate theo for this shit of dl* work */
+#if defined(__OpenBSD__)
+# if !(defined(__mips) || defined(__powerpc))
+#  define DLSYM_AOUT 1
+# else
+#  define DLSYM_AOUT 0
+# endif
+#endif
+#if DLSYM_AOUT == 1
+# define DLSYM_UNDERSCORE "_"
+#else
+# define DLSYM_UNDERSCORE /**/
+#endif
+
+
+/*
+ * init the module structures. NOT the modules! 
+ */
+void
+init_modules ()
+{
+    int c = 0;
+
+    while (c < MAX_MODULES)
+    {
+        mods[c].init = NULL;
+        mods[c].fini = NULL;
+        mods[c].musage = NULL;
+        mods[c].modname = NULL;
+        mods[c].modid = 0;
+        mods[c].modarg = NULL;
+        mods[c++].callmdl = NULL;
+    }
+    modcount = 0;
+}
+
+
+/*
+ * Load a module
+ * Return 0 on success, != 0 on error [no space left, EACCESS, ...]
+ */
+int
+add_module (char *fname, char *modarg)
+{
+#ifdef HAVE_DLSYM
+    void *handle;
+    char *error;
+
+    if (modcount == -1)
+        init_modules ();
+
+    if (modcount >= MAX_MODULES)
+        return (2);             /* array to small! */
+
+    handle = dlopen (fname, RTLD_NOW | RTLD_GLOBAL);
+
+    if ((error = dlerror ()) != NULL)
+    {
+        fprintf (stderr, "%s\n", error);
+        return (1);
+    }
+
+    MAKE_DLSYM (init, DLSYM_UNDERSCORE"init");
+    MAKE_DLSYM (fini, DLSYM_UNDERSCORE"fini");
+    MAKE_DLSYM (musage, DLSYM_UNDERSCORE"musage");
+    MAKE_DLSYM (callmdl, DLSYM_UNDERSCORE"callmdl");
+
+    mods[modcount].modid = modcount;
+    mods[modcount].modarg = modarg;     /* not encoded arg */
+
+    modcount++;
+
+#endif
+    return 0;
+}
+
+/*
+ * split a 'space seperated string' into many arguements
+ * decode esc-sequences
+ */
+void
+split_margs (const char *moptarg, char ***margvp, int *margcp)
+{
+    char *ptr, *opt;
+    int off;
+    char ch, ch2;
+
+    if (margcp == NULL)
+        return;
+
+    if (margvp == NULL)
+        return;
+
+    if (moptarg == NULL)
+        return;
+
+    moptarg = strdup(moptarg);
+
+    /*
+     * convert "   modname   -a arg1 -b    arg2" to
+     *         "modname -a arg1 -b arg2"
+     */
+    opt = (char *) calloc (1, strlen (moptarg) + 1);
+    off = 0;
+    ch2 = ' ';
+    ptr = (char *) moptarg;
+    while ((ch = *ptr++) != '\0')
+    {
+        if ((ch == ' ') && (ch2 == ' '))
+            continue;
+        opt[off++] = ch;
+        ch2 = ch;
+    }
+    if (ch2 == ' ')
+        opt[off - 1] = '\0';
+
+    /*
+     * split argument-string into char *argv[] array
+     */
+    *margcp = 0;
+    while ((ptr = strchr (opt, ' ')) != NULL)
+    {
+        *ptr++ = '\0';
+
+        (*margvp) = realloc (*margvp, ((*margcp) + 1) * sizeof (char *));
+
+        ctoreal(opt, opt);      /* decode esc-sequences */
+        *(*margvp + *margcp) = opt;
+        (*margcp)++;
+        opt = ptr;
+    }
+    (*margvp) = realloc (*margvp, ((*margcp) + 2) * sizeof (char *));
+    ctoreal(opt, opt);
+    *(*margvp + (*margcp)++) = opt;
+    *(*margvp + (*margcp)) = NULL;      /* terminate the array */
+
+}
+
+/*
+ * load and init the module.
+ * this function can exit
+ * return 0 on success
+ */
+int
+loadinit_mod(char *optar)
+{
+    char **margv = NULL;
+    int margc = 0;
+    extern int optind;
+    extern struct _opt *opt;
+
+    split_margs (optar, &margv, &margc);
+    if (add_module (margv[0], optar) == 0)
+    {
+        int oldoptind = optind;
+        int m = modcount - 1;
+        optind = 1;
+
+        if (mods[m].init ((char **) &mods[m].modname, margc, margv, opt) != 0)
+        {
+            fprintf (stderr, "- [%d]: '%s' init FAILED\n",
+                                         mods[m].modid, margv[0]);
+            mods[m].musage ();
+            exit (-1);
+         } else
+            fprintf (stderr, "+ [%d]: '%s' initialized\n",
+                                         mods[m].modid, mods[m].modname);
+         optind = oldoptind;     /* restore old optind value */
+    } else
+    {
+         fprintf (stderr, "+ [-]; '%s' failed\n", optar);
+         exit (-1);
+    }
+
+    return(0);
+}
+
+
diff --git a/other/b-scan/src/network_raw.c b/other/b-scan/src/network_raw.c
new file mode 100644
index 0000000..1b87eaa
--- /dev/null
+++ b/other/b-scan/src/network_raw.c
@@ -0,0 +1,497 @@
+/*
+ * raw network routines
+ * libnet based (not yet ..but maybe in the future :>
+ */
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+#ifndef __FAVOR_BSD
+#define __FAVOR_BSD
+#endif
+#ifndef __USE_BSD
+#define __USE_BSD
+#endif
+#ifndef __BSD_SOURCE
+#define __BSD_SOURCE
+#endif
+#include <libnet.h>
+#include <bscan/network_raw.h>
+
+static int netraw_lrand = 0;
+#define LAME_RANDOM     (netraw_lrand = (netraw_lrand + (netraw_lrand>>1)))
+
+/*
+ * init all the network_raw stuff
+ * return 0 on success, -1 on error
+ */
+int
+init_network_raw ()
+{
+    /* seeded by init_vars/bscan.c */
+    netraw_lrand = 1 + (int) (65335.0 * rand () / (RAND_MAX + 1.0));
+    return (0);
+}
+
+/*
+ * calc. checksum WITH carry flag.
+ * call cksum = CKSUM_CARRY(sum);
+ * we calculate only the initial checksum here.
+ * we can use the result for all further packets
+ */
+int
+in_cksum (unsigned short *addr, int len)
+{
+    int nleft = len;
+    int sum = 0;
+    u_short *w = addr;
+    u_short answer = 0;
+
+    while (nleft > 1)
+    {
+        sum += *w++;
+        nleft -= 2;
+    }
+
+    if (nleft == 1)             /* padding */
+    {
+        *(u_char *) (&answer) = *(u_char *) w;
+        sum += answer;
+    }
+
+    return (sum);
+}
+
+
+/*
+ * add ICMP_ECHO or ICMP_TSTAMP
+ * len = len of payload
+ * add ICMP-header to pkt
+ */
+void
+add_icmpping (unsigned char *pkt, int len, int which)
+{
+    struct icmp *icmp = (struct icmp *) pkt;
+    int sum;
+    struct timeval tv;
+    memset (icmp, 0, sizeof (*icmp));   /* sizeof(*icmp) = 28 */
+
+    if (which == ICMP_ECHO)
+      {
+        icmp->icmp_type = ICMP_ECHO;
+      }
+    else if (which == ICMP_TSTAMP)
+      {
+        if (len < 13)
+          printf ("packet too small for timestamp request, lets blast the packets out anyway\n");
+        icmp->icmp_type = ICMP_TSTAMP;
+      }
+    else
+      printf ("Your kung-fu is bad!\n"); 
+
+    icmp->icmp_hun.ih_idseq.icd_id = LAME_RANDOM;
+    gettimeofday (&tv, NULL);
+    memcpy (icmp->icmp_dun.id_data, &tv, sizeof (tv));
+
+    sum = in_cksum ((u_short *) icmp, ICMP_SIZE + len);
+    icmp->icmp_cksum = CKSUM_CARRY (sum);
+}
+
+
+/*
+ * add udp-header [no checksum]
+ * len = len of payload
+ */
+void
+add_udphdr(unsigned char *pkt, struct net_tuple *nt, int len)
+{
+    struct udphdr udp;
+
+    memset(&udp, 0, sizeof(udp));
+    udp.uh_sport = nt->sport;
+    udp.uh_dport = nt->dport;
+    udp.uh_ulen = htons(len + UDP_SIZE);
+    udp.uh_sum = 0;     /* no checksum !*/
+    memcpy(pkt, &udp, sizeof(udp));
+}
+
+
+/*
+ * len = len of payload
+ */
+void
+add_tcphdr (unsigned char *pkt, struct net_tuple *nt, uint8_t flags, int len,
+            tcp_seq * seq, tcp_seq * ack)
+{
+    struct tcphdr tcp;
+    struct tcphdr *tcpptr;
+    struct _fakehead fakehead;
+    int sum;
+
+    memset (&tcp, 0, sizeof (tcp));
+    memset (&fakehead, 0, sizeof (fakehead));
+    tcp.th_dport = nt->dport;
+    tcp.th_sport = nt->sport;
+    fakehead.saddr = nt->src;
+    fakehead.daddr = nt->dst;
+    fakehead.zero = 0;
+    fakehead.protocol = IPPROTO_TCP;
+    fakehead.tot_len = htons (TCP_SIZE + len);
+    sum = in_cksum ((u_short *) & fakehead, sizeof (fakehead));
+    tcp.th_off = TCP_SIZE >> 2;
+    if (seq != NULL)
+        tcp.th_seq = *seq;
+    else
+        tcp.th_seq = LAME_RANDOM;
+    if (ack != NULL)
+        tcp.th_ack = *ack;
+    tcp.th_flags |= flags;      /* ADD the flags */
+    tcp.th_win = htons (0x3fff);
+    memcpy (pkt, &tcp, sizeof (tcp));
+    sum += in_cksum ((u_short *) pkt, sizeof (tcp) + len);
+    tcpptr = (struct tcphdr *)pkt;
+    tcpptr->th_sum = CKSUM_CARRY (sum);
+}
+
+
+/*
+ * add's ipv4-header of 20 bytes without any options
+ * - IPPROTO_TCP and 40 bytes total length
+ */
+void
+add_iphdr (unsigned char *pkt, uint8_t ip_p, struct net_tuple *nt, int len)
+{
+    struct ip ip;
+    memset (&ip, 0, IP_SIZE);
+    ip.ip_hl = sizeof (ip) >> 2;
+    ip.ip_v = 4;
+    /*ip->tos = 0; */
+    ip.ip_len = htons (len + IP_SIZE);  /* htons ? */
+    /*ip->id = 0;                  done by kernel */
+    /*ip->frag_off = 0; */
+    ip.ip_ttl = 0xff;
+    ip.ip_p = ip_p;
+    /*.ip->check = 0;      done by kernel */
+    ip.ip_src.s_addr = nt->src;
+    ip.ip_dst.s_addr = nt->dst;
+    memcpy (pkt, &ip, sizeof (ip));
+}
+
+/*
+ * send out ipv4-packet
+ * with data 'pkt' of length 'len'
+ * returns the number of characters sent, or -1 if an error occured
+ */
+int
+send_ipv4 (int sox, u_char * pkt, size_t len)
+{
+    struct sockaddr_in to;
+    to.sin_family = AF_INET;
+    memcpy (&to.sin_addr.s_addr, (pkt + 4 * 4), sizeof (u_long));
+    return (sendto (sox, pkt, len, 0, (struct sockaddr *) &to, sizeof (to)));
+}
+
+
+/*
+ * small/lame tcp userland stack
+ * give 'best' tcp-answer to a tcp-packet
+ * return 0 on success
+ * payload + len are optional
+ */
+int
+answer_tcp (int sox, struct ip *ip, struct tcphdr *tcp, uint8_t flags,
+            u_char * payload, uint len)
+{
+    static u_char *outpkt = NULL;
+    static int msize = 0;
+    struct net_tuple nt;
+    tcp_seq outack;
+
+    if (TCP_SIZE + IP_SIZE + len > msize)
+    {
+        outpkt = realloc (outpkt, TCP_SIZE + IP_SIZE + len);
+        msize = TCP_SIZE + IP_SIZE + len;
+    }
+
+    if (outpkt == NULL)
+        return (-1);
+    if (ip == NULL)
+        return (-1);
+    if (tcp == NULL)
+        return (-1);
+
+    memset (outpkt, 0, TCP_SIZE + IP_SIZE + len);
+
+    nt.sport = tcp->th_dport;
+    nt.dport = tcp->th_sport;
+    nt.src = ip->ip_dst.s_addr;
+    nt.dst = ip->ip_src.s_addr;
+
+    if (payload != NULL)
+        memcpy (outpkt + TCP_SIZE + IP_SIZE, payload, len);
+
+    outack = ntohl (tcp->th_seq) + ntohs (ip->ip_len) - (tcp->th_off << 2) -
+        (ip->ip_hl << 2);
+    if (tcp->th_flags & (TH_SYN | TH_FIN))
+        outack++;
+
+    outack = htonl (outack);
+    add_tcphdr (outpkt + IP_SIZE, &nt, flags, len, &tcp->th_ack, &outack);
+
+    add_iphdr (outpkt, IPPROTO_TCP, &nt, TCP_SIZE + len);
+
+    send_ipv4 (sox, outpkt, IP_SIZE + TCP_SIZE + len);
+
+    return (0);
+}
+
+
+/*
+ * return 0 if ip-header is valid [length only]
+ * len = length from the begin of the ip-header [20 for normal ip header]
+ */
+int
+vrfy_ip (struct ip *ip, uint32_t len, u_short * ip_options)
+{
+    u_short _ip_options;
+
+    if (len < sizeof (*ip))
+        return (-1);
+
+    _ip_options = ip->ip_hl << 2;
+    if (_ip_options > len)
+        return (-1);
+
+    if (_ip_options > 0xefff)
+        return -1;
+
+    if (_ip_options < sizeof (*ip))
+        _ip_options = 0;
+    else
+        _ip_options -= sizeof (*ip);
+
+    *ip_options = _ip_options;
+    return (0);
+}
+
+
+/*
+ * len = len of tcp-header + tcp_options + tcp_data (from wire).
+ * returns 0 if tcp-header is valid [length check only]
+ * returns options
+ * != 0 if something went wrong [header size etc]
+ */
+int
+vrfy_tcp (struct tcphdr *tcp, uint32_t plen, u_short * tcp_options)
+{
+    u_short _tcp_options;
+
+    if (plen < sizeof (*tcp))
+        return (-1);
+
+    _tcp_options = tcp->th_off << 2;
+    if (_tcp_options > plen)
+        return (-1);
+    if (_tcp_options > 0xefff)   /* this is quite to large for me */
+        return -1;
+
+    if (_tcp_options <= sizeof (*tcp))
+        _tcp_options = 0;
+    else
+        _tcp_options -= sizeof (*tcp);
+
+    *tcp_options = _tcp_options;
+
+    return (0);
+}
+
+int 
+vrfy_udp (struct udphdr *udp, uint32_t len)
+{
+
+    if (len < sizeof(*udp))
+        return (-1);
+
+    return (0);
+}
+
+/*
+ * decode NetworkVirtualTerminal Data 
+ * data = the raw (nvt)-input
+ * len = length of 'data'
+ * ans = the nvt-answer (IAC don't)
+ * anslen = the calculated anser length
+ * res = the decoded nvt data (login: prompt etc)
+ * reslen = the calculates decoded data length
+ * All parameters must be given (NULL is not allowed)
+ * and initialized
+ * return -1 on failure
+ * return 0 on success
+ * rfc-will: anslen, reslen < len
+ */
+#define IACFOUND        0x01
+#define DOFOUND         0x02
+#define UNKNOWNOPT      0x04
+#define SUBNEGO         0x08
+#define CRFOUND         0x10
+
+#define NVT_SE          0xf0
+#define NVT_SB          0xfa
+#define NVT_WILL        0xfb
+#define NVT_WONT        0xfc
+#define NVT_DO          0xfd
+#define NVT_DONT        0xfe
+#define IAC             0xff
+
+int
+decode_nvt(u_char *data, uint len, u_char *ans, uint *anslen, 
+                                                 u_char *res, uint *reslen)
+{
+    u_char *ptr = data;
+    u_char *ansptr = ans;
+    u_char *resptr = res;
+    u_char flags = 0;
+    int i = 0;
+    u_char c;
+
+    if ( (data == NULL) || (ans == NULL) || (res == NULL))
+        return(0);
+
+    *anslen = 0;
+    *reslen = 0;
+
+    while (1)
+    {
+        if (i++ >= len)
+             break;
+        c = *ptr++;
+
+        if (flags & UNKNOWNOPT)
+        {
+            flags = 0;
+            continue;
+        }
+
+        if (flags & IACFOUND)
+        {
+            if (c == IAC)       /* IAC IAC */
+            {
+                *resptr++ = IAC;
+                flags = 0;      /* reset */
+                continue;
+            }
+
+            if (flags & SUBNEGO)
+            {
+                if (c == NVT_SE)        /* subnegotiation end */
+                    flags = 0;
+                continue;
+            }
+
+            if (flags & DOFOUND)
+            {
+/* 3com switch test             if (c == 0x03)
+                {
+                        *ansptr++ = IAC;
+                        *ansptr++ = NVT_DO;
+                        *ansptr++ = 0x03;
+                        *ansptr++ = IAC;
+                        *ansptr++ = NVT_WILL;
+                        *ansptr++ = 0x18;
+                        *ansptr++ = IAC;
+                        *ansptr++ = NVT_WILL;
+                        *ansptr++ = 0x1f;
+                        *ansptr++ = IAC;
+                        *ansptr++ = NVT_WILL;
+                        *ansptr++ = 0x20;
+                        *ansptr++ = IAC;
+                        *ansptr++ = NVT_WILL;
+                        *ansptr++ = 0x21;
+                        *ansptr++ = IAC;
+                        *ansptr++ = NVT_WILL;
+                        *ansptr++ = 0x22;
+                        *ansptr++ = IAC;
+                        *ansptr++ = NVT_WILL;
+                        *ansptr++ = 0x27;
+                        *ansptr++ = IAC;
+                        *ansptr++ = NVT_DO;
+                        *ansptr++ = 0x05;
+                        *ansptr++ = IAC;
+                        *ansptr++ = NVT_WILL;
+                        *ansptr++ = 0x23;
+                        *anslen = *anslen + 24;
+
+                }
+*/
+                *ansptr++ = IAC;
+                *ansptr++ = NVT_WONT;   /* me is dump - im a kid */
+                *ansptr++ = c;
+                *anslen = *anslen + 3;
+                flags = 0;
+                continue;
+            }
+
+            if (c == NVT_SB)    /* subnegotiation */
+            {
+                flags = SUBNEGO;
+                continue;
+            }
+
+            if (c == NVT_DO)    /* DO ... */
+            { 
+                flags |= DOFOUND;
+                continue;
+            } else {
+                flags = ~(IACFOUND | DOFOUND);
+                flags |= UNKNOWNOPT;    /* skip next */
+                continue;
+            }
+
+        }
+
+        if (flags & SUBNEGO)
+            continue;
+
+        if (c == IAC)
+        {
+            flags = IACFOUND;   /* just IAC */
+            continue;
+        }
+
+        if (flags & CRFOUND)
+        {
+            if (c == '\0')
+            {
+                flags &= ~CRFOUND;
+                *res++ = '\r';
+                *reslen = *reslen + 1;
+                continue;
+            }
+            if (c == '\n')
+            {
+                flags &= ~CRFOUND;
+                *res++ = '\n';
+                *reslen = *reslen + 1;
+                continue;
+            }
+        }
+
+        if (c == '\r')
+        {
+            flags |= CRFOUND;
+            continue;
+        }
+        
+        *res++ = c;
+        *reslen = *reslen + 1;
+
+    }
+
+    return(0);
+}
+
+
+
diff --git a/other/b-scan/src/restore.c b/other/b-scan/src/restore.c
new file mode 100644
index 0000000..45edbb8
--- /dev/null
+++ b/other/b-scan/src/restore.c
@@ -0,0 +1,263 @@
+/*
+ * bscan, restore.c
+ * this is the buggies part of the entire scanner :>
+ * many buffer overflows in here
+ */
+#include <bscan/bscan.h>
+#include <bscan/system.h>
+#include <bscan/module.h>
+#include <string.h>
+
+
+extern struct _opt *opt;
+
+#define RESTORE_FILE    "restore.bscan"
+
+#define R_ARGVLIST      "argvlist"
+#define R_MODARG        "modarg"
+#define R_LIMIT         "limit"
+#define R_FLAGS         "flags"
+#define R_DELAY         "delay"
+#define R_PSCANSTAT     "pscanstat"
+#define R_IPSCAN_COUNT  "ipscan_count"
+#define R_IPTOTSCAN_C   "iptotscan_count"
+#define R_BSENT_COUNT   "bsent_count"
+#define R_IP_OFFSET     "ip_offset"
+#define R_IP_BLKLEN     "ip_blklen"
+#define R_IP_POS        "ip_pos"
+#define R_SCAN_TIME     "scan_time"
+#define R_SPF_SIP       "spf_sip"
+#define R_SPF_SMAC      "spf_smac"
+#define R_SNARFICMP_C   "snarf.icmp_c"
+#define R_SNARFCLOSE_C  "snarf.close_c"
+#define R_SNARFOPEN_C   "snarf.open_c"
+#define R_SNARFREFUSED_C        "snarf.refused_c"
+#define R_IDEV          "lnet.device"
+#define R_HOSTFILE      "hostfile"
+
+
+/*
+ * save everything that is required to restore/restart an inter session
+ */
+int
+write_restore ()
+{
+    u_char *p = (u_char *) opt->spf_smac;
+    FILE *fptr;
+    char **myargv = opt->argvlist;
+    struct timeval tv;
+#ifdef HAVE_DLSYM
+    int c=0;
+    extern const int modcount;
+    extern const struct _mods mods[MAX_MODULES];
+#endif
+
+    if (opt->flags & OPT_VERB)
+        fprintf (stderr, "Writing restore file '%s'\n", RESTORE_FILE);
+
+    if ((fptr = fopen (RESTORE_FILE, "w+")) == NULL)
+        return (-1);
+
+    fprintf (fptr, "# bscan restore file. This is an automatic generated\n");
+    fprintf (fptr, "# file. Don't edit.\n");
+    fprintf (fptr, "#\n");
+
+    fprintf (fptr, R_ARGVLIST ": ");
+    if ((opt->target != NULL) && !(opt->flags & OPT_HOSTFILE))
+        fprintf (fptr, "\"%s\" ", opt->target);
+    while (*myargv != NULL)
+        fprintf (fptr, "\"%s\" ", *myargv++);
+    fprintf (fptr, "\n");
+
+#ifdef HAVE_DLSYM
+    for (c = 0; c < modcount; c++)
+        fprintf(fptr, R_MODARG ": %s\n", mods[c].modarg);
+#endif
+
+    fprintf (fptr, R_LIMIT ": %u\n", opt->limit);
+    fprintf (fptr, R_DELAY ": %u\n", opt->delay);
+    fprintf (fptr, R_PSCANSTAT ": %u\n", opt->pscanstat);
+    fprintf (fptr, R_IPSCAN_COUNT ": %lu\n", opt->ipscan_count);
+    fprintf (fptr, R_IPTOTSCAN_C  ": %lu\n", opt->iptotscan_count);
+    fprintf (fptr, R_BSENT_COUNT ": %lu\n", opt->bsent_count);
+    fprintf (fptr, R_IP_OFFSET ": %lu\n", opt->ip_offset);
+    fprintf (fptr, R_IP_BLKLEN ": %lu\n", opt->ip_blklen);
+    fprintf (fptr, R_IP_POS ": %lu\n", opt->ip_pos);
+    fprintf (fptr, R_FLAGS ": %4.4x\n", opt->flags);
+    memcpy(&tv, &opt->tv2, sizeof(tv));
+    time_diff (&opt->scan_start, &tv);
+    fprintf (fptr, R_SCAN_TIME ": %ld\n", (long)tv.tv_sec);
+    fprintf (fptr, R_SPF_SIP ": %s\n", int_ntoa (opt->nt.src));
+    fprintf (fptr, R_SPF_SMAC ": %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x\n",
+             p[0], p[1], p[2], p[3], p[4], p[5]);
+    fprintf (fptr, R_SNARFICMP_C ": %lu\n", opt->snarf.icmp_c);
+    fprintf (fptr, R_SNARFCLOSE_C ": %lu\n", opt->snarf.close_c);
+    fprintf (fptr, R_SNARFOPEN_C ": %lu\n", opt->snarf.open_c);
+    fprintf (fptr, R_SNARFREFUSED_C ": %lu\n", opt->snarf.refused_c);
+    if (opt->lnet.device != NULL)
+        fprintf (fptr, R_IDEV ": %s\n", opt->lnet.device);
+    else
+        fprintf (fptr, R_IDEV ": \n");
+
+    if (opt->hostfile != NULL)
+        fprintf (fptr, R_HOSTFILE ": %s\n", opt->hostfile);
+    else
+        fprintf (fptr, R_HOSTFILE ": \n");
+
+    fclose (fptr);
+
+    return (0);
+}
+
+int
+restore_processtag (char *tag, char *arg)
+{
+    char *ptr = arg;
+    int c = 0;
+
+    if ((arg == NULL) || (tag == NULL))
+        return (-1);
+
+    if (!strcmp (R_ARGVLIST, tag))
+        if (strlen (arg) > 0)
+        {
+            int toggle = 0;
+            while (*ptr != '\0')
+                if (*ptr++ == '"')
+                    c++;
+            ptr = arg;
+            c = c / 2;
+            if (c <= 0)
+                return (-1);    /* this should not happen */
+            if ((opt->argvlist = malloc ((c + 1) * sizeof (char *))) == NULL)
+                return (-1);
+            for (toggle = 0; toggle < c + 1; toggle++)
+                opt->argvlist[toggle] = NULL;
+
+            toggle = 0;
+            ptr = arg;
+            c = 0;
+            while (*ptr != '\0')
+                if (*ptr++ == '"')
+                {
+                    *(ptr - 1) = '\0';
+                    if (toggle++ == 1)
+                    {
+                        toggle = 0;
+                        continue;
+                    }
+                    opt->argvlist[c++] = ptr;
+                }
+
+            /* strings are ready + \0 terminated here */
+
+            for (toggle = 0; toggle < c; toggle++)
+                opt->argvlist[toggle] = strdup (opt->argvlist[toggle]);
+
+            return (0);
+        }
+
+    if (!strcmp (R_MODARG, tag))
+        loadinit_mod(arg);
+        
+    if (!strcmp (R_DELAY, tag))
+        opt->delay = atoi (arg);
+    if (!strcmp (R_LIMIT, tag))
+        opt->limit = atoi (arg);
+    if (!strcmp (R_PSCANSTAT, tag))
+        opt->pscanstat = atoi (arg);
+    if (!strcmp (R_IPSCAN_COUNT, tag))
+        opt->ipscan_count = strtoul (arg, NULL, 10);
+    if (!strcmp (R_IPTOTSCAN_C, tag))
+        opt->iptotscan_count = strtoul (arg, NULL, 10);
+    if (!strcmp (R_BSENT_COUNT, tag))
+        opt->bsent_count = strtoul (arg, NULL, 10);
+    if (!strcmp (R_IP_OFFSET, tag))
+        opt->ip_offset = strtoul (arg, NULL, 10);
+    if (!strcmp (R_IP_BLKLEN, tag))
+        opt->ip_blklen = strtoul (arg, NULL, 10);
+    if (!strcmp (R_IP_POS, tag))
+        opt->ip_pos = strtoul (arg, NULL, 10);
+    if (!strcmp (R_SCAN_TIME, tag))
+    {                           /* doing the date trick ..we had a scannerdowntime.. */
+        gettimeofday (&opt->scan_start, NULL);
+        opt->scan_start.tv_sec =
+            opt->scan_start.tv_sec - strtoul (arg, NULL, 10);
+    }
+    if (!strcmp (R_SPF_SIP, tag))
+        opt->nt.src = inet_addr (arg);
+    if (!strcmp (R_SPF_SMAC, tag))
+    {
+        unsigned short int sp[6];
+        sscanf (arg, "%hx:%hx:%hx:%hx:%hx:%hx", &sp[0], &sp[1], &sp[2],
+                &sp[3], &sp[4], &sp[5]);
+        for (c = 0; c < 6; c++)
+            opt->spf_smac[c] = (u_char) sp[c];
+
+    }
+    if (!strcmp (R_FLAGS, tag))
+    {
+        sscanf (arg, "%hx", &opt->flags);
+        opt->flags &= ~OPT_ABRT;
+        opt->flags &= ~OPT_REST;
+    }
+    if (!strcmp (R_SNARFICMP_C, tag))
+        opt->snarf.icmp_c = strtoul (arg, NULL, 10);
+    if (!strcmp (R_SNARFCLOSE_C, tag))
+        opt->snarf.close_c = strtoul (arg, NULL, 10);
+    if (!strcmp (R_SNARFOPEN_C, tag))
+        opt->snarf.open_c = strtoul (arg, NULL, 10);
+    if (!strcmp (R_SNARFREFUSED_C, tag))
+        opt->snarf.refused_c = strtoul (arg, NULL, 10);
+    if (!strcmp (R_IDEV, tag))
+        if (strlen (arg) > 0)
+            opt->lnet.device = strdup (arg);
+    if (!strcmp (R_HOSTFILE, tag))
+        if (strlen (arg) > 0)
+            opt->hostfile = strdup (arg);
+
+    return (0);
+}
+
+
+/*
+ * read restore-file
+ * return 0 on success, -1 on failure
+ * sscanf is exploitable. have fun. What kind of stupid admin
+ * who set a +s on this programm. harhar
+ */
+int
+read_restore (char *filename)
+{
+    FILE *fptr;
+    char buf[1024];
+    char tag[1024], arg[1024];
+
+    if (opt->flags & OPT_VERB)
+        fprintf (stderr, "Reading restore file '%s'.\n", filename);
+
+    if ((fptr = fopen (filename, "rb")) == NULL)
+    {
+        printf ("OPEN FAILED\n");
+        return (-1);
+    }
+
+    while (fgets (buf, sizeof (buf), fptr) != NULL)
+    {
+        if (strchr (buf, '#') != NULL)
+            continue;
+
+        tag[0] = arg[0] = '\0';
+        sscanf (buf, "%[^: ]%*[: \t]%[^#\n]%*[\n]", tag, arg);
+
+        if (restore_processtag (tag, arg) == -1)
+        {
+            fprintf (stderr, "error while processing restore file with '%s:%s' \n ", tag, arg);
+             exit (-1);
+        }
+
+     }
+
+     fclose (fptr);
+     return (0);
+}
diff --git a/other/b-scan/src/signal.c b/other/b-scan/src/signal.c
new file mode 100644
index 0000000..a2af01f
--- /dev/null
+++ b/other/b-scan/src/signal.c
@@ -0,0 +1,72 @@
+#include <signal.h>
+#include <bscan/signal.h>
+
+/*
+ * add the signals that you want to be set to default-action
+ */
+int
+do_sig_setall (sighandler_t action)
+{
+#ifdef SIGHUP
+    signal (SIGHUP, action);
+#endif
+#ifdef SIGINT
+    signal (SIGINT, action);
+#endif
+#ifdef SIGQUIT
+    signal (SIGQUIT, action);
+#endif
+#ifdef SIGABRT
+    signal (SIGABRT, action);
+#endif
+#ifdef SIGPIPE
+    signal (SIGPIPE, action);
+#endif
+#ifdef SIGALRM
+    signal (SIGALRM, action);
+#endif
+#ifdef SIGTERM
+    signal (SIGTERM, action);
+#endif
+#ifdef SIGUSR1
+    signal (SIGUSR1, action);
+#endif
+#ifdef SIGUSR1
+    signal (SIGUSR1, action);
+#endif
+#ifdef SIGCHLD
+    signal (SIGCHLD, action);
+#endif
+#ifdef SIGCOMT
+    signal (SIGCOMT, action);
+#endif
+#ifdef SIGSTOP
+    signal (SIGSTOP, action);
+#endif
+#ifdef SIGTSTP
+    signal (SIGTSTP, action);
+#endif
+#ifdef SIGTTIM
+    signal (SIGTTIM, action);
+#endif
+#ifdef SIGTTOU
+    signal (SIGTTOU, action);
+#endif
+
+    return (0);
+}
+
+/*
+ * sig-ctl function.
+ * atm only SIG_DFL implemented....
+ */
+int
+sigctl (int flags, sighandler_t action)
+{
+    int ret = 0;
+
+    if (flags & SIG_SETALL)
+        ret = do_sig_setall (action);
+
+    return (ret);
+}
diff --git a/other/b-scan/src/snarf.c b/other/b-scan/src/snarf.c
new file mode 100644
index 0000000..fce8b9e
--- /dev/null
+++ b/other/b-scan/src/snarf.c
@@ -0,0 +1,211 @@
+#include <stdlib.h>
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#ifndef __FAVOR_BSD
+#define __FAVOR_BSD
+#endif
+#ifndef __USE_BSD
+#define __USE_BSD
+#endif
+#ifndef __BSD_SOURCE
+#define __BSD_SOURCE
+#endif
+
+#include <pcap.h>
+#include <bscan/bscan.h>
+#include <bscan/snarf.h>
+#include <bscan/module.h>
+#include <bscan/signal.h>
+
+pcap_t *ip_socket;
+
+/*
+ * some global variables (modules need access etc)
+ */
+int dlt_len;
+u_char *align_buf = NULL;
+unsigned short ip_options = 0;
+struct ip *ip;
+struct Ether_header *eth;
+u_int pcaplen, plen;
+struct timeval *pts;
+
+extern struct _opt *opt;
+#ifdef HAVE_DLSYM
+extern const int modcount;
+extern const struct _mods mods[MAX_MODULES];
+#endif
+
+
+/*
+ * answer on arp-request.
+ */
+static void
+handle_arp (struct pcap_pkthdr *p, struct Ether_header *eth,
+            struct Arphdr *arp)
+{
+    u_long *ipdummy = (u_long *) arp->ar_tip;
+
+    if (ntohs (arp->ar_op) != ARPOP_REQUEST)
+        return;
+
+#ifdef DEBUG
+    printf ("ARPG request for %s\n", int_ntoa ((u_long) * ipdummy));
+#endif
+    if (*ipdummy == opt->nt.src)
+        play_arpg (&opt->lnet, arp->ar_tip, (u_char *) opt->spf_smac,
+                   (u_char *) arp->ar_sip, eth->ether_shost);
+}
+
+
+/*
+ * called by libpcap 
+ */
+static void
+filter_packet (u_char * u, struct pcap_pkthdr *p, u_char * packet)
+{
+    int c;
+    static u_char *align_eth = NULL;
+
+    if (p->len < (dlt_len + sizeof (struct Arphdr)))
+        return;
+    if (align_buf == NULL)
+        align_buf = (u_char *) malloc (2048);
+    if (align_eth == NULL)
+        align_eth = (u_char *) malloc (42);
+
+    memcpy ((char *) align_buf, (char *) (packet + dlt_len), p->caplen);
+    memcpy ((char *) align_eth, (char *) packet, 42);
+    eth = (struct Ether_header *) (align_eth);
+    ip = (struct ip *) (align_buf);
+
+    if (ntohs (eth->ether_type) == ETHERTYPE_ARP)
+    {
+        handle_arp (p, eth, (struct Arphdr *) (align_buf));
+        return;
+    }
+
+
+    if (ntohs (eth->ether_type) != ETHERTYPE_IP)
+        return;
+    if (vrfy_ip (ip, p->len - dlt_len, &ip_options) != 0)
+        return;
+    if (ip->ip_dst.s_addr != opt->nt.src)
+        return;
+    if (p->len < (dlt_len + sizeof (*ip) + ip_options))
+        return;
+
+    /* here only 'my-ip' packets */
+
+/* module entry point TWO */
+/* packet is verifite, belongs to us + valid size */
+/* return of module tell us if we should procced as usual or not */
+/* DROP is valid here ! */
+
+    plen = p->len;
+    pcaplen = p->caplen; 
+    pts = &p->ts;
+
+#ifdef HAVE_DLSYM
+    c = 0;
+    while (c < modcount)
+        mods[c++].callmdl (MOD_RCV, opt);
+#endif
+
+}
+
+/*
+ * init pcap network stuff
+ * only called once on startup.
+ * -1 = error
+ * 0 = success
+ */
+int
+pcap_init_net (char *iface, int promisc, char *filter, int *dltlen)
+{
+    char errbuf[PCAP_ERRBUF_SIZE];
+    struct bpf_program prog;
+    bpf_u_int32 network, netmask;
+
+    if (iface == NULL)
+    {
+        iface = pcap_lookupdev (errbuf);
+        if (iface == NULL)
+        {
+            fprintf (stderr, "pcap_lookupdev: %s\n", errbuf);
+            return (-1);
+        }
+    }
+    if (pcap_lookupnet (iface, &network, &netmask, errbuf) < 0)
+    {
+        fprintf (stderr, "pcap_lookupnet: %s\n", errbuf);
+        return (-1);
+    }
+    ip_socket = pcap_open_live (iface, 1024, promisc, 1024, errbuf);
+    if (ip_socket == NULL)
+    {
+        fprintf (stderr, "pcap_open_live: %s\n", errbuf);
+        return (-1);
+    }
+    switch (pcap_datalink (ip_socket))
+    {
+    case DLT_EN10MB:
+        *dltlen = 14;
+        break;
+    case DLT_SLIP:
+        *dltlen = 16;
+        break;
+    default:
+        *dltlen = 4;
+        break;
+    }
+    if (pcap_compile (ip_socket, &prog, filter, 1, netmask) < 0)
+    {
+        fprintf (stderr, "pcap_compile: %s\n", errbuf);
+        return (-1);
+    }
+    if (pcap_setfilter (ip_socket, &prog) < 0)
+    {
+        fprintf (stderr, "pcap_setfilter: %s\n", errbuf);
+        return (-1);
+    }
+
+    return 0;
+}
+
+
+/*
+ * called by main-thread.
+ * doing all the snarf, arp-reply, tcp-stack stuff from here
+ */
+void *
+do_snarf (void *iface)
+{
+/*    sigctl (SIG_SETALL, SIG_DFL);
+    signal (SIGINT, SIG_IGN);
+*/
+
+    pcap_init_net (iface, 1, PCAP_FILTER, &dlt_len);
+
+    /* the parent thread should at least w8 until we are ready to rumble */
+    opt->flags &= ~OPT_W8SEMA;
+
+    while (1)
+        pcap_loop (ip_socket, -1, (pcap_handler) filter_packet, NULL);
+
+    undo_snarf();       /*### fixme, somewhere else */
+
+    pthread_exit(NULL); /* no return values needed */
+    return NULL;
+}
+
+/*
+ * close everything that was initialized with do_snarf
+ */
+void
+undo_snarf ()
+{
+    pcap_close (ip_socket);
+}
+
diff --git a/other/b-scan/src/system.c b/other/b-scan/src/system.c
new file mode 100644
index 0000000..a3ccc94
--- /dev/null
+++ b/other/b-scan/src/system.c
@@ -0,0 +1,349 @@
+#include <sys/types.h>
+#include <sys/ipc.h>
+#include <sys/shm.h>
+#include <sys/mman.h>
+#include <sys/time.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <fcntl.h>
+#include <time.h>
+
+#ifndef SHMMNI
+#define SHMMNI  100
+#endif
+
+#define MAXSHM  4               /* its bscan. we need <4 shm's */
+
+static int shm_id = -1;         /* last used id */
+static int shm_c = -1;          /* shm_alloc counter */
+
+static struct _shm
+{
+    int id;
+    void *ptr;
+}
+shm[MAXSHM];
+
+
+/*
+ * uhm. hard job for the process coz the process
+ * does not get the shm_id. uhm. i should make a static traking list
+ * of all shared memory segments (addr <-> id mapping maybe ?)
+ * on the other hand...since an attachment count is maintained for
+ * the shared memory segment the segment gets removed when the last
+ * process using the segment terminates or detaches it.
+ * hmm. Seems the following function is completly useless....:>
+ * Hey. why are you reading my comments ? write me: anonymous@segfault.net!
+ */
+int
+shmfree (int shm_id)
+{
+    if (shm_id < 0)
+        return (-1);
+    return (shmctl (shm_id, IPC_RMID, 0));
+}
+
+/*
+ * kill ALL shm's
+ * uhm. this is brutal. but shm is risky. you can bring
+ * down ANY system if you waste all shm's. Shm's dont get 
+ * freed on process-exit !!! syslog will fail, inetd will fail, ..
+ * any program that tries to alloc shared memory...nono good :>
+ * root can use 'ipcrm shm <id>' do free the shm's.
+ * that's why we use this brutal "killall"-method.
+ * something else: killall-method is realy BRUTAL. believe me!
+ * If you have other functions registered on exit (atexit)
+ * and you try to reference to a shm within these function...you are lost
+ * Unexpected things will happen....
+ */
+void
+shmkillall ()
+{
+    int c;
+
+    for (c = 0; c < shm_c; c++)
+        shmfree (shm[c].id);
+}
+
+/*
+ * allocate shared memory (poor but fast IPC)
+ * the value returned is a pointer to the allocated 
+ * memory, which is suitably aligned for any kind of
+ * variable, or NULL if the request fails.
+ *
+ * TODO: on SVR4 use open("/dev/zero", O_RDWR); and mmap trick for speedup 
+ */
+void *
+shmalloc (int flag, size_t length)
+{
+    void *shm_addr;
+    int c = 0;
+
+    if (shm_c == -1)            /* init all the internal shm stuff */
+    {
+        atexit (shmkillall);
+        shm_c = 0;
+    }
+
+    if (shm_c >= MAXSHM)
+        return (NULL);          /* no space left in list. no bscan ?? */
+
+    if (flag == 0)
+        flag = (IPC_CREAT | IPC_EXCL | SHM_R | SHM_W);
+
+    while (c < SHMMNI)          /* brute force a NEW shared memory section */
+        if ((shm_id = shmget (getpid () + c++, length, flag)) != -1)
+            break;
+        else
+            return (NULL);
+
+    if ((shm_addr = shmat (shm_id, NULL, 0)) == NULL)
+        return (NULL);
+
+    shm[shm_c].id = shm_id;
+    shm[shm_c].ptr = shm_addr;
+    shm_c++;                    /* increase shm-counter */
+
+    return (shm_addr);
+}
+
+#ifdef WITH_NANOSLEEP
+/* add lib '-lrt' */
+/*
+ * nanosec must be in the range  0 to 999 999 999
+ * ..we dont care about signals here...
+ */
+void
+do_nanosleep (time_t sec, long nsec)
+{
+    struct timespec mynano;
+    mynano.tv_sec = sec;
+    mynano.tv_nsec = nsec;
+    nanosleep (&mynano, NULL);
+}
+#endif
+
+
+/*
+ * xchange data p1 <-> p2 of length len
+ */
+void
+xchange (void *p1, void *p2, int len)
+{
+    unsigned char buf[len];
+
+    memcpy (buf, p1, len);
+    memcpy (p1, p2, len);
+    memcpy (p2, buf, len);
+}
+
+/*
+ * calculate time-difference now - in
+ * and return diff in 'now'
+ */
+void
+time_diff (struct timeval *in, struct timeval *now)
+{
+    if ((now->tv_usec -= in->tv_usec) < 0)
+    {
+        now->tv_sec--;
+        now->tv_usec += 1000000;
+    }
+    now->tv_sec -= in->tv_sec;
+}
+
+/*
+ * converts a 'esc-sequenced' string to normal string
+ * return string in dst.
+ * returns 0 on success
+ * todo: \ddd decoding
+ */
+int
+ctoreal(char *src, char *dst)
+{
+    char c;
+
+    if ((src == NULL) || (dst == NULL))
+    {
+        dst = NULL;
+        return(0);      /* yes, its ok. */
+    }
+
+    while (*src != '\0')
+        if (*src == '\\')
+        {
+            switch((c = *++src))
+            {
+                case 'n':
+                    *dst++ = '\n';
+                    break;
+                case 'r':
+                    *dst++ = '\r';
+                    break;
+                case 't':
+                    *dst++ = '\t';
+                    break;
+                case '\\':
+                    *dst++ = '\\';
+                    break;
+                case 's':
+                    *dst++ = ' ';
+                    break;
+                default:
+                    *dst++ = c;
+                  /*  printf("unknown escape sequence 0x%2.2x\n", c);*/
+                    break;
+            }
+            src++;
+        } else
+        {
+            *dst++ = *src++;
+        }
+    *dst = '\0';
+    return(0);
+}
+
+
+/*
+ * parse data, format data and print to fd (only prinatable chars)
+ * supress \r, nonprintable -> '_';
+ * output line by line [\n] with 'prefix' before each line.
+ * prefix is a 0-terminated string
+ */
+void
+save_write(FILE *fd, char *prefix, unsigned char *data, int data_len)
+{
+    int         c;
+    unsigned char       *ptr = data;
+    unsigned char       *startptr = data;
+    const char  trans[] =
+                "................................ !\"#$%&'()*+,-./0123456789"
+                ":;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklm"
+                "nopqrstuvwxyz{|}~...................................."
+                "....................................................."
+                "........................................";
+
+
+   if (prefix == NULL)
+        prefix = "";
+
+    for (c = 0; c < data_len; c++)
+    {
+        if (*data == '\r')      /* i dont like these */
+        {
+            data++;
+            continue;
+        }
+        if (*data == '\n')
+        {
+            *ptr = '\0';
+            fprintf (fd, "%s%s\n", prefix, startptr);
+            startptr = ++data;
+            ptr = startptr;
+            continue;
+        }
+
+        *ptr++ = trans[*data++];
+        
+    }
+
+   if (ptr != startptr)
+   {
+        *ptr = '\0';
+        fprintf (fd, "%s%s\n", prefix, startptr);
+   }
+
+}
+
+/*
+ * check if data contains any non-printable chars [except \n]
+ * return 0 if yes,,,,1 if not.
+ */
+int
+isprintdata(char *ptr, int len)
+{
+    char        c;
+
+    while(len-- > 0)
+    {
+        c = *ptr++;
+        if (c == '\n')
+            continue;
+        if (!isprint((int)c))
+            return(0);
+    }
+
+  return(1);
+}
+
+/*
+ * convert some data into hex string
+ * We DO 0 terminate the string.
+ * dest = destination
+ * destlen = max. length of dest (size of allocated memory)
+ * data = (non)printable input data
+ * len = input data len
+ * return 0 on success, 1 if data does not fit into dest, -1 on error
+ */
+int
+dat2hexstr(unsigned char *dest, unsigned int destlen, unsigned char *data,
+                 unsigned int len)
+{
+    unsigned int        i = 0;
+    unsigned int        slen = 0;
+    unsigned char       *ptr = dest;
+    unsigned char       c;
+    char                hex[] = "0123456789ABCDEF";
+
+    memset(dest, '\0', destlen);
+
+    while (i++ < len)
+    {
+        c = *data++;
+        if (slen + 3 < destlen)
+        {
+            *dest++ = hex[c / 16];
+            *dest++ = hex[c % 16];
+            *dest++ = ' ';
+            slen += 3;
+            ptr += 3;
+         } else {
+                return(1);
+        }
+    }
+
+    return(0);
+}
+
+
+/* dat2strip
+ *
+ * print the data at `data', which is `len' bytes long to the char
+ * array `dest', which is `destlen' characters long. filter out any
+ * non-printables. NUL terminate the dest array in every case.
+ *
+ * return the number of characters written
+ */
+
+int
+dat2strip(unsigned char *dest, unsigned int destlen, unsigned char *data,
+                unsigned int len)
+{
+    unsigned char       *dp;
+
+    for (dp = dest ; dp - dest < destlen && len > 0 ; --len, ++data, ++dp) {
+        if (isprint (*data))
+            *dp = *data;
+    }
+
+    if (dp - dest < destlen)
+        *dp = '\0';
+    dest[destlen - 1] = '\0';
+
+    return (dp - dest);
+}
+
+
diff --git a/other/b-scan/src/test_garage.c b/other/b-scan/src/test_garage.c
new file mode 100644
index 0000000..06acf61
--- /dev/null
+++ b/other/b-scan/src/test_garage.c
@@ -0,0 +1,99 @@
+/* test_garage.c - test program for the garage module
+ *
+ * by scut / teso
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <time.h>
+#include <garage.h>
+
+
+void
+cleaner_t (ip_list *il);
+
+int
+main (int argc, char *argv[])
+{
+        int                     data_len;
+        unsigned char *         data;
+        unsigned long int       ip,
+                                gip = 0;
+        unsigned long int       ips;
+        garage_hdlr *           hdl;
+        unsigned long int       maxkeep;
+
+        printf ("mg_cidr_getmask (20) = 0x%08lx\n", mg_cidr_getmask (20));
+        printf ("mg_cidr_getmask (0xffffffc0) = 0x%08lx\n", mg_cidr_getmask (0xffffffc0));
+
+        if (argc < 2 || sscanf (argv[1], "%lu", &ips) != 1) {
+                printf ("usage: %s <number-of-ips> [maxkeep]\n\n", argv[0]);
+
+                exit (EXIT_FAILURE);
+        }
+        if (argc == 3 && sscanf (argv[2], "%lu", &maxkeep) != 1)
+                exit (EXIT_FAILURE);
+
+        srand (time (NULL));
+        hdl = mg_init ("footest", maxkeep, cleaner_t);
+
+        printf ("mg_cidr_getmask (0) = 0x%08lx\n", mg_cidr_getmask (0));
+
+        mg_write (hdl, 2048, "foobar", 7, 0);
+        mg_write (hdl, 2050, "foobar", 7, 0);
+        mg_write (hdl, 101911, "foobar", 7, 0);
+        mg_write (hdl, 28914191, "foobar", 7, 0);
+        printf ("mg_cidr_count (hdl, 2048, 32) = %lu\n", mg_cidr_count (hdl, 2048, 32));
+        printf ("mg_cidr_count (hdl, 2048, 31) = %lu\n", mg_cidr_count (hdl, 2048, 31));
+        printf ("mg_cidr_count (hdl, 2048, 30) = %lu\n", mg_cidr_count (hdl, 2048, 30));
+        printf ("mg_cidr_count (hdl, 2048, 13) = %lu\n", mg_cidr_count (hdl, 2048, 13));
+        printf ("mg_cidr_count (hdl, 2048,  0) = %lu\n", mg_cidr_count (hdl, 2048, 0));
+
+
+        ip = 123;
+        mg_write (hdl, ip, "foo", 4, 0);
+        mg_read (hdl, ip);
+        mg_clean (hdl, ip, NULL);
+
+        do {
+                ip = rand ();
+
+                data_len = rand () % 64;
+                data_len += 1;  /* avoid allocating zero bytes */
+                data = malloc (data_len);
+                memset (data, '\x73', data_len);
+                data[data_len - 1] = '\0';
+
+                mg_write (hdl, ip, (void *) data, data_len, 1);
+                if (ips % 137 == 0)
+                        gip = ip;
+
+                if (ips % 139 == 0)
+                        (void) mg_read (hdl, gip);
+
+                ips -= 1;
+                if (ips % 5000 == 0)
+                        mg_show (hdl);
+
+        } while (ips > 0);
+
+        mg_show (hdl);
+        mg_destroy (hdl, 0);
+
+        exit (EXIT_SUCCESS);
+}
+
+
+void
+cleaner_t (ip_list *il)
+{
+        if ((rand () % 20000) == 0)
+                printf ("cleaner_t: il = 0x%08lx  IP = 0x%08lx\n",
+                        (unsigned long int) il,
+                        il->ip);
+
+        return;
+}
+
+
diff --git a/other/b-scan/src/tty.c b/other/b-scan/src/tty.c
new file mode 100644
index 0000000..5c99b7f
--- /dev/null
+++ b/other/b-scan/src/tty.c
@@ -0,0 +1,116 @@
+/*
+ * most of this stuff is ripped from solar's excelent john-1.6 source
+ */
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#include <unistd.h>
+#include <stdlib.h>
+#include <termios.h>
+
+static int tty_fd = 0;
+static int tty_buf = -1;
+static struct termios saved_ti;
+
+
+/*
+ *  Reads a character, returns -1 if no data available or on error.
+ */
+int
+tty_getchar ()
+{
+    int c;
+
+    /* 
+     * process buffer first
+     */
+    if (tty_buf != -1)
+    {
+        c = tty_buf;
+        tty_buf = -1;
+        return (c);
+    }
+
+    if (tty_fd)
+    {
+        c = 0;
+        if (read (tty_fd, &c, 1) > 0)
+            return c;
+    }
+
+    return (-1);
+}
+
+/*
+ * check if someone pressed a key
+ * Actually we do a read on the fd and store the result in a buffer
+ * todo: check with ioctl if data is pending
+ * return 1 is data is pending, 0 if not
+ */
+int
+tty_ischar ()
+{
+    if (tty_buf != -1)
+        return (1);
+
+    if ((tty_buf = tty_getchar ()) != -1)
+        return (1);
+
+    return (0);
+}
+
+
+/*
+ * Restores the terminal parameters and closes the file descriptor.
+ */
+void
+tty_done ()
+{
+    int fd;
+
+    if (!tty_fd)
+        return;
+
+    fd = tty_fd;
+    tty_fd = 0;
+    tcsetattr (fd, TCSANOW, &saved_ti);
+
+    close (fd);
+}
+
+
+/* 
+ * Initializes the terminal for unbuffered non-blocking input. Also registers
+ * tty_done() via atexit().
+ */
+void
+tty_init ()
+{
+    int fd;
+    struct termios ti;
+
+    if (tty_fd)
+        return;
+
+    if ((fd = open ("/dev/tty", O_RDONLY | O_NONBLOCK)) < 0)
+        return;
+
+    if (tcgetpgrp (fd) != getpid ())
+    {
+        close (fd);
+        return;
+    }
+
+    tcgetattr (fd, &ti);
+    saved_ti = ti;
+    ti.c_lflag &= ~(ICANON | ECHO);
+    ti.c_cc[VINTR] = 3;         /* CTRL-C is INTR */
+    ti.c_cc[VMIN] = 1;
+    ti.c_cc[VTIME] = 0;
+    tcsetattr (fd, TCSANOW, &ti);
+
+    tty_fd = fd;
+
+    atexit (tty_done);
+}
diff --git a/other/b-scan/support/Makefile b/other/b-scan/support/Makefile
new file mode 100644
index 0000000..4025e1f
--- /dev/null
+++ b/other/b-scan/support/Makefile
@@ -0,0 +1,20 @@
+CC=gcc
+COPT=-Wall -ggdb -I../include
+DEFS=#-DDEBUG
+OBJ=hpuxdl.o snprintf.o
+
+# HPUX 11.00
+# DEFS=-DNEED_SNPRINTF -DHAVE_SHL_LOAD #-DDEBUG
+
+# HPUX 10.20
+# DEFS=-DHP10 -DNEED_SNPRINTF -DHAVE_SHL_LOAD #-DDEBUG
+
+all:    $(OBJ)
+
+.c.o:
+        $(CC) $(COPT) $(DEFS) -c $<
+
+clean:
+        rm -f $(OBJ) core *~
+
+
diff --git a/other/b-scan/support/hpuxdl.c b/other/b-scan/support/hpuxdl.c
new file mode 100644
index 0000000..accaed9
--- /dev/null
+++ b/other/b-scan/support/hpuxdl.c
@@ -0,0 +1,187 @@
+#ifdef HAVE_SHL_LOAD
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <dl.h>
+
+/*
+ * This is a minimal implementation of the ELF dlopen, dlclose, dlsym
+ * and dlerror routines based on HP's shl_load, shl_unload and
+ * shl_findsym. */
+
+/*
+ * Reference Counting.
+ *
+ * Empirically it looks like the HP routines do not maintain a
+ * reference count, so I maintain one here.
+ */
+
+typedef struct lib_entry {
+  shl_t handle;
+  int count;
+  struct lib_entry *next;
+} *LibEntry;
+
+#define lib_entry_handle(e) ((e)->handle)
+#define lib_entry_count(e) ((e)->count)
+#define lib_entry_next(e) ((e)->next)
+#define set_lib_entry_handle(e,v) ((e)->handle = (v))
+#define set_lib_entry_count(e,v) ((e)->count = (v))
+#define set_lib_entry_next(e,v) ((e)->next = (v))
+#define increment_lib_entry_count(e) ((e)->count++)
+#define decrement_lib_entry_count(e) ((e)->count--)
+
+static LibEntry Entries = NULL;
+
+static LibEntry find_lib_entry(shl_t handle)
+{
+  LibEntry entry;
+
+  for (entry = Entries; entry != NULL; entry = lib_entry_next(entry))
+    if (lib_entry_handle(entry) == handle)
+      return entry;
+  return NULL;
+}
+
+static LibEntry new_lib_entry(shl_t handle)
+{
+  LibEntry entry;
+
+  if ((entry = (LibEntry) malloc(sizeof(struct lib_entry))) != NULL) {
+    set_lib_entry_handle(entry, handle);
+    set_lib_entry_count(entry, 1);
+    set_lib_entry_next(entry, Entries);
+    Entries = entry;
+  }
+  return entry;
+}
+
+static void free_lib_entry(LibEntry entry)
+{
+  if (entry == Entries)
+    Entries = lib_entry_next(entry);
+  else {
+    LibEntry last, next;
+    for (last = Entries, next = lib_entry_next(last);
+         next != NULL;
+         last = next, next = lib_entry_next(last)) {
+      if (entry == next) {
+        set_lib_entry_next(last, lib_entry_next(entry));
+        break;
+      }
+    }
+  }
+  free(entry);
+}
+
+/*
+ * Error Handling.
+ */
+
+#define ERRBUFSIZE 1000
+
+static char errbuf[ERRBUFSIZE];
+static int dlerrno = 0;
+
+char *dlerror(void)
+{
+  return dlerrno ? errbuf : NULL;
+}
+
+/*
+ * Opening and Closing Liraries.
+ */
+
+void *dlopen(const char *fname, int mode)
+{
+  shl_t handle;
+  LibEntry entry = NULL;
+
+  dlerrno = 0;
+  if (fname == NULL)
+    handle = PROG_HANDLE;
+  else {
+    handle = shl_load(fname, mode, 0L);
+    if (handle != NULL) {
+      if ((entry = find_lib_entry(handle)) == NULL) {
+        if ((entry = new_lib_entry(handle)) == NULL) {
+          shl_unload(handle);
+          handle = NULL;
+        }
+      }
+      else
+        increment_lib_entry_count(entry);
+    }
+    if (handle == NULL) {
+      char *errstr;
+      dlerrno = errno;
+      errstr = strerror(errno);
+      if (errno == NULL) errstr = "???";
+      sprintf(errbuf, "can't open %s: %s", fname, errstr);
+    }
+  }
+#ifdef DEBUG
+  printf("opening library %s, handle = %x, count = %d\n",
+         fname, handle, entry ? lib_entry_count(entry) : -1);
+  if (dlerrno) printf("%s\n", dlerror());
+#endif
+  return (void *) handle;
+}
+
+int dlclose(void *handle)
+{
+  LibEntry entry;
+#ifdef DEBUG
+  entry = find_lib_entry(handle);
+  printf("closing library handle = %x, count = %d\n",
+         handle, entry ? lib_entry_count(entry) : -1);
+#endif
+
+  dlerrno = 0;
+  if ((shl_t) handle == PROG_HANDLE)
+    return 0; /* ignore attempts to close main program */
+  else {
+
+    if ((entry = find_lib_entry((shl_t) handle)) != NULL) {
+      decrement_lib_entry_count(entry);
+      if (lib_entry_count(entry) > 0)
+        return 0;
+      else {
+        /* unload once reference count reaches zero */
+        free_lib_entry(entry);
+        if (shl_unload((shl_t) handle) == 0)
+          return 0;
+      }
+    }
+    /* if you get to here, an error has occurred */
+    dlerrno = 1;
+    sprintf(errbuf, "attempt to close library failed");
+#ifdef DEBUG
+    printf("%s\n", dlerror());
+#endif
+    return -1;
+  }
+}
+
+/*
+ * Symbol Lookup.
+ */
+
+void *dlsym(void *handle, const char *name)
+{
+  void *f;
+  shl_t myhandle;
+
+  dlerrno = 0;
+  myhandle = (handle == NULL) ? PROG_HANDLE : (shl_t) handle;
+
+  if (shl_findsym(&myhandle, name, TYPE_PROCEDURE, &f) != 0) {
+    dlerrno = 1;
+    sprintf(errbuf, "symbol %s not found", name);
+    f = NULL;
+  }
+
+  return(f);
+}
+
+#endif
diff --git a/other/b-scan/support/snprintf.c b/other/b-scan/support/snprintf.c
new file mode 100644
index 0000000..f6a7a40
--- /dev/null
+++ b/other/b-scan/support/snprintf.c
@@ -0,0 +1,331 @@
+#ifdef NEED_SNPRINTF
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifndef __P
+#define __P(p)  p
+#endif
+
+#include <stdarg.h>
+#define VA_LOCAL_DECL   va_list ap;
+#define VA_START(f)     va_start(ap, f)
+#define VA_END          va_end(ap)
+
+#ifdef SOLARIS2
+#ifdef _FILE_OFFSET_BITS
+#define SOLARIS26
+#endif
+#endif
+
+#ifdef SOLARIS26
+#define HAS_SNPRINTF
+#define HAS_VSNPRINTF
+#endif
+#ifdef _SCO_DS_
+#define HAS_SNPRINTF
+#endif
+#ifdef luna2
+#define HAS_VSNPRINTF
+#endif
+
+/**************************************************************
+ * Original:
+ * Patrick Powell Tue Apr 11 09:48:21 PDT 1995
+ * A bombproof version of doprnt (dopr) included.
+ * Sigh.  This sort of thing is always nasty do deal with.  Note that
+ * the version here does not include floating point...
+ *
+ * snprintf() is used instead of sprintf() as it does limit checks
+ * for string length.  This covers a nasty loophole.
+ *
+ * The other functions are there to prevent NULL pointers from
+ * causing nast effects.
+ **************************************************************/
+
+static void dopr(char *, const char *, va_list);
+static char *end;
+
+#ifndef HAS_VSNPRINTF
+int vsnprintf(char *str, size_t count, const char *fmt, va_list args)
+{
+    str[0] = 0;
+    end = str + count - 1;
+    dopr(str, fmt, args);
+    if (count > 0)
+        end[0] = 0;
+    return strlen(str);
+}
+
+#ifndef HAS_SNPRINTF
+/* VARARGS3 */
+int snprintf(char *str, size_t count, const char *fmt,...)
+{
+    int len;
+    VA_LOCAL_DECL
+
+        VA_START(fmt);
+    len = vsnprintf(str, count, fmt, ap);
+    VA_END;
+    return len;
+}
+#endif
+
+/*
+ * dopr(): poor man's version of doprintf
+ */
+
+static void fmtstr __P((char *value, int ljust, int len, int zpad, int maxwidth));
+static void fmtnum __P((long value, int base, int dosign, int ljust, int len, int zpad));
+static void dostr __P((char *, int));
+static char *output;
+static void dopr_outch __P((int c));
+
+static void dopr(char *buffer, const char *format, va_list args)
+{
+    int ch;
+    long value;
+    int longflag = 0;
+    int pointflag = 0;
+    int maxwidth = 0;
+    char *strvalue;
+    int ljust;
+    int len;
+    int zpad;
+
+    output = buffer;
+    while ((ch = *format++)) {
+        switch (ch) {
+        case '%':
+            ljust = len = zpad = maxwidth = 0;
+            longflag = pointflag = 0;
+          nextch:
+            ch = *format++;
+            switch (ch) {
+            case 0:
+                dostr("**end of format**", 0);
+                return;
+            case '-':
+                ljust = 1;
+                goto nextch;
+            case '0':           /* set zero padding if len not set */
+                if (len == 0 && !pointflag)
+                    zpad = '0';
+            case '1':
+            case '2':
+            case '3':
+            case '4':
+            case '5':
+            case '6':
+            case '7':
+            case '8':
+            case '9':
+                if (pointflag)
+                    maxwidth = maxwidth * 10 + ch - '0';
+                else
+                    len = len * 10 + ch - '0';
+                goto nextch;
+            case '*':
+                if (pointflag)
+                    maxwidth = va_arg(args, int);
+                else
+                    len = va_arg(args, int);
+                goto nextch;
+            case '.':
+                pointflag = 1;
+                goto nextch;
+            case 'l':
+                longflag = 1;
+                goto nextch;
+            case 'u':
+            case 'U':
+                /*fmtnum(value,base,dosign,ljust,len,zpad) */
+                if (longflag) {
+                    value = va_arg(args, long);
+                }
+                else {
+                    value = va_arg(args, int);
+                }
+                fmtnum(value, 10, 0, ljust, len, zpad);
+                break;
+            case 'o':
+            case 'O':
+                /*fmtnum(value,base,dosign,ljust,len,zpad) */
+                if (longflag) {
+                    value = va_arg(args, long);
+                }
+                else {
+                    value = va_arg(args, int);
+                }
+                fmtnum(value, 8, 0, ljust, len, zpad);
+                break;
+            case 'd':
+            case 'D':
+                if (longflag) {
+                    value = va_arg(args, long);
+                }
+                else {
+                    value = va_arg(args, int);
+                }
+                fmtnum(value, 10, 1, ljust, len, zpad);
+                break;
+            case 'x':
+                if (longflag) {
+                    value = va_arg(args, long);
+                }
+                else {
+                    value = va_arg(args, int);
+                }
+                fmtnum(value, 16, 0, ljust, len, zpad);
+                break;
+            case 'X':
+                if (longflag) {
+                    value = va_arg(args, long);
+                }
+                else {
+                    value = va_arg(args, int);
+                }
+                fmtnum(value, -16, 0, ljust, len, zpad);
+                break;
+            case 's':
+                strvalue = va_arg(args, char *);
+                if (maxwidth > 0 || !pointflag) {
+                    if (pointflag && len > maxwidth)
+                        len = maxwidth;         /* Adjust padding */
+                    fmtstr(strvalue, ljust, len, zpad, maxwidth);
+                }
+                break;
+            case 'c':
+                ch = va_arg(args, int);
+                dopr_outch(ch);
+                break;
+            case '%':
+                dopr_outch(ch);
+                continue;
+            default:
+                dostr("???????", 0);
+            }
+            break;
+        default:
+            dopr_outch(ch);
+            break;
+        }
+    }
+    *output = 0;
+}
+
+static void fmtstr(char *value, int ljust, int len, int zpad, int maxwidth)
+{
+    int padlen, strlen;         /* amount to pad */
+
+    if (value == 0) {
+        value = "<NULL>";
+    }
+    for (strlen = 0; value[strlen]; ++strlen);  /* strlen */
+    if (strlen > maxwidth && maxwidth)
+        strlen = maxwidth;
+    padlen = len - strlen;
+    if (padlen < 0)
+        padlen = 0;
+    if (ljust)
+        padlen = -padlen;
+    while (padlen > 0) {
+        dopr_outch(' ');
+        --padlen;
+    }
+    dostr(value, maxwidth);
+    while (padlen < 0) {
+        dopr_outch(' ');
+        ++padlen;
+    }
+}
+
+static void fmtnum(long value, int base, int dosign, int ljust, int len, int zpad)
+{
+    int signvalue = 0;
+    unsigned long uvalue;
+    char convert[20];
+    int place = 0;
+    int padlen = 0;             /* amount to pad */
+    int caps = 0;
+
+    /* DEBUGP(("value 0x%x, base %d, dosign %d, ljust %d, len %d, zpad %d\n",
+       value, base, dosign, ljust, len, zpad )); */
+    uvalue = value;
+    if (dosign) {
+        if (value < 0) {
+            signvalue = '-';
+            uvalue = -value;
+        }
+    }
+    if (base < 0) {
+        caps = 1;
+        base = -base;
+    }
+    do {
+        convert[place++] =
+            (caps ? "0123456789ABCDEF" : "0123456789abcdef")
+            [uvalue % (unsigned) base];
+        uvalue = (uvalue / (unsigned) base);
+    } while (uvalue);
+    convert[place] = 0;
+    padlen = len - place;
+    if (padlen < 0)
+        padlen = 0;
+    if (ljust)
+        padlen = -padlen;
+    /* DEBUGP(( "str '%s', place %d, sign %c, padlen %d\n",
+       convert,place,signvalue,padlen)); */
+    if (zpad && padlen > 0) {
+        if (signvalue) {
+            dopr_outch(signvalue);
+            --padlen;
+            signvalue = 0;
+        }
+        while (padlen > 0) {
+            dopr_outch(zpad);
+            --padlen;
+        }
+    }
+    while (padlen > 0) {
+        dopr_outch(' ');
+        --padlen;
+    }
+    if (signvalue)
+        dopr_outch(signvalue);
+    while (place > 0)
+        dopr_outch(convert[--place]);
+    while (padlen < 0) {
+        dopr_outch(' ');
+        ++padlen;
+    }
+}
+
+static void dostr(char *str, int cut)
+{
+    if (cut) {
+        while (*str && cut-- > 0)
+            dopr_outch(*str++);
+    }
+    else {
+        while (*str)
+            dopr_outch(*str++);
+    }
+}
+
+static void dopr_outch(int c)
+{
+#if 0
+    if (iscntrl(c) && c != '\n' && c != '\t') {
+        c = '@' + (c & 0x1F);
+        if (end == 0 || output < end)
+            *output++ = '^';
+    }
+#endif
+    if (end == 0 || output < end)
+        *output++ = c;
+}
+
+#endif  /* HAVE_VSNPRINTF */
+#endif  /*n NEED_SNPRINTF */
diff --git a/other/b-scan/test_garage.c b/other/b-scan/test_garage.c
new file mode 100644
index 0000000..06acf61
--- /dev/null
+++ b/other/b-scan/test_garage.c
@@ -0,0 +1,99 @@
+/* test_garage.c - test program for the garage module
+ *
+ * by scut / teso
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <time.h>
+#include <garage.h>
+
+
+void
+cleaner_t (ip_list *il);
+
+int
+main (int argc, char *argv[])
+{
+        int                     data_len;
+        unsigned char *         data;
+        unsigned long int       ip,
+                                gip = 0;
+        unsigned long int       ips;
+        garage_hdlr *           hdl;
+        unsigned long int       maxkeep;
+
+        printf ("mg_cidr_getmask (20) = 0x%08lx\n", mg_cidr_getmask (20));
+        printf ("mg_cidr_getmask (0xffffffc0) = 0x%08lx\n", mg_cidr_getmask (0xffffffc0));
+
+        if (argc < 2 || sscanf (argv[1], "%lu", &ips) != 1) {
+                printf ("usage: %s <number-of-ips> [maxkeep]\n\n", argv[0]);
+
+                exit (EXIT_FAILURE);
+        }
+        if (argc == 3 && sscanf (argv[2], "%lu", &maxkeep) != 1)
+                exit (EXIT_FAILURE);
+
+        srand (time (NULL));
+        hdl = mg_init ("footest", maxkeep, cleaner_t);
+
+        printf ("mg_cidr_getmask (0) = 0x%08lx\n", mg_cidr_getmask (0));
+
+        mg_write (hdl, 2048, "foobar", 7, 0);
+        mg_write (hdl, 2050, "foobar", 7, 0);
+        mg_write (hdl, 101911, "foobar", 7, 0);
+        mg_write (hdl, 28914191, "foobar", 7, 0);
+        printf ("mg_cidr_count (hdl, 2048, 32) = %lu\n", mg_cidr_count (hdl, 2048, 32));
+        printf ("mg_cidr_count (hdl, 2048, 31) = %lu\n", mg_cidr_count (hdl, 2048, 31));
+        printf ("mg_cidr_count (hdl, 2048, 30) = %lu\n", mg_cidr_count (hdl, 2048, 30));
+        printf ("mg_cidr_count (hdl, 2048, 13) = %lu\n", mg_cidr_count (hdl, 2048, 13));
+        printf ("mg_cidr_count (hdl, 2048,  0) = %lu\n", mg_cidr_count (hdl, 2048, 0));
+
+
+        ip = 123;
+        mg_write (hdl, ip, "foo", 4, 0);
+        mg_read (hdl, ip);
+        mg_clean (hdl, ip, NULL);
+
+        do {
+                ip = rand ();
+
+                data_len = rand () % 64;
+                data_len += 1;  /* avoid allocating zero bytes */
+                data = malloc (data_len);
+                memset (data, '\x73', data_len);
+                data[data_len - 1] = '\0';
+
+                mg_write (hdl, ip, (void *) data, data_len, 1);
+                if (ips % 137 == 0)
+                        gip = ip;
+
+                if (ips % 139 == 0)
+                        (void) mg_read (hdl, gip);
+
+                ips -= 1;
+                if (ips % 5000 == 0)
+                        mg_show (hdl);
+
+        } while (ips > 0);
+
+        mg_show (hdl);
+        mg_destroy (hdl, 0);
+
+        exit (EXIT_SUCCESS);
+}
+
+
+void
+cleaner_t (ip_list *il)
+{
+        if ((rand () % 20000) == 0)
+                printf ("cleaner_t: il = 0x%08lx  IP = 0x%08lx\n",
+                        (unsigned long int) il,
+                        il->ip);
+
+        return;
+}
+
+
diff --git a/other/b-scan/tmp/Makefile b/other/b-scan/tmp/Makefile
new file mode 100644
index 0000000..8306b6c
--- /dev/null
+++ b/other/b-scan/tmp/Makefile
@@ -0,0 +1,27 @@
+#
+# Makefile of (m)bscan v0.0, skyper
+# Massiv Banner Scanner
+#
+# GNU-make mandatory!
