[PATCH] OpenBSD ioctl() performance improvement

[doug () hcsw org]

Hi nmap-dev!

These past few days I've been porting a program of mine (nuff) to OpenBSD and I noticed an oddity in how OpenBSD 
handles BPF descriptors. It turns out that (unlike linux) OpenBSD won't mark a descriptor readable (via select) as soon 
as it receives a packet. Instead, It will wait until a buffer is full.

So under certain network conditions (ie very few packets on the wire matching your BPF filters) this can result in slow 
scans on OpenBSD. Fortunatley, OpenBSD (and possibly other similar operating systems) let you override this behaviour 
with a BIOCIMMEDIATE ioctl on the descriptor. I have tested this and found that using this results in faster scans than 
the current (selectable fd) behaviour and the old (polling) behaviour. 

I am attaching my current patch to nmap-4.21ALPHA1 but I don't think it's ready for incorporation yet. Here is what 
remains to be done:

* Figure out what other operating systems will benefit from BIOCIMMEDIATE (I suspect at least NetBSD).

* Find a better way than the #define hack in my patch. The BIOCIMMEDIATE constant is straight out of OpenBSD's 
/usr/include/net/bpf.h . Ideally we should #include <net/bpf.h> as described in OpenBSD's man bpf. I tried this but 
some of the structures defined there conflict with the bpf.h that nmap currently includes.

If anybody has any ideas or suggestions regarding the above points please reply to nmap-dev!

Best,

Doug

Attachment: nmap-4.21ALPHA1-openbsd-performance.patch
Description:

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org