Nmap Development mailing list archives
[NSE] host.times{} for srtt, rttvar and timeout
From: Kris Katterjohn <katterjohn () gmail com>
Date: Wed, 04 Aug 2010 15:47:29 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey everyone, I've attached a patch to add a "times" table to the host table passed to scripts, which contains the srtt, rttvar and timeout values calculated for the host. My main reason is that the raw IP scripts I've written have taken a very conservative guess at timeouts (several seconds), when in fact taking whole multiples of the host's actual timeout value is often still less than that. Use of this isn't necessarily restricted to raw IP functionality in scripts, but it is my primary intention right now. Scripts could adjust the timeout based on the timing level, but why use that in this specific case when Nmap has already probed the host and knows far more than the default starting timing option? If I were using the timing level, I might go with the max timeout (e.g., 1.25s for -T4) as a guess to be safe since the actual conditions are unclear. But what if Nmap's calculated timeout value from scanning is actually 0.5s? Or 0.2s? Even doubling these would be a good savings for every lack of reply. And with lower timing levels like the default -T3 with a max RTT timeout of 10s and an initial of 1s, well, you see it could be difficult to get a good guess based on these varying levels without wasting a lot of time. This also means users have some control over this with --{min,max}-rtt-timeout just like other parts of Nmap. Even just using the timing levels won't notify scripts of any other timing options which override template values. While the timeout value is my concern here, creating the times table makes the most sense for future use. I don't see any reason why scripts should be able to alter these values, so storing the (relatively small) values in host{} makes sense IMO. Otherwise, a get_times()/set_times() could be placed in the nmap module much like getting/setting port states. The attached patch adds the times{} to host{} with the srtt, rttvar and timeout values in fractional seconds from the original microseconds. The patch also uses the timeout values for ipidseq and qscan. My out-standing path-mtu script could take advantage of this as well. sniffer-detect uses pcap_receive with ethernet sending, but uses its own time intervals for retransmitting. dhcp-discover's timeout probably won't make use of this due to the rate-limiting described in the script's timeout @args section. Any comments are appreciated. I'd like to commit this later this week if there are no objections. Cheers, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJMWdHgAAoJEEQxgFs5kUfuvicP+gKslCgHxw2hjgnykGVF1uno 5Pdl0QnF0Mcf7EuIKbyx5bskI3bcKe8snO+DYZw4xsobqVFnbmwfFTw6q8DQ8G7i osT8kEDeXcCxXutSZVS0tOm3o0iyfJWdr1FPwOhq+OZn+5Go8EHlETMuQj24Az60 5Xw41huXowRMfA+Fywri1vywRpLB26vhpjb587Mii68VbIlFK5e2nwJT9scC4ru3 iKAOWZWjpSUHJTRAE29yQyfQdLFLTnIjoW1Cz92omDRxD4USTaYr7TuzBwCgFuIF yNIYhVDF1OEfRJFc/gls3EfmFh8xVpHETiCI9smS6cUVwDlXHqGrjppUJ+5w2L1K 5aMl+cvM2D9r4DUf1yfIObuAnGow+0Y61H7FCTaiBc3y9zJ1moorQYacT1VboeE1 WOUf9xy3oyWiQ7Kit/je7OAxQFaUV5ardITLvlePGxILoRmnMUHtzXl4Eb+pc5Rv RNeJj6xhM7gu4hyGYxPTfeH26ZqeLEqSNrWQf5KkZYiW2M5dje6cXbem6dd8yRo6 jEMu975wK+T9o9BfpqaL3DboUSjx/ZJgUQNmGhrF8yARMLMbxDMlhG3YT7O2LTjs NCUy0QA5NYFnazmIpTtrmcvWW1V5yZGHxMO1b//Pbotpm66mNh/190T4R5hYDS79 SUfZFKiS3JheZisARm9y =7+B9 -----END PGP SIGNATURE-----
Attachment:
timeout.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] host.times{} for srtt, rttvar and timeout Kris Katterjohn (Aug 04)
- Re: [NSE] host.times{} for srtt, rttvar and timeout David Fifield (Aug 04)
- Re: [NSE] host.times{} for srtt, rttvar and timeout Kris Katterjohn (Aug 04)
- Re: [NSE] host.times{} for srtt, rttvar and timeout David Fifield (Aug 04)