Re: [PATCH] Pcap recv time for NSE scripts, qscan.nse update

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/22/2010 09:19 AM, majek04 wrote:
> On Thu, Jul 22, 2010 at 02:31, Kris Katterjohn <katterjohn () gmail com> wrote:
> > I've attached a patch to let NSE scripts obtain the pcap capture time through
> > pcap_receive() instead of (in the case of qscan.nse) having to resort to using
> > clock_ms().
> >
> > For whatever reason it was chosen to have a msec function clock_ms(), I chose
> > to have the pcap time returned as msecs instead of the usual usec available in
> > struct timeval.  I don't see a point in having different resolutions here
> > causing scripts to have to perform conversions.  Unless a usec clock function
> > is desired, in which case the pcap time should be usec as well.  Personally, I
> > don't think that's such a bad idea.
>
> Kris,
>
> From what I remember, pcap_receive doesn't return proper timestamp on
> windows. Instead of sharing real time of when the packet was captured
> it just returned current time. Or something like that.
>
> Though, my knowledge is pretty old and there are fair chances it has
> been fixed since.

Actually this is still the way it is, for Windows and Amiga.  Nmap handles
these OSs differently itself in readip_pcap() by also using the current time
because pcap gives invalid times for whatever reason.

Has anybody figured out why this is so?

> Even so, in most cases it doesn't really matter, and it should way
> better to use pcap_receive timestamp than clock_ms.
>
> Thanks!
>
>  Marek Majkowski

Cheers,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJMSXSaAAoJEEQxgFs5kUfusjAP/24u4f7NKD0kNGxw8JEcSsKF
XoaFWPzQ9ARwpPr7U+TpwZDWbr+6kwYQawhG93mvpefvDAFx+4TUBib3J6nAZeiv
xsUvp2oa/gR/BPYXL7uCjCCmYFY4B5L7uvTTQ1moCK6Vc1o9b8HmjoNq2iNZtl5p
ouRGjk7jRNqBhHi1OudPNeS7iL2r1CETmrujLnwLeix4xTQ/0kaMlussFTkjq5tw
unKBxXux55cVZlsJlhI94Gggd1WIHqdxYtHGyybXQ9r2E2Q+Ml55pXiJLWCy/sjb
WdRn5qSBJ7Mj9MZVCXVJR4Iyoy09uW2Bg5TgcQL960H0RWgk7CRb3MVeE1lufwhM
BhhGUE8nj7uNkLKw69/WEpiBCuaiYi0Trub5faR+7dmpkQB2dZVucnmdGqu0A7fX
FkhtBGzs5l7RXv+9zDBnsk4oBE1D7J1UCgpsjQB3TF/3M0cSEXIgKhY2PZxWV3f9
0Vx+vZxmlhMEfsfMw658zGmmVIc54tRh6euMwgGJWa8OrOiaENZW14fmfGBQG1c/
0IYOtr3CUAnBCEnxeAzB1CpNxtw1KM/jtv6aZq9Iu5wltStpSjAXd7XfWfmuSuHd
R0WvMfgq1aTBCSExKuJadvCcJc95EB8T8OX3WEHUd8udk6zcJ12f2X2owl4hnDQX
q6tcQrAoK3p9sTSf6JHn
=6QBg
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/