Document some advice

plus minor changes

Author: sfan5

README.md

@@ -75,3 +75,31 @@ source port and configure your firewall to drop traffic on this port, e.g.:
 Since UDP is connection-less there is no need to prevent interference, though this
 is still a good idea to prevent your OS from sending unnecessary ICMPv6 unreachable
 responses (fi6s also tries this by default).
+
+### Selecting the source IP
+
+A big advantage of IPv6 is the large address space, and another way of avoiding
+the IP stack problem described above is to just use a different source IP.
+
+This IP should not be assigned to your local machine, but it *must* be statically routed
+to your machine, because fi6s will not answer NDP queries.
+
+To check if an IP is working correctly you can simply ping a known public IP, e.g.:
+
+	# ./fi6s --icmp --source-ip $your_ip 2001:4860:4860::8888
+
+## Limitations
+
+In order to permit the design of fi6s some assumptions had to be made about
+the network environment. These do not impact typical usage at all but listed here
+for completeness.
+
+This means fi6s may not perform as expected or outright not work if:
+* you have a non-trivial routing table (it will be ignored. fi6s expects a single gateway)
+* you are scanning targets in the local network (fi6s does not do neighbor discovery)
+* you have a connection-tracking firewall
+* your IP or router's MAC changes mid-scan ¯\\\_(ツ)_/¯
+* your network has consistent packet loss
+
+For banner collection note that fi6s does not come with anything resembling a real TCP
+stack. It merely supports sending one query and reading response data that follows. Resends are not implemented.

src/main.c

@@ -233,7 +233,8 @@ int main(int argc, char *argv[])
 		if(mode == M_PRINT_NETWORK && argc - optind == 0) {
 			// permitted for convenience
 		} else if(argc - optind < 1) {
-			log_raw("No target specification(s) given.");
+			log_raw("No target specification(s) given%s.",
+				argc == 1 ? ", try --help" : "");
 			return 1;
 		}
 	}
@@ -523,6 +524,10 @@ static void usage(void)
 	printf("  For example, you could perform a scan that captures banners but only extract open/closed ports:\n");
 	printf("    $ fi6s -o scan.bin --output-format binary -b 2001:db8::xx\n");
 	printf("    $ fi6s --readscan scan.bin --show-closed\n");
+#ifndef NDEBUG
+	printf("\n");
+	printf("(debug build)\n");
+#endif
 }
 
 static inline bool is_all_ff(const uint8_t *buf, int len)

src/scan.c

@@ -462,6 +462,7 @@ static inline int source_port_rand(void)
 {
 	int v;
 	v = rand() & 0xffff; // random 16-bit number
-	v |= 16384; // ensure that 1) it's not zero 2) it's >= 16384
+	if(v < 16384)
+		v = 16384;
 	return v;
 }