[PATCH] Timing template orderings

[doug () hcsw org]

Hi nmap-dev,

I'm attaching 2 patches. The first, nmap-4.03-timing-template-ordering.patch,
modifies nmap.cc so that all the timing variables a user can specify and
are currently clobbered by 1 or more timing templates (--initial-rtt-timeout,
--max-retries, etc) are stored and only dealt with after the entire argument
list has been processed.

This patch should (I hope!) address this issue:

o Fix Nmap so that regardless of order given, -T arguments are
  processed before specialized timing args.  It may be easiest to
  store the specialized arguments in variables until option processing
  is done, and then process them.  Or set flags such as max_rtt_set
  when you set that, then the -T option processing could check the
  flag before mucking with the rtt. Currently, you need to specify
  the -T option before any specific timing options like
  --max-rtt-timeout.


While testing this patch, I created a slight modification to the code so
that I could verify the changes actually taking place and it dawned on me
that this functionality might be useful in its own right.
I'm attaching a patch, nmap-4.03-timing-report.patch, that adds another
long option to Nmap: --timing-report. --timing-report simply prints out
the timing values Nmap is run with. Apply this patch *AFTER* you've applied
the first one.

I can imagine this helping people with extremely complex timing options
that need to be debugged, as well as lazy users that don't want to
have to consult the manpage to remember the different timing template
parameters. :)

Here's an example:

darkmatter:/home/doug/nmap/nmap-4.03# ./nmap --timing-report -T5

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-05-16 13:58 PDT
---------- Timing report ----------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 250, min 50, max 300
  scan-delay: TCP 5, UDP 1000
  parallelism: min 0, max 0
  max-retries: 2, host-timeout 900000
-----------------------------------
No target machines/networks specified!
QUITTING!


See that the argument order is now inconsequential:

darkmatter:/home/doug/nmap/nmap-4.03# ./nmap --timing-report -T4 --min-rtt-timeout 123

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-05-16 14:00 PDT
---------- Timing report ----------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 500, min 123, max 1250
  scan-delay: TCP 10, UDP 1000
  parallelism: min 0, max 0
  max-retries: 6, host-timeout 0
-----------------------------------
No target machines/networks specified!
QUITTING!
darkmatter:/home/doug/nmap/nmap-4.03# ./nmap --timing-report --min-rtt-timeout 123 -T4

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-05-16 14:00 PDT
---------- Timing report ----------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 500, min 123, max 1250
  scan-delay: TCP 10, UDP 1000
  parallelism: min 0, max 0
  max-retries: 6, host-timeout 0
-----------------------------------
No target machines/networks specified!
QUITTING!



Also notice that for timing templates -T4 and -T5 different values are used for
the TCP scan delay and the UDP scan delay - something impossible to do with the
current --scan-delay and --max-scan-delay options. In other words, even if you
completely roll your own timing options, the timing templates can still be useful.

Doug

Attachment: nmap-4.03-timing-template-ordering.patch
Description:

Attachment: nmap-4.03-timing-report.patch
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev