Re: [PATCH] Add the ability to generate quality random IPs without any duplicates

[Fyodor <fyodor () insecure org>]

On Wed, Sep 02, 2009 at 02:30:21AM +0000, Brandon Enright wrote:
> This change was committed in r15396.  I included better documentation
> and links than in my original patch.

Thanks, it is working well (no duplicates) in my testing.

> I was going to boast that this generator is slightly faster than RC4
> and while that's true, ip_is_reserved() is so slow the majority of the
> time isn't being spent in the generator.  I've been thinking of ways to
> optimize ip_is_reserved() to make it much faster and still
> maintainable.  If I come up with something good I'll send a patch.

On my system, "nmap -sL -n -iR 1000000" generates and prints more than
75,000 IPs per second.  So IP generation (even with ip_is_reserved) is
already so fast as to be essentially immaterial for any scans.  We
need to optimize the slow parts of Nmap.  But if improving
ip_is_reserved makes is cleaner and easier to maintain, and improves
speed as a side effect, I'm all for it.

This technique might be useful for improving the port randomization
code, though I'm also not sure if that time is ever material to
performance.  It would take the longest with a -p- scan.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org