RFC: patch to skip some service matches

[Daniel Miller <bonsaiviking () gmail com>]

List,

I've spent probably too much time today enhancing Nmap's service matching
system to try to reduce CPU time spent in regular expression matching.
Unfortunately, I can't tell whether it has improved anything yet, so I'm
asking for help testing.

Since this is a CPU-time enhancement, it would only affect scans which are
CPU-bound. For this reason, I've CC'd Tudor and Brandon, as their GSoC
project resulted in speedups of certain large scans due to algorithmic
improvements, and I hope they can test.

The change involves inspecting each match line in nmap-service-probes to
see if it is part of a contiguous group of match lines that will only ever
match a string starting with a given single byte. Already, this means we
are targeting only the very fastest match lines, so chances are good there
won't be noticeable improvement. The first such match in a group will link
to the last one (by index) so that the entire group can be skipped if the
first match fails because of an incorrect initial byte. There are groups of
hundreds of such contiguous match lines in a few places: FTP matches
starting with "2", SSH matches starting with "S", and HTTP matches starting
with "H" for instance.

I'd appreciate any testing or feedback to know whether this is a useful or
an unnecessary complication. Thanks!

Dan

Attachment: service-skip.diff
Description:

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/