Re: Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow.

[doug () hcsw org]

On Fri, Aug 08, 2008 at 04:35:28AM +0000 or thereabouts, jayrhine () comcast net wrote:
> > This sounds like a pcap buffering issue. Do your versions of solaris use
> > BPF or DLPI or ...? If BPF, it could be that putting the pcap descriptor
> > into BIOCIMMEDIATE mode would help:
>
> I'm not sure.  Do you know of an easy way to check?  Otherwise, I'll have to look into it ...

The most accurate way to tell which nmap is using is to go into
its libpcap directory and ./configure :

$ pwd
/home/doug/nmap/svn/nmap/libpcap

BSD:

$ ./configure |grep 'capture type'
checking packet capture type... bpf

Linux:

$ ./configure |grep 'capture type'
checking packet capture type... linux

The code for each pcap mode is in pcap-X.c for example
pcap-bpf.c . Note that linux actually DOES use BPF but
still has its own pcap-linux.c file and DOES NOT benefit
from BIOCIMMEDIATE because of kernel-level implementation
differences.

I noticed your next message about it not having an effect.
Still, it sounds exactly like the BIOCIMMEDIATE issue I have
observed on BSD (and hope to fix soonish). Do you have time to
get your hands a little dirty? ;) Solaris/DLPI has a similar
ioctl API:

http://article.gmane.org/gmane.network.tcpdump.devel/2186

When you get a chance could you put this code snippet where
my OpenBSD patch went in tcpip.cc? It's an *untested*
modification of the code from the above message:

#if __sun__
    /*
     * Under Solaris, select() keeps waiting until the next packet,
     * because it is buffered, so we have to set timeout and
     * chunk size to zero
     */
    {
        int size_zero = 0;
        struct timeval time_zero = {0, 0};
        int temp_fd = pcap_get_selectable_fd(pt);

        if (ioctl(temp_fd, SBIOCSCHUNK, &size_zero) < 0)
            fatal("ioctl() with SBIOCSCHUNK returned an error (%d): %s",
                  errno, strerror(errno) );

        if (ioctl(temp_fd, SBIOCSTIME, &time_zero) < 0)
            fatal("ioctl() with SBIOCSTIME returned an error (%d): %s",
                  errno, strerror(errno) );
    }
#endif


Some header files might need to be #included too.. Possibly one
or more of these:

#include <sys/ioctl.h>
#include <sys/stream.h>
#include <sys/dlpi.h>
#include <sys/bufmod.h>

For now just add em at the top of tcpip.cc. If this works, it
would be nice to know which one defines SBIOCSCHUNK and SBIOCSTIME.

Thanks,

Doug

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org