+
+SUBDIRS=support src modules
+
+# edit support/Makefile
+# edit src/Makefile
+# edit modules/Makefile
+
+all:    
+        for dir in $(SUBDIRS); do \
+            $(MAKE) -C $$dir; \
+        done
+
+clean:
+        for dir in $(SUBDIRS); do \
+            $(MAKE) -C $$dir clean; \
+        done
+
+pack:
+        rm -f bscan.tar.gz
+        tar cfvz bscan.tar.gz support/*.c support/Makefile src/*.c src/*.l src/Makefile include/bscan/*.h Makefile MODULES PROBLEMS INSTALL  README modules/*.c modules/Makefile
+
+
diff --git a/other/b-scan/tmp/include/bscan/arpg.h b/other/b-scan/tmp/include/bscan/arpg.h
new file mode 100644
index 0000000..19ebddc
--- /dev/null
+++ b/other/b-scan/tmp/include/bscan/arpg.h
@@ -0,0 +1,13 @@
+#include <libnet.h>
+
+struct _libnet
+{
+    int packet_size;
+    u_char *packet;
+    char err_buf[LIBNET_ERRBUF_SIZE];
+    u_char *device;
+    struct libnet_link_int *network;
+};
+
+void prepare_libnet (struct _libnet *lnet);
+int play_arpg (struct _libnet *, u_char *, u_char *, u_char *, u_char *);
diff --git a/other/b-scan/tmp/include/bscan/bscan.h b/other/b-scan/tmp/include/bscan/bscan.h
new file mode 100644
index 0000000..c1ad9bb
--- /dev/null
+++ b/other/b-scan/tmp/include/bscan/bscan.h
@@ -0,0 +1,94 @@
+/*
+ * bscan, lame (and hopefully fast) banner scanner [port 21,25,110,...]
+ *
+ * "<es> skyper its a cool idea"
+ * "<es> i'd like to see the k0ad when ur finished"
+ * HI ES :) 
+ * greetings to all my !el8 brothers :))
+ */
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+#include <pthread.h>
+#ifndef __FAVOR_BSD
+#define __FAVOR_BSD
+#endif
+#ifndef __USE_BSD
+#define __USE_BSD
+#endif
+#ifndef __BSD_SOURCE
+#define __BSD_SOURCE
+#endif
+#include "arpg.h"
+#include "network_raw.h"
+
+
+#define SPF_SMAC        "\x00\x20\xAF\xA3\x13\x37"
+
+#define OPT_VERB        0x1
+#define OPT_RESERV1     0x2
+#define OPT_SETARP      0x4
+#define OPT_SPREADSCAN  0x8
+#define OPT_OUTONLY     0x10
+
+#define OPT_ABRT        0x20
+#define OPT_REST        0x40
+#define OPT_HOSTFILE    0x80
+#define OPT_W8SEMA      0x100
+
+
+struct _opt
+{
+    int (*getnextip) ();
+    int sox;
+    u_char *packet;
+    int pkg_maxlen;
+    int pkg_len;                /* actual length of contructed packet */
+    char *hostfile;
+    char **argvlist;
+    FILE *ffd;                  /* e.g. input file */
+    char *target;
+    unsigned long netmask;      /* depricated */
+    unsigned long network;      /* depricated */
+    unsigned int limit;
+    unsigned short flags;
+    unsigned long random_maxcount;
+    u_int delay;                /* w8 for outstanding packets */
+    u_int pscanstat;            /* scan stats every x pkts, default NEVER */
+    u_long start_ip;            /* in HBO */
+    u_long end_ip;              /* in HBO */
+    u_long ipscan_count;        /* scanned ip's of a SPECIFIC range [temp!] */
+    u_long iptotscan_count;     /* total scan_count over all ranges */
+                                /* used for flood protection */
+    u_long bsent_count;         /* byte-sent counter. TMP (!) variable */
+    u_long ip_offset;           /* spread scan offset */
+    u_long ip_blklen;           /* block-length for spread-scan */
+    u_long ip_pos;              /* position for SPREAD scan, non-linear */
+    struct timeval scan_start;  /* scan start for ALL  ranges */
+                                /* the real beginning */
+    struct timeval tv2;         /* flood protection timer 2 + restore */
+                                /* must be the last gettimeofday() from scan */
+    float sec;                  /* flood protection distance time */
+    struct _libnet lnet;
+    u_char spf_smac[6];         /* spoofed ethernet sender mac */
+    pthread_t bscantid;         /* 'parent' thread id */
+    pthread_t snarftid;         /* snarf thread id */
+    struct _snarf
+    {
+        u_long icmp_c;
+        u_long close_c;
+        u_long open_c;
+        u_long refused_c;
+    }
+    snarf;
+    struct net_tuple nt;
+};
+
+
+void make_iprange (u_long *, u_long *, u_long *, u_long *, char *);
+void init_spreadscan (u_long diff);
+void sigdriver (int);
+void print_scanstat (FILE *);
+void die (int);
diff --git a/other/b-scan/tmp/include/bscan/cf_prse.h b/other/b-scan/tmp/include/bscan/cf_prse.h
new file mode 100644
index 0000000..6185ab3
--- /dev/null
+++ b/other/b-scan/tmp/include/bscan/cf_prse.h
@@ -0,0 +1,11 @@
+struct confFileOpt
+{
+  unsigned short flags;
+  unsigned int limit;
+  char *device;  
+  unsigned long int delay;
+  unsigned long srcAddr;
+  unsigned short mac[5];
+} FileOpt;
+
+int readConfFile (char *);
diff --git a/other/b-scan/tmp/include/bscan/dcd_icmp.h b/other/b-scan/tmp/include/bscan/dcd_icmp.h
new file mode 100644
index 0000000..215d0c8
--- /dev/null
+++ b/other/b-scan/tmp/include/bscan/dcd_icmp.h
@@ -0,0 +1,13 @@
+/* bscan - icmp include file
+ */
+
+#ifndef BS_DCD_ICMP_H
+#define BS_DCD_ICMP_H
+
+#define ICMP_HDRSIZE    8
+
+const char *
+icmp_str (int type, int code);
+
+#endif
+
diff --git a/other/b-scan/tmp/include/bscan/garage.h b/other/b-scan/tmp/include/bscan/garage.h
new file mode 100644
index 0000000..0d63774
--- /dev/null
+++ b/other/b-scan/tmp/include/bscan/garage.h
@@ -0,0 +1,178 @@
+/* bscan - mod_garage.h - per IP storage functions include file
+ *
+ * by scut / teso
+ */
+
+#ifndef _MOD_GARAGE_H
+#define _MOD_GARAGE_H
+
+#include <sys/types.h>
+
+#define GARAGE_VERSION  "1.0.1"
+
+
+typedef struct  ip_elem {
+        struct ip_elem *        next;   /* more then one data stored */
+
+        int                     data_free;      /* 1 = do free() on destroy */
+        size_t                  data_len;
+        void *                  data;   /* must be free() able */
+} ip_elem;
+
+
+typedef struct  ip_list {
+        struct ip_list *        next;   /* another IP, always greater then this ! */
+        unsigned long int       ip;
+
+        ip_elem *               data;
+} ip_list;
+
+
+/* not for use in other code then garage.c
+ */
+typedef struct {
+        char *                  name;
+        ip_list **              garage;
+
+        void                    (* cleaner)(ip_list *);
+
+        unsigned long int       ip_count;
+
+        unsigned long int       timeout_max;
+        unsigned long int       timeout_idx;
+        unsigned long int *     timeout_tbl;
+} garage_hdlr;
+
+
+/* mg_init
+ *
+ * setup the required structures for the garage
+ *
+ * return 0 on success
+ * return 1 on failure
+ */
+
+garage_hdlr *
+mg_init (char *name, unsigned long int max_hosts_in_list,
+        void (* cleaner)(ip_list *));
+
+
+/* mg_destroy
+ *
+ * destroy all data in the garage `g', use the standard handler in case
+ * `do_handler' is not zero, otherwise just free.
+ */
+
+void
+mg_destroy (garage_hdlr *g, int do_handler);
+
+
+/* mg_write
+ *
+ * store pointer `data' with len `data_len' to the garage for IP `ip'
+ * if `data_free' is non-zero the `data' pointer will be freed if mg_clean
+ * or mg_destroy is called.
+ */
+
+void
+mg_write (garage_hdlr *g, unsigned long int ip, void *data, size_t data_len,
+        int data_free);
+
+
+/* mg_read
+ *
+ * return first ip_elem for ip `ip' on success (it is not removed from garage)
+ * return NULL on failure
+ */
+
+ip_elem *
+mg_read (garage_hdlr *g, unsigned long int ip);
+
+
+/* mg_clean
+ *
+ * clean everything stored in the garage for IP `ip'
+ */
+
+void
+mg_clean (garage_hdlr *g, unsigned long int ip, void (*cleaner)(ip_list *));
+
+
+/* mg_show
+ *
+ * DEBUG function, to show IP distribution in garage
+ */
+
+void
+mg_show (garage_hdlr *g);
+
+
+/* mg_count
+ *
+ * count elements in garage
+ */
+
+unsigned long int
+mg_count (garage_hdlr *g);
+
+
+/* mg_ip_isin
+ *
+ * check whether the ip `ip' is stored in the garage pointed to by `g'.
+ *
+ * return zero in case it is not
+ * return != zero if it is
+ */
+
+int
+mg_ip_isin (garage_hdlr *g, unsigned long int ip);
+
+
+/* CIDR routines
+ */
+
+/* mg_cidr_getmask
+ *
+ * convert a netmask (eg 0xfffffc00) or a cidr notation (eg 24) given in
+ * `mask' to a netmask.
+ */
+
+unsigned long int
+mg_cidr_getmask (unsigned long int mask);
+
+
+/* mg_cidr_maskcount
+ *
+ * return the number of hosts that are possible using a mask `mask' in
+ * either CIDR or netmask notation
+ */
+
+unsigned long int
+mg_cidr_maskcount (unsigned long int mask);
+
+
+/* mg_cidr_match
+ *
+ * check whether `ip1' and `ip2' are in the same network, given the network
+ * size by `mask' (CIDR or netmask notation)
+ */
+
+int
+mg_cidr_match (unsigned long int ip1, unsigned long int ip2,
+        unsigned long int mask);
+
+
+/* mg_cidr_count
+ *
+ * count elements in garage `g', that are within the CIDR range build from
+ * ip `ip' and netmask `mask'. `mask' is either the number of bits, if it's in
+ * the range of 0-32, or the real mask, if it is greater then 32. (for the
+ * zero case the netmask is equal to the cidr notation).
+ */
+
+unsigned long int
+mg_cidr_count (garage_hdlr *g, unsigned long int ip, unsigned long int mask);
+
+
+#endif
+
diff --git a/other/b-scan/tmp/include/bscan/module.h b/other/b-scan/tmp/include/bscan/module.h
new file mode 100644
index 0000000..3ad316b
--- /dev/null
+++ b/other/b-scan/tmp/include/bscan/module.h
@@ -0,0 +1,26 @@
+
+#define MAX_MODULES     8
+
+#define MOD_FIRSTPKG    0x00
+#define MOD_RCV         0x01
+
+#define RMOD_OK         0x00
+#define RMOD_SKIP       0x01
+#define RMOD_ERROR      0x02
+#define RMOD_ABRT       0x04
+
+struct _mods
+{
+    int (*init) (char **, int, char **, void *);  /* init the module stuff */
+    int (*fini) ();             /* finish the module */
+    void (*musage) ();          /* print out usage informations */
+    int (*callmdl) (int, void *);       /* call a function */
+    const char *modname;        /* name of the module after init */
+    int modid;                  /* id of the module. who needs this ? */
+    char *modarg;               /* arg to module */
+};
+
+int add_module (char *, char *);
+void split_margs (const char *, char ***, int *);
+int loadinit_mod (char *);
+
diff --git a/other/b-scan/tmp/include/bscan/network_raw.h b/other/b-scan/tmp/include/bscan/network_raw.h
new file mode 100644
index 0000000..9ffed74
--- /dev/null
+++ b/other/b-scan/tmp/include/bscan/network_raw.h
@@ -0,0 +1,57 @@
+
+/*
+ * network_raw.h, depends on libnet.h
+ */
+
+
+#define ETH_SIZE        14
+#define IP_SIZE         20
+#define TCP_SIZE        20
+#define ICMP_SIZE       8
+#define UDP_SIZE        8
+
+/*
+ *  Checksum stuff
+ */
+#define CKSUM_CARRY(x) \
+    (x = (x >> 16) + (x & 0xffff), (~(x + (x >> 16)) & 0xffff))
+#define int_ntoa(x)   inet_ntoa(*((struct in_addr *)&(x)))
+
+
+/*
+ * leet net tuple
+ */
+struct net_tuple
+{
+    uint32_t src;
+    unsigned short int sport;
+    uint32_t dst;
+    unsigned short int dport;
+};
+
+
+/*
+ * pseudo TCP header for calculating the chksum
+ */
+struct _fakehead
+{
+    uint32_t saddr;
+    uint32_t daddr;
+    uint8_t zero;
+    uint8_t protocol;
+    uint16_t tot_len;
+};
+
+int init_network_raw (void);
+int in_cksum (unsigned short *, int);
+int send_ipv4 (int, u_char *, size_t);
+void add_udphdr (unsigned char *, struct net_tuple *, int);
+void add_tcphdr (unsigned char *, struct net_tuple *, uint8_t, int,
+                 tcp_seq *, tcp_seq *);
+void add_icmpping (unsigned char *, int, int);
+void add_iphdr (unsigned char *, uint8_t ip_p, struct net_tuple *, int);
+int answer_tcp (int, struct ip *, struct tcphdr *, uint8_t, u_char *, uint);
+int vrfy_ip (struct ip *, uint32_t, u_short *);
+int vrfy_tcp (struct tcphdr *, uint32_t, u_short *);
+int decode_nvt(u_char *, uint, u_char *, uint *, u_char *, uint *);
+
diff --git a/other/b-scan/tmp/include/bscan/restore.h b/other/b-scan/tmp/include/bscan/restore.h
new file mode 100644
index 0000000..960efe6
--- /dev/null
+++ b/other/b-scan/tmp/include/bscan/restore.h
@@ -0,0 +1,6 @@
+/*
+ * restore.h
+ */
+
+int write_restore (void);
+int read_restore (char *);
diff --git a/other/b-scan/tmp/include/bscan/signal.h b/other/b-scan/tmp/include/bscan/signal.h
new file mode 100644
index 0000000..fab56f6
--- /dev/null
+++ b/other/b-scan/tmp/include/bscan/signal.h
@@ -0,0 +1,10 @@
+/*
+ * this space for rent....
+ */
+
+typedef void (*sighandler_t) (int);
+
+#define SIG_SETALL      0x01
+
+
+int sigctl (int, sighandler_t);
diff --git a/other/b-scan/tmp/include/bscan/snarf.h b/other/b-scan/tmp/include/bscan/snarf.h
new file mode 100644
index 0000000..fee7047
--- /dev/null
+++ b/other/b-scan/tmp/include/bscan/snarf.h
@@ -0,0 +1,31 @@
+
+#define int_ntoa(x)   inet_ntoa(*((struct in_addr *)&(x)))
+
+#define ETH_ALEN        6
+#define PCAP_FILTER     "arp or tcp or icmp or udp"
+
+struct Ether_header
+{
+    uint8_t ether_dhost[ETH_ALEN];
+    uint8_t ether_shost[ETH_ALEN];
+    uint16_t ether_type;
+};
+
+struct Arphdr
+{
+    unsigned short int ar_hrd;  /* Format of hardware address.  */
+    unsigned short int ar_pro;  /* Format of protocol address.  */
+    unsigned char ar_hln;       /* Length of hardware address.  */
+    unsigned char ar_pln;       /* Length of protocol address.  */
+    unsigned short int ar_op;   /* ARP opcode (command).  */
+    /* Ethernet looks like this : This bit is variable sized
+       however...  */
+    unsigned char ar_sha[ETH_ALEN];     /* Sender hardware address.  */
+    unsigned char ar_sip[4];    /* Sender IP address.  */
+    unsigned char ar_tha[ETH_ALEN];     /* Target hardware address.  */
+    unsigned char ar_tip[4];    /* Target IP address.  */
+};
+
+
+void *do_snarf (void *);
+void undo_snarf ();
diff --git a/other/b-scan/tmp/include/bscan/system.h b/other/b-scan/tmp/include/bscan/system.h
new file mode 100644
index 0000000..6eed6d8
--- /dev/null
+++ b/other/b-scan/tmp/include/bscan/system.h
@@ -0,0 +1,38 @@
+/*
+ * generic system functions
+ */
+
+#include <sys/time.h>
+#include <unistd.h>
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+
+#define DEV_ZERO        "/dev/zero"
+
+/*
+ * we use the 'do while' trick to use err_abort as if they were functions
+ */
+#define err_abort(code,text) do { \
+        fprintf (stderr, "%s at \"%s\":%d: %s\n", \
+                text, __FILE__, __LINE__, strerror (code)); \
+        abort(); \
+        } while (0)
+
+#define errno_abort(text) do { \
+        fprintf(stderr, "%s at \"%s\":%d: %s\n", \
+                text, __FILE__, __LINE__, strerror (errno)); \
+        abort(); \
+        } while (0)
+
+
+void *shmalloc (int, size_t);
+void do_nanosleep (time_t, long);
+void xchange (void *, void *, int);
+void time_diff (struct timeval *, struct timeval *);
+int ctoreal(char *, char *);
+void save_write(FILE *, char *, unsigned char *, int);
+int isprintdata(char *, int);
+int dat2hexstr(unsigned char *, unsigned int, unsigned char *, unsigned int);
+int dat2strip(unsigned char *, unsigned int, unsigned char *, unsigned int);
+
diff --git a/other/b-scan/tmp/include/bscan/tty.h b/other/b-scan/tmp/include/bscan/tty.h
new file mode 100644
index 0000000..09d73c0
--- /dev/null
+++ b/other/b-scan/tmp/include/bscan/tty.h
@@ -0,0 +1,7 @@
+/*
+ * tty support functions
+ */
+
+void tty_done ();
+void tty_init ();
+int tty_getchar ();
diff --git a/other/b-scan/tmp/include/bscan/version.h b/other/b-scan/tmp/include/bscan/version.h
new file mode 100644
index 0000000..39b1298
--- /dev/null
+++ b/other/b-scan/tmp/include/bscan/version.h
@@ -0,0 +1,5 @@
+#define VER_MAJOR       0
+#define VER_MINOR       7
+#define VER_SUFFIX      d
+#define VER_EMAIL       "anonymous@segfault.net"
+#define VERSION         "bscan v0.7-dev, anonymous@segfault.net"
diff --git a/other/b-scan/tmp/modules/Makefile b/other/b-scan/tmp/modules/Makefile
new file mode 100644
index 0000000..ccac359
--- /dev/null
+++ b/other/b-scan/tmp/modules/Makefile
@@ -0,0 +1,22 @@
+CC=gcc
+COPT=-Wall -ggdb -shared -fPIC -I../include
+DEFS=`libnet-config --defines` -DUSE_LIBNET #-DDEBUG
+LIBS=
+TARGETS=mod_snmp mod_banner mod_httpd mod_ping mod_bind
+
+# HPUX 10.20
+# DEFS=`libnet-config --defines` -DUSE_LIBNET -DHP10 #-DDEBUG
+
+all:    
+        for trgt in $(TARGETS); do \
+            $(CC) $(COPT) $(DEFS) -o $$trgt.so $$trgt.c; \
+        done
+
+
+clean:
+        for trgt in $(TARGETS); do \
+            rm -f $$trgt.so; \
+        done
+        rm -f core *~
+
+
diff --git a/other/b-scan/tmp/modules/mod_banner.c b/other/b-scan/tmp/modules/mod_banner.c
new file mode 100644
index 0000000..6f02a39
--- /dev/null
+++ b/other/b-scan/tmp/modules/mod_banner.c
@@ -0,0 +1,365 @@
+/*
+ * mod_example.c
+ * Example module for bscan.
+ */
+
+#include <bscan/bscan.h>
+#include <bscan/module.h>
+#include <bscan/dcd_icmp.h>
+#include <bscan/system.h>
+#include <stdio.h>
+#include <unistd.h>
+
+
+#ifndef MOD_NAME
+#define MOD_NAME        "mod_banner"
+#endif
+
+#define SCN_NVT         0x00000001
+#define SCN_HALFOPEN    0x00000002
+#define SCN_XMAS        0x00000004
+#define SCN_FIN         0x00000008
+#define SCN_NULL        0x00000010
+#define SCN_PUSH        0x00000020
+#define SCN_LETOPEN     0x00000040
+#define SCN_NOSCAN      0x00000080
+#define SCN_NOICMP      0x00000100
+
+
+static int isinit=0;
+/*
+ * some variables from the binary-process
+ */
+extern int dlt_len;
+extern u_char *align_buf;
+extern unsigned short ip_options;
+extern struct ip *ip;
+extern struct Ether_header *eth;
+extern u_int plen, pcaplen;
+
+
+struct _mopt
+{
+    u_int scanflags;
+    uint8_t th_flags;
+} static mopt;
+        
+
+/*
+ * static functions prototypes
+ */
+static int mdo_opt(int, char **, struct _opt *);
+static void init_vars(struct _opt *);
+static int process_rcv(struct _opt *);
+static void handle_icmp ();
+
+
+
+/*
+ * print out usage informations
+ */
+void
+musage()
+{
+    printf ("\n"MOD_NAME"\n");
+    printf (" -o <source port>, default 20\n");
+    printf (" -p <port to scan>, default 21\n");
+    printf (" -a grab all data and let the connecten established\n");
+    printf (" -n NVT terminal support (use this for telnetd-scans)\n");
+    printf (" -I dont report ICMP-errors\n");
+    printf (" -q quite, dont send out any initial packages [first-pkg]\n");
+    printf ("    "MOD_NAME" only reports ICMP errors and doesn't start\n");
+    printf ("    scanning. It will still simulate the tcp-stack.\n");
+    printf 
+        (" -sS,-sF,-sX,-sN,-sP TCP SYN stealth, Fin, Xmas, Null, !Push scan\n");
+
+}
+
+
+/*
+ * return 0 on success, != 0 on failure
+ */
+int
+init(char **modname, int argc, char *argv[], struct _opt *opt)
+{
+#ifdef DEBUG
+        printf("MODULE INIT\n");
+#endif
+        if (isinit)
+                return(-1);
+
+        *modname = MOD_NAME;
+        isinit = 1;
+        init_vars(opt);
+
+        if (mdo_opt(argc, argv, opt) != 0)
+                return(-1);
+
+        return(0);
+}
+
+/*
+ * fini-routine. called on cleanup 
+ */
+int
+fini()
+{
+#ifdef DEBUG
+        printf("MODULE FINI\n");
+#endif
+        return(0);
+}
+
+
+/*
+ * 
+ */
+int
+callmdl(int entry, struct _opt *opt)
+{
+#ifdef DEBUG
+        printf("MODULE CALLMDL\n");
+#endif
+        if (entry == MOD_FIRSTPKG)
+        {
+                if (mopt.scanflags & SCN_NOSCAN)
+                        return(RMOD_SKIP);
+
+                add_tcphdr(opt->packet + ETH_SIZE + IP_SIZE, &opt->nt, mopt.th_flags, 0, NULL, NULL);
+                add_iphdr (opt->packet + ETH_SIZE, IPPROTO_TCP, &opt->nt, TCP_SIZE);
+                opt->pkg_len = TCP_SIZE + IP_SIZE;
+                return(RMOD_OK);
+        }
+
+        if (entry == MOD_RCV)
+                process_rcv(opt);
+
+        return(RMOD_OK);
+}
+
+
+/*
+ ***********************************************************
+ *  Our OWN/static functions for THIS module               *
+ ***********************************************************
+ */
+
+/*
+ * initialize all local variables.
+ * We use some 'unused' variables of the masterprogramm
+ */
+static void
+init_vars(struct _opt *opt)
+{
+    opt->nt.sport = htons(20);  /* not used by master programm */
+    opt->nt.dport = htons(21);  /* not used by master programm */
+
+    mopt.scanflags = 0;
+    mopt.th_flags = TH_SYN;
+}
+
+
+/*
+ * LOCAL/STATIC function, only available in the module
+ * return 0 on success, != 0 on failure
+ */
+static int
+mdo_opt(int argc, char *argv[], struct _opt *opt)
+{
+    extern char *optarg;
+    /*extern int optind, opterr, optopt;*/
+    int c;
+
+    while ((c = getopt (argc, argv, "Iqans:p:o:")) != -1)
+    {
+        switch (c)
+        {
+        case 'I':
+           mopt.scanflags |= SCN_NOICMP;
+           break;
+        case 'q':
+           mopt.scanflags |= SCN_NOSCAN; 
+           break;
+        case 'p':
+           opt->nt.dport = htons(strtoul (optarg, (char **) NULL, 10));
+           break;
+        case 'o':
+           opt->nt.sport = htons(strtoul (optarg, (char **) NULL, 10));
+           break;
+        case 'a':
+           mopt.scanflags |= SCN_LETOPEN;
+           break;
+        case 'n':
+           mopt.scanflags |= SCN_NVT;   /* NVT parsing */
+           break;
+        case 's':
+            switch (optarg[0])
+            {
+            case 'S':
+                mopt.scanflags |= SCN_HALFOPEN;
+                mopt.th_flags = TH_SYN;
+                break;
+            case 'X':
+                mopt.scanflags |= SCN_XMAS;
+                mopt.th_flags = (TH_FIN | TH_PUSH | TH_URG);
+                break;
+            case 'F':
+                mopt.scanflags |= SCN_FIN;
+                mopt.th_flags = TH_FIN;
+                break;
+            case 'N':
+                mopt.scanflags |= SCN_NULL;
+                mopt.th_flags = 0;
+                break;
+            case 'P':
+                mopt.scanflags |= SCN_PUSH;
+                break;
+            default:
+                fprintf(stderr, "unrecognized option -s%c\n", optarg[0]);
+                return(-1);
+            }
+            break;
+        case ':':
+            fprintf(stderr, "missing parameter\n");
+            return(-1);
+        default:
+            return(-1);
+        }
+    }
+
+    if ((mopt.scanflags & SCN_NVT) && !(mopt.scanflags & SCN_LETOPEN))
+        fprintf(stderr, "WARNING: NVT used without -a. This is probably not what you want!\n");
+
+    return(0);
+}
+
+
+/*
+ * vrfy the icmp packet and print out 'human readable'-icmp code
+ * dest-unreachable packages only!
+ */
+static void
+handle_icmp (int offset)
+{
+    struct icmp *icmp = (struct icmp *) (align_buf + offset);
+    struct ip *icmpip;
+
+    if (plen < offset + sizeof (*icmp) + dlt_len)
+        return;
+
+    icmpip = (struct ip *) (align_buf + offset + ICMP_HDRSIZE);
+
+    printf ("%s (%d/%d) %s", int_ntoa (icmpip->ip_dst.s_addr),
+            icmp->icmp_type, icmp->icmp_code,
+            icmp_str (icmp->icmp_type, icmp->icmp_code));
+    printf ("(from %s)\n", int_ntoa (ip->ip_src.s_addr));
+}
+
+
+/*
+ * process incoming packets 
+ * IP-packet is verified and variables valid (ip_options, *ip)
+ */
+static int
+process_rcv(struct _opt *opt)
+{
+    struct tcphdr *tcp;
+    unsigned short tcp_options = 0;
+    u_char *data = NULL;
+    u_char *ans = NULL;         /* tcpdata answer */
+    u_char prefix[32];
+    int data_len = 0;
+    uint ans_len = 0;
+    uint res_len = 0;
+    uint tcphdr_len = 0;
+    uint iphdr_len = 0;
+
+
+    if (ip->ip_p == IPPROTO_ICMP)
+    {
+        opt->snarf.icmp_c++;                    /* for statistics       */
+        if (!(mopt.scanflags & SCN_NOICMP))
+                handle_icmp (sizeof (*ip) + ip_options);
+
+        return(0);
+    }
+
+    if (ip->ip_p != IPPROTO_TCP)
+        return(0);
+
+    iphdr_len = sizeof(*ip) + ip_options;
+    tcp = (struct tcphdr *) (align_buf + iphdr_len);
+
+    if (vrfy_tcp(tcp, plen - dlt_len - iphdr_len , &tcp_options) != 0)
+        return(0);
+
+    if (tcp->th_flags & TH_RST)
+    {
+        opt->snarf.refused_c++;
+        printf ("%s:%d refused\n", int_ntoa (ip->ip_src.s_addr),
+                ntohs (tcp->th_sport));
+    }
+    else if (tcp->th_flags & TH_FIN)
+    {
+        opt->snarf.close_c++;
+        answer_tcp (opt->sox, ip, tcp, TH_FIN | TH_ACK, NULL, 0);
+        printf ("%s:%d connection closed by foreig host\n",
+                int_ntoa (ip->ip_src.s_addr), ntohs (tcp->th_sport));
+    }
+    else if ((tcp->th_flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK))
+    {
+
+        if (mopt.scanflags & SCN_HALFOPEN)
+        {
+            if (!(mopt.scanflags & SCN_LETOPEN))
+                answer_tcp (opt->sox, ip, tcp, TH_ACK | TH_RST, NULL, 0);
+            return(0);
+        }
+        else
+            answer_tcp (opt->sox, ip, tcp, TH_ACK, NULL, 0);
+
+        opt->snarf.open_c++;
+        printf ("%s:%d open\n", int_ntoa (ip->ip_src.s_addr),
+                ntohs (tcp->th_sport));
+    }
+
+    /* banner scanner output */
+    tcphdr_len = sizeof(*tcp) + tcp_options;
+    if (plen - dlt_len > ntohs(ip->ip_len))
+        data_len = ntohs(ip->ip_len) - iphdr_len - tcphdr_len;
+    else
+        data_len = plen - dlt_len - iphdr_len - tcphdr_len;
+
+    if (data_len <= 0)
+        return(0);
+    
+    if ( (data = alloca(data_len + 1)) == NULL)
+        return(-1);
+
+    memcpy(data, align_buf + iphdr_len + tcphdr_len, data_len);
+
+    if (mopt.scanflags & SCN_NVT)
+    {
+        if ((ans = alloca(data_len)) == NULL)
+            return(-1);
+
+        decode_nvt(data, data_len, ans, &ans_len, data, &res_len);
+        data_len = res_len;     /* we wrote everything into data */
+    }
+
+    snprintf(prefix, sizeof(prefix) - 1, "%s:%d ", int_ntoa(ip->ip_src), 
+                                                        ntohs (tcp->th_sport));
+    save_write(stdout, prefix, data, data_len);
+
+    if (tcp->th_flags & TH_RST) /* data_len != 0 */
+        return(0);      /* evil peer resetted our connection */
+
+    /* close after first data package or ack last RST if data_len >0 */
+    if (!(mopt.scanflags & SCN_LETOPEN) || (tcp->th_flags & TH_RST))
+        answer_tcp (opt->sox, ip, tcp, TH_ACK | TH_RST, ans, ans_len); 
+    else
+        answer_tcp (opt->sox, ip, tcp, TH_ACK, ans, ans_len);
+
+
+   return(0);
+}
diff --git a/other/b-scan/tmp/modules/mod_bind.c b/other/b-scan/tmp/modules/mod_bind.c
new file mode 100644
index 0000000..2a09f49
--- /dev/null
+++ b/other/b-scan/tmp/modules/mod_bind.c
@@ -0,0 +1,302 @@
+/*
+ * ping-module for bscan.
+ * IDEA: add record-route and source-route feature
+ *       and -p pattern [where can we save our time-struct then ?
+ */
+
+#include <bscan/bscan.h>
+#include <bscan/module.h>
+#include <bscan/system.h>
+#include <stdio.h>
+
+
+#ifndef MOD_NAME
+#define MOD_NAME        "mod_bind"
+#endif
+
+/*
+ * this is our query. This is a DNS-formated string
+ * <length1><string1><length2><string2><0>
+ */
+#define DNSTXTREQ       "\007version\004bind"
+
+static int process_rcv(struct _opt *);
+static void add_dnshdr(unsigned char *);
+static void add_dnstxthdr(unsigned char *, char *, u_int *);
+
+static int isinit=0;
+/*
+ * some variables from the binary-process
+ */
+extern int dlt_len;
+extern u_char *align_buf;
+extern unsigned short ip_options;
+extern struct ip *ip;
+extern struct Ether_header *eth;
+extern u_int plen, pcaplen;
+extern struct timeval *pts;
+
+
+struct _dnshdr
+{
+    u_short id;             /* DNS packet ID */
+    u_short flags;          /* DNS flags */
+    u_short num_q;          /* Number of questions */
+    u_short num_answ_rr;    /* Number of answer resource records */
+    u_short num_auth_rr;    /* Number of authority resource records */
+    u_short num_addi_rr;    /* Number of additional resource records */
+};
+
+struct _dnsanswr
+{
+    u_short type;
+    u_short class;
+    u_short ttl1;
+    u_short ttl2;
+    u_short len;
+};
+
+
+
+/*
+ * static functions prototypes
+ */
+static int mdo_opt(int, char **, struct _opt *);
+static void init_vars(struct _opt *);
+
+/*
+ * print out usage informations
+ */
+void
+musage()
+{
+    printf ("\n"MOD_NAME"\n");
+    printf ("verson.bind chaos txt module\n");
+    printf (" -p <port>, destination port, default 53\n");
+    printf (" -o <port>, source port, default 53\n");
+}
+
+
+/*
+ * return 0 on success, != 0 on failure
+ */
+int
+init(char **modname, int argc, char *argv[], struct _opt *opt)
+{
+#ifdef DEBUG
+        printf("MODULE INIT\n");
+#endif
+        if (isinit)
+                return(-1);
+
+        *modname = MOD_NAME;
+        isinit = 1;
+        init_vars(opt);
+
+        if (mdo_opt(argc, argv, opt) != 0)
+                return(-1);
+
+        return(0);
+}
+
+/*
+ * fini-routine. called on cleanup 
+ */
+int
+fini()
+{
+#ifdef DEBUG
+        printf("MODULE FINI\n");
+#endif
+        return(0);
+}
+
+
+/*
+ * Module entry point [entry]
+ * RMOD_OK: everything allright. send  the packet out [if first]
+ *          or do nothing [MOD_RCV].
+ * RMOD_SKIP: proceed with next IP without sending out the packet.
+ */
+int
+callmdl(int entry, struct _opt *opt)
+{
+#ifdef DEBUG
+        printf("MODULE CALLMDL\n");
+#endif
+        if (entry == MOD_FIRSTPKG)
+        {
+                add_dnstxthdr (opt->packet + ETH_SIZE + IP_SIZE + UDP_SIZE + sizeof(struct _dnshdr), DNSTXTREQ, &opt->pkg_len);
+                add_dnshdr (opt->packet + ETH_SIZE + IP_SIZE + UDP_SIZE);
+                add_udphdr (opt->packet + ETH_SIZE + IP_SIZE, &opt->nt, opt->pkg_len + sizeof(struct _dnshdr));
+                add_iphdr (opt->packet + ETH_SIZE, IPPROTO_UDP, &opt->nt, opt->pkg_len + UDP_SIZE + sizeof(struct _dnshdr));
+                opt->pkg_len += IP_SIZE + UDP_SIZE + sizeof(struct _dnshdr);
+                return(RMOD_OK);
+        }
+
+        if (entry == MOD_RCV)
+                process_rcv(opt);
+
+        return(RMOD_OK);
+}
+
+
+/*
+ ***********************************************************
+ *  Our OWN/static functions for THIS module               *
+ ***********************************************************
+ */
+
+/*
+ * initialize all local variables.
+ * We use some 'unused' variables of the masterprogramm
+ */
+static void
+init_vars(struct _opt *opt)
+{
+    opt->nt.sport = htons(53);
+    opt->nt.dport = htons(53);
+}
+
+
+/*
+ * LOCAL/STATIC function, only available in the module
+ * return 0 on success, != 0 on failure
+ */
+static int
+mdo_opt(int argc, char *argv[], struct _opt *opt)
+{
+    extern char *optarg;
+    /*extern int optind, opterr, optopt;*/
+    int c;
+
+    while ((c = getopt (argc, argv, "p:o:")) != -1)
+    {
+        switch (c)
+        {
+        case 'p':
+           opt->nt.dport = htons(atoi(optarg)); 
+           break;
+        case 'o':
+           opt->nt.sport = htons(atoi(optarg)); 
+           break;
+        case ':':
+            fprintf(stderr, "missing parameter\n");
+            return(-1);
+        default:
+            return(-1);
+        }
+    }
+    return(0);
+}
+
+
+/*
+ * add a DNS header
+ */
+static void
+add_dnshdr(unsigned char *pkt)
+{
+    struct _dnshdr *dnshdr = (struct _dnshdr *)pkt;
+
+    dnshdr->id = htons(6);      /* could be random */
+    dnshdr->flags = htons(0x0100);      /* do query recursivly */
+    dnshdr->num_q = htons(1);
+    dnshdr->num_answ_rr = 0;
+    dnshdr->num_auth_rr = 0;
+    dnshdr->num_addi_rr = 0; 
+/* add request here. class TXT etc */
+}
+
+/*
+ * add DNS-TXT header here
+ * returns length in *len
+ */
+static void
+add_dnstxthdr(unsigned char *pkt, char *name, u_int *len)
+{
+    u_short *type;
+    u_short *class;
+
+    if (name == NULL)
+        return;         /* nah! specifiy "". we need \0 termination */
+
+    memcpy(pkt, name, strlen(name)+1);
+    type = (u_short *)(pkt + strlen(name) + 1);
+    class = (u_short *)(pkt + strlen(name) + 1 + sizeof(*class));
+    
+    *type = htons(0x10);        /* TEXT string */
+    *class = htons(0x03);       /* chaos */
+    *len = strlen(name) + 1 + sizeof(*type) + sizeof(*class);
+}
+
+
+/*
+ * handle incoming DNS udp answers
+ */
+static int
+process_rcv(struct _opt *opt)
+{
+    struct _dnshdr *dns;
+    struct _dnsanswr *dnsanswr;
+    struct udphdr *udp;
+    char *ptr;
+    char buf[128];
+    int len, dnstxtlen;
+    uint iphdr_len = 0;
+
+    if (ip->ip_p != IPPROTO_UDP)
+        return(0);
+
+    iphdr_len = IP_SIZE + ip_options;
+    if (plen < dlt_len + iphdr_len + sizeof(*udp) + sizeof(*dns))
+        return(-1);     /* invalid size */
+    
+    dns = (struct _dnshdr *) (align_buf + iphdr_len + sizeof(*udp));
+    if (ntohs(dns->flags) & 0x000F)     /* dns-error? query refused ? */
+        return(-1);
+
+    ptr = (char *) (align_buf + iphdr_len + sizeof(*udp) + sizeof(*dns));
+    len = dlt_len + iphdr_len + sizeof(*udp) + sizeof(*dns);
+
+    while (len++ < plen)
+        if (*ptr++ == '\0')
+            break;
+
+    if (len >= plen)
+        return(-1);
+
+    len += 4;
+    ptr += 4;
+ 
+    while (len++ < plen)                /* skip VERSION.BIND answer string */
+        if (*ptr++ == '\0')
+            break;
+
+    len += sizeof(*dnsanswr);
+    if (len >= plen)
+        return(-1);
+
+    dnsanswr = (struct _dnsanswr *) (ptr);
+    dnstxtlen = ntohs(dnsanswr->len);
+    if (len + dnstxtlen > plen) 
+        return(0); 
+
+    if ((dnstxtlen == 0) || (dnstxtlen > 128))
+        return(-1);
+
+    memcpy(buf, ptr + sizeof(*dnsanswr) +1, dnstxtlen - 1); 
+    buf[dnstxtlen - 1] = '\0';
+
+    ptr = buf;          /* evil hax0rs sending messed up strings ? */
+    while (*++ptr != '\0')
+        if (!isprint((int)*ptr))
+                *ptr = '_';
+
+    printf("%s VERSION.BIND. \"%s\"\n", int_ntoa(ip->ip_src.s_addr), buf);
+
+    return(0);
+   
+}
+
+
diff --git a/other/b-scan/tmp/modules/mod_httpd.c b/other/b-scan/tmp/modules/mod_httpd.c
new file mode 100644
index 0000000..275125c
--- /dev/null
+++ b/other/b-scan/tmp/modules/mod_httpd.c
@@ -0,0 +1,188 @@
+/*
+ * mod_example.c
+ * Example module for bscan.
+ */
+
+#include <bscan/bscan.h>
+#include <bscan/module.h>
+#include <stdio.h>
+
+
+#ifndef MOD_NAME
+#define MOD_NAME        "mod_httpd"
+#endif
+
+#define HEADREQ         "HEAD / HTTP/1.0\r\n\r\n"
+
+
+static int isinit=0;
+/*
+ * some variables from the binary-process
+ */
+extern int dlt_len;
+extern u_char *align_buf;
+extern unsigned short ip_options;
+extern struct ip *ip;
+extern struct Ether_header *eth;
+extern u_int plen, pcaplen;
+
+struct _mopt
+{
+    unsigned short int dport;   /* dport in NBO */
+    char *request;      /* the http-request */
+} static mopt;
+
+/*
+ * static functions prototypes
+ */
+static int mdo_opt(int, char **, struct _opt *);
+static void init_vars(struct _opt *);
+static int process_rcv(struct _opt *);
+
+/*
+ * print out usage informations
+ */
+void
+musage()
+{
+    printf ("\n"MOD_NAME"\n");
+    printf (" -p <port>, default 80\n");
+    printf (" -r <request>, default 'HEAD / HTTP/1.0'\n");
+}
+
+
+/*
+ * return 0 on success, != 0 on failure
+ */
+int
+init(char **modname, int argc, char *argv[], struct _opt *opt)
+{
+#ifdef DEBUG
+        printf("MODULE INIT\n");
+#endif
+        if (isinit)
+                return(-1);
+
+        *modname = MOD_NAME;
+        isinit = 1;
+        init_vars(opt);
+
+        if (mdo_opt(argc, argv, opt) != 0)
+                return(-1);
+
+        return(0);
+}
+
+/*
+ * fini-routine. called on cleanup 
+ */
+int
+fini()
+{
+#ifdef DEBUG
+        printf("MODULE FINI\n");
+#endif
+        return(0);
+}
+
+
+/*
+ * 
+ */
+int
+callmdl(int entry, struct _opt *opt)
+{
+#ifdef DEBUG
+        printf("MODULE CALLMDL\n");
+#endif
+        if (entry == MOD_FIRSTPKG)
+                return(RMOD_SKIP);
+
+        if (entry == MOD_RCV)
+                process_rcv(opt);
+
+        return(RMOD_OK);
+}
+
+
+/*
+ ***********************************************************
+ *  Our OWN/static functions for THIS module               *
+ ***********************************************************
+ */
+
+/*
+ * initialize all local variables.
+ * We use some 'unused' variables of the masterprogramm
+ */
+static void
+init_vars(struct _opt *opt)
+{
+    mopt.dport = htons(80);
+    mopt.request = HEADREQ;
+}
+
+
+/*
+ * LOCAL/STATIC function, only available in the module
+ * return 0 on success, != 0 on failure
+ */
+static int
+mdo_opt(int argc, char *argv[], struct _opt *opt)
+{
+    extern char *optarg;
+    /*extern int optind, opterr, optopt;*/
+    int c;
+
+    while ((c = getopt (argc, argv, "p:r:")) != -1)
+    {
+        switch (c)
+        {
+        case 'p':
+           mopt.dport = htons(strtoul (optarg, (char **) NULL, 10));
+           break;
+        case 'r':
+           mopt.request = optarg;
+           fprintf(stderr, MOD_NAME ": requesting \"%s\"\n", optarg);
+           break;
+        case ':':
+            fprintf(stderr, "missing parameter\n");
+            return(-1);
+        default:
+            return(-1);
+        }
+    }
+    return(0);
+}
+
+
+/*
+ * process incoming packets 
+ * IP-packet is verified and variables valid (ip_options, *ip)
+ */
+static int
+process_rcv(struct _opt *opt)
+{
+    struct tcphdr *tcp;
+    unsigned short tcp_options = 0;
+    uint iphdr_len = 0;
+
+
+    if (ip->ip_p != IPPROTO_TCP)
+        return(0);
+
+    iphdr_len = sizeof(*ip) + ip_options;
+    tcp = (struct tcphdr *) (align_buf + iphdr_len);
+
+    if (vrfy_tcp(tcp, plen - dlt_len - iphdr_len, &tcp_options) != 0)
+        return(0);
+
+    if (tcp->th_sport != mopt.dport)
+        return(0);
+
+    if ((tcp->th_flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK))
+        answer_tcp (opt->sox, ip, tcp, TH_ACK | TH_PUSH, mopt.request, strlen(mopt.request));
+
+   return(0);
+}
+
diff --git a/other/b-scan/tmp/modules/mod_ping.c b/other/b-scan/tmp/modules/mod_ping.c
new file mode 100644
index 0000000..73a90a4
--- /dev/null
+++ b/other/b-scan/tmp/modules/mod_ping.c
@@ -0,0 +1,205 @@
+/*
+ * ping-module for bscan.
+ * IDEA: add record-route and source-route feature
+ *       and -p pattern [where can we save our time-struct then ?
+ */
+
+#include <bscan/bscan.h>
+#include <bscan/module.h>
+#include <bscan/system.h>
+#include <stdio.h>
+
+
+#ifndef MOD_NAME
+#define MOD_NAME        "mod_ping"
+#endif
+
+static int process_rcv(struct _opt *);
+
+static int isinit=0;
+/*
+ * some variables from the binary-process
+ */
+extern int dlt_len;
+extern u_char *align_buf;
+extern unsigned short ip_options;
+extern struct ip *ip;
+extern struct Ether_header *eth;
+extern u_int plen, pcaplen;
+extern struct timeval *pts;
+
+struct _mopt
+{
+   int type;
+   int size;
+} static mopt;
+
+/*
+ * static functions prototypes
+ */
+static int mdo_opt(int, char **, struct _opt *);
+static void init_vars(struct _opt *);
+
+/*
+ * print out usage informations
+ */
+void
+musage()
+{
+    printf ("\n"MOD_NAME"\n");
+    printf (" -t (echo|time) -s <size>, size of ping-data [default 56].\n");
+}
+
+
+/*
+ * return 0 on success, != 0 on failure
+ */
+int
+init(char **modname, int argc, char *argv[], struct _opt *opt)
+{
+#ifdef DEBUG
+        printf("MODULE INIT\n");
+#endif
+        if (isinit)
+                return(-1);
+
+        *modname = MOD_NAME;
+        isinit = 1;
+        init_vars(opt);
+
+        if (mdo_opt(argc, argv, opt) != 0)
+                return(-1);
+
+        return(0);
+}
+
+/*
+ * fini-routine. called on cleanup 
+ */
+int
+fini()
+{
+#ifdef DEBUG
+        printf("MODULE FINI\n");
+#endif
+        return(0);
+}
+
+
+/*
+ * Module entry point [entry]
+ * RMOD_OK: everything allright. send  the packet out [if first]
+ *          or do nothing [MOD_RCV].
+ * RMOD_SKIP: proceed with next IP without sending out the packet.
+ */
+int
+callmdl(int entry, struct _opt *opt)
+{
+#ifdef DEBUG
+        printf("MODULE CALLMDL\n");
+#endif
+        if (entry == MOD_FIRSTPKG)
+        {
+                add_icmpping (opt->packet + ETH_SIZE + IP_SIZE, mopt.size, mopt.type);
+                add_iphdr (opt->packet + ETH_SIZE, IPPROTO_ICMP, &opt->nt, ICMP_SIZE + mopt.size);
+                opt->pkg_len = IP_SIZE + ICMP_SIZE + mopt.size;
+                return(RMOD_OK);
+        }
+
+        if (entry == MOD_RCV)
+                process_rcv(opt);
+
+        return(RMOD_OK);
+}
+
+
+/*
+ ***********************************************************
+ *  Our OWN/static functions for THIS module               *
+ ***********************************************************
+ */
+
+/*
+ * initialize all local variables.
+ * We use some 'unused' variables of the masterprogramm
+ */
+static void
+init_vars(struct _opt *opt)
+{
+    mopt.size = ICMP_ECHO;
+    mopt.size = 56;
+}
+
+
+/*
+ * LOCAL/STATIC function, only available in the module
+ * return 0 on success, != 0 on failure
+ */
+static int
+mdo_opt(int argc, char *argv[], struct _opt *opt)
+{
+    extern char *optarg;
+    /*extern int optind, opterr, optopt;*/
+    int c;
+
+    while ((c = getopt (argc, argv, "t:s:")) != -1)
+    {
+        switch (c)
+        {
+        case 't':
+           if (strcasecmp (optarg, "echo") == 0)
+             mopt.type = ICMP_ECHO;
+           else if (strcasecmp (optarg, "time") == 0)
+             mopt.type = ICMP_TSTAMP;
+           else
+             return (-1);
+           break;
+        case 's':
+           mopt.size = atoi(optarg);    
+           break;
+        case ':':
+            fprintf(stderr, "missing parameter\n");
+            return(-1);
+        default:
+            return(-1);
+        }
+    }
+    return(0);
+}
+
+
+/*
+ * handle incoming icmp ECHO_REPLY packages
+ */
+static int
+process_rcv(struct _opt *opt)
+{
+    struct icmp *icmp;
+    struct timeval now;
+    double rrt;
+
+    if (ip->ip_p != IPPROTO_ICMP)
+        return(0);
+
+    if (plen < dlt_len + IP_SIZE + ip_options + sizeof(*icmp))
+        return(0);      /* invalid size */
+
+   icmp = (struct icmp *) (align_buf + IP_SIZE + ip_options);
+
+//   if ((icmp->icmp_type != 0) || (icmp->icmp_code != 0))
+//      return(0);
+        
+   memcpy(&now, pts, sizeof(now));
+   time_diff((struct timeval *)icmp->icmp_dun.id_data, &now);
+   rrt = now.tv_sec * 1000.0 + now.tv_usec / 1000.0;
+
+   printf("%d bytes from %s: icmp_seq=%u ttl=%d time=%.3f ms\n",
+        (int)(plen - dlt_len - IP_SIZE - ip_options),
+        int_ntoa(ip->ip_src.s_addr), icmp->icmp_hun.ih_idseq.icd_seq,
+        ip->ip_ttl, rrt);
+
+   return(0);
+   
+}
+
+
diff --git a/other/b-scan/tmp/modules/mod_snmp.c b/other/b-scan/tmp/modules/mod_snmp.c
new file mode 100644
index 0000000..db56455
--- /dev/null
+++ b/other/b-scan/tmp/modules/mod_snmp.c
@@ -0,0 +1,899 @@
+/*
+ * SimpleNetworkManagementProtocol module for bscan.
+ * RFC 1157
+ * <buggy/lame implementation>
+ *
+ * ###fixme todo: port to sparc
+ */
+
+#include <bscan/bscan.h>
+#include <bscan/module.h>
+#include <bscan/system.h>
+#include <stdio.h>
+
+
+#ifndef MOD_NAME
+#define MOD_NAME        "mod_snmp"
+#endif
+
+#define SNMP_DFLT_REQOBJ        "1.3.6.1.2.1.1"
+
+#define MAX_VALSTRLEN   512
+
+#define MOPT_NOOBJ      0x01
+#define MOPT_STRIP      0x02
+
+#define SNMP_GET        0xa0
+#define SNMP_GET_NEXT   0xa1
+#define SNMP_SET        0xa3
+#define ASN_SUBCAT      0x30    /* BER encoding, sub-categorie */
+
+#ifndef ASN_INTEGER
+#define ASN_INTEGER         ((u_char)0x02)
+#endif
+#define ASN_INTEGERSTR          "INTEGER"
+#ifndef ASN_BIT_STR
+#define ASN_BIT_STR         ((u_char)0x03)
+#endif
+#define ASN_BIT_STRSTR          "BITSTRING"
+#ifndef ASN_OCTET_STR
+#define ASN_OCTET_STR       ((u_char)0x04)
+#endif
+#define ASN_OCTET_STRSTR        "STRING"
+#ifndef ASN_NULL
+#define ASN_NULL            ((u_char)0x05)
+#endif
+#define ASN_NULLSTR             "NULL"
+#ifndef ASN_OBJECT_ID
+#define ASN_OBJECT_ID       ((u_char)0x06)
+#endif
+#define ASN_OBJECT_IDSTR        "OBJ"
+#ifndef ASN_APPLICATION
+#define ASN_APPLICATION     ((u_char)0x40)
+#endif
+#ifndef ASN_LONG_LEN
+#define ASN_LONG_LEN         ((u_char)0x80)
+#endif
+#define ASN_APPLICATIONSTR      "APPLICATION"
+#ifndef ASN_IPADDRESS
+#define ASN_IPADDRESS   (ASN_APPLICATION | 0)
+#endif
+#define ASN_IPADDRESSSTR        "IPADDR"
+#ifndef ASN_UNSIGNED
+#define ASN_UNSIGNED    (ASN_APPLICATION | 2)
+#endif
+#define ASN_UNSIGNEDSTR         ASN_INTEGERSTR
+#ifndef ASN_TIMETICKS
+#define ASN_TIMETICKS   (ASN_APPLICATION | 3)
+#endif
+#define ASN_TIMETICKSSTR        "TIMETICKS"
+#ifndef ASN_COUNTER
+#define ASN_COUNTER (ASN_APPLICATION | 1)
+#endif
+#define ASN_COUNTERSTR          "COUNTER"
+
+#define SNMP_ERR_WRONGTYPE              (7)
+#define SNMP_ERR_WRONGLENGTH            (8)
+#define SNMP_ERR_WRONGENCODING          (9)
+#define SNMP_ERR_WRONGVALUE             (10)
+#define SNMP_ERR_NOCREATION             (11)
+#define SNMP_ERR_INCONSISTENTVALUE      (12)
+#define SNMP_ERR_RESOURCEUNAVAILABLE    (13)
+#define SNMP_ERR_COMMITFAILED           (14)
+#define SNMP_ERR_UNDOFAILED             (15)
+#define SNMP_ERR_AUTHORIZATIONERROR     (16)
+#define SNMP_ERR_NOTWRITABLE            (17)
+
+char *snmp_error[] = {
+        "NO ERROR",
+        "TOO BIG",
+        "NO SUCH NAME",
+        "BAD VALUE",
+        "READONLY",
+        "GENERELL ERROR",
+        "NO ACCESS",
+        "WRONG TYPE",
+        "WRONG LENGTH",
+        "WRONG ENCODING",
+        "WRONG VALUE",
+        "NO CREATION",
+        "INCONSISTENT VALUE",
+        "RESOURCE UNAVAILABLE",
+        "COMMIT FAILED",
+        "UNDO FAILED",
+        "AUTORISATION ERROR",
+        "NOT WRITEABLE",
+        "INCONSISTENT NAME" };
+
+#define MAX_SNMP_ERR    18
+
+
+
+#define ADD_DATA(ptr, in, len, totlen) memcpy(ptr, in, len);\
+        *totlen = *totlen + len;
+
+#define min(a,b)       ((a)<(b)?(a):(b))
+
+
+static int isinit=0;
+/*
+ * some variables from the binary-process
+ */
+extern int dlt_len;
+extern u_char *align_buf;
+extern unsigned short ip_options;
+extern struct ip *ip;
+extern struct Ether_header *eth;
+extern u_int plen, pcaplen;
+extern struct timeval *pts;
+
+struct _pdu
+{
+    u_char      *varbuf;
+    int         varlen;
+};
+
+struct _mopt
+{
+    char        *community;
+    u_char      flags;
+    u_char      snmptor;        /* type of request */
+    struct _pdu pdu;
+} static mopt;
+
+struct _pdunfo
+{
+    u_char *community;
+    u_char *pdu_type;
+    u_char *error_status;
+    u_char *error_idx;
+} static pdunfo;
+
+
+/*
+ * static functions prototypes
+ */
+static int mdo_opt(int, char **, struct _opt *);
+static void init_vars(struct _opt *);
+static int process_rcv(struct _opt *);
+static int add_snmp (u_char *, int *);
+static int add_snmpreq (u_char *, int *, u_char, u_char *, struct _pdu *);
+static int add_snmp_var(struct _pdu *, u_char *);
+static int build_snmp_objreq(u_char *, u_char *,u_char *, u_char, u_char *);
+static int str2asnv(u_char *, u_char, u_char *, u_char *);
+static int str2objid(u_char *, u_char *, u_char *);
+
+
+/*
+ * print out usage informations
+ */
+void
+musage()
+{
+    printf ("\n"MOD_NAME"\n");
+    printf ("snmp module\n");
+    printf (" -p <port>, destination port, default 161\n");
+    printf (" -o <port>, source port, default 53\n");
+    printf (" -r <request[:type[:value]]>, default '1.3.6.1.2.1.1 (system)'\n");
+    printf (" -c <community name>, default 'public'\n");
+    printf (" -g <requesttype>, (get|getnext|set), default 'getnext'\n");
+    printf (" -s strip unprintable characters from STRING types, and output as text\n");
+    printf (" -q dont print out OBJ-types\n");
+    printf ("\n");
+    printf ("type: i: INTEGER, s: STRING, n: NULLOBJ, o: OBJID\n");
+    printf ("      t: TIMETICKS, a: IPADDRESS, b: BITSTRING, c: COUNTER\n"); 
+    printf ("\n");
+    printf ("you can request multiple objects with one request:\n");
+    printf ("-g get -r 1.3.6.1.2.1.1.1.0 -r 1.3.6.1.2.1.1.4.0 -r 1.3.6.1.2.1.1.5.0\n");
+}
+
+
+/*
+ * return 0 on success, != 0 on failure
+ */
+int
+init(char **modname, int argc, char *argv[], struct _opt *opt)
+{
+#ifdef DEBUG
+        printf("MODULE INIT\n");
+#endif
+        if (isinit)
+                return(-1);
+
+        *modname = MOD_NAME;
+        isinit = 1;
+        init_vars(opt);
+
+        if (mdo_opt(argc, argv, opt) != 0)
+                return(-1);
+
+        return(0);
+}
+
+/*
+ * fini-routine. called on cleanup 
+ */
+int
+fini()
+{
+#ifdef DEBUG
+        printf("MODULE FINI\n");
+#endif
+        return(0);
+}
+
+
+/*
+ * Module entry point [entry]
+ * RMOD_OK: everything allright. send  the packet out [if first]
+ *          or do nothing [MOD_RCV].
+ * RMOD_SKIP: proceed with next IP without sending out the packet.
+ * RMOD_ERROR: failed to create packet.
+ * RMOD_ABRT: critical failure, abort!
+ */
+int
+callmdl(int entry, struct _opt *opt)
+{
+#ifdef DEBUG
+        printf("MODULE CALLMDL\n");
+#endif
+        if (entry == MOD_FIRSTPKG)
+        {
+            add_snmp(opt->packet+ ETH_SIZE + IP_SIZE + UDP_SIZE, &opt->pkg_len);
+            add_udphdr (opt->packet+ ETH_SIZE+ IP_SIZE, &opt->nt, opt->pkg_len);
+            add_iphdr (opt->packet + ETH_SIZE, IPPROTO_UDP, &opt->nt, opt->pkg_len + UDP_SIZE);
+            opt->pkg_len += UDP_SIZE + IP_SIZE;
+
+            return(RMOD_OK);
+        }
+
+        if (entry == MOD_RCV)
+                process_rcv(opt);
+
+        return(RMOD_OK);
+}
+
+
+/*
+ ***********************************************************
+ *  Our OWN/static functions for THIS module               *
+ ***********************************************************
+ */
+
+/*
+ * initialize all local variables.
+ * We use some 'unused' variables of the masterprogramm
+ */
+static void
+init_vars(struct _opt *opt)
+{
+    opt->nt.sport = htons(32770);
+    opt->nt.dport = htons(161);
+    mopt.flags = 0;
+    mopt.community = "public";
+    mopt.snmptor = SNMP_GET_NEXT;
+}
+
+
+/*
+ * LOCAL/STATIC function, only available in the module
+ * return 0 on success, != 0 on failure
+ */
+static int
+mdo_opt(int argc, char *argv[], struct _opt *opt)
+{
+    extern char *optarg;
+    /*extern int optind, opterr, optopt;*/
+    int c;
+
+    while ((c = getopt (argc, argv, "qsg:c:r:p:o:")) != -1)
+    {
+        switch (c)
+        {
+        case 'q':
+           mopt.flags |= MOPT_NOOBJ;
+           break;
+        case 's':
+           mopt.flags |= MOPT_STRIP;
+           break;
+        case 'p':
+           opt->nt.dport = htons(atoi(optarg)); 
+           break;
+        case 'o':
+           opt->nt.sport = htons(atoi(optarg)); 
+           break;
+        case 'r':
+           add_snmp_var(&mopt.pdu, optarg);
+           break;
+        case 'c':
+           mopt.community = optarg;
+           break;
+        case 'g':
+           if (strcasecmp (optarg, "get") == 0)
+                mopt.snmptor = SNMP_GET;
+           else if (strcasecmp (optarg, "getnext") == 0)
+                mopt.snmptor = SNMP_GET_NEXT;
+           else if (strcasecmp (optarg, "set") == 0)
+                mopt.snmptor = SNMP_SET;
+           else
+                return (-1);
+           break;
+        case ':':
+            fprintf(stderr, "missing parameter\n");
+            return(-1);
+        default:
+            return(-1);
+        }
+    }
+
+    if (mopt.pdu.varbuf == NULL)
+        add_snmp_var(&mopt.pdu, SNMP_DFLT_REQOBJ);
+        
+    return(0);
+}
+
+
+static u_char
+strtoasn_vtype(int src)
+{
+
+    src = tolower(src);
+
+    switch (src)
+    {
+        case 'i':
+            return(ASN_INTEGER);
+        case 's':
+            return(ASN_OCTET_STR);
+        case 'n':
+            return(ASN_NULL);
+        case 'o':
+            return(ASN_OBJECT_ID);
+        case 't':
+            return(ASN_TIMETICKS);
+        case 'b':
+            return(ASN_BIT_STR);
+        case 'a':
+            return(ASN_IPADDRESS);
+        case 'u':
+            return(ASN_UNSIGNED);
+        case 'c':
+            return(ASN_COUNTER);
+        default:
+            fprintf(stderr, "WARNING: unsupported value-type.\n");
+            return(src);
+    }
+    
+    return(ASN_NULL);
+}
+
+/*
+ * add variable to our variable-queue
+ * input: <objid-dodded notation>:<value type>:<value>-format
+ * return 0 on success, !=0 on parse error etc
+ */
+static int
+add_snmp_var(struct _pdu *pdu, u_char *src)
+{
+    u_char *request;
+    u_char vtype = 5;
+    u_char *value = NULL;
+    u_char *ptr = NULL;
+    u_char reqlen=0;
+
+    if (pdu->varbuf == NULL)
+    {
+        pdu->varbuf = calloc(1, 1024);
+        pdu->varlen = 0;
+    }
+
+    request = src;
+
+    if ( (ptr = strchr(src, ':')) != NULL)
+        *ptr++ = '\0';
+
+    src = ptr;
+    if (ptr != NULL)
+    {
+        if ( (ptr = strchr(src, ':')) != NULL)
+        {
+            *ptr++ = '\0';
+            if (strlen(ptr) > 0)
+                value = ptr;
+        }
+        vtype = strtoasn_vtype(*src);
+    }
+
+    if (build_snmp_objreq(pdu->varbuf + pdu->varlen, &reqlen, request, vtype, value) != 0)
+     {
+        fprintf(stderr, "WARNING: error while parsing reqOBJ\n");
+        return(-1);
+     }
+
+    pdu->varlen += reqlen;
+
+    return(0);
+}
+
+/*
+ * convert OBJ-ID and build the snmp-request packet
+ * save the work and reuse [better performance, the snmp
+ * packet is always the same].
+ * return 0 on success
+ */
+static int
+add_snmp(u_char *ptr, int *lenptr)
+{
+    static u_char *buf = NULL;
+    static int buflen;
+
+    if (buf != NULL)    /* fastmode, use old copy of previous build snmppkg */
+    {
+        *lenptr = buflen;
+        memcpy(ptr, buf, buflen);
+        return(0);
+    }
+
+    if (buf == NULL)
+        buf = malloc(1024);
+
+    add_snmpreq (ptr, lenptr, mopt.snmptor, mopt.community, &mopt.pdu); 
+
+    memcpy(buf, ptr, *lenptr);  /* for later reuse */
+    buflen = *lenptr;
+
+    return(0);
+}
+
+/*
+ * convert snmp obj in dotted-notation, 0-terminated string to obj-id in asn.1
+ */
+static int
+str2objid(u_char *dst, u_char *retlen, u_char *src)
+{
+    u_char *dotptr;
+    u_char len;
+
+    if (strncmp(src, "1.3.6.1.", 8) != 0)
+        return(-1);     /* snmp only , iso.org.dot.internet.* */
+
+    src += 8;  /* we know the first 8 bytes. */
+
+    memcpy(dst, "\x2b\x06\x01", 3);     /* yepp, we know this. "1.3.6.1" */
+    dst += 3;
+    dotptr = src;
+    len = 3;    /* 2b-06-01 */
+    while ( (dotptr = strchr (src, '.')) != NULL)
+    {
+        *dotptr = '\0';
+        *dst++ = (u_char)atoi(src);
+        src = ++dotptr;
+        len++;
+    }
+    if (strlen(src) > 0)
+    {
+        *dst++ = (u_char)atoi(src);
+        len++;
+    }
+
+    *retlen = len;
+    return(0);
+}
+
+
+/*
+ * convert input to ASN.1 BER encodet <obj-id><value>
+ * dst: guess what.
+ * ptr: snmp obj in dotted-notation (1.3.6.1.2.1.1....), 0-terminated string
+ * tov: type of value, ASN.1 encodet (int, 8octet string, ...)
+ * value: the value (string, 0-terminated)
+ * return: 0 on success
+ */
+static int 
+build_snmp_objreq(u_char *dst, u_char *retlen, u_char *src, u_char tov, 
+                  u_char *value)
+{
+    u_char *srcw;
+    u_char vlen = 0;
+    u_char *sublen;
+    u_char *subsublen;
+    u_char *subvlen;
+    u_char len;
+
+    srcw = alloca(strlen(src)+1);
+    memcpy(srcw, src, strlen(src)+1);
+    if (strlen(srcw) <= 4)
+        return(-1);
+    
+    *dst++ = ASN_SUBCAT;        
+    sublen = dst++;     /* we set the length later coz we dont know it yet */
+
+    *dst++ = 0x06;      /* OBJ-ID */
+    subsublen = dst++;  /* and this also not */
+
+    if (str2objid(dst, &len, srcw) != 0)
+        return(-1);
+
+    *subsublen = len;   /* length of obj */
+    dst += len;
+
+    *dst++ = tov;       /* type of value */
+    subvlen = dst++;    /* we set this later..we dont know the length yet */
+    str2asnv(value, tov, dst, &vlen);
+
+    *subvlen = vlen;    /* length of value */
+
+    *sublen = len + vlen + 4;   /* length of <obj-id><tov:value> */
+
+    *retlen = len + vlen + 6; 
+    return(0);
+}
+
+
+/*
+ * convert 0-terminated string value to asn encodet value
+ * return 0 on success
+ * on return the length of rvalue < value.
+ * input: value [0 terminated string]
+ *        tov [asn]-type of value
+ * output: rvalue [non 0-terminated string with asn-value]
+ *         vlen [length of rvalue]
+ * return 0 on success
+ * attention: we use full integers (length=4, not reduced in length
+ * to the minimum size). the snmp-lib reduces the length of an
+ * integer to the minimum size...but this is not a must
+ */
+static int
+str2asnv(u_char *value, u_char tov, u_char *rvalue, u_char *vlen)
+{
+    unsigned long int ltmp;
+
+    if (rvalue == NULL)
+        return(0);              /* yes, NULL is allowed */
+    if ((rvalue != NULL) && (vlen == NULL))
+        return(-1);
+
+    switch(tov)
+    {
+        case ASN_INTEGER:
+            ltmp = htonl(strtol(value, NULL, 10));
+            memcpy(rvalue, &ltmp, sizeof(ltmp));
+            *vlen = sizeof(ltmp);
+            break;
+        case ASN_UNSIGNED:
+        case ASN_COUNTER:
+        case ASN_TIMETICKS:
+            ltmp = htonl(strtoul(value, NULL, 10));
+            memcpy(rvalue, &ltmp, sizeof(ltmp));
+            *vlen = (sizeof(ltmp));
+            break;
+        case ASN_IPADDRESS:
+            ltmp = inet_addr(value);
+            memcpy(rvalue, &ltmp, sizeof(ltmp));
+            *vlen = sizeof(ltmp);
+            break;
+        case ASN_OBJECT_ID:
+            str2objid(rvalue, vlen, value);
+            break;
+        case ASN_OCTET_STR:
+            memcpy(rvalue, value, strlen(value));
+            *vlen = strlen(value);
+            break;
+        case ASN_NULL:
+            *vlen = 0;
+            break;
+        default:
+            *vlen = 0;
+            fprintf(stderr, "WARNING, unsupported value type !\n");
+    }
+
+    return(0);
+}
+
+/*
+ * add snmp request
+ * build the entire SNMP packet [version, community, pdu, id, error, idx, ..]
+ * req: objs + values [BER encodet, already with header and \x30 sub start]
+ * reqlen: len of entire req [objs + values]
+ * tor: type of request [get, getnext, set]
+ */
+static int
+add_snmpreq (u_char *pkt, int *len, u_char tor, u_char *community, struct _pdu *pdu)
+{
+    int le = 0;
+
+    *(pkt + le++) = ASN_SUBCAT;
+    *(pkt + le++) = (u_char)(pdu->varlen +  strlen(community) + 18);
+    ADD_DATA(pkt + le, "\x02\x01\x00\x04" , 4, &le);    /* SNMPv1 + STRINGOBJ*/
+    *(pkt + le++) = (u_char)strlen(community);
+    ADD_DATA(pkt + le, community, strlen(community), &le);
+    *(pkt + le++) = tor;                /* PDU GET-NEXTrequest */
+    /* lenof(<req-id> + <err-state> + <err-idx> + <SUB> <obj+values>) */
+    *(pkt + le++) = (u_char)(pdu->varlen + 11);
+    /* <req-id> + <err-state> + <err-idx> <SUB-OBJ> */
+    ADD_DATA(pkt + le, "\x02\x01\x01\x02\x01\00\x02\x01\x00\x30", 10, &le);
+    *(pkt + le++) = (u_char)(pdu->varlen); 
+    ADD_DATA(pkt + le, pdu->varbuf, pdu->varlen, &le);
+
+    *len = le;
+    return(0);
+}
+
+
+/*
+ * convert asn encoded obj to string
+ * input: string of <type of value><length of value><value>
+ * datalen: max len i'm allowed to read from "ptr --> ..."
+ * return:
+ * prefix is the string representation of the value-type e.g. "OCTET-STRING"..
+ *   and '<trunc>' if value got truncated.
+ *   is < 64 chars...
+ * val: the value (0-terminated string)
+ * return 0 on success
+ * 1 if truncated (value-length > size of snmp or val to small)
+ * -1 on error
+ */
+static int
+asn2str(u_char *ptr, u_char *prefix, u_char *val, unsigned int datalen)
+{
+    unsigned long int   len, day, hour, min, sec, msec;
+    u_char              *ptr2;
+    u_char              vlen = *(ptr+1);        /* saved value length */
+    u_char              tov = *ptr;
+    unsigned long int   ltmp;
+    int                 i, slen = 0;
+    u_char              buf[128];
+
+    if (vlen > datalen-2)
+        len = datalen-2;
+    else
+        len = vlen;
+
+    *val = '\0';
+    *prefix = '\0';
+
+    switch(tov)
+    {
+        case ASN_IPADDRESS:
+           if (len > sizeof(ltmp))
+                len = sizeof(ltmp);
+
+           ptr2 = (u_char *)&ltmp;
+           memcpy(ptr2 + sizeof(ltmp) - len, ptr+2, len);
+           sprintf(val, "%s", int_ntoa(ltmp));
+           strcpy(prefix, ASN_IPADDRESSSTR);
+           break;
+        case ASN_NULL:
+           strcpy(prefix, ASN_NULLSTR);
+           break;
+        case ASN_TIMETICKS:
+           if (len > sizeof(ltmp))
+                len = sizeof(ltmp);
+
+            ltmp = 0;
+            ptr2 = (u_char *)&ltmp;
+            memcpy(ptr2 + sizeof(ltmp) - len, ptr+2, len);
+            ltmp = ntohl(ltmp);
+            day = ltmp / 8640000;
+            hour = (ltmp % 8640000) / 360000;
+            min = (ltmp % 360000) / 6000;
+            sec = (ltmp % 6000) / 100;
+            msec = (ltmp % 100);
+            sprintf(val, "(%lu) %d days, %2.2d:%2.2d:%2.2d.%d", ltmp, 
+                        (int)day, (int)hour, (int)min, (int)sec, (int)msec);
+            if (tov == ASN_TIMETICKS)
+                strcpy(prefix, ASN_TIMETICKSSTR);
+            break;
+        case ASN_INTEGER:
+        case ASN_UNSIGNED:
+        case ASN_COUNTER:
+            ltmp = 0;
+            if (len > sizeof(ltmp))
+                len = sizeof(ltmp);
+
+            ptr2 = (u_char *)&ltmp;
+            memcpy(ptr2 + sizeof(ltmp) - len, ptr+2, len);
+
+            if (tov == ASN_INTEGER)
+                sprintf(val, "%lu", (unsigned long int)ntohl(ltmp));
+            else
+                sprintf(val, "%ld", (long int)ntohl(ltmp));
+
+            if (tov == ASN_INTEGER)
+                strcpy(prefix, ASN_INTEGERSTR);
+            if (tov == ASN_UNSIGNED)
+                strcpy(prefix, ASN_UNSIGNEDSTR);
+            if (tov == ASN_COUNTER)
+                strcpy(prefix, ASN_COUNTERSTR);
+            break;
+        case ASN_OCTET_STR:
+            if (isprintdata(ptr+2, len))
+            {
+                if (len > MAX_VALSTRLEN-1)
+                    len = MAX_VALSTRLEN-1;
+                memcpy(val, ptr+2, len);
+                val[len] = '\0';
+            } else if ((mopt.flags & MOPT_STRIP) == MOPT_STRIP) {
+                dat2strip(val, MAX_VALSTRLEN, ptr+2, len);
+            } else {
+                dat2hexstr(val, MAX_VALSTRLEN, ptr+2, len);
+            }
+
+            strcpy(prefix, ASN_OCTET_STRSTR);
+            break;
+        case ASN_OBJECT_ID:
+            i = 0;
+            slen = 0;
+            while(i < len)
+            {
+                if (*(ptr+2+i) == 0x2b)
+                    strcpy(buf, "1.3.");        /* substituate shorts */
+                else
+                    snprintf(buf, sizeof(buf), "%d.", *(ptr+2+i));
+
+                buf[sizeof(buf)-1] = '\0';
+                slen = strlen(val) + strlen(buf);
+
+                if (slen < MAX_VALSTRLEN -1)
+                    strcat(val, buf);
+                else
+                    break;
+
+                i++;
+            }
+            val[slen-1] = '\0';         /* remove last '.' */
+            strcpy(prefix, ASN_OBJECT_IDSTR);
+            break;
+        default:
+            dat2hexstr(val, MAX_VALSTRLEN, ptr+2, len);
+            break;
+    }
+
+    if (*prefix == '\0')
+        strcpy(prefix, "UNKNOWN");
+
+    if (vlen > len)
+    {
+        strcat(prefix, "<trunc>");
+        return(1);
+    }
+
+    return(0);
+}
+
+/*
+ * return TypeOfValue and let next point to the next asn encodet obj
+ * ptr: pointer to asn.1 encodet obj
+ * len: returns the length of the OLD value + suffix [length we skipped]
+ * next: returns a pointer to the next obj.
+ */
+static u_char 
+asn_getnext(u_char *ptr, u_char *len, u_char **next)
+{
+    u_char      vlen = *(ptr+1);
+
+    if (*ptr == ASN_SUBCAT)
+    {
+        if (vlen & ASN_LONG_LEN)
+            vlen = vlen & ~ASN_LONG_LEN;
+        else
+            vlen = 0;
+     }
+
+    *next = ptr + vlen + 2; 
+
+    *len = vlen + 2;
+    return(**next);
+}
+
+#define RETURN_ILLLEN(x,y,r)  if (x >= y) return(r);
+
+/*
+ * handle incoming snmp answers, answer with 'next' if not last record
+ */
+static int
+process_rcv(struct _opt *opt)
+{
+    struct udphdr *udp;
+    u_char *ptr;
+    int len;
+    int snmplen;
+    uint iphdr_len = 0;
+    u_char objlen;
+    u_char buf[MAX_VALSTRLEN];
+    u_char prefix[32];
+    u_char buf2[MAX_VALSTRLEN + 32];
+    u_char asnprefix[128];
+    u_char c;
+
+    if (ip->ip_p != IPPROTO_UDP)
+        return(0);
+
+    iphdr_len = IP_SIZE + ip_options;
+    if (plen < dlt_len + iphdr_len + sizeof(*udp))
+        return(-1);     /* invalid size */
+
+    udp = (struct udphdr *) (align_buf + iphdr_len);
+    ptr = (u_char *) (align_buf + iphdr_len + sizeof(*udp));
+    snmplen = plen - dlt_len - iphdr_len - sizeof(*udp);
+    len = 0;
+  
+    /*
+     * we dont check the value of the ASN_SUBCAT-length coz many buggy
+     * hosts out there return a wrong length [0xff, 0x80, ...]
+     */
+
+    ptr += 2; len += 3; /* pointing on the 3rd element */
+    RETURN_ILLLEN(len, snmplen, 0);
+
+    asn_getnext(ptr, &objlen, &ptr);    /* skip version, get community */
+    len += objlen;
+    RETURN_ILLLEN(len, snmplen, 0);
+    pdunfo.community = ptr;
+    
+    asn_getnext(ptr, &objlen, &ptr);    /* skip community, get pdu */
+    len += objlen;
+    RETURN_ILLLEN(len, snmplen, 0);
+    pdunfo.pdu_type = ptr;
+    ptr += 2;
+    len += 2;                           /* skip pdu, get reqid */
+    RETURN_ILLLEN(len, snmplen, 0);
+
+    asn_getnext(ptr, &objlen, &ptr);    /* skip reqid, get errorstatus */
+    len += objlen;
+    RETURN_ILLLEN(len, snmplen, 0);
+    pdunfo.error_status = ptr;
+
+    asn_getnext(ptr, &objlen, &ptr);    /* skip errorstatus, get erroridx */
+    len += objlen;
+    RETURN_ILLLEN(len, snmplen, 0);
+    pdunfo.error_idx = ptr;
+
+    asn_getnext(ptr, &objlen, &ptr);    /* skip erroridx, get */
+    len += objlen;
+    RETURN_ILLLEN(len, snmplen, 0);
+
+    asn_getnext(ptr, &objlen, &ptr);    /* we reached the SUB section */
+    len += objlen;
+    RETURN_ILLLEN(len, snmplen, 0);
+
+    snprintf(prefix, sizeof(prefix) - 1, "%s:%d ", int_ntoa(ip->ip_src),
+                                ntohs(udp->uh_sport));
+
+    c = *(pdunfo.error_status+2);
+    if (c != 0)
+    {
+        if (c < MAX_SNMP_ERR)
+        {
+            printf("%s%s (%d)\n", prefix, snmp_error[c],
+                        *(pdunfo.error_idx+2));
+        } else {
+            printf("%s UNKNOWN ERROR\n", prefix);
+        }
+    }
+
+    while (1)
+    {
+        asn_getnext(ptr, &objlen, &ptr);
+        if (objlen == 0)
+            return(0);
+
+        len += objlen;
+        RETURN_ILLLEN(len, snmplen, 0);
+        if (*ptr == ASN_SUBCAT)
+            continue;
+
+        if ((mopt.flags & MOPT_NOOBJ) && (*ptr == ASN_OBJECT_ID))
+           continue;
+
+        asn2str(ptr, asnprefix, buf, snmplen - len + 1);
+        snprintf(buf2, sizeof(buf2)-1, "%s %s", asnprefix, buf);
+        buf2[sizeof(buf2)-1] = '\0';
+        save_write(stdout, prefix, buf2, strlen(buf2));
+    }
+
+    return(0);
+   
+}
+
+
diff --git a/other/b-scan/tmp/src/Makefile b/other/b-scan/tmp/src/Makefile
new file mode 100644
index 0000000..6deefc4
--- /dev/null
+++ b/other/b-scan/tmp/src/Makefile
@@ -0,0 +1,88 @@
+#
+# Makefile of (m)bscan v0.0, skyper
+# Massiv Banner Scanner
+#
+
+CC=gcc
+COPT=-Wall -ggdb -I../include -I/usr/include/pcap -static
+LEX=flex
+LEXOPT=
+OBJS=bscan.o arpg.o snarf.o network_raw.o restore.o
+OBJS2=tty.o system.o signal.o dcd_icmp.o garage.o cf_prse.o module.o
+SUPOBJ=../support/hpuxdl.o ../support/snprintf.o
+TARGET=bscan
+INDENT=indent
+INDENT_OPT=-bap -nbc -bbo -bl -bli0 -bls -ncdb -nce -cp1 -cs -di2 -ndj -nfc1 -nfca -hnl -i4 -ip5 -lp  -psl -nsc -nsob
+
+# LINUX
+#######
+LOPT=-export-dynamic
+DEFS=`libnet-config --defines` -DHAVE_DLSYM -D_SVID_SOURCE #-DDEBUG
+LIBS=-lpcap -ldl -lm `libnet-config --libs` -lpthread
+
+# SunOS 5.7/5.8 + gcc
+#####################
+#LOPT=-export-dynamic
+#DEFS=`libnet-config --defines` -DHAVE_DLSYM #-DDEBUG
+#LIBS=-lpcap -ldl -lm `libnet-config --libs` -lpthread
+
+# HP-UX 11.00
+#############
+#LOPT=-Xlinker -E
+#DEFS=`libnet-config --defines` -DHAVE_DLSYM #-DDEBUG
+#LIBS=-lpcap -ldld -lm `libnet-config --libs` -lpthread
+
+# HP-UX 10.20
+# HP-UX 10.20 is not supported. You need snprintf.c and
+# some hacks to use IP_HDRINCL and the kernel patches
+# to access the link_layer interface.
+#############
+#LOPT=-Xlinker -E
+#DEFS=`libnet-config --defines` -DHAVE_DLSYM -DHP10 #-DDEBUG
+#LIBS=-lpcap -ldld -lm `libnet-config --libs` -lpthread
+
+# OpenBSD
+#########
+#LOPT=
+#DEFS=`libnet-config --defines` -DHAVE_DLSYM #-DDEBUG
+#LIBS=-lpcap -lm `libnet-config --libs` -lpthread
+
+all:    $(SUPOBJ) $(OBJS2) $(OBJS)
+        $(CC) $(SUPOBJ) $(OBJS) $(OBJS2) $(LOPT) $(LIBS) $(COPT) -o $(TARGET)
+
+cf_prse.o:
+        $(LEX) $(LEXOPT) -ocf_prse.c cf_prse.l
+        $(CC) $(COPT) -c cf_prse.c
+
+dcd_icmp.o:     dcd_icmp.c
+        $(CC) $(COPT) -c dcd_icmp.c
+
+garage.o:       garage.c
+        $(CC) $(COPT) -c garage.c
+
+module.o:       module.c
+        $(CC) $(COPT) $(DEFS) -c module.c
+
+system.o:       system.c
+        $(CC) $(COPT) -c system.c 
+
+tty.o:          tty.c
+        $(CC) $(COPT) -c tty.c
+
+signal.o:       signal.c
+        $(CC) $(COPT) -c signal.c
+
+../support/hpuxdl.o:    ../support/hpuxdl.c
+        $(MAKE) -C ../support
+
+../support/snprintf.o:  ../support/snprintf.c
+        $(MAKE) -C ../support
+
+.c.o:
+        $(CC) $(COPT) $(DEFS) -c $<
+
+clean:
+        rm -f $(OBJS) $(OBJS2) $(TARGET) cf_prse.c core *~
+
+indent:
+        $(INDENT) $(INDENT_OPT) *.c *.h
diff --git a/other/b-scan/tmp/src/arpg.c b/other/b-scan/tmp/src/arpg.c
new file mode 100644
index 0000000..0c8a620
--- /dev/null
+++ b/other/b-scan/tmp/src/arpg.c
@@ -0,0 +1,78 @@
+/*
+ * bscan arp routine
+ */
+#include <bscan/arpg.h>
+#include <bscan/snarf.h>
+#include <libnet.h>
+
+
+
+void
+prepare_libnet (struct _libnet *lnet)
+{
+
+    if (lnet->device == NULL)
+    {
+        struct sockaddr_in sin;
+        if (libnet_select_device (&sin, &lnet->device, lnet->err_buf) == -1)
+            libnet_error (LIBNET_ERR_FATAL,
+                          "libnet_select_device failed: %s\n", lnet->err_buf);
+    }
+
+    if (
+        (lnet->network =
+         libnet_open_link_interface (lnet->device, lnet->err_buf)) == NULL)
+        libnet_error (LIBNET_ERR_FATAL,
+                      "libnet_open_link_interface '%s': %s\n", lnet->device,
+                      lnet->err_buf);
+
+
+    lnet->packet_size = 60;     /* min ethernet frame length -4 CRC */
+    if (libnet_init_packet (lnet->packet_size, &lnet->packet) == -1)
+        libnet_error (LIBNET_ERR_FATAL, "libnet_init_packet failed\n");
+
+}
+
+/*
+ * play arp-god: sends out arp-reply
+ * return: same as libnet_write_link_layer
+ * -1 on failure or bytes written 
+ */
+int
+play_arpg (struct _libnet *lnet, u_char spf_sip[4], u_char spf_smac[6],
+           u_char spf_dip[4], u_char spf_dmac[6])
+{
+    int c;
+
+#ifdef DEBUG
+    printf ("sending out arp\n");
+#endif
+    libnet_build_ethernet (spf_dmac,
+                           spf_smac, ETHERTYPE_ARP, NULL, 0, lnet->packet);
+
+    libnet_build_arp (ARPHRD_ETHER, ETHERTYPE_IP,       /* arp for which protocol ? */
+                      6,        /* hardware addr. length */
+                      4,        /* protocol addr. length */
+                      ARPOP_REPLY, spf_smac, spf_sip, spf_dmac, spf_dip, NULL,  /* packet payload */
+                      0,        /* length of payload */
+                      lnet->packet + LIBNET_ETH_H);
+
+    c =
+        libnet_write_link_layer (lnet->network, lnet->device, lnet->packet,
+                                 lnet->packet_size);
+    if (c < lnet->packet_size)
+    {
+        libnet_error (LN_ERR_WARNING,
+                      "libnet_write_link_layer only wrote %d bytes\n", c);
+    }
+#ifdef DEBUG
+    else
+    {
+        printf ("construction and injection completed, wrote all %d bytes\n",
+                c);
+    }
+#endif
+
+    return (c);
+}
+
diff --git a/other/b-scan/tmp/src/bscan.c b/other/b-scan/tmp/src/bscan.c
new file mode 100644
index 0000000..ed49d1b
--- /dev/null
+++ b/other/b-scan/tmp/src/bscan.c
@@ -0,0 +1,851 @@
+/*
+ * This is unpublished proprietary source code.
+ *
+ * The contents of these coded instructions, statements and computer
+ * programs may not be disclosed to third parties, copied or duplicated in
+ * any form, in whole or in part, without the prior written permission of
+ * the author.
+ * (that includes you hack.co.za and other lame kid sites who dont
+ *  get the point what hacking is about. damn kids.)
+ *
+ * (C) COPYRIGHT by me, 2000
+ * All Rights Reserved
+ */
+
+
+#include <stdlib.h>
+#include <math.h>
+#include <bscan/bscan.h>
+#include <bscan/snarf.h>
+#include <bscan/tty.h>
+#include <bscan/system.h>
+#include <bscan/restore.h>
+#include <bscan/module.h>
+#include <bscan/version.h>
+#include <bscan/cf_prse.h>
+#include <sys/types.h>
+#include <signal.h>
+#include <math.h>
+#include <libnet.h>
+
+#ifdef HAVE_DLSYM
+extern const int modcount;
+extern const struct _mods mods[MAX_MODULES];
+#endif
+
+unsigned char packet[1024];
+struct _opt *opt;
+
+#define OPTS    "XOVhavr:C:L:M:m:l:d:p:i:s:f:o:"
+
+static unsigned long int        gennextip (void);
+static unsigned long int        gennext_spreadip (void);
+static unsigned long int        gennext_random (void);
+
+/*
+ * make static mac entry in arp-table.
+ * We use system() here [setting mac entry is heavily system dependent]
+ */
+int
+setarp (uint32_t ip, u_char * mac)
+{
+    char buf[128];
+    u_char *p = (u_char *) mac;
+
+    snprintf (buf, sizeof (buf) - 1,
+              "arp -s %s %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x", int_ntoa (ip),
+              p[0], p[1], p[2], p[3], p[4], p[5]);
+    /* put all your IFL fun in here ! this is the major security hole
+       you were looking for.... */
+
+    return (system (buf));
+}
+
+
+/*
+ * delete the mac entry from the arp-table.
+ * we use system() again
+ */
+int
+unsetarp (uint32_t ip)
+{
+    char buf[128];
+
+    snprintf (buf, sizeof (buf) - 1, "arp -d %s", int_ntoa (ip));
+    /* put all your IFL fun in here ! this is the major security hole
+       you were looking for.... */
+
+    return (system (buf));
+}
+
+
+static void
+usage (int code, char *fmt, ...)
+{
+    char buf[1024];
+    va_list ap;
+    u_char *p = (u_char *) opt->spf_smac;
+    int c;
+
+    printf (VERSION "\n");
+    printf (" b-scan -s <spoofed source ip> [options] <host/network> ...\n");
+    printf ("   format of <host/network>:\n");
+    printf ("      <host>, 10.23.0.1 or\n");
+    printf ("      <start ip>-<end ip>, 10.23.0.1-10.23.255.254 or\n");
+    printf ("      <start network/mask>, 10.23.0.1/16\n\n");
+    printf ("Options:\n");
+    printf (" -r <restore.bscan>\n");
+#ifdef HAVE_DLSYM
+    printf (" -L <module.so, shared library file>\n");
+#endif
+    printf (" -f <hostlist, one ip/line>\n");
+    printf (" -s <spoofed ip address on your LOCAL (!) network>\n");
+    printf (" -m <mac>, make a static arp-entry and spoof from this mac.\n");
+    printf
+        (" -M <mac>, dont make the static arpentry but spoof from this mac.\n");
+    printf ("    Add the mac to your arp-table manually (arp -s ip mac),\n");
+    printf ("    If no mac is given default mac is used:\n");
+    printf ("    MAC : %x:%x:%x:%x:%x:%x\n", p[0], p[1], p[2], p[3], p[4],
+            p[5]);
+    printf (" -i <ethernet interface>, default eth0\n");
+    printf
+        (" -X spreadmode [non-sequential, experimental but recommended]\n");
+    printf (" -O output ip's, dont scan\n");
+    printf
+        (" -l <pps> limit packets per second, default 1000, 0 = unlimited\n");
+    printf
+        (" -d <delay> w8 delay seconds for outstanding packets, default 10\n");
+    printf (" -C <configuration file>\n");
+    printf (" -v verbose output\n\n");
+    printf ("Example:\n");
+    printf ("# bscan -s 10.1.6.6 -i eth2 -L \"modules/mod_banner.so\" -X 2.4.1.0-2.4.9.9\n");
+
+#ifdef HAVE_DLSYM
+    for (c = 0; c < modcount; c++)
+        mods[c].musage ();
+#endif
+
+    if (fmt != NULL)
+    {
+        va_start (ap, fmt);
+        vsnprintf (buf, sizeof (buf) - 1, fmt, ap);
+        va_end (ap);
+        fprintf (stderr, "ERROR: %s\n", buf);
+    }
+
+    exit (code);
+}
+
+/*
+ * read's next ip from file. 
+ * returns ip in NBO
+ * returns -1 (eg. 255.255.255.255) on failure
+ */
+unsigned long int
+readnextip (void)
+{
+    char buf[64];
+
+    if (opt->ffd == NULL)
+    {
+        if ((opt->ffd = fopen (opt->hostfile, "r")) == NULL)
+        {
+            perror ("unable to open hostfile");
+            return (-1);
+        }
+        opt->target = opt->hostfile;
+    }
+    fgets (buf, sizeof (buf), opt->ffd);
+
+    return (inet_addr (buf));
+}
+
+/*
+ * get next ip in NBO from network/mask
+ * [could be random order]
+ * returns -1 [255.255.255.255] if no more ip's
+ * hint: rfc: "the first and last ip in a subnetwork are reserved"
+ */
+static unsigned long int
+gennextip (void)
+{
+
+    if (opt->ip_pos <= opt->end_ip)
+        return (htonl (opt->ip_pos++));
+
+    return (-1);
+
+}
+
+/*
+ * generate next ip in spread-mode
+ * must: ip.end_ip - ip.start_ip > 2 
+ */
+static unsigned long int
+gennext_spreadip (void)
+{
+    u_long pos = opt->ip_pos;
+
+
+    if ((opt->ip_offset + 1 >= opt->ip_blklen) && (opt->ip_pos > opt->end_ip))
+        return (-1);
+
+    if ((opt->ip_pos + opt->ip_blklen > opt->end_ip)
+        && (opt->ip_offset + 1 < opt->ip_blklen))
+        opt->ip_pos = opt->start_ip + (++opt->ip_offset);
+    else
+        opt->ip_pos += opt->ip_blklen;
+
+    return (htonl (pos));
+
+}
+
+
+static unsigned long int
+gennext_random (void)
+{
+    unsigned long int   ip;
+
+    if (opt->random_maxcount != 0) {
+        if (--opt->random_maxcount == 0)
+            return (-1);
+    }
+
+pitch:
+    ip = (random () & 0xffff) << 16;
+    ip |= random () & 0xffff;
+
+    if (((ip & 0xe0000000) >= 0xe0000000) ||    /* 224.0.0.0/3 */
+        ((ip & 0xff000000) == 0x7f000000) ||    /* 127.0.0.0/8 */
+        ((ip & 0xff000000) == 0x0a000000) ||    /* 10.0.0.0/8 */
+        ((ip & 0xffff0000) == 0xc0a80000) ||    /* 192.168.0.0/16 */
+        ((ip & 0xffff0000) == 0xac100000) ||    /* 172.16.0.0/16 */
+        (ip == 0x00000000))                     /* 0.0.0.0/32 */
+        goto pitch;
+
+    return (htonl (ip));
+}
+
+
+/*
+ * process all the options and load/init modules
+ */
+void
+do_opt (int argc, char *argv[])
+{
+    extern char *optarg;
+    extern int optind; /*, opterr, optopt;*/
+    unsigned short int sp[ETH_ALEN];
+    int c;
+    char do_usage = 0;
+
+
+    while ((c = getopt (argc, argv, OPTS)) != -1)
+    {
+        switch (c)
+        {
+        case 'C':               /* process conf file */
+            if (readConfFile (optarg))
+              {
+                opt->flags |= FileOpt.flags;
+                opt->limit = FileOpt.limit;
+                opt->delay = FileOpt.delay;
+                opt->nt.src = FileOpt.srcAddr;
+                opt->lnet.device = FileOpt.device;
+                for (c = 0; c < 6; c++)
+                  opt->spf_smac[c] = FileOpt.mac[c];
+              }
+            else
+              fprintf (stderr, "%s is not a valid vonfig file\n", optarg);
+            break;
+        case 'L':
+            break;              /* process module stuff AFTER main-opts */
+        case 'h':
+            do_usage = 1;
+            break;
+        case 'r':
+            if (read_restore (optarg) != 0)
+            {
+                fprintf (stderr, "unable to read restore file '%s'\n",
+                         optarg);
+                exit (-1);
+            }
+            opt->flags |= OPT_REST;
+            break;
+        case 'l':
+            opt->limit = atoi (optarg);
+            break;
+        case 'v':
+            opt->flags |= OPT_VERB;
+            break;
+        case 'X':
+            opt->flags |= OPT_SPREADSCAN;
+            break;
+        case 'O':
+            opt->flags |= OPT_OUTONLY;  /* dont scan, output ip's only */
+            break;
+        case 'm':
+            opt->flags |= OPT_SETARP;
+            sscanf (optarg, "%hx:%hx:%hx:%hx:%hx:%hx", &sp[0], &sp[1], &sp[2],
+                    &sp[3], &sp[4], &sp[5]);
+            for (c = 0; c < 6; c++)
+                opt->spf_smac[c] = (u_char) sp[c];
+            break;
+        case 'M':
+            opt->flags &= ~OPT_SETARP;
+            sscanf (optarg, "%hx:%hx:%hx:%hx:%hx:%hx", &sp[0], &sp[1], &sp[2],
+                    &sp[3], &sp[4], &sp[5]);
+            for (c = 0; c < 6; c++)
+                opt->spf_smac[c] = (u_char) sp[c];
+            break;
+        case 'd':
+            opt->delay = atoi (optarg);
+            break;
+        case 'i':
+            opt->lnet.device = optarg;
+            break;
+        case 's':
+            opt->nt.src = inet_addr (optarg);
+            break;
+        case 'f':
+            opt->hostfile = optarg;
+            opt->flags |= OPT_HOSTFILE;
+            break;
+        case 'V':
+            printf (VERSION "\n");
+            exit (0);
+        case ':':
+            usage (0, "parameter missing", c);
+            break;
+        default:
+            break;
+            usage (0, "unknown option -%c", c);
+        }
+    }
+
+    /*
+     * init modules AFTER processing main-opts
+     */
+#ifdef HAVE_DLSYM
+    optind = 1;
+    while ((c = getopt (argc, argv, OPTS)) != -1)
+    {
+        switch (c)
+        {
+        case 'L':
+            loadinit_mod(optarg);
+            break;
+        }                       /* eo switch(c) */
+    }                           /* eo while */
+#endif
+    if (do_usage != 0)
+        usage (0, NULL);
+
+    if ((optind < argc) && (!(opt->flags & OPT_REST)))
+        opt->argvlist = &argv[optind];
+    if (opt->flags & OPT_OUTONLY)
+        opt->delay = 0;
+    if (opt->nt.src == -1)
+        usage (0, "you must specify a -s source address");
+    if ((opt->argvlist == NULL) && (opt->hostfile == NULL))
+        usage (0, "you must specify a -f hostfile or an ip-range");
+
+}
+
+/*
+ * called via SIGCHLD and w8 for the pid [to destroy last kernel structure]
+ * OBSOLETE, ###fixme
+ */
+void
+waitchld (int sig)
+{
+    int status;
+    wait (&status);             /* exit status of the child */
+}
+
+void
+sig_handle_abort (int sig)
+{
+
+    if (pthread_self() != opt->bscantid)
+        return;
+
+    fprintf (stderr, "Session aborted ...one more to kill process\n");
+    signal (sig, die);
+    opt->flags |= OPT_ABRT;
+}
+
+/*
+ * generic signal driver :>
+ */
+void
+sigdriver (int sig)
+{
+
+    if (pthread_self() != opt->bscantid)
+        return;
+
+    if (sig == SIGUSR1)
+        print_scanstat (stderr);
+    if ((sig == SIGINT) || (sig == SIGQUIT))    /* ctrl-c */
+        sig_handle_abort (sig);
+}
+
+/*
+ * This function MUST be called on exit (..or use atexit():)
+ * we have threads. Doesnt matter which thread calls this
+ * function...do everything and exit() the process 
+ * (kills all threads...not very gentle...but...).
+ */
+void
+die (int sig)
+{
+    int c = 0;
+
+    print_scanstat (stderr);    /* print before cleanup routines...*/
+
+    if (opt->flags & OPT_ABRT)
+        if (write_restore () != 0)
+            perror ("restorefile failed");
+        if ((opt->flags & OPT_SETARP) && (unsetarp (opt->nt.src) != 0))
+            fprintf (stderr, "unable to unset arpentry. do it manually\n");
+#ifdef HAVE_DLSYM
+        while (c < modcount)
+            mods[c++].fini ();
+#endif
+
+#ifdef DEBUG
+    printf ("calling exit.\n");
+#endif
+
+    fflush (stdout);
+
+    exit (0);
+}
+
+/*
+ * reset all vars used during the scan (counters, ...)
+ * should be called before the call to make_iprange()
+ * If not...make_iprange thinks we use restore-file
+ */
+void
+reset_vars ()
+{
+    opt->target = NULL;
+    opt->ipscan_count = 0;
+    opt->bsent_count = 0;
+    opt->ip_offset = 0;
+    opt->ip_blklen = 0;
+    opt->ip_pos = 0;
+    opt->start_ip = 0;
+    opt->end_ip = 0;
+    opt->snarf.close_c = 0;
+    opt->snarf.open_c = 0;
+    opt->snarf.refused_c = 0;
+    opt->snarf.icmp_c = 0;
+}
+
+
+void
+init_vars (char **nullptr)
+{
+    srandom ((unsigned int) time (NULL));
+
+    if ((opt = calloc (1, sizeof (*opt))) == NULL)
+    {
+        perror ("calloc");
+        exit (-1);
+    }
+    memset (opt, 0, sizeof (struct _opt));
+
+    opt->bscantid = 0;
+    opt->snarftid = 0;
+    opt->packet = packet;
+    opt->pkg_maxlen = sizeof (packet);
+    opt->pkg_len = 0;
+    opt->scan_start.tv_sec = 0;
+    opt->iptotscan_count = 0;
+    opt->scan_start.tv_usec = 0;
+    opt->hostfile = NULL;
+    opt->limit = 1000;
+    opt->flags = OPT_SETARP;
+    opt->ffd = NULL;
+    opt->argvlist = nullptr;
+    opt->lnet.device = NULL;    /* done by libnet and libpcap */
+    memcpy (opt->spf_smac, SPF_SMAC, 6);
+    opt->nt.src = -1;
+    opt->nt.dst = -1;
+    opt->delay = 10;
+    opt->lnet.device = NULL;
+    reset_vars ();
+
+    signal (SIGINT, sigdriver);
+    signal (SIGQUIT, sigdriver);
+    signal (SIGTERM, die);      /* also called by client */
+    signal (SIGCHLD, SIG_IGN);
+    signal (SIGUSR1, sigdriver);
+}
+
+void
+print_opt ()
+{
+    u_char *p = (u_char *) opt->spf_smac;
+
+    fprintf (stderr, "Pid           : %d\n", getpid());
+    fprintf (stderr, "Interface     : %s\n", opt->lnet.device);
+    fprintf (stderr, "Source IP     : %s\n", int_ntoa (opt->nt.src));
+    fprintf (stderr, "Source MAC    : %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x\n",
+             p[0], p[1], p[2], p[3], p[4], p[5]);
+    fprintf (stderr, "pps           : %u\n", opt->limit);
+}
+
+/*
+ * print scanstatistics on filedes
+ */
+void
+print_scanstat (FILE * fd)
+{
+    char perc = 100;
+    struct timeval tv2;
+    time_t timep;
+    struct tm mytm;
+
+    gettimeofday (&tv2, NULL);
+    time_diff (&opt->scan_start, &tv2);
+    if (tv2.tv_sec == 0)
+        tv2.tv_sec = 1;
+    timep = tv2.tv_sec;
+    gmtime_r (&timep, &mytm);
+
+    if ((opt->end_ip - opt->start_ip) != 0)
+        perc =
+            (((float)
+              opt->ipscan_count / (float) (opt->end_ip -
+                                           opt->start_ip)) * 100);
+
+    fprintf (fd,
+             "%2.2d:%2.2d:%2.2d:%2.2d %s %3d%% p/s: %6d [o:%lu r:%lu c:%lu i:%lu]\n",
+             mytm.tm_yday, mytm.tm_hour, mytm.tm_min, mytm.tm_sec, 
+             opt->target, perc, (int) (opt->iptotscan_count / tv2.tv_sec),
+             opt->snarf.open_c, opt->snarf.refused_c, opt->snarf.close_c,
+             opt->snarf.icmp_c);
+
+}
+
+
+/*
+ * calculate beginning and end of ip-range
+ * set start_ip and end_ip and target
+ */
+void
+make_iprange (u_long * network, u_long * netmask, u_long * start_ip,
+              u_long * end_ip, char *str)
+{
+    char buf[64];
+    char *ptr;
+
+    opt->target = str;
+    strncpy (buf, str, sizeof (buf));
+    buf[sizeof (buf) - 1] = '\0';
+    opt->getnextip = NULL;
+    *start_ip = 0;
+
+    if (strncmp (buf, "random", 6) == 0) {
+        opt->getnextip = (void *) gennext_random;
+        if (strchr (buf, ':') != NULL) {
+            sscanf (strchr (buf, ':') + 1, "%lu", &opt->random_maxcount);
+        } else {
+            opt->random_maxcount = 0;
+        }
+        return;
+    }
+
+    /* a.b.c.d/e */
+    if (strchr (buf, '/') != NULL)
+    {
+        *netmask = 0xffffffff;  /* for the lamers who forget the /<netmask> */
+
+        if ((ptr = (char *) strrchr (buf, '/')) != NULL)
+            *netmask = 0xffffffff << (32 - atoi (ptr + 1));
+
+        if ((ptr = (char *) strchr (buf, '/')) != NULL)
+            *ptr = '\0';
+
+        *network = (ntohl (inet_addr (buf)) & *netmask);
+        *start_ip = (*network & *netmask) + 1;
+        *end_ip = (*network | ~*netmask) - 1;
+        if (*netmask >= 0xfffffffe)
+            (*start_ip)--;
+        if (*netmask == 0xffffffff)
+            (*end_ip)++;
+    }
+
+    /* a.b.c.d - w.x.y.z */
+    if ((*start_ip == 0) && ((ptr = (char *) strrchr (buf, '-')) != NULL))
+    {
+        *end_ip = ntohl (inet_addr (ptr + 1));
+        *ptr = '\0';
+        *start_ip = ntohl (inet_addr (buf));
+    }
+
+    /* a.b.c.d */
+    if (*start_ip == 0)
+    {
+        *end_ip = ntohl (inet_addr (buf));
+        *start_ip = ntohl (inet_addr (buf));
+    }
+
+    if (opt->ip_pos == 0)       /* if != 0 we use restore-file */
+        opt->ip_pos = *start_ip;
+
+    /* initialize getnextip-funtion and spread scan variables */
+    if ((opt->flags & OPT_SPREADSCAN) && (opt->end_ip - opt->start_ip > 2))
+    {
+        init_spreadscan (opt->end_ip - opt->start_ip);
+        opt->getnextip = (void *) gennext_spreadip;
+    }
+    else
+    {
+        opt->getnextip = (void *) gennextip;
+    }
+
+}
+
+/*
+ * initialize offset for spread-scan
+ * call make_iprange before
+ *
+ * most networks are /24. dont let ip_blklen get to big
+ */
+void
+init_spreadscan (u_long diff)
+{
+    opt->ip_blklen = (u_long) sqrt (diff);
+
+    if (opt->ip_blklen > 100)   /* range is 100^2 large */
+        opt->ip_blklen = 257 + opt->ip_blklen * 0.2;    /* use a prime# here */
+
+}
+
+
+/*
+ * output the ip's only. dont scan.
+ */
+void
+do_outonly ()
+{
+    uint32_t ip;
+
+    while ((ip = (*opt->getnextip) ()) != -1)
+    {
+        opt->ipscan_count++;
+        printf ("%s\n", int_ntoa (ip));
+    }
+
+}
+
+
+/*
+ * process a scanrange from argv
+ * Return -1 if abort
+ */
+int
+process_iprange ()
+{
+    int         c = 0;
+    int         ret;
+#ifdef HAVE_DLSYM
+    int         mc = 0;
+#endif
+
+    while ((opt->nt.dst = (*opt->getnextip) ()) != -1)
+    {
+        memset (opt->packet, 0, opt->pkg_maxlen);
+
+        opt->pkg_len = 0;
+
+        if (opt->flags & OPT_VERB)
+            fprintf (stderr, "scanning %s:%d\n",
+                     int_ntoa (opt->nt.dst), ntohs (opt->nt.dport));
+
+#ifdef HAVE_DLSYM
+        for (mc = 0; mc < modcount; mc++)
+        {
+            ret = mods[mc].callmdl (MOD_FIRSTPKG, opt);
+            if (ret == RMOD_SKIP)
+                continue;
+            if (ret == RMOD_ABRT)
+            {
+                fprintf(stderr, "oops: callmdl returned RMOD_ABRT\n");
+                return(-1);
+            }
+#endif
+
+            opt->bsent_count +=
+                send_ipv4 (opt->sox, opt->packet + ETH_SIZE, opt->pkg_len);
+            opt->iptotscan_count++;
+            opt->ipscan_count++;   /* linear ipscan-offset */
+
+            if (opt->ipscan_count % opt->limit == 0)    /* every second */
+            {
+                if ((c = tty_getchar ()) != -1)
+                    print_scanstat (stderr);
+                if (opt->flags & OPT_ABRT)
+                    return (-1);        /* sig_abort_handler called */
+            }
+
+            /* do floodprotection */
+            while (opt->limit > 0)
+            {
+                /*
+                 * forgett about the initial value of tv.tv_usec...
+                 * This is called 'optimizing algorithms'. The usec does
+                 * not count if you scan >>10seconds...
+                 */
+                gettimeofday (&opt->tv2, NULL);
+                opt->sec = (opt->tv2.tv_sec - opt->scan_start.tv_sec)
+                    - (opt->scan_start.tv_usec - opt->tv2.tv_usec) / 1000000.0;
+                if ((opt->iptotscan_count / opt->sec) >= opt->limit)
+                    usleep (10);        /* should give up timeslice */
+                else
+                    break;
+            }
+#ifdef HAVE_DLSYM
+        }                       /* modcount-loop */
+#endif
+    }
+    return (0);
+}
+
+void *
+p_doit(void *arg)
+{
+  printf("first thread here\n");
+  sleep(100);
+  return NULL;
+}
+
+
+int
+main (int argc, char *argv[])
+{
+    struct sockaddr_in  saddr;
+    struct timeval      tv;
+    int                 size;
+    int                 pstatus;        /* pthread error status */      
+#ifdef IP_HDRINCL
+    const int           on = 1;
+#endif
+
+    init_vars (&argv[argc]);            /* before do_opt */
+
+    do_opt (argc, argv);
+    tty_init ();
+
+    if (opt->flags & OPT_SETARP)
+        if (setarp (opt->nt.src, opt->spf_smac) != 0)
+        {
+            fprintf (stderr, "unable to set arpentry. do it manually\n");
+            exit (1);
+        }
+
+    init_network_raw ();        
+    prepare_libnet (&opt->lnet); /* used by arpg.c and maybe by bscan.c */
+
+    memset (&saddr, 0, sizeof (saddr));
+
+    if ((opt->sox = socket (AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0)
+    {
+        fprintf (stderr, "error creating socket\n");
+        exit (1);
+    }
+#ifdef IP_HDRINCL
+    if (setsockopt (opt->sox, IPPROTO_IP, IP_HDRINCL, &on, sizeof (on)) < 0)
+    {
+        fprintf (stderr, "error setsockopt\n");
+        exit (1);
+    }
+#endif
+
+    size = 160 * 1024;          /* OK if setsockopt fails */
+    setsockopt (opt->sox, SOL_SOCKET, SO_SNDBUF, &size, sizeof (size));
+
+    opt->flags |= OPT_W8SEMA;
+    opt->bscantid = pthread_self();
+    pstatus = pthread_create(&opt->snarftid, NULL, &do_snarf, opt->lnet.device);
+    if (pstatus != 0)
+        err_abort(pstatus, "pthread_create");
+
+    while (opt->flags & OPT_W8SEMA)
+        usleep(50);
+
+    print_opt ();
+
+    if (opt->scan_start.tv_sec == 0)
+        gettimeofday (&opt->scan_start, NULL);
+
+    while ((*opt->argvlist != NULL) || (opt->flags & OPT_HOSTFILE))
+    {
+        if (!(opt->flags & OPT_REST))
+            reset_vars ();      /* reset all counting variables */
+
+        if (!(opt->flags & OPT_HOSTFILE))
+        {
+            make_iprange (&opt->network, &opt->netmask, &opt->start_ip,
+                          &opt->end_ip, *opt->argvlist++);
+        }
+        else
+        {
+            opt->getnextip = (void *) readnextip;
+            if (opt->flags & OPT_REST)
+            {
+                int c = 0;
+
+                fprintf (stderr, "restore: skipping %lu in '%s'\n",
+                         opt->ipscan_count, opt->hostfile);
+                while (c++ < opt->ipscan_count)
+                        if ((*opt->getnextip) () == -1)
+                                break;
+            }
+        }
+
+        opt->flags &= ~OPT_REST;        /* 2nd.. init not by restorefile */
+
+        if ((opt->getnextip == NULL) || (opt->nt.src == 0)
+            || (opt->nt.src == -1))
+            usage (0, "no ip/range given or nonparseable range, skip");
+        if (opt->flags & OPT_OUTONLY)
+        {
+            do_outonly ();
+            continue;
+        }
+
+        if (process_iprange () == -1)
+        {
+            print_scanstat (stderr);
+            break;              /* abort scan ! */
+        }
+
+        if (opt->flags & OPT_HOSTFILE)
+            break;              /* process only ONE hostfile */
+
+        if (*opt->argvlist != NULL)
+            print_scanstat (stderr);
+    }
+
+    gettimeofday (&tv, NULL);
+    time_diff (&opt->scan_start, &tv);
+    opt->sec = tv.tv_sec + tv.tv_usec / 1000000.0;
+    fprintf (stderr, "scanned %lu ip's in %.3f seconds\n", opt->iptotscan_count,
+             opt->sec);
+    if (opt->delay > 0)
+    {
+        fprintf (stderr, "waiting %d sec for outstanding packets...\n",
+                 opt->delay);
+        signal (SIGINT, die);   /* if waiting exit immediatly on INTR */
+        sleep (opt->delay);
+    }
+
+    die (0);
+    return (0);
+}
diff --git a/other/b-scan/tmp/src/cf_prse.l b/other/b-scan/tmp/src/cf_prse.l
new file mode 100644
index 0000000..592bf7a
--- /dev/null
+++ b/other/b-scan/tmp/src/cf_prse.l
@@ -0,0 +1,172 @@
+VOID_LINE       "b-scan:"
+LOCAL_IP        "SourceAddress"
+STATIC_MAC      "StaticSpoofedMacAddress"
+SPOOF_MAC       "MacAddress"
+INTERFACE       "Interface"
+SPREADMODE      "SpreadScan"
+PACKETS_PS      "PacketsPerSecond"
+PATIENCY        "MaxWaitDelay"
+VERBOSE         "Verbose"
+LOAD_MOD        "addModule"
+
+%{
+/*
+ * options with a "bool" are allowed to take "yes", "1" and "true"
+ * and the negated counterparts (case insensitive) as argument.
+ * all others take their argument as supplyed on the command line.
+ *
+ *
+ * VOID_LINE        lines beginning with this string will be passed directly to stderr
+ * LOCAL_IP         -s option 
+ * STATIC_MAC       -m        bool
+ * SPOOF_MAC        -M
+ * INTERFACE        -i
+ * SPREADMODE       -X        bool
+ * PACKETS_PS       -l
+ * PATIENCY         -d
+ * VERBOSE          -v        bool
+ * MODULE           -L
+ */
+%}
+
+
+%{
+#include <bscan/cf_prse.h>
+#include <bscan/module.h>
+#include <string.h>
+#include <stdlib.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+
+/* defines from bscan.h. why not include? because it sucks! using libnet-config for pff! */
+#define OPT_VERB        0x1
+#define OPT_SETARP      0x4
+#define OPT_SPREADSCAN  0x8
+
+
+char *
+getArg (char *s)
+{
+  int x = strlen (s);
+
+  while (s[x] != ' ' && s[x] != '\t')
+    --x;
+  return (s + x + 1);
+}
+
+
+int
+evaluateBoolArg (char *s)
+{
+  s = getArg (s);
+
+  if (!strcasecmp (s, "yes") || !strcasecmp (s, "true") || !strcasecmp (s, "1"))
+    return (1);
+  else if (!strcasecmp (s, "no") || !strcasecmp (s, "false") || !strcasecmp (s, "0"))
+    return (0);
+  else
+    return (-1);
+}
+
+
+void
+set_s_opt (char *s)
+{
+  s = getArg (s);
+  FileOpt.srcAddr = inet_addr (s);
+}
+
+
+void
+set_m_opt (char *s)
+{
+  s = getArg (s);
+  if (evaluateBoolArg (s))
+    FileOpt.flags |= OPT_SETARP;
+}
+
+
+void set_M_opt (char *s)
+{
+  s = getArg (s);
+  sscanf (s, "%hx:%hx:%hx:%hx:%hx:%hx", &FileOpt.mac[0], &FileOpt.mac[1],
+        &FileOpt.mac[2], &FileOpt.mac[3], &FileOpt.mac[4], &FileOpt.mac[5]);
+}
+
+
+void set_i_opt (char *s)
+{
+  s = getArg (s);
+  FileOpt.device = (char *) malloc (strlen (s) + 1);
+  memset (FileOpt.device, 0, strlen (s) + 1);
+  memcpy (FileOpt.device, s, strlen (s));
+}
+
+void set_X_opt (char *s)
+{
+  s = getArg (s);
+  if (evaluateBoolArg (s))
+    FileOpt.flags |= OPT_SPREADSCAN;
+}
+
+
+void set_l_opt (char *s)
+{
+  s = getArg (s);
+  FileOpt.limit = atoi (s);
+}
+
+
+void set_d_opt (char *s)
+{
+  s = getArg (s);
+  FileOpt.delay = atoi (s);
+}
+
+
+void set_v_opt (char *s)
+{
+  s = getArg (s);
+  if (evaluateBoolArg (s))
+    FileOpt.flags |= OPT_VERB;
+}
+
+void set_L_opt (char *s)
+{
+  s = s + strlen ("addModule") + 1;
+  while (*s == ' ' || *s == '\t')
+    s++;
+  loadinit_mod (s);
+}
+
+%}
+%%
+
+^{VOID_LINE}[\t !-?a-zA-Z0-9]*  fprintf (stderr, "%s\n", yytext);
+^{LOCAL_IP}[\t .0-9]*           set_s_opt (yytext);
+^{STATIC_MAC}[\t a-zA-Z0-9]*    set_m_opt (yytext);
+^{SPOOF_MAC}[\t :a-fA-F0-9]*    set_M_opt (yytext);
+^{INTERFACE}[\t a-zA-Z0-9]*     set_i_opt (yytext);
+^{SPREADMODE}[\t a-zA-Z0-9]*    set_X_opt (yytext);
+^{PACKETS_PS}[\t a-zA-Z0-9]*    set_l_opt (yytext);
+^{PATIENCY}[\t a-zA-Z0-9]*      set_d_opt (yytext);
+^{VERBOSE}[\t a-zA-Z0-9]*       set_v_opt (yytext);
+^{LOAD_MOD}[\t !-?\-_.:,;a-zA-Z0-9]*    set_L_opt (yytext);
+
+[\n\t a-zA-Z0-9]
+.
+
+%%
+
+int yywrap () { return (1);}
+
+int
+readConfFile (char *s)
+{
+  if ((yyin = fopen (s, "r")) == NULL)
+    return 0;
+  yylex ();
+  return 1;
+}
diff --git a/other/b-scan/tmp/src/dcd_icmp.c b/other/b-scan/tmp/src/dcd_icmp.c
new file mode 100644
index 0000000..c627a56
--- /dev/null
+++ b/other/b-scan/tmp/src/dcd_icmp.c
@@ -0,0 +1,166 @@
+/* bscan - icmp decoder
+ *
+ * based on information from
+ *   RFC792 - INTERNET CONTROL MESSAGE PROTOCOL
+ *   RFC950 - Internet Standard Subnetting Procedure
+ *   ??? "ICMP Usage in Scanning" (ICMP_Scanning_v2.5.pdf)
+ */
+
+#include <stdio.h>
+#include <bscan/dcd_icmp.h>
+
+static char *   icmp_echo_reply[] = {
+        "ICMP ECHOREPLY",
+        NULL
+};
+
+static char *   icmp_unreach[] = {
+        "ICMP UNREACH network unreachable",
+        "ICMP UNREACH host unreachable",
+        "ICMP UNREACH protocol unreachable",
+        "ICMP UNREACH port unreachable",
+        "ICMP UNREACH fragmentation needed but don't-fragment bit set",
+        "ICMP UNREACH source route failed",
+        "ICMP UNREACH destination network unknown",
+        "ICMP UNREACH destination host unknown",
+        "ICMP UNREACH source host isolated",
+        "ICMP UNREACH destination network administratively prohibited",
+        "ICMP UNREACH destination host administratively prohibited",
+        "ICMP UNREACH network unreachable for TOS",
+        "ICMP UNREACH host unreachable for TOS",
+        "ICMP UNREACH communication administratively prohibited by filtering",
+        "ICMP UNREACH host precedence violation",
+        "ICMP UNREACH precedence cutoff in effect",
+        NULL
+};
+
+static char *   icmp_quench[] = {
+        "ICMP QUENCH",
+        NULL
+};
+
+static char *   icmp_redirect[] = {
+        "ICMP REDIRECT Redirect datagrams for the Network",
+        "ICMP REDIRECT Redirect datagrams for the Host",
+        "ICMP REDIRECT Redirect datagrams for the Type of Service and Network",
+        "ICMP REDIRECT Redirect datagrams for the Type of Service and Host",
+        NULL
+};
+
+static char *   icmp_alternate[] = {
+        "ICMP ALTERNATEHOSTADDRESS",
+        NULL
+};
+
+static char *   icmp_echo[] = {
+        "ICMP ECHO",
+        NULL
+};
+
+static char *   icmp_routerad[] = {
+        "ICMP ROUTERADVERTISEMENT",
+        NULL
+};
+
+static char *   icmp_routersel[] = {
+        "ICMP ROUTERSELECTION",
+        NULL
+};
+
+static char *   icmp_timeexceed[] = {
+        "ICMP TIMEEXCEED time to live exceeded in transit",
+        "ICMP TIMEEXCEED fragment reassembly time exceeded",
+        NULL
+};
+
+static char *   icmp_parprob[] = {
+        "ICMP PARAMETER pointer indicates the error",
+        "ICMP PARAMETER missing a required option",
+        "ICMP PARAMETER bad length",
+        NULL
+};
+
+static char *   icmp_timestamp[] = {
+        "ICMP TIMESTAMP",
+        NULL
+};
+
+static char *   icmp_timestamp_reply[] = {
+        "ICMP TIMESTAMPREPLY",
+        NULL
+};
+
+static char *   icmp_information[] = {
+        "ICMP INFORMATION",
+        NULL
+};
+
+static char *   icmp_information_reply[] = {
+        "ICMP INFORMATIONREPLY",
+        NULL
+};
+
+static char *   icmp_addressmask[] = {
+        "ICMP ADDRESSMASK",
+        NULL
+};
+
+static char *   icmp_addressmask_reply[] = {
+        "ICMP ADDRESSMASKREPLY",
+        NULL
+};
+
+static char *   icmp_ERR[] = {
+        "ICMP invalid code",
+        NULL
+};
+
+struct icmp_typeelem {
+        int             count;
+        char **         tab;
+};
+
+struct icmp_typeelem    icmp_tab[] = {
+        {  1, icmp_echo_reply },        /*  0  Echo Reply */
+        {  0, icmp_ERR },               /*  1  UNUSED */
+        {  0, icmp_ERR },               /*  2  UNUSED */
+        { 16, icmp_unreach },           /*  3  Destination Unreachable */
+        {  1, icmp_quench },            /*  4  Source Quench */
+        {  4, icmp_redirect },          /*  5  Redirect */
+        {  1, icmp_alternate },         /*  6  Alternate Host Address */
+        {  0, icmp_ERR },               /*  7  UNUSED */
+        {  1, icmp_echo },              /*  8  Echo */
+        {  1, icmp_routerad },          /*  9  Router Advertisement */
+        {  1, icmp_routersel },         /* 10  Router Selection */
+        {  2, icmp_timeexceed },        /* 11  Time Exceeded */
+        {  3, icmp_parprob },           /* 12  Parameter Problem */
+        {  1, icmp_timestamp },         /* 13  Timestamp */
+        {  1, icmp_timestamp_reply },   /* 14  Timestamp Reply */
+        {  1, icmp_information },       /* 15  Information Request */
+        {  1, icmp_information_reply }, /* 16  Information Request */
+        {  1, icmp_addressmask },       /* 17  RFC950: Address Mask Request */
+        {  1, icmp_addressmask_reply }, /* 18  RFC950: Address Mask Reply */
+        {  0, NULL },   /* EOList */ 
+};
+
+int     icmp_type_max = (sizeof (icmp_tab) / sizeof (struct icmp_typeelem)) - 1;
+
+const char *
+icmp_str (int type, int code)
+{
+        struct icmp_typeelem *  it;
+
+        if (type < 0 || type >= icmp_type_max)
+                return ("ICMP invalid type");
+
+        it = &icmp_tab[type];
+        if (it->count == 0)
+                return (it->tab[0]);
+
+        if (code < 0 || code >= it->count)
+                return ("ICMP invalid code");
+
+        return (it->tab[code]);
+}
+
+
diff --git a/other/b-scan/tmp/src/garage.c b/other/b-scan/tmp/src/garage.c
new file mode 100644
index 0000000..4beba2d
--- /dev/null
+++ b/other/b-scan/tmp/src/garage.c
@@ -0,0 +1,508 @@
+/* bscan - garage.c - per IP storage functions
+ *
+ * by scut / teso
+ * by skyper / teso
+ *
+ * this module implements a per-IP storage method to allow other modules
+ * to store state information about hosts (ie for TCP fingerprinting or
+ * stateful protocols).
+ *
+ * 2000/12/31   version 1.0.1 - scut
+ *              - added CIDR helper functions
+ *              - added mg_cidr_getmask function to convert CIDR/netmask
+ *                notation
+ *              - added mg_cidr_maskcount to count max possible hosts in a mask
+ *              - added mg_cidr_count function to count hosts in garage that
+ *                match a mask
+ *              - added ip based counter to the garage structure, this costs
+ *                only few cycles when working with elements, but repays for
+ *                the mg_count and some of the mg_cidr_* functions
+ *              - changed mg_count to take advantage of the garage counter
+ *              - added mg_cidr_match function
+ *              - workaround for some size-dependant misoptimizations of gcc
+ *
+ * 2000/12/31   version 1.0.0 - scut
+ *              - support for storage, retrieval and max-keep counter
+ *                with automatic deallocation
+ */
+
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <bscan/garage.h>
+
+
+/* memory layout:
+ *
+ * each per-ip data is stored in a linked list element. the linked list
+ * can (theoretically) contain up to 2^16 elements, if the entire IP space
+ * is scanned at once.
+ *
+ * up to 2^16 of this linked lists can exist, hence 2^16*2^16 = 2^32 = whole
+ * IPv4 space. to access the correct linked list we calculate a hash value,
+ * to directly read from a one dimensional table of linked list root pointers.
+ *
+ * unsigned long int ip;
+ *
+ * h = ((ip >> 16) + ip) 0xffff)
+ *
+ * the linked list indexed by this two hash values is sorted in ascending
+ * order by the IP as unsigned long int.
+ */
+
+#define MG_H(ip) ((((ip) >> 16) + (ip)) & 0xffff)
+
+
+#ifdef DEBUG
+unsigned long long int  tackall = 0;
+unsigned long long int  tackc = 0;
+#endif
+
+#if 0
+/* unused code
+ */
+static unsigned long int
+mg_count_slot (ip_list *list);
+#endif
+
+
+/* XXX/FIXME/TODO: shouldn't be here
+ */
+void *
+xcalloc (unsigned int factor, unsigned int size)
+{
+        void *  foo = calloc (factor, size);
+
+        if (foo == NULL) {
+                perror ("xcalloc");
+
+                exit (EXIT_FAILURE);
+        }
+
+        return (foo);
+}
+
+
+/* destroy the ip_list element given in `slot'
+ */
+static void
+mg_destroy_slot (garage_hdlr *g, ip_list *slot, void (* cleaner)(ip_list *));
+
+
+garage_hdlr *
+mg_init (char *name, unsigned long int max_hosts_in_list,
+        void (* cleaner)(ip_list *))
+{
+        garage_hdlr *   new = xcalloc (1, sizeof (garage_hdlr));
+
+        new->name = name;
+        new->garage = xcalloc (256 * 256, sizeof (ip_list *));
+        new->cleaner = cleaner;
+        new->ip_count = 0;
+
+        if (max_hosts_in_list == 0) {
+                new->timeout_tbl = NULL;
+                new->timeout_max = 0;
+                new->timeout_idx = 0;
+        } else {
+                new->timeout_tbl = xcalloc (max_hosts_in_list,
+                        sizeof (unsigned long int));
+                new->timeout_max = max_hosts_in_list;
+                new->timeout_idx = 0;
+        }
+
+        memset (new->garage, '\x00', 256 * 256 * sizeof (ip_list *));
+        if (new->timeout_tbl != NULL)
+                memset (new->timeout_tbl, '\x00', max_hosts_in_list *
+                        sizeof (unsigned long int));
+
+        return (new);
+}
+
+
+void
+mg_destroy (garage_hdlr *g, int do_handler)
+{
+        int     h;
+
+
+#ifdef DEBUG
+        printf ("tackcount = %Lu\n", tackc);
+        printf ("tackall = %Lu\n", tackall);
+        printf ("tackmedian = %2.3f\n", (float) ((float) tackall / (float) tackc));
+#endif
+
+        for (h = 0 ; h < (256 * 256) ; ++h) {
+                if (g->garage[h] != NULL) {
+                        /* the IP list structure for the IP will be free'd
+                         * by mg_clean, too, so we don't have to do that
+                         * manually
+                         */
+                        mg_destroy_slot (g, g->garage[h], (do_handler == 0) ?
+                                NULL : g->cleaner);
+                        g->garage[h] = NULL;
+                }
+        }
+
+        free (g->garage);
+        if (g->timeout_tbl == NULL)
+                free (g->timeout_tbl);
+
+        /* g->name is not to be free'd */
+
+        free (g);
+}
+
+
+static void
+mg_destroy_slot (garage_hdlr *g, ip_list *slot, void (* cleaner)(ip_list *))
+{
+        ip_list *       next;
+
+        do {
+                next = slot->next;
+                mg_clean (g, slot->ip, cleaner);
+                slot = next;
+        } while (slot != NULL);
+
+        return;
+}
+
+
+void
+mg_write (garage_hdlr *g, unsigned long int ip, void *data, size_t data_len,
+        int data_free)
+{
+        ip_list *       il;
+        ip_elem *       new = xcalloc (1, sizeof (ip_elem));
+
+
+        new->next = NULL;
+        new->data_free = data_free;
+        new->data_len = data_len;
+        new->data = data;
+
+
+        il = g->garage[MG_H (ip)];
+        if (il == NULL) {
+                il = xcalloc (1, sizeof (ip_list));
+                il->next = NULL;
+                il->ip = ip;
+                il->data = new;
+
+                g->garage[MG_H (ip)] = il;
+                g->ip_count += 1;
+        } else {
+                ip_list **      cw = &g->garage[MG_H (ip)];
+
+                while (il != NULL && ip > il->ip) {
+                        cw = &il->next;
+                        il = il->next;
+                }
+
+                if (il != NULL && ip == il->ip) {
+                        new->next = il->data;
+                        il->data = new;
+                } else {
+                        ip_list *       il_tmp = xcalloc (1, sizeof (ip_list));
+
+                        il_tmp->next = il;
+                        *cw = il_tmp;
+                        il = il_tmp;
+
+                        il->ip = ip;
+                        il->data = new;
+
+                        g->ip_count += 1;
+                }
+        }
+
+        if (g->timeout_tbl != NULL) {
+#ifdef DEBUG
+                printf ("tbl = 0x%08lx   tbl_idx = %5lu   tbl_max = %5lu   tbl_count = %8lu\n",
+                        (unsigned long int) g->timeout_tbl,
+                        (unsigned long int) g->timeout_idx,
+                        (unsigned long int) g->timeout_max,
+                        (unsigned long int) mg_count (g));
+                printf ("g->timeout_tbl[g->timeout_idx] = %lu\n", g->timeout_tbl[g->timeout_idx]);
+                printf ("condition = %s\n", (g->timeout_tbl[g->timeout_idx] != 0) ? "true" : "false");
+#endif
+
+                if (g->timeout_tbl[g->timeout_idx] != 0)
+                        mg_clean (g, g->timeout_tbl[g->timeout_idx], NULL);
+
+                g->timeout_tbl[g->timeout_idx] = il->ip;
+#ifdef DEBUG
+                printf ("g->timeout_idx = %5ld   g->timeout_max = %5ld\n\n",
+                        g->timeout_idx, g->timeout_max);
+#endif
+                g->timeout_idx = (g->timeout_idx + 1) % g->timeout_max;
+        }
+}
+
+
+ip_elem *
+mg_read (garage_hdlr *g, unsigned long int ip)
+{
+#ifdef DEBUG
+        int             tackcount = 0;
+#endif
+        ip_list *       il = g->garage[MG_H (ip)];
+
+        /* no list for this hash value -> no IP stored
+         */
+        if (il == NULL)
+                return (NULL);
+
+        /* walk the list
+         */
+        do {
+                if (il->ip == ip)
+#ifdef DEBUG
+                {
+                        printf ("tackcount = %d\n", tackcount);
+                        tackall += tackcount;
+                        tackc += 1;
+#endif
+                        return (il->data);
+#ifdef DEBUG
+                } else {
+                        tackcount += 1;
+                }
+#endif
+
+                il = il->next;
+
+        } while (il != NULL && il->ip <= ip);
+
+        return (NULL);
+}
+
+
+void
+mg_clean (garage_hdlr *g, unsigned long int ip, void (* cleaner)(ip_list *))
+{
+        ip_elem *       iel;
+        ip_elem *       iel_tmp;
+
+        ip_list **      cw = &g->garage[MG_H (ip)];
+        ip_list *       il;
+
+
+        il = *cw;
+
+        /* walk the list
+         */
+        while (il != NULL && il->ip < ip) {
+                cw = &il->next;
+                il = il->next;
+        }
+
+        if (il == NULL || il->ip != ip)
+                return;
+
+        *cw = il->next;
+
+        /* if a cleaner has been given, or there is a default cleaner in the
+         * garage, then run it
+         */
+        if (cleaner != NULL) {
+                cleaner (il);
+        } else if (g->cleaner != NULL) {
+                g->cleaner (il);
+        }
+
+        iel = il->data;
+        while (iel != NULL) {
+                iel_tmp = iel;
+                if (iel->data_free)
+                        free (iel->data);
+
+                iel = iel->next;
+                free (iel_tmp);
+        }
+
+        g->ip_count -= 1;
+
+        free (il);
+
+        return;
+}
+
+
+void
+mg_show (garage_hdlr *g)
+{
+        int     h1, h2;
+        int     count;
+
+        char    display[] = ".123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+
+        printf ("=== garage = %s === elements in garage = %lu\n", g->name, mg_count (g));
+        printf ("0_________0_________0_________0_________0_________0_________0_________\n");
+
+        for (h1 = 0 ; h1 < 256 ; ++h1) {
+                count = 0;
+                for (h2 = 0 ; h2 < 256 ; ++h2) {
+                        if (g->garage[h1 * 256 + h2] != NULL)
+                                count += 1;
+                }
+
+                printf ("%c", count >= (sizeof (display) - 1) ? '>' : display[count]);
+                if ((h1 + 1) % 70 == 0) {
+                        printf ("\n");
+                        printf ("0_________0_________0_________0_________0_________0_________0_________\n");
+                }
+        }
+        printf ("\n");
+
+}
+
+
+unsigned long int
+mg_count (garage_hdlr *g)
+{
+        return (g->ip_count);
+}
+
+
+#if 0
+/* unused code
+ */
+static unsigned long int
+mg_count_slot (ip_list *list)
+{
+        unsigned long int       count = 0;
+
+        do {
+                count += 1;
+                list = list->next;
+        } while (list != NULL);
+
+        return (count);
+}
+#endif
+
+
+int
+mg_ip_isin (garage_hdlr *g, unsigned long int ip)
+{
+        ip_list *       il = g->garage[MG_H (ip)];
+
+        if (il == NULL)
+                return (0);
+
+        while (il != NULL && ip < il->ip) {
+                il = il->next;
+        }
+
+        if (il != NULL && ip == il->ip)
+                return (1);
+
+        return (0);
+}
+
+
+
+/* CIDR routines
+ *
+ * XXX: maybe move some basic CIDR routines to an extra file for maintance
+ * XXX: beta code, please test
+ */
+
+unsigned long int
+mg_cidr_getmask (unsigned long int mask)
+{
+        /* work around to dumb gcc 'optimizations' (ie compiler bug)
+         */
+        if (mask == 0)
+                return (0);
+
+        if (mask > 32) {
+                return (mask);
+        } else {
+                unsigned long int       nm = 0xffffffff;
+
+                /* clear zero bits
+                 */
+                mask = 32 - mask;
+                nm >>= mask;
+                nm <<= mask;
+
+                return (nm);
+        }
+}
+
+
+unsigned long int
+mg_cidr_maskcount (unsigned long int mask)
+{
+        return ((~mg_cidr_getmask (mask)) + 1);
+}
+
+
+int
+mg_cidr_match (unsigned long int ip1, unsigned long int ip2,
+        unsigned long int mask)
+{
+        mask = mg_cidr_getmask (mask);
+        ip1 &= mask;
+        ip2 &= mask;
+
+        return (ip1 == ip2);
+}
+
+
+unsigned long int
+mg_cidr_count (garage_hdlr *g, unsigned long int ip, unsigned long int mask)
+{
+        unsigned long int       count = 0;
+        unsigned long int       ip_start,
+                                ip_end;
+
+
+        ip_start = ip & mg_cidr_getmask (mask);
+        ip_end = ip_start + mg_cidr_maskcount (mask);
+
+        /* workaround for /0 cidr mask (if sizeof (unsigned long int) == 4)
+         * it will make ip_end = 0, so we have to catch this case)
+         */
+        if (ip_end == 0)
+                return (mg_count (g));
+
+        if ((ip_end - ip_start) >= mg_count (g)) {
+                /* since there are less elements then the ip range contains,
+                 * we go for a count-matching-elements-by-scanning-through-
+                 * the-entire-array like technique
+                 */
+                unsigned long int       h;
+                ip_list *               il;
+
+                for (h = 0 ; h < (256 * 256) ; ++h) {
+                        if (g->garage[h] != NULL) {
+                                il = g->garage[h];
+
+                                do {
+                                        if (mg_cidr_match (il->ip, ip, mask))
+                                                count += 1;
+
+                                        il = il->next;
+                                } while (il != NULL);
+                        }
+                }
+        } else {
+                /* there are more elements in the garage then this range
+                 * contains, so scam this range only
+                 */
+                do {
+                        count += mg_ip_isin (g, ip_start);
+
+                        ip_start += 1;
+                } while (ip_start < ip_end);
+        }
+
+        return (count);
+}
+
+
diff --git a/other/b-scan/tmp/src/module.c b/other/b-scan/tmp/src/module.c
new file mode 100644
index 0000000..1748914
--- /dev/null
+++ b/other/b-scan/tmp/src/module.c
@@ -0,0 +1,214 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <dlfcn.h>
+#include <string.h>
+#include <bscan/module.h>
+#include <bscan/system.h>
+
+struct _mods mods[MAX_MODULES];
+/* modstructures not initialized */
+int modcount = -1;
+
+/*
+#ifdef HAVE_DLSYM
+#define MAKE_DLSYM(x, y) mods[modcount].##x = dlsym(handle, ##y);\
+        if ((error = dlerror()) != NULL) {\
+                fprintf(stderr, ##y":%s\n", error); return(1); }
+#endif
+*/
+
+/* I think this is more correct, and also gets rid of some compile warnings.
+ * hope this doesn't break anything. -typo */
+#ifdef HAVE_DLSYM
+#define MAKE_DLSYM(x, y) mods[modcount].x = dlsym(handle, y);\
+        if ((error = dlerror()) != NULL) {\
+                fprintf(stderr, y":%s\n", error); return(1); }
+#endif
+
+/*  SunOS 4.1.3 support */
+#ifndef RTLD_NOW
+#define RTLD_NOW        0x00001
+#endif
+/* OpenBSD support */
+#ifndef RTLD_GLOBAL
+#define RTLD_GLOBAL     0x00000
+#endif
+
+/* we really hate theo for this shit of dl* work */
+#if defined(__OpenBSD__)
+# if !(defined(__mips) || defined(__powerpc))
+#  define DLSYM_AOUT 1
+# else
+#  define DLSYM_AOUT 0
+# endif
+#endif
+#if DLSYM_AOUT == 1
+# define DLSYM_UNDERSCORE "_"
+#else
+# define DLSYM_UNDERSCORE /**/
+#endif
+
+
+/*
+ * init the module structures. NOT the modules! 
+ */
+void
+init_modules ()
+{
+    int c = 0;
+
+    while (c < MAX_MODULES)
+    {
+        mods[c].init = NULL;
+        mods[c].fini = NULL;
+        mods[c].musage = NULL;
+        mods[c].modname = NULL;
+        mods[c].modid = 0;
+        mods[c].modarg = NULL;
+        mods[c++].callmdl = NULL;
+    }
+    modcount = 0;
+}
+
+
+/*
+ * Load a module
+ * Return 0 on success, != 0 on error [no space left, EACCESS, ...]
+ */
+int
+add_module (char *fname, char *modarg)
+{
+#ifdef HAVE_DLSYM
+    void *handle;
+    char *error;
+
+    if (modcount == -1)
+        init_modules ();
+
+    if (modcount >= MAX_MODULES)
+        return (2);             /* array to small! */
+
+    handle = dlopen (fname, RTLD_NOW | RTLD_GLOBAL);
+
+    if ((error = dlerror ()) != NULL)
+    {
+        fprintf (stderr, "%s\n", error);
+        return (1);
+    }
+
+    MAKE_DLSYM (init, DLSYM_UNDERSCORE"init");
+    MAKE_DLSYM (fini, DLSYM_UNDERSCORE"fini");
+    MAKE_DLSYM (musage, DLSYM_UNDERSCORE"musage");
+    MAKE_DLSYM (callmdl, DLSYM_UNDERSCORE"callmdl");
+
+    mods[modcount].modid = modcount;
+    mods[modcount].modarg = modarg;     /* not encoded arg */
+
+    modcount++;
+
+#endif
+    return 0;
+}
+
+/*
+ * split a 'space seperated string' into many arguements
+ * decode esc-sequences
+ */
+void
+split_margs (const char *moptarg, char ***margvp, int *margcp)
+{
+    char *ptr, *opt;
+    int off;
+    char ch, ch2;
+
+    if (margcp == NULL)
+        return;
+
+    if (margvp == NULL)
+        return;
+
+    if (moptarg == NULL)
+        return;
+
+    moptarg = strdup(moptarg);
+
+    /*
+     * convert "   modname   -a arg1 -b    arg2" to
+     *         "modname -a arg1 -b arg2"
+     */
+    opt = (char *) calloc (1, strlen (moptarg) + 1);
+    off = 0;
+    ch2 = ' ';
+    ptr = (char *) moptarg;
+    while ((ch = *ptr++) != '\0')
+    {
+        if ((ch == ' ') && (ch2 == ' '))
+            continue;
+        opt[off++] = ch;
+        ch2 = ch;
+    }
+    if (ch2 == ' ')
+        opt[off - 1] = '\0';
+
+    /*
+     * split argument-string into char *argv[] array
+     */
+    *margcp = 0;
+    while ((ptr = strchr (opt, ' ')) != NULL)
+    {
+        *ptr++ = '\0';
+
+        (*margvp) = realloc (*margvp, ((*margcp) + 1) * sizeof (char *));
+
+        ctoreal(opt, opt);      /* decode esc-sequences */
+        *(*margvp + *margcp) = opt;
+        (*margcp)++;
+        opt = ptr;
+    }
+    (*margvp) = realloc (*margvp, ((*margcp) + 2) * sizeof (char *));
+    ctoreal(opt, opt);
+    *(*margvp + (*margcp)++) = opt;
+    *(*margvp + (*margcp)) = NULL;      /* terminate the array */
+
+}
+
+/*
+ * load and init the module.
+ * this function can exit
+ * return 0 on success
+ */
+int
+loadinit_mod(char *optar)
+{
+    char **margv = NULL;
+    int margc = 0;
+    extern int optind;
+    extern struct _opt *opt;
+
+    split_margs (optar, &margv, &margc);
+    if (add_module (margv[0], optar) == 0)
+    {
+        int oldoptind = optind;
+        int m = modcount - 1;
+        optind = 1;
+
+        if (mods[m].init ((char **) &mods[m].modname, margc, margv, opt) != 0)
+        {
+            fprintf (stderr, "- [%d]: '%s' init FAILED\n",
+                                         mods[m].modid, margv[0]);
+            mods[m].musage ();
+            exit (-1);
+         } else
+            fprintf (stderr, "+ [%d]: '%s' initialized\n",
+                                         mods[m].modid, mods[m].modname);
+         optind = oldoptind;     /* restore old optind value */
+    } else
+    {
+         fprintf (stderr, "+ [-]; '%s' failed\n", optar);
+         exit (-1);
+    }
+
+    return(0);
+}
+
+
diff --git a/other/b-scan/tmp/src/network_raw.c b/other/b-scan/tmp/src/network_raw.c
new file mode 100644
index 0000000..1b87eaa
--- /dev/null
+++ b/other/b-scan/tmp/src/network_raw.c
@@ -0,0 +1,497 @@
+/*
+ * raw network routines
+ * libnet based (not yet ..but maybe in the future :>
+ */
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+#ifndef __FAVOR_BSD
+#define __FAVOR_BSD
+#endif
+#ifndef __USE_BSD
+#define __USE_BSD
+#endif
+#ifndef __BSD_SOURCE
+#define __BSD_SOURCE
+#endif
+#include <libnet.h>
+#include <bscan/network_raw.h>
+
+static int netraw_lrand = 0;
+#define LAME_RANDOM     (netraw_lrand = (netraw_lrand + (netraw_lrand>>1)))
+
+/*
+ * init all the network_raw stuff
+ * return 0 on success, -1 on error
+ */
+int
+init_network_raw ()
+{
+    /* seeded by init_vars/bscan.c */
+    netraw_lrand = 1 + (int) (65335.0 * rand () / (RAND_MAX + 1.0));
+    return (0);
+}
+
+/*
+ * calc. checksum WITH carry flag.
+ * call cksum = CKSUM_CARRY(sum);
+ * we calculate only the initial checksum here.
+ * we can use the result for all further packets
+ */
+int
+in_cksum (unsigned short *addr, int len)
+{
+    int nleft = len;
+    int sum = 0;
+    u_short *w = addr;
+    u_short answer = 0;
+
+    while (nleft > 1)
+    {
+        sum += *w++;
+        nleft -= 2;
+    }
+
+    if (nleft == 1)             /* padding */
+    {
+        *(u_char *) (&answer) = *(u_char *) w;
+        sum += answer;
+    }
+
+    return (sum);
+}
+
+
+/*
+ * add ICMP_ECHO or ICMP_TSTAMP
+ * len = len of payload
+ * add ICMP-header to pkt
+ */
+void
+add_icmpping (unsigned char *pkt, int len, int which)
+{
+    struct icmp *icmp = (struct icmp *) pkt;
+    int sum;
+    struct timeval tv;
+    memset (icmp, 0, sizeof (*icmp));   /* sizeof(*icmp) = 28 */
+
+    if (which == ICMP_ECHO)
+      {
+        icmp->icmp_type = ICMP_ECHO;
+      }
+    else if (which == ICMP_TSTAMP)
+      {
+        if (len < 13)
+          printf ("packet too small for timestamp request, lets blast the packets out anyway\n");
+        icmp->icmp_type = ICMP_TSTAMP;
+      }
+    else
+      printf ("Your kung-fu is bad!\n"); 
+
+    icmp->icmp_hun.ih_idseq.icd_id = LAME_RANDOM;
+    gettimeofday (&tv, NULL);
+    memcpy (icmp->icmp_dun.id_data, &tv, sizeof (tv));
+
+    sum = in_cksum ((u_short *) icmp, ICMP_SIZE + len);
+    icmp->icmp_cksum = CKSUM_CARRY (sum);
+}
+
+
+/*
+ * add udp-header [no checksum]
+ * len = len of payload
+ */
+void
+add_udphdr(unsigned char *pkt, struct net_tuple *nt, int len)
+{
+    struct udphdr udp;
+
+    memset(&udp, 0, sizeof(udp));
+    udp.uh_sport = nt->sport;
+    udp.uh_dport = nt->dport;
+    udp.uh_ulen = htons(len + UDP_SIZE);
+    udp.uh_sum = 0;     /* no checksum !*/
+    memcpy(pkt, &udp, sizeof(udp));
+}
+
+
+/*
+ * len = len of payload
+ */
+void
+add_tcphdr (unsigned char *pkt, struct net_tuple *nt, uint8_t flags, int len,
+            tcp_seq * seq, tcp_seq * ack)
+{
+    struct tcphdr tcp;
+    struct tcphdr *tcpptr;
+    struct _fakehead fakehead;
+    int sum;
+
+    memset (&tcp, 0, sizeof (tcp));
+    memset (&fakehead, 0, sizeof (fakehead));
+    tcp.th_dport = nt->dport;
+    tcp.th_sport = nt->sport;
+    fakehead.saddr = nt->src;
+    fakehead.daddr = nt->dst;
+    fakehead.zero = 0;
+    fakehead.protocol = IPPROTO_TCP;
+    fakehead.tot_len = htons (TCP_SIZE + len);
+    sum = in_cksum ((u_short *) & fakehead, sizeof (fakehead));
+    tcp.th_off = TCP_SIZE >> 2;
+    if (seq != NULL)
+        tcp.th_seq = *seq;
+    else
+        tcp.th_seq = LAME_RANDOM;
+    if (ack != NULL)
+        tcp.th_ack = *ack;
+    tcp.th_flags |= flags;      /* ADD the flags */
+    tcp.th_win = htons (0x3fff);
+    memcpy (pkt, &tcp, sizeof (tcp));
+    sum += in_cksum ((u_short *) pkt, sizeof (tcp) + len);
+    tcpptr = (struct tcphdr *)pkt;
+    tcpptr->th_sum = CKSUM_CARRY (sum);
+}
+
+
+/*
+ * add's ipv4-header of 20 bytes without any options
+ * - IPPROTO_TCP and 40 bytes total length
+ */
+void
+add_iphdr (unsigned char *pkt, uint8_t ip_p, struct net_tuple *nt, int len)
+{
+    struct ip ip;
+    memset (&ip, 0, IP_SIZE);
+    ip.ip_hl = sizeof (ip) >> 2;
+    ip.ip_v = 4;
+    /*ip->tos = 0; */
+    ip.ip_len = htons (len + IP_SIZE);  /* htons ? */
+    /*ip->id = 0;                  done by kernel */
+    /*ip->frag_off = 0; */
+    ip.ip_ttl = 0xff;
+    ip.ip_p = ip_p;
+    /*.ip->check = 0;      done by kernel */
+    ip.ip_src.s_addr = nt->src;
+    ip.ip_dst.s_addr = nt->dst;
+    memcpy (pkt, &ip, sizeof (ip));
+}
+
+/*
+ * send out ipv4-packet
+ * with data 'pkt' of length 'len'
+ * returns the number of characters sent, or -1 if an error occured
+ */
+int
+send_ipv4 (int sox, u_char * pkt, size_t len)
+{
+    struct sockaddr_in to;
+    to.sin_family = AF_INET;
+    memcpy (&to.sin_addr.s_addr, (pkt + 4 * 4), sizeof (u_long));
+    return (sendto (sox, pkt, len, 0, (struct sockaddr *) &to, sizeof (to)));
+}
+
+
+/*
+ * small/lame tcp userland stack
+ * give 'best' tcp-answer to a tcp-packet
+ * return 0 on success
+ * payload + len are optional
+ */
+int
+answer_tcp (int sox, struct ip *ip, struct tcphdr *tcp, uint8_t flags,
+            u_char * payload, uint len)
+{
+    static u_char *outpkt = NULL;
+    static int msize = 0;
+    struct net_tuple nt;
+    tcp_seq outack;
+
+    if (TCP_SIZE + IP_SIZE + len > msize)
+    {
+        outpkt = realloc (outpkt, TCP_SIZE + IP_SIZE + len);
+        msize = TCP_SIZE + IP_SIZE + len;
+    }
+
+    if (outpkt == NULL)
+        return (-1);
+    if (ip == NULL)
+        return (-1);
+    if (tcp == NULL)
+        return (-1);
+
+    memset (outpkt, 0, TCP_SIZE + IP_SIZE + len);
+
+    nt.sport = tcp->th_dport;
+    nt.dport = tcp->th_sport;
+    nt.src = ip->ip_dst.s_addr;
+    nt.dst = ip->ip_src.s_addr;
+
+    if (payload != NULL)
+        memcpy (outpkt + TCP_SIZE + IP_SIZE, payload, len);
+
+    outack = ntohl (tcp->th_seq) + ntohs (ip->ip_len) - (tcp->th_off << 2) -
+        (ip->ip_hl << 2);
+    if (tcp->th_flags & (TH_SYN | TH_FIN))
+        outack++;
+
+    outack = htonl (outack);
+    add_tcphdr (outpkt + IP_SIZE, &nt, flags, len, &tcp->th_ack, &outack);
+
+    add_iphdr (outpkt, IPPROTO_TCP, &nt, TCP_SIZE + len);
+
+    send_ipv4 (sox, outpkt, IP_SIZE + TCP_SIZE + len);
+
+    return (0);
+}
+
+
+/*
+ * return 0 if ip-header is valid [length only]
+ * len = length from the begin of the ip-header [20 for normal ip header]
+ */
+int
+vrfy_ip (struct ip *ip, uint32_t len, u_short * ip_options)
+{
+    u_short _ip_options;
+
+    if (len < sizeof (*ip))
+        return (-1);
+
+    _ip_options = ip->ip_hl << 2;
+    if (_ip_options > len)
+        return (-1);
+
+    if (_ip_options > 0xefff)
+        return -1;
+
+    if (_ip_options < sizeof (*ip))
+        _ip_options = 0;
+    else
+        _ip_options -= sizeof (*ip);
+
+    *ip_options = _ip_options;
+    return (0);
+}
+
+
+/*
+ * len = len of tcp-header + tcp_options + tcp_data (from wire).
+ * returns 0 if tcp-header is valid [length check only]
+ * returns options
+ * != 0 if something went wrong [header size etc]
+ */
+int
+vrfy_tcp (struct tcphdr *tcp, uint32_t plen, u_short * tcp_options)
+{
+    u_short _tcp_options;
+
+    if (plen < sizeof (*tcp))
+        return (-1);
+
+    _tcp_options = tcp->th_off << 2;
+    if (_tcp_options > plen)
+        return (-1);
+    if (_tcp_options > 0xefff)   /* this is quite to large for me */
+        return -1;
+
+    if (_tcp_options <= sizeof (*tcp))
+        _tcp_options = 0;
+    else
+        _tcp_options -= sizeof (*tcp);
+
+    *tcp_options = _tcp_options;
+
+    return (0);
+}
+
+int 
+vrfy_udp (struct udphdr *udp, uint32_t len)
+{
+
+    if (len < sizeof(*udp))
+        return (-1);
+
+    return (0);
+}
+
+/*
+ * decode NetworkVirtualTerminal Data 
+ * data = the raw (nvt)-input
+ * len = length of 'data'
+ * ans = the nvt-answer (IAC don't)
+ * anslen = the calculated anser length
+ * res = the decoded nvt data (login: prompt etc)
+ * reslen = the calculates decoded data length
+ * All parameters must be given (NULL is not allowed)
+ * and initialized
+ * return -1 on failure
+ * return 0 on success
+ * rfc-will: anslen, reslen < len
+ */
+#define IACFOUND        0x01
+#define DOFOUND         0x02
+#define UNKNOWNOPT      0x04
+#define SUBNEGO         0x08
+#define CRFOUND         0x10
+
+#define NVT_SE          0xf0
+#define NVT_SB          0xfa
+#define NVT_WILL        0xfb
+#define NVT_WONT        0xfc
+#define NVT_DO          0xfd
+#define NVT_DONT        0xfe
+#define IAC             0xff
+
+int
+decode_nvt(u_char *data, uint len, u_char *ans, uint *anslen, 
+                                                 u_char *res, uint *reslen)
+{
+    u_char *ptr = data;
+    u_char *ansptr = ans;
+    u_char *resptr = res;
+    u_char flags = 0;
+    int i = 0;
+    u_char c;
+
+    if ( (data == NULL) || (ans == NULL) || (res == NULL))
+        return(0);
+
+    *anslen = 0;
+    *reslen = 0;
+
+    while (1)
+    {
+        if (i++ >= len)
+             break;
+        c = *ptr++;
+
+        if (flags & UNKNOWNOPT)
+        {
+            flags = 0;
+            continue;
+        }
+
+        if (flags & IACFOUND)
+        {
+            if (c == IAC)       /* IAC IAC */
+            {
+                *resptr++ = IAC;
+                flags = 0;      /* reset */
+                continue;
+            }
+
+            if (flags & SUBNEGO)
+            {
+                if (c == NVT_SE)        /* subnegotiation end */
+                    flags = 0;
+                continue;
+            }
+
+            if (flags & DOFOUND)
+            {
+/* 3com switch test             if (c == 0x03)
+                {
+                        *ansptr++ = IAC;
+                        *ansptr++ = NVT_DO;
+                        *ansptr++ = 0x03;
+                        *ansptr++ = IAC;
+                        *ansptr++ = NVT_WILL;
+                        *ansptr++ = 0x18;
+                        *ansptr++ = IAC;
+                        *ansptr++ = NVT_WILL;
+                        *ansptr++ = 0x1f;
+                        *ansptr++ = IAC;
+                        *ansptr++ = NVT_WILL;
+                        *ansptr++ = 0x20;
+                        *ansptr++ = IAC;
+                        *ansptr++ = NVT_WILL;
+                        *ansptr++ = 0x21;
+                        *ansptr++ = IAC;
+                        *ansptr++ = NVT_WILL;
+                        *ansptr++ = 0x22;
+                        *ansptr++ = IAC;
+                        *ansptr++ = NVT_WILL;
+                        *ansptr++ = 0x27;
+                        *ansptr++ = IAC;
+                        *ansptr++ = NVT_DO;
+                        *ansptr++ = 0x05;
+                        *ansptr++ = IAC;
+                        *ansptr++ = NVT_WILL;
+                        *ansptr++ = 0x23;
+                        *anslen = *anslen + 24;
+
+                }
+*/
+                *ansptr++ = IAC;
+                *ansptr++ = NVT_WONT;   /* me is dump - im a kid */
+                *ansptr++ = c;
+                *anslen = *anslen + 3;
+                flags = 0;
+                continue;
+            }
+
+            if (c == NVT_SB)    /* subnegotiation */
+            {
+                flags = SUBNEGO;
+                continue;
+            }
+
+            if (c == NVT_DO)    /* DO ... */
+            { 
+                flags |= DOFOUND;
+                continue;
+            } else {
+                flags = ~(IACFOUND | DOFOUND);
+                flags |= UNKNOWNOPT;    /* skip next */
+                continue;
+            }
+
+        }
+
+        if (flags & SUBNEGO)
+            continue;
+
+        if (c == IAC)
+        {
+            flags = IACFOUND;   /* just IAC */
+            continue;
+        }
+
+        if (flags & CRFOUND)
+        {
+            if (c == '\0')
+            {
+                flags &= ~CRFOUND;
+                *res++ = '\r';
+                *reslen = *reslen + 1;
+                continue;
+            }
+            if (c == '\n')
+            {
+                flags &= ~CRFOUND;
+                *res++ = '\n';
+                *reslen = *reslen + 1;
+                continue;
+            }
+        }
+
+        if (c == '\r')
+        {
+            flags |= CRFOUND;
+            continue;
+        }
+        
+        *res++ = c;
+        *reslen = *reslen + 1;
+
+    }
+
+    return(0);
+}
+
+
+
diff --git a/other/b-scan/tmp/src/restore.c b/other/b-scan/tmp/src/restore.c
new file mode 100644
index 0000000..45edbb8
--- /dev/null
+++ b/other/b-scan/tmp/src/restore.c
@@ -0,0 +1,263 @@
+/*
+ * bscan, restore.c
+ * this is the buggies part of the entire scanner :>
+ * many buffer overflows in here
+ */
+#include <bscan/bscan.h>
+#include <bscan/system.h>
+#include <bscan/module.h>
+#include <string.h>
+
+
+extern struct _opt *opt;
+
+#define RESTORE_FILE    "restore.bscan"
+
+#define R_ARGVLIST      "argvlist"
+#define R_MODARG        "modarg"
+#define R_LIMIT         "limit"
+#define R_FLAGS         "flags"
+#define R_DELAY         "delay"
+#define R_PSCANSTAT     "pscanstat"
+#define R_IPSCAN_COUNT  "ipscan_count"
+#define R_IPTOTSCAN_C   "iptotscan_count"
+#define R_BSENT_COUNT   "bsent_count"
+#define R_IP_OFFSET     "ip_offset"
+#define R_IP_BLKLEN     "ip_blklen"
+#define R_IP_POS        "ip_pos"
+#define R_SCAN_TIME     "scan_time"
+#define R_SPF_SIP       "spf_sip"
+#define R_SPF_SMAC      "spf_smac"
+#define R_SNARFICMP_C   "snarf.icmp_c"
+#define R_SNARFCLOSE_C  "snarf.close_c"
+#define R_SNARFOPEN_C   "snarf.open_c"
+#define R_SNARFREFUSED_C        "snarf.refused_c"
+#define R_IDEV          "lnet.device"
+#define R_HOSTFILE      "hostfile"
+
+
+/*
+ * save everything that is required to restore/restart an inter session
+ */
+int
+write_restore ()
+{
+    u_char *p = (u_char *) opt->spf_smac;
+    FILE *fptr;
+    char **myargv = opt->argvlist;
+    struct timeval tv;
+#ifdef HAVE_DLSYM
+    int c=0;
+    extern const int modcount;
+    extern const struct _mods mods[MAX_MODULES];
+#endif
+
+    if (opt->flags & OPT_VERB)
+        fprintf (stderr, "Writing restore file '%s'\n", RESTORE_FILE);
+
+    if ((fptr = fopen (RESTORE_FILE, "w+")) == NULL)
+        return (-1);
+
+    fprintf (fptr, "# bscan restore file. This is an automatic generated\n");
+    fprintf (fptr, "# file. Don't edit.\n");
+    fprintf (fptr, "#\n");
+
+    fprintf (fptr, R_ARGVLIST ": ");
+    if ((opt->target != NULL) && !(opt->flags & OPT_HOSTFILE))
+        fprintf (fptr, "\"%s\" ", opt->target);
+    while (*myargv != NULL)
+        fprintf (fptr, "\"%s\" ", *myargv++);
+    fprintf (fptr, "\n");
+
+#ifdef HAVE_DLSYM
+    for (c = 0; c < modcount; c++)
+        fprintf(fptr, R_MODARG ": %s\n", mods[c].modarg);
+#endif
+
+    fprintf (fptr, R_LIMIT ": %u\n", opt->limit);
+    fprintf (fptr, R_DELAY ": %u\n", opt->delay);
+    fprintf (fptr, R_PSCANSTAT ": %u\n", opt->pscanstat);
+    fprintf (fptr, R_IPSCAN_COUNT ": %lu\n", opt->ipscan_count);
+    fprintf (fptr, R_IPTOTSCAN_C  ": %lu\n", opt->iptotscan_count);
+    fprintf (fptr, R_BSENT_COUNT ": %lu\n", opt->bsent_count);
+    fprintf (fptr, R_IP_OFFSET ": %lu\n", opt->ip_offset);
+    fprintf (fptr, R_IP_BLKLEN ": %lu\n", opt->ip_blklen);
+    fprintf (fptr, R_IP_POS ": %lu\n", opt->ip_pos);
+    fprintf (fptr, R_FLAGS ": %4.4x\n", opt->flags);
+    memcpy(&tv, &opt->tv2, sizeof(tv));
+    time_diff (&opt->scan_start, &tv);
+    fprintf (fptr, R_SCAN_TIME ": %ld\n", (long)tv.tv_sec);
+    fprintf (fptr, R_SPF_SIP ": %s\n", int_ntoa (opt->nt.src));
+    fprintf (fptr, R_SPF_SMAC ": %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x\n",
+             p[0], p[1], p[2], p[3], p[4], p[5]);
+    fprintf (fptr, R_SNARFICMP_C ": %lu\n", opt->snarf.icmp_c);
+    fprintf (fptr, R_SNARFCLOSE_C ": %lu\n", opt->snarf.close_c);
+    fprintf (fptr, R_SNARFOPEN_C ": %lu\n", opt->snarf.open_c);
+    fprintf (fptr, R_SNARFREFUSED_C ": %lu\n", opt->snarf.refused_c);
+    if (opt->lnet.device != NULL)
+        fprintf (fptr, R_IDEV ": %s\n", opt->lnet.device);
+    else
+        fprintf (fptr, R_IDEV ": \n");
+
+    if (opt->hostfile != NULL)
+        fprintf (fptr, R_HOSTFILE ": %s\n", opt->hostfile);
+    else
+        fprintf (fptr, R_HOSTFILE ": \n");
+
+    fclose (fptr);
+
+    return (0);
+}
+
+int
+restore_processtag (char *tag, char *arg)
+{
+    char *ptr = arg;
+    int c = 0;
+
+    if ((arg == NULL) || (tag == NULL))
+        return (-1);
+
+    if (!strcmp (R_ARGVLIST, tag))
+        if (strlen (arg) > 0)
+        {
+            int toggle = 0;
+            while (*ptr != '\0')
+                if (*ptr++ == '"')
+                    c++;
+            ptr = arg;
+            c = c / 2;
+            if (c <= 0)
+                return (-1);    /* this should not happen */
+            if ((opt->argvlist = malloc ((c + 1) * sizeof (char *))) == NULL)
+                return (-1);
+            for (toggle = 0; toggle < c + 1; toggle++)
+                opt->argvlist[toggle] = NULL;
+
+            toggle = 0;
+            ptr = arg;
+            c = 0;
+            while (*ptr != '\0')
+                if (*ptr++ == '"')
+                {
+                    *(ptr - 1) = '\0';
+                    if (toggle++ == 1)
+                    {
+                        toggle = 0;
+                        continue;
+                    }
+                    opt->argvlist[c++] = ptr;
+                }
+
+            /* strings are ready + \0 terminated here */
+
+            for (toggle = 0; toggle < c; toggle++)
+                opt->argvlist[toggle] = strdup (opt->argvlist[toggle]);
+
+            return (0);
+        }
+
+    if (!strcmp (R_MODARG, tag))
+        loadinit_mod(arg);
+        
+    if (!strcmp (R_DELAY, tag))
+        opt->delay = atoi (arg);
+    if (!strcmp (R_LIMIT, tag))
+        opt->limit = atoi (arg);
+    if (!strcmp (R_PSCANSTAT, tag))
+        opt->pscanstat = atoi (arg);
+    if (!strcmp (R_IPSCAN_COUNT, tag))
+        opt->ipscan_count = strtoul (arg, NULL, 10);
+    if (!strcmp (R_IPTOTSCAN_C, tag))
+        opt->iptotscan_count = strtoul (arg, NULL, 10);
+    if (!strcmp (R_BSENT_COUNT, tag))
+        opt->bsent_count = strtoul (arg, NULL, 10);
+    if (!strcmp (R_IP_OFFSET, tag))
+        opt->ip_offset = strtoul (arg, NULL, 10);
+    if (!strcmp (R_IP_BLKLEN, tag))
+        opt->ip_blklen = strtoul (arg, NULL, 10);
+    if (!strcmp (R_IP_POS, tag))
+        opt->ip_pos = strtoul (arg, NULL, 10);
+    if (!strcmp (R_SCAN_TIME, tag))
+    {                           /* doing the date trick ..we had a scannerdowntime.. */
+        gettimeofday (&opt->scan_start, NULL);
+        opt->scan_start.tv_sec =
+            opt->scan_start.tv_sec - strtoul (arg, NULL, 10);
+    }
+    if (!strcmp (R_SPF_SIP, tag))
+        opt->nt.src = inet_addr (arg);
+    if (!strcmp (R_SPF_SMAC, tag))
+    {
+        unsigned short int sp[6];
+        sscanf (arg, "%hx:%hx:%hx:%hx:%hx:%hx", &sp[0], &sp[1], &sp[2],
+                &sp[3], &sp[4], &sp[5]);
+        for (c = 0; c < 6; c++)
+            opt->spf_smac[c] = (u_char) sp[c];
+
+    }
+    if (!strcmp (R_FLAGS, tag))
+    {
+        sscanf (arg, "%hx", &opt->flags);
+        opt->flags &= ~OPT_ABRT;
+        opt->flags &= ~OPT_REST;
+    }
+    if (!strcmp (R_SNARFICMP_C, tag))
+        opt->snarf.icmp_c = strtoul (arg, NULL, 10);
+    if (!strcmp (R_SNARFCLOSE_C, tag))
+        opt->snarf.close_c = strtoul (arg, NULL, 10);
+    if (!strcmp (R_SNARFOPEN_C, tag))
+        opt->snarf.open_c = strtoul (arg, NULL, 10);
+    if (!strcmp (R_SNARFREFUSED_C, tag))
+        opt->snarf.refused_c = strtoul (arg, NULL, 10);
+    if (!strcmp (R_IDEV, tag))
+        if (strlen (arg) > 0)
+            opt->lnet.device = strdup (arg);
+    if (!strcmp (R_HOSTFILE, tag))
+        if (strlen (arg) > 0)
+            opt->hostfile = strdup (arg);
+
+    return (0);
+}
+
+
+/*
+ * read restore-file
+ * return 0 on success, -1 on failure
+ * sscanf is exploitable. have fun. What kind of stupid admin
+ * who set a +s on this programm. harhar
+ */
+int
+read_restore (char *filename)
+{
+    FILE *fptr;
+    char buf[1024];
+    char tag[1024], arg[1024];
+
+    if (opt->flags & OPT_VERB)
+        fprintf (stderr, "Reading restore file '%s'.\n", filename);
+
+    if ((fptr = fopen (filename, "rb")) == NULL)
+    {
+        printf ("OPEN FAILED\n");
+        return (-1);
+    }
+
+    while (fgets (buf, sizeof (buf), fptr) != NULL)
+    {
+        if (strchr (buf, '#') != NULL)
+            continue;
+
+        tag[0] = arg[0] = '\0';
+        sscanf (buf, "%[^: ]%*[: \t]%[^#\n]%*[\n]", tag, arg);
+
+        if (restore_processtag (tag, arg) == -1)
+        {
+            fprintf (stderr, "error while processing restore file with '%s:%s' \n ", tag, arg);
+             exit (-1);
+        }
+
+     }
+
+     fclose (fptr);
+     return (0);
+}
diff --git a/other/b-scan/tmp/src/signal.c b/other/b-scan/tmp/src/signal.c
new file mode 100644
index 0000000..a2af01f
--- /dev/null
+++ b/other/b-scan/tmp/src/signal.c
@@ -0,0 +1,72 @@
+#include <signal.h>
+#include <bscan/signal.h>
+
+/*
+ * add the signals that you want to be set to default-action
+ */
+int
+do_sig_setall (sighandler_t action)
+{
+#ifdef SIGHUP
+    signal (SIGHUP, action);
+#endif
+#ifdef SIGINT
+    signal (SIGINT, action);
+#endif
+#ifdef SIGQUIT
+    signal (SIGQUIT, action);
+#endif
+#ifdef SIGABRT
+    signal (SIGABRT, action);
+#endif
+#ifdef SIGPIPE
+    signal (SIGPIPE, action);
+#endif
+#ifdef SIGALRM
+    signal (SIGALRM, action);
+#endif
+#ifdef SIGTERM
+    signal (SIGTERM, action);
+#endif
+#ifdef SIGUSR1
+    signal (SIGUSR1, action);
+#endif
+#ifdef SIGUSR1
+    signal (SIGUSR1, action);
+#endif
+#ifdef SIGCHLD
+    signal (SIGCHLD, action);
+#endif
+#ifdef SIGCOMT
+    signal (SIGCOMT, action);
+#endif
+#ifdef SIGSTOP
+    signal (SIGSTOP, action);
+#endif
+#ifdef SIGTSTP
+    signal (SIGTSTP, action);
+#endif
+#ifdef SIGTTIM
+    signal (SIGTTIM, action);
+#endif
+#ifdef SIGTTOU
+    signal (SIGTTOU, action);
+#endif
+
+    return (0);
+}
+
+/*
+ * sig-ctl function.
+ * atm only SIG_DFL implemented....
+ */
+int
+sigctl (int flags, sighandler_t action)
+{
+    int ret = 0;
+
+    if (flags & SIG_SETALL)
+        ret = do_sig_setall (action);
+
+    return (ret);
+}
diff --git a/other/b-scan/tmp/src/snarf.c b/other/b-scan/tmp/src/snarf.c
new file mode 100644
index 0000000..fce8b9e
--- /dev/null
+++ b/other/b-scan/tmp/src/snarf.c
@@ -0,0 +1,211 @@
+#include <stdlib.h>
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#ifndef __FAVOR_BSD
+#define __FAVOR_BSD
+#endif
+#ifndef __USE_BSD
+#define __USE_BSD
+#endif
+#ifndef __BSD_SOURCE
+#define __BSD_SOURCE
+#endif
+
+#include <pcap.h>
+#include <bscan/bscan.h>
+#include <bscan/snarf.h>
+#include <bscan/module.h>
+#include <bscan/signal.h>
+
+pcap_t *ip_socket;
+
+/*
+ * some global variables (modules need access etc)
+ */
+int dlt_len;
+u_char *align_buf = NULL;
+unsigned short ip_options = 0;
+struct ip *ip;
+struct Ether_header *eth;
+u_int pcaplen, plen;
+struct timeval *pts;
+
+extern struct _opt *opt;
+#ifdef HAVE_DLSYM
+extern const int modcount;
+extern const struct _mods mods[MAX_MODULES];
+#endif
+
+
+/*
+ * answer on arp-request.
