Nmap Development mailing list archives
Re: parse_timespec function
From: David Fifield <david () bamsoftware com>
Date: Thu, 15 Apr 2010 19:06:30 -0600
On Thu, Apr 08, 2010 at 02:41:06PM -0700, Fyodor wrote:
On Thu, Apr 08, 2010 at 11:13:21AM -0600, David Fifield wrote:I thought about that too and I meant to mention it. I was concerned about consistency with existing scripts and libraries but it turns out there wasn't much to be consistent with. This is what I can find: dns-fuzz dns-fuzz.timelimit seconds nmap set_timeout milliseconds (not normally accessible to user) mssql mssql.timeout seconds smb-psexec timeout seconds qscan qscan.delay milliseconds unpwdb unpwdb.timelimit seconds Floating-point values are fine, as is adding "ms" for a multiplier of 0.001.That sounds great for the NSE stuff. I tend to think we should not require a leading zero, so .5 or .005 can be used instead of 0.5 or 0.005.Changing the default to seconds for Nmap options is a good design but it will likely have a high cost in terms of breaking people's scripts.I agree. So for these: --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies probe round trip time. --host-timeout <time>: Give up on target after this long --scan-delay/--max-scan-delay <time>: Adjust delay between probes How does this sound? o Change our parser to allow ms and float, like you're doing for NSE o Change the default for bare times to be seconds, as with NSE o If we see a bare time value which looks 1,000 times too high, print a prominent warning message, as they probably meant for their result to be in milliseconds. Of course the warning would note the change. Even a fatal error would probably be OK, since if someone really wants the iffy value, they can just specify it with 's' (or whatever) at the end. As for the boundaries, maybe we could give the warning if an unqualified time is given and it is: o >= 50 for --min-rtt-timeout, --max-rtt-timeout, or --initial-rtt-timeout (you'd normally not wait more than 50s for a packet response). o >= 10000 for --host-timeout (you'd normally not specify a 2.7+ hour timeout for individual hosts). o >= 100 for --scan-delay/--max-scan-delay (you'd normally not ask Nmap to wait 100 seconds or more between probes, nor would you ask Nmap to cap the delay limit that high).
I have done this. All the options affected are Nmap: --host-timeout --max-rtt-timeout --min-rtt-timeout --initial-rtt-timeout --scan-delay --max-scan-delay --stats-every Ncat: -d --delay -i --idle-timeout -w --wait Nping: --delay --host-timeout --icmp-orig-time --icmp-recv-time --icmp-trans-time I added in the sanity checks you suggested. For example, $ ./nmap --host-timeout 10000 The default unit for --host-timeout is seconds (since April 2010), so your time of "10000" is 2.8 hours. If this is what you want, use "10000s". QUITTING! $ ./nmap --max-rtt-timeout 60 The default unit for --max-rtt-timeout is seconds (since April 2010), so your time of "60" is 60 seconds. Use "60ms" for 60 milliseconds. QUITTING! $ ./ncat -d 100 Ncat: The default unit for -d is seconds (since April 2010), so your time of "100" is 1.7 minutes. Use "100ms" for 100 milliseconds. QUITTING. $ ./nping --delay 15 The default unit for --delay is seconds (since April 2010), so your time of "15" is 15 seconds. Use "15ms" for 15 milliseconds. Using a unit always disables the errors. I used my judgement for the Ncat and Nping options.
o Go over the man page and every instance in the book where any of these options are used to ensure they are used properly. If we use qualifiers ("50s") in the book and man page examples, they'll still work when plugged into previous versions of Nmap.
I did this too. It turns out that tval2msecs already supported the "ms" suffix, it just wasn't documented. So when I had a choice, I changed bare numbers to have the "ms" suffix (as opposed to converting to a decimal) so that it's compatible with previous versions. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: DNS fuzzer David Fifield (Apr 02)
- Re: DNS fuzzer Michael Pattrick (Apr 02)
- Re: DNS fuzzer Fyodor (Apr 02)
- parse_timespec function David Fifield (Apr 05)
- Re: parse_timespec function Michael Pattrick (Apr 06)
- Re: parse_timespec function Fyodor (Apr 07)
- Re: parse_timespec function David Fifield (Apr 08)
- Re: parse_timespec function Fyodor (Apr 08)
- Re: parse_timespec function David Fifield (Apr 15)
- Re: parse_timespec function David Fifield (Apr 13)
- Re: DNS fuzzer Fyodor (Apr 02)
- Re: DNS fuzzer Michael Pattrick (Apr 02)
- Re: DNS fuzzer Michael Pattrick (Apr 03)
- Re: DNS fuzzer' David Fifield (Apr 03)
- <Possible follow-ups>
- Re: DNS fuzzer Michael Pattrick (Apr 02)
- Re: DNS fuzzer David Fifield (Apr 02)