Re: [PATCH] Shortening scan time with SO_DONTROUTE

[Fyodor <fyodor () insecure org>]

On Thu, Jan 01, 2009 at 02:10:50AM -0600, Kris Katterjohn wrote:
> So is there any reason not to put this in?  This doesn't fall in line with the
> big improvements David's been making in his -perf branch, but this certainly
> seems to help.

Hi Kris.  I tested your patch and it did work.  My quick tests showed
a slight increase in performance too--a 65K port scan of a machine on
my local network went from taking 2.34s (average of four tries) to
2.135s.  So almost .2s.  This is sort of the best case situation for
this patch, where it is on a fast local network and none of the target
ports are filtered.

But I'm worried that this rarely used option could cause trouble in
various weird networking situations.  For example, one of David's
recent patches fixed a really strange Mac routing issue.  So I think
it may be over-optimizing.  If it would save a lot of time on the slow
scans, I'd be all for it!  But speeding a 2.3s scan to 2.1s is mostly
only good for bragging rights.  And it will be a pain for users (and
us to debug) if it does cause problems.

So unless we see people who really want it, I don't think we should
put it in the trunk.  But it is still good that you sent the patch so
that anyone who wants to can put it in their personal copy of Nmap.
Or maybe someone will find a strong argument for why we should put it
in.  It is worth testing these sorts of things out.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org