Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] Raw sockets support

From: Diman Todorov <diman.todorov () chello at>
Date: Mon, 11 Dec 2006 21:42:24 +0100

On 11.12.2006, at 21:02, castorpilot wrote:

I am not good with Lua, but could coroutine do the job ? Or are they
not thread enough ?


Coroutines are like threads which cannot be suspended from outside.  
They suspend when they feel like it. That's also how scripts are  
executed in parallel in NSE. When a script wants to do network I/O it  
says "ok, I'm done for now" - it is put in a waiting queue. When the  
I/O is finished the script is moved to a second waiting queue. The  
main loop keeps fetching scripts from this second waiting queue and  
executes them until they are either finished or they block on I/O again.


Solutions I can think about:
- modify nsock and support listening to pcap in nsock_loop
  (I personally don't like this solution. I think that nsock
   shouldn't be changed if possible.)

I don't know if there is a reason for which nsock should or should  
not support raw sockets. This might turn out to be the most doable  
option in the end. Fyodor?


- run two threads of nmap. in one thread listen to nsock
  in other listen to pcap.
  (probably there will be huge compatibility problems with threads
   and synchronization)

Maybe it is not necessary to synchronize that much. All the thread  
has to do is store the incoming packets in a synchronized buffer. The  
nsock loop can check if there is something in the buffer at each  
iteration. As far as portability is concerned - posix threads anyone?  
I personally think that modifying nsock is preferable to introducing  
a thread library dependence into nmap.


- set some custom flags on pcap descriptor and when
  packet comes signal SIGIO will be triggered.
  In signal handler do something to get out from nsock_loop function.
  (this solution is also very os-dependant and some changes to nsock
   will be needed)



- check for pcap events after nsock_loop() leaves after some time.
  (some packets can be lost while nsock_loop() is working)

When you're doing raw sockets you have to expect packet loss :) But I  
agree that this solution is not very elegant.


- extract socket descriptors from nsock and run select() on them  
and on pcap by hand.
  (there will be complications with NSE_TYPE_TIMER events)


just my 2 cents

cheers
Diman



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: