A sleep function for NSE

[David Fifield <david () bamsoftware com>]

Hi all,

One of the Nmap TODO items is a sleep function for NSE. Such a function
allows rate-limiting traffic for politeness or to avoid triggering some
filter. The attached stdnse.sleep.diff implements such a function.

Even though sleep is implemented through Lua's C API, I put in in
stdnse, which is otherwise a pure Lua module. I originally put it in the
nmap module just because that is already a C module and it was easy to
implement there. But then I reflected that sleep doesn't fit the
description of the nmap module: "an interface with Nmap's internal
functions and data structures." Looking at the other modules I though
that stdnse was the best fit.

This trick is accomplished by loading sleep into a private stdnse.c
module. stdnse.lua requires this module, then transfers its contents
into its own namespace; i.e., stdnse.c.sleep becomes stdnse.sleep. What
do you think? I think we should group functions by what they do, not by
what language they happen to be implemented in, whenever possible. The
person calling stdnse.sleep likely doesn't care if it's written in Lua
or C.

I attached a patch against sql-injection.nse showing how sleep can be
made into a rate limiter. The patched script sleeps if necessary between
page retrievals so that no more than one page per second is requested.

Does someone else have a use for a sleep function? Is the design
suitable for you?

David Fifield

Attachment: stdnse.sleep.diff
Description:

Attachment: sql-injection-delay.diff
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org