Re: ultra_scan-based host discovery now completed; testing needed

[Kris Katterjohn <katterjohn () gmail com>]

David Fifield wrote:
> Hi,
>
> The changes to Nmap that cause it to use ultra_scan for host discovery
> instead of massping are now completed.

Hey, David!


One thing which might cause it to be so slow some of the time:


bool HostScanStats::completed() {
   /* If there are probes active or awaiting retransmission, we are not 
done. */
   if (num_probes_active != 0 || num_probes_waiting_retransmit != 0
     || !probe_bench.empty() || !retry_stack.empty()) {
     return false;
   }

   /* With ping scan, we are done once we know the host is up or down. */
   if (USI->ping_scan && ((target->flags & HOST_UP)
     || (target->flags & HOST_DOWN) || target->wierd_responses)) {
     return true;
   }

   /* With other types of scan, we are done when there are no more ports to
      probe. */
   return freshPortsLeft() == 0;
}


Wouldn't it make sense to check for HOST_UP at the beginning of the 
function?  Just because you know it's up and called 
destroyAllOutstandingProbes() doesn't mean there aren't any probes still 
on probe_bench or retry_stack, so even though you actually are done, 
completed() will return false.  Or did I miss something?  It is indeed 
slower anyway for some reason, but this could cause it to be slower when 
doing a bunch of random hosts that would cause the probes to be put 
there.  I could definitely be wrong, though, I'm no expert with this code :)


Also, instead of calling destroyAllOutstandingProbes() all over the 
place when the host is up, why not call it in 
ultrascan_host_probe_update() when newstate == HOST_UP?


Let me know what you think, and I'll keep looking and testing!  I don't 
know what timezone you're in, so you may get more emails from me before 
reading this one :)


Thanks,
Kris Katterjohn

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org