+ */
+static void
+handle_arp (struct pcap_pkthdr *p, struct Ether_header *eth,
+            struct Arphdr *arp)
+{
+    u_long *ipdummy = (u_long *) arp->ar_tip;
+
+    if (ntohs (arp->ar_op) != ARPOP_REQUEST)
+        return;
+
+#ifdef DEBUG
+    printf ("ARPG request for %s\n", int_ntoa ((u_long) * ipdummy));
+#endif
+    if (*ipdummy == opt->nt.src)
+        play_arpg (&opt->lnet, arp->ar_tip, (u_char *) opt->spf_smac,
+                   (u_char *) arp->ar_sip, eth->ether_shost);
+}
+
+
+/*
+ * called by libpcap 
+ */
+static void
+filter_packet (u_char * u, struct pcap_pkthdr *p, u_char * packet)
+{
+    int c;
+    static u_char *align_eth = NULL;
+
+    if (p->len < (dlt_len + sizeof (struct Arphdr)))
+        return;
+    if (align_buf == NULL)
+        align_buf = (u_char *) malloc (2048);
+    if (align_eth == NULL)
+        align_eth = (u_char *) malloc (42);
+
+    memcpy ((char *) align_buf, (char *) (packet + dlt_len), p->caplen);
+    memcpy ((char *) align_eth, (char *) packet, 42);
+    eth = (struct Ether_header *) (align_eth);
+    ip = (struct ip *) (align_buf);
+
+    if (ntohs (eth->ether_type) == ETHERTYPE_ARP)
+    {
+        handle_arp (p, eth, (struct Arphdr *) (align_buf));
+        return;
+    }
+
+
+    if (ntohs (eth->ether_type) != ETHERTYPE_IP)
+        return;
+    if (vrfy_ip (ip, p->len - dlt_len, &ip_options) != 0)
+        return;
+    if (ip->ip_dst.s_addr != opt->nt.src)
+        return;
+    if (p->len < (dlt_len + sizeof (*ip) + ip_options))
+        return;
+
+    /* here only 'my-ip' packets */
+
+/* module entry point TWO */
+/* packet is verifite, belongs to us + valid size */
+/* return of module tell us if we should procced as usual or not */
+/* DROP is valid here ! */
+
+    plen = p->len;
+    pcaplen = p->caplen; 
+    pts = &p->ts;
+
+#ifdef HAVE_DLSYM
+    c = 0;
+    while (c < modcount)
+        mods[c++].callmdl (MOD_RCV, opt);
+#endif
+
+}
+
+/*
+ * init pcap network stuff
+ * only called once on startup.
+ * -1 = error
+ * 0 = success
+ */
+int
+pcap_init_net (char *iface, int promisc, char *filter, int *dltlen)
+{
+    char errbuf[PCAP_ERRBUF_SIZE];
+    struct bpf_program prog;
+    bpf_u_int32 network, netmask;
+
+    if (iface == NULL)
+    {
+        iface = pcap_lookupdev (errbuf);
+        if (iface == NULL)
+        {
+            fprintf (stderr, "pcap_lookupdev: %s\n", errbuf);
+            return (-1);
+        }
+    }
+    if (pcap_lookupnet (iface, &network, &netmask, errbuf) < 0)
+    {
+        fprintf (stderr, "pcap_lookupnet: %s\n", errbuf);
+        return (-1);
+    }
+    ip_socket = pcap_open_live (iface, 1024, promisc, 1024, errbuf);
+    if (ip_socket == NULL)
+    {
+        fprintf (stderr, "pcap_open_live: %s\n", errbuf);
+        return (-1);
+    }
+    switch (pcap_datalink (ip_socket))
+    {
+    case DLT_EN10MB:
+        *dltlen = 14;
+        break;
+    case DLT_SLIP:
+        *dltlen = 16;
+        break;
+    default:
+        *dltlen = 4;
+        break;
+    }
+    if (pcap_compile (ip_socket, &prog, filter, 1, netmask) < 0)
+    {
+        fprintf (stderr, "pcap_compile: %s\n", errbuf);
+        return (-1);
+    }
+    if (pcap_setfilter (ip_socket, &prog) < 0)
+    {
+        fprintf (stderr, "pcap_setfilter: %s\n", errbuf);
+        return (-1);
+    }
+
+    return 0;
+}
+
+
+/*
+ * called by main-thread.
+ * doing all the snarf, arp-reply, tcp-stack stuff from here
+ */
+void *
+do_snarf (void *iface)
+{
+/*    sigctl (SIG_SETALL, SIG_DFL);
+    signal (SIGINT, SIG_IGN);
+*/
+
+    pcap_init_net (iface, 1, PCAP_FILTER, &dlt_len);
+
+    /* the parent thread should at least w8 until we are ready to rumble */
+    opt->flags &= ~OPT_W8SEMA;
+
+    while (1)
+        pcap_loop (ip_socket, -1, (pcap_handler) filter_packet, NULL);
+
+    undo_snarf();       /*### fixme, somewhere else */
+
+    pthread_exit(NULL); /* no return values needed */
+    return NULL;
+}
+
+/*
+ * close everything that was initialized with do_snarf
+ */
+void
+undo_snarf ()
+{
+    pcap_close (ip_socket);
+}
+
diff --git a/other/b-scan/tmp/src/system.c b/other/b-scan/tmp/src/system.c
new file mode 100644
index 0000000..a3ccc94
--- /dev/null
+++ b/other/b-scan/tmp/src/system.c
@@ -0,0 +1,349 @@
+#include <sys/types.h>
+#include <sys/ipc.h>
+#include <sys/shm.h>
+#include <sys/mman.h>
+#include <sys/time.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <fcntl.h>
+#include <time.h>
+
+#ifndef SHMMNI
+#define SHMMNI  100
+#endif
+
+#define MAXSHM  4               /* its bscan. we need <4 shm's */
+
+static int shm_id = -1;         /* last used id */
+static int shm_c = -1;          /* shm_alloc counter */
+
+static struct _shm
+{
+    int id;
+    void *ptr;
+}
+shm[MAXSHM];
+
+
+/*
+ * uhm. hard job for the process coz the process
+ * does not get the shm_id. uhm. i should make a static traking list
+ * of all shared memory segments (addr <-> id mapping maybe ?)
+ * on the other hand...since an attachment count is maintained for
+ * the shared memory segment the segment gets removed when the last
+ * process using the segment terminates or detaches it.
+ * hmm. Seems the following function is completly useless....:>
+ * Hey. why are you reading my comments ? write me: anonymous@segfault.net!
+ */
+int
+shmfree (int shm_id)
+{
+    if (shm_id < 0)
+        return (-1);
+    return (shmctl (shm_id, IPC_RMID, 0));
+}
+
+/*
+ * kill ALL shm's
+ * uhm. this is brutal. but shm is risky. you can bring
+ * down ANY system if you waste all shm's. Shm's dont get 
+ * freed on process-exit !!! syslog will fail, inetd will fail, ..
+ * any program that tries to alloc shared memory...nono good :>
+ * root can use 'ipcrm shm <id>' do free the shm's.
+ * that's why we use this brutal "killall"-method.
+ * something else: killall-method is realy BRUTAL. believe me!
+ * If you have other functions registered on exit (atexit)
+ * and you try to reference to a shm within these function...you are lost
+ * Unexpected things will happen....
+ */
+void
+shmkillall ()
+{
+    int c;
+
+    for (c = 0; c < shm_c; c++)
+        shmfree (shm[c].id);
+}
+
+/*
+ * allocate shared memory (poor but fast IPC)
+ * the value returned is a pointer to the allocated 
+ * memory, which is suitably aligned for any kind of
+ * variable, or NULL if the request fails.
+ *
+ * TODO: on SVR4 use open("/dev/zero", O_RDWR); and mmap trick for speedup 
+ */
+void *
+shmalloc (int flag, size_t length)
+{
+    void *shm_addr;
+    int c = 0;
+
+    if (shm_c == -1)            /* init all the internal shm stuff */
+    {
+        atexit (shmkillall);
+        shm_c = 0;
+    }
+
+    if (shm_c >= MAXSHM)
+        return (NULL);          /* no space left in list. no bscan ?? */
+
+    if (flag == 0)
+        flag = (IPC_CREAT | IPC_EXCL | SHM_R | SHM_W);
+
+    while (c < SHMMNI)          /* brute force a NEW shared memory section */
+        if ((shm_id = shmget (getpid () + c++, length, flag)) != -1)
+            break;
+        else
+            return (NULL);
+
+    if ((shm_addr = shmat (shm_id, NULL, 0)) == NULL)
+        return (NULL);
+
+    shm[shm_c].id = shm_id;
+    shm[shm_c].ptr = shm_addr;
+    shm_c++;                    /* increase shm-counter */
+
+    return (shm_addr);
+}
+
+#ifdef WITH_NANOSLEEP
+/* add lib '-lrt' */
+/*
+ * nanosec must be in the range  0 to 999 999 999
+ * ..we dont care about signals here...
+ */
+void
+do_nanosleep (time_t sec, long nsec)
+{
+    struct timespec mynano;
+    mynano.tv_sec = sec;
+    mynano.tv_nsec = nsec;
+    nanosleep (&mynano, NULL);
+}
+#endif
+
+
+/*
+ * xchange data p1 <-> p2 of length len
+ */
+void
+xchange (void *p1, void *p2, int len)
+{
+    unsigned char buf[len];
+
+    memcpy (buf, p1, len);
+    memcpy (p1, p2, len);
+    memcpy (p2, buf, len);
+}
+
+/*
+ * calculate time-difference now - in
+ * and return diff in 'now'
+ */
+void
+time_diff (struct timeval *in, struct timeval *now)
+{
+    if ((now->tv_usec -= in->tv_usec) < 0)
+    {
+        now->tv_sec--;
+        now->tv_usec += 1000000;
+    }
+    now->tv_sec -= in->tv_sec;
+}
+
+/*
+ * converts a 'esc-sequenced' string to normal string
+ * return string in dst.
+ * returns 0 on success
+ * todo: \ddd decoding
+ */
+int
+ctoreal(char *src, char *dst)
+{
+    char c;
+
+    if ((src == NULL) || (dst == NULL))
+    {
+        dst = NULL;
+        return(0);      /* yes, its ok. */
+    }
+
+    while (*src != '\0')
+        if (*src == '\\')
+        {
+            switch((c = *++src))
+            {
+                case 'n':
+                    *dst++ = '\n';
+                    break;
+                case 'r':
+                    *dst++ = '\r';
+                    break;
+                case 't':
+                    *dst++ = '\t';
+                    break;
+                case '\\':
+                    *dst++ = '\\';
+                    break;
+                case 's':
+                    *dst++ = ' ';
+                    break;
+                default:
+                    *dst++ = c;
+                  /*  printf("unknown escape sequence 0x%2.2x\n", c);*/
+                    break;
+            }
+            src++;
+        } else
+        {
+            *dst++ = *src++;
+        }
+    *dst = '\0';
+    return(0);
+}
+
+
+/*
+ * parse data, format data and print to fd (only prinatable chars)
+ * supress \r, nonprintable -> '_';
+ * output line by line [\n] with 'prefix' before each line.
+ * prefix is a 0-terminated string
+ */
+void
+save_write(FILE *fd, char *prefix, unsigned char *data, int data_len)
+{
+    int         c;
+    unsigned char       *ptr = data;
+    unsigned char       *startptr = data;
+    const char  trans[] =
+                "................................ !\"#$%&'()*+,-./0123456789"
+                ":;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklm"
+                "nopqrstuvwxyz{|}~...................................."
+                "....................................................."
+                "........................................";
+
+
+   if (prefix == NULL)
+        prefix = "";
+
+    for (c = 0; c < data_len; c++)
+    {
+        if (*data == '\r')      /* i dont like these */
+        {
+            data++;
+            continue;
+        }
+        if (*data == '\n')
+        {
+            *ptr = '\0';
+            fprintf (fd, "%s%s\n", prefix, startptr);
+            startptr = ++data;
+            ptr = startptr;
+            continue;
+        }
+
+        *ptr++ = trans[*data++];
+        
+    }
+
+   if (ptr != startptr)
+   {
+        *ptr = '\0';
+        fprintf (fd, "%s%s\n", prefix, startptr);
+   }
+
+}
+
+/*
+ * check if data contains any non-printable chars [except \n]
+ * return 0 if yes,,,,1 if not.
+ */
+int
+isprintdata(char *ptr, int len)
+{
+    char        c;
+
+    while(len-- > 0)
+    {
+        c = *ptr++;
+        if (c == '\n')
+            continue;
+        if (!isprint((int)c))
+            return(0);
+    }
+
+  return(1);
+}
+
+/*
+ * convert some data into hex string
+ * We DO 0 terminate the string.
+ * dest = destination
+ * destlen = max. length of dest (size of allocated memory)
+ * data = (non)printable input data
+ * len = input data len
+ * return 0 on success, 1 if data does not fit into dest, -1 on error
+ */
+int
+dat2hexstr(unsigned char *dest, unsigned int destlen, unsigned char *data,
+                 unsigned int len)
+{
+    unsigned int        i = 0;
+    unsigned int        slen = 0;
+    unsigned char       *ptr = dest;
+    unsigned char       c;
+    char                hex[] = "0123456789ABCDEF";
+
+    memset(dest, '\0', destlen);
+
+    while (i++ < len)
+    {
+        c = *data++;
+        if (slen + 3 < destlen)
+        {
+            *dest++ = hex[c / 16];
+            *dest++ = hex[c % 16];
+            *dest++ = ' ';
+            slen += 3;
+            ptr += 3;
+         } else {
+                return(1);
+        }
+    }
+
+    return(0);
+}
+
+
+/* dat2strip
+ *
+ * print the data at `data', which is `len' bytes long to the char
+ * array `dest', which is `destlen' characters long. filter out any
+ * non-printables. NUL terminate the dest array in every case.
+ *
+ * return the number of characters written
+ */
+
+int
+dat2strip(unsigned char *dest, unsigned int destlen, unsigned char *data,
+                unsigned int len)
+{
+    unsigned char       *dp;
+
+    for (dp = dest ; dp - dest < destlen && len > 0 ; --len, ++data, ++dp) {
+        if (isprint (*data))
+            *dp = *data;
+    }
+
+    if (dp - dest < destlen)
+        *dp = '\0';
+    dest[destlen - 1] = '\0';
+
+    return (dp - dest);
+}
+
+
diff --git a/other/b-scan/tmp/src/test_garage.c b/other/b-scan/tmp/src/test_garage.c
new file mode 100644
index 0000000..06acf61
--- /dev/null
+++ b/other/b-scan/tmp/src/test_garage.c
@@ -0,0 +1,99 @@
+/* test_garage.c - test program for the garage module
+ *
+ * by scut / teso
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <time.h>
+#include <garage.h>
+
+
+void
+cleaner_t (ip_list *il);
+
+int
+main (int argc, char *argv[])
+{
+        int                     data_len;
+        unsigned char *         data;
+        unsigned long int       ip,
+                                gip = 0;
+        unsigned long int       ips;
+        garage_hdlr *           hdl;
+        unsigned long int       maxkeep;
+
+        printf ("mg_cidr_getmask (20) = 0x%08lx\n", mg_cidr_getmask (20));
+        printf ("mg_cidr_getmask (0xffffffc0) = 0x%08lx\n", mg_cidr_getmask (0xffffffc0));
+
+        if (argc < 2 || sscanf (argv[1], "%lu", &ips) != 1) {
+                printf ("usage: %s <number-of-ips> [maxkeep]\n\n", argv[0]);
+
+                exit (EXIT_FAILURE);
+        }
+        if (argc == 3 && sscanf (argv[2], "%lu", &maxkeep) != 1)
+                exit (EXIT_FAILURE);
+
+        srand (time (NULL));
+        hdl = mg_init ("footest", maxkeep, cleaner_t);
+
+        printf ("mg_cidr_getmask (0) = 0x%08lx\n", mg_cidr_getmask (0));
+
+        mg_write (hdl, 2048, "foobar", 7, 0);
+        mg_write (hdl, 2050, "foobar", 7, 0);
+        mg_write (hdl, 101911, "foobar", 7, 0);
+        mg_write (hdl, 28914191, "foobar", 7, 0);
+        printf ("mg_cidr_count (hdl, 2048, 32) = %lu\n", mg_cidr_count (hdl, 2048, 32));
+        printf ("mg_cidr_count (hdl, 2048, 31) = %lu\n", mg_cidr_count (hdl, 2048, 31));
+        printf ("mg_cidr_count (hdl, 2048, 30) = %lu\n", mg_cidr_count (hdl, 2048, 30));
+        printf ("mg_cidr_count (hdl, 2048, 13) = %lu\n", mg_cidr_count (hdl, 2048, 13));
+        printf ("mg_cidr_count (hdl, 2048,  0) = %lu\n", mg_cidr_count (hdl, 2048, 0));
+
+
+        ip = 123;
+        mg_write (hdl, ip, "foo", 4, 0);
+        mg_read (hdl, ip);
+        mg_clean (hdl, ip, NULL);
+
+        do {
+                ip = rand ();
+
+                data_len = rand () % 64;
+                data_len += 1;  /* avoid allocating zero bytes */
+                data = malloc (data_len);
+                memset (data, '\x73', data_len);
+                data[data_len - 1] = '\0';
+
+                mg_write (hdl, ip, (void *) data, data_len, 1);
+                if (ips % 137 == 0)
+                        gip = ip;
+
+                if (ips % 139 == 0)
+                        (void) mg_read (hdl, gip);
+
+                ips -= 1;
+                if (ips % 5000 == 0)
+                        mg_show (hdl);
+
+        } while (ips > 0);
+
+        mg_show (hdl);
+        mg_destroy (hdl, 0);
+
+        exit (EXIT_SUCCESS);
+}
+
+
+void
+cleaner_t (ip_list *il)
+{
+        if ((rand () % 20000) == 0)
+                printf ("cleaner_t: il = 0x%08lx  IP = 0x%08lx\n",
+                        (unsigned long int) il,
+                        il->ip);
+
+        return;
+}
+
+
diff --git a/other/b-scan/tmp/src/tty.c b/other/b-scan/tmp/src/tty.c
new file mode 100644
index 0000000..5c99b7f
--- /dev/null
+++ b/other/b-scan/tmp/src/tty.c
@@ -0,0 +1,116 @@
+/*
+ * most of this stuff is ripped from solar's excelent john-1.6 source
+ */
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#include <unistd.h>
+#include <stdlib.h>
+#include <termios.h>
+
+static int tty_fd = 0;
+static int tty_buf = -1;
+static struct termios saved_ti;
+
+
+/*
+ *  Reads a character, returns -1 if no data available or on error.
+ */
+int
+tty_getchar ()
+{
+    int c;
+
+    /* 
+     * process buffer first
+     */
+    if (tty_buf != -1)
+    {
+        c = tty_buf;
+        tty_buf = -1;
+        return (c);
+    }
+
+    if (tty_fd)
+    {
+        c = 0;
+        if (read (tty_fd, &c, 1) > 0)
+            return c;
+    }
+
+    return (-1);
+}
+
+/*
+ * check if someone pressed a key
+ * Actually we do a read on the fd and store the result in a buffer
+ * todo: check with ioctl if data is pending
+ * return 1 is data is pending, 0 if not
+ */
+int
+tty_ischar ()
+{
+    if (tty_buf != -1)
+        return (1);
+
+    if ((tty_buf = tty_getchar ()) != -1)
+        return (1);
+
+    return (0);
+}
+
+
+/*
+ * Restores the terminal parameters and closes the file descriptor.
+ */
+void
+tty_done ()
+{
+    int fd;
+
+    if (!tty_fd)
+        return;
+
+    fd = tty_fd;
+    tty_fd = 0;
+    tcsetattr (fd, TCSANOW, &saved_ti);
+
+    close (fd);
+}
+
+
+/* 
+ * Initializes the terminal for unbuffered non-blocking input. Also registers
+ * tty_done() via atexit().
+ */
+void
+tty_init ()
+{
+    int fd;
+    struct termios ti;
+
+    if (tty_fd)
+        return;
+
+    if ((fd = open ("/dev/tty", O_RDONLY | O_NONBLOCK)) < 0)
+        return;
+
+    if (tcgetpgrp (fd) != getpid ())
+    {
+        close (fd);
+        return;
+    }
+
+    tcgetattr (fd, &ti);
+    saved_ti = ti;
+    ti.c_lflag &= ~(ICANON | ECHO);
+    ti.c_cc[VINTR] = 3;         /* CTRL-C is INTR */
+    ti.c_cc[VMIN] = 1;
+    ti.c_cc[VTIME] = 0;
+    tcsetattr (fd, TCSANOW, &ti);
+
+    tty_fd = fd;
+
+    atexit (tty_done);
+}
diff --git a/other/b-scan/tmp/support/Makefile b/other/b-scan/tmp/support/Makefile
new file mode 100644
index 0000000..4025e1f
--- /dev/null
+++ b/other/b-scan/tmp/support/Makefile
@@ -0,0 +1,20 @@
+CC=gcc
+COPT=-Wall -ggdb -I../include
+DEFS=#-DDEBUG
+OBJ=hpuxdl.o snprintf.o
+
+# HPUX 11.00
+# DEFS=-DNEED_SNPRINTF -DHAVE_SHL_LOAD #-DDEBUG
+
+# HPUX 10.20
+# DEFS=-DHP10 -DNEED_SNPRINTF -DHAVE_SHL_LOAD #-DDEBUG
+
+all:    $(OBJ)
+
+.c.o:
+        $(CC) $(COPT) $(DEFS) -c $<
+
+clean:
+        rm -f $(OBJ) core *~
+
+
diff --git a/other/b-scan/tmp/support/hpuxdl.c b/other/b-scan/tmp/support/hpuxdl.c
new file mode 100644
index 0000000..accaed9
--- /dev/null
+++ b/other/b-scan/tmp/support/hpuxdl.c
@@ -0,0 +1,187 @@
+#ifdef HAVE_SHL_LOAD
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <dl.h>
+
+/*
+ * This is a minimal implementation of the ELF dlopen, dlclose, dlsym
+ * and dlerror routines based on HP's shl_load, shl_unload and
+ * shl_findsym. */
+
+/*
+ * Reference Counting.
+ *
+ * Empirically it looks like the HP routines do not maintain a
+ * reference count, so I maintain one here.
+ */
+
+typedef struct lib_entry {
+  shl_t handle;
+  int count;
+  struct lib_entry *next;
+} *LibEntry;
+
+#define lib_entry_handle(e) ((e)->handle)
+#define lib_entry_count(e) ((e)->count)
+#define lib_entry_next(e) ((e)->next)
+#define set_lib_entry_handle(e,v) ((e)->handle = (v))
+#define set_lib_entry_count(e,v) ((e)->count = (v))
+#define set_lib_entry_next(e,v) ((e)->next = (v))
+#define increment_lib_entry_count(e) ((e)->count++)
+#define decrement_lib_entry_count(e) ((e)->count--)
+
+static LibEntry Entries = NULL;
+
+static LibEntry find_lib_entry(shl_t handle)
+{
+  LibEntry entry;
+
+  for (entry = Entries; entry != NULL; entry = lib_entry_next(entry))
+    if (lib_entry_handle(entry) == handle)
+      return entry;
+  return NULL;
+}
+
+static LibEntry new_lib_entry(shl_t handle)
+{
+  LibEntry entry;
+
+  if ((entry = (LibEntry) malloc(sizeof(struct lib_entry))) != NULL) {
+    set_lib_entry_handle(entry, handle);
+    set_lib_entry_count(entry, 1);
+    set_lib_entry_next(entry, Entries);
+    Entries = entry;
+  }
+  return entry;
+}
+
+static void free_lib_entry(LibEntry entry)
+{
+  if (entry == Entries)
+    Entries = lib_entry_next(entry);
+  else {
+    LibEntry last, next;
+    for (last = Entries, next = lib_entry_next(last);
+         next != NULL;
+         last = next, next = lib_entry_next(last)) {
+      if (entry == next) {
+        set_lib_entry_next(last, lib_entry_next(entry));
+        break;
+      }
+    }
+  }
+  free(entry);
+}
+
+/*
+ * Error Handling.
+ */
+
+#define ERRBUFSIZE 1000
+
+static char errbuf[ERRBUFSIZE];
+static int dlerrno = 0;
+
+char *dlerror(void)
+{
+  return dlerrno ? errbuf : NULL;
+}
+
+/*
+ * Opening and Closing Liraries.
+ */
+
+void *dlopen(const char *fname, int mode)
+{
+  shl_t handle;
+  LibEntry entry = NULL;
+
+  dlerrno = 0;
+  if (fname == NULL)
+    handle = PROG_HANDLE;
+  else {
+    handle = shl_load(fname, mode, 0L);
+    if (handle != NULL) {
+      if ((entry = find_lib_entry(handle)) == NULL) {
+        if ((entry = new_lib_entry(handle)) == NULL) {
+          shl_unload(handle);
+          handle = NULL;
+        }
+      }
+      else
+        increment_lib_entry_count(entry);
+    }
+    if (handle == NULL) {
+      char *errstr;
+      dlerrno = errno;
+      errstr = strerror(errno);
+      if (errno == NULL) errstr = "???";
+      sprintf(errbuf, "can't open %s: %s", fname, errstr);
+    }
+  }
+#ifdef DEBUG
+  printf("opening library %s, handle = %x, count = %d\n",
+         fname, handle, entry ? lib_entry_count(entry) : -1);
+  if (dlerrno) printf("%s\n", dlerror());
+#endif
+  return (void *) handle;
+}
+
+int dlclose(void *handle)
+{
+  LibEntry entry;
+#ifdef DEBUG
+  entry = find_lib_entry(handle);
+  printf("closing library handle = %x, count = %d\n",
+         handle, entry ? lib_entry_count(entry) : -1);
+#endif
+
+  dlerrno = 0;
+  if ((shl_t) handle == PROG_HANDLE)
+    return 0; /* ignore attempts to close main program */
+  else {
+
+    if ((entry = find_lib_entry((shl_t) handle)) != NULL) {
+      decrement_lib_entry_count(entry);
+      if (lib_entry_count(entry) > 0)
+        return 0;
+      else {
+        /* unload once reference count reaches zero */
+        free_lib_entry(entry);
+        if (shl_unload((shl_t) handle) == 0)
+          return 0;
+      }
+    }
+    /* if you get to here, an error has occurred */
+    dlerrno = 1;
+    sprintf(errbuf, "attempt to close library failed");
+#ifdef DEBUG
+    printf("%s\n", dlerror());
+#endif
+    return -1;
+  }
+}
+
+/*
+ * Symbol Lookup.
+ */
+
+void *dlsym(void *handle, const char *name)
+{
+  void *f;
+  shl_t myhandle;
+
+  dlerrno = 0;
+  myhandle = (handle == NULL) ? PROG_HANDLE : (shl_t) handle;
+
+  if (shl_findsym(&myhandle, name, TYPE_PROCEDURE, &f) != 0) {
+    dlerrno = 1;
+    sprintf(errbuf, "symbol %s not found", name);
+    f = NULL;
+  }
+
+  return(f);
+}
+
+#endif
diff --git a/other/b-scan/tmp/support/snprintf.c b/other/b-scan/tmp/support/snprintf.c
new file mode 100644
index 0000000..f6a7a40
--- /dev/null
+++ b/other/b-scan/tmp/support/snprintf.c
@@ -0,0 +1,331 @@
+#ifdef NEED_SNPRINTF
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifndef __P
+#define __P(p)  p
+#endif
+
+#include <stdarg.h>
+#define VA_LOCAL_DECL   va_list ap;
+#define VA_START(f)     va_start(ap, f)
+#define VA_END          va_end(ap)
+
+#ifdef SOLARIS2
+#ifdef _FILE_OFFSET_BITS
+#define SOLARIS26
+#endif
+#endif
+
+#ifdef SOLARIS26
+#define HAS_SNPRINTF
+#define HAS_VSNPRINTF
+#endif
+#ifdef _SCO_DS_
+#define HAS_SNPRINTF
+#endif
+#ifdef luna2
+#define HAS_VSNPRINTF
+#endif
+
+/**************************************************************
+ * Original:
+ * Patrick Powell Tue Apr 11 09:48:21 PDT 1995
+ * A bombproof version of doprnt (dopr) included.
+ * Sigh.  This sort of thing is always nasty do deal with.  Note that
+ * the version here does not include floating point...
+ *
+ * snprintf() is used instead of sprintf() as it does limit checks
+ * for string length.  This covers a nasty loophole.
+ *
+ * The other functions are there to prevent NULL pointers from
+ * causing nast effects.
+ **************************************************************/
+
+static void dopr(char *, const char *, va_list);
+static char *end;
+
+#ifndef HAS_VSNPRINTF
+int vsnprintf(char *str, size_t count, const char *fmt, va_list args)
+{
+    str[0] = 0;
+    end = str + count - 1;
+    dopr(str, fmt, args);
+    if (count > 0)
+        end[0] = 0;
+    return strlen(str);
+}
+
+#ifndef HAS_SNPRINTF
+/* VARARGS3 */
+int snprintf(char *str, size_t count, const char *fmt,...)
+{
+    int len;
+    VA_LOCAL_DECL
+
+        VA_START(fmt);
+    len = vsnprintf(str, count, fmt, ap);
+    VA_END;
+    return len;
+}
+#endif
+
+/*
+ * dopr(): poor man's version of doprintf
+ */
+
+static void fmtstr __P((char *value, int ljust, int len, int zpad, int maxwidth));
+static void fmtnum __P((long value, int base, int dosign, int ljust, int len, int zpad));
+static void dostr __P((char *, int));
+static char *output;
+static void dopr_outch __P((int c));
+
+static void dopr(char *buffer, const char *format, va_list args)
+{
+    int ch;
+    long value;
+    int longflag = 0;
+    int pointflag = 0;
+    int maxwidth = 0;
+    char *strvalue;
+    int ljust;
+    int len;
+    int zpad;
+
+    output = buffer;
+    while ((ch = *format++)) {
+        switch (ch) {
+        case '%':
+            ljust = len = zpad = maxwidth = 0;
+            longflag = pointflag = 0;
+          nextch:
+            ch = *format++;
+            switch (ch) {
+            case 0:
+                dostr("**end of format**", 0);
+                return;
+            case '-':
+                ljust = 1;
+                goto nextch;
+            case '0':           /* set zero padding if len not set */
+                if (len == 0 && !pointflag)
+                    zpad = '0';
+            case '1':
+            case '2':
+            case '3':
+            case '4':
+            case '5':
+            case '6':
+            case '7':
+            case '8':
+            case '9':
+                if (pointflag)
+                    maxwidth = maxwidth * 10 + ch - '0';
+                else
+                    len = len * 10 + ch - '0';
+                goto nextch;
+            case '*':
+                if (pointflag)
+                    maxwidth = va_arg(args, int);
+                else
+                    len = va_arg(args, int);
+                goto nextch;
+            case '.':
+                pointflag = 1;
+                goto nextch;
+            case 'l':
+                longflag = 1;
+                goto nextch;
+            case 'u':
+            case 'U':
+                /*fmtnum(value,base,dosign,ljust,len,zpad) */
+                if (longflag) {
+                    value = va_arg(args, long);
+                }
+                else {
+                    value = va_arg(args, int);
+                }
+                fmtnum(value, 10, 0, ljust, len, zpad);
+                break;
+            case 'o':
+            case 'O':
+                /*fmtnum(value,base,dosign,ljust,len,zpad) */
+                if (longflag) {
+                    value = va_arg(args, long);
+                }
+                else {
+                    value = va_arg(args, int);
+                }
+                fmtnum(value, 8, 0, ljust, len, zpad);
+                break;
+            case 'd':
+            case 'D':
+                if (longflag) {
+                    value = va_arg(args, long);
+                }
+                else {
+                    value = va_arg(args, int);
+                }
+                fmtnum(value, 10, 1, ljust, len, zpad);
+                break;
+            case 'x':
+                if (longflag) {
+                    value = va_arg(args, long);
+                }
+                else {
+                    value = va_arg(args, int);
+                }
+                fmtnum(value, 16, 0, ljust, len, zpad);
+                break;
+            case 'X':
+                if (longflag) {
+                    value = va_arg(args, long);
+                }
+                else {
+                    value = va_arg(args, int);
+                }
+                fmtnum(value, -16, 0, ljust, len, zpad);
+                break;
+            case 's':
+                strvalue = va_arg(args, char *);
+                if (maxwidth > 0 || !pointflag) {
+                    if (pointflag && len > maxwidth)
+                        len = maxwidth;         /* Adjust padding */
+                    fmtstr(strvalue, ljust, len, zpad, maxwidth);
+                }
+                break;
+            case 'c':
+                ch = va_arg(args, int);
+                dopr_outch(ch);
+                break;
+            case '%':
+                dopr_outch(ch);
+                continue;
+            default:
+                dostr("???????", 0);
+            }
+            break;
+        default:
+            dopr_outch(ch);
+            break;
+        }
+    }
+    *output = 0;
+}
+
+static void fmtstr(char *value, int ljust, int len, int zpad, int maxwidth)
+{
+    int padlen, strlen;         /* amount to pad */
+
+    if (value == 0) {
+        value = "<NULL>";
+    }
+    for (strlen = 0; value[strlen]; ++strlen);  /* strlen */
+    if (strlen > maxwidth && maxwidth)
+        strlen = maxwidth;
+    padlen = len - strlen;
+    if (padlen < 0)
+        padlen = 0;
+    if (ljust)
+        padlen = -padlen;
+    while (padlen > 0) {
+        dopr_outch(' ');
+        --padlen;
+    }
+    dostr(value, maxwidth);
+    while (padlen < 0) {
+        dopr_outch(' ');
+        ++padlen;
+    }
+}
+
+static void fmtnum(long value, int base, int dosign, int ljust, int len, int zpad)
+{
+    int signvalue = 0;
+    unsigned long uvalue;
+    char convert[20];
+    int place = 0;
+    int padlen = 0;             /* amount to pad */
+    int caps = 0;
+
+    /* DEBUGP(("value 0x%x, base %d, dosign %d, ljust %d, len %d, zpad %d\n",
+       value, base, dosign, ljust, len, zpad )); */
+    uvalue = value;
+    if (dosign) {
+        if (value < 0) {
+            signvalue = '-';
+            uvalue = -value;
+        }
+    }
+    if (base < 0) {
+        caps = 1;
+        base = -base;
+    }
+    do {
+        convert[place++] =
+            (caps ? "0123456789ABCDEF" : "0123456789abcdef")
+            [uvalue % (unsigned) base];
+        uvalue = (uvalue / (unsigned) base);
+    } while (uvalue);
+    convert[place] = 0;
+    padlen = len - place;
+    if (padlen < 0)
+        padlen = 0;
+    if (ljust)
+        padlen = -padlen;
+    /* DEBUGP(( "str '%s', place %d, sign %c, padlen %d\n",
+       convert,place,signvalue,padlen)); */
+    if (zpad && padlen > 0) {
+        if (signvalue) {
+            dopr_outch(signvalue);
+            --padlen;
+            signvalue = 0;
+        }
+        while (padlen > 0) {
+            dopr_outch(zpad);
+            --padlen;
+        }
+    }
+    while (padlen > 0) {
+        dopr_outch(' ');
+        --padlen;
+    }
+    if (signvalue)
+        dopr_outch(signvalue);
+    while (place > 0)
+        dopr_outch(convert[--place]);
+    while (padlen < 0) {
+        dopr_outch(' ');
+        ++padlen;
+    }
+}
+
+static void dostr(char *str, int cut)
+{
+    if (cut) {
+        while (*str && cut-- > 0)
+            dopr_outch(*str++);
+    }
+    else {
+        while (*str)
+            dopr_outch(*str++);
+    }
+}
+
+static void dopr_outch(int c)
+{
+#if 0
+    if (iscntrl(c) && c != '\n' && c != '\t') {
+        c = '@' + (c & 0x1F);
+        if (end == 0 || output < end)
+            *output++ = '^';
+    }
+#endif
+    if (end == 0 || output < end)
+        *output++ = c;
+}
+
+#endif  /* HAVE_VSNPRINTF */
+#endif  /*n NEED_SNPRINTF */