[NSE] host.times{} for srtt, rttvar and timeout

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey everyone,

I've attached a patch to add a "times" table to the host table passed to
scripts, which contains the srtt, rttvar and timeout values calculated for the
host.  My main reason is that the raw IP scripts I've written have taken a
very conservative guess at timeouts (several seconds), when in fact taking
whole multiples of the host's actual timeout value is often still less than
that.  Use of this isn't necessarily restricted to raw IP functionality in
scripts, but it is my primary intention right now.

Scripts could adjust the timeout based on the timing level, but why use that
in this specific case when Nmap has already probed the host and knows far more
than the default starting timing option?  If I were using the timing level, I
might go with the max timeout (e.g., 1.25s for -T4) as a guess to be safe
since the actual conditions are unclear.  But what if Nmap's calculated
timeout value from scanning is actually 0.5s?  Or 0.2s?  Even doubling these
would be a good savings for every lack of reply.  And with lower timing levels
like the default -T3 with a max RTT timeout of 10s and an initial of 1s, well,
you see it could be difficult to get a good guess based on these varying
levels without wasting a lot of time.  This also means users have some control
over this with --{min,max}-rtt-timeout just like other parts of Nmap.  Even
just using the timing levels won't notify scripts of any other timing options
which override template values.

While the timeout value is my concern here, creating the times table makes
the most sense for future use.

I don't see any reason why scripts should be able to alter these values, so
storing the (relatively small) values in host{} makes sense IMO.  Otherwise, a
get_times()/set_times() could be placed in the nmap module much like
getting/setting port states.

The attached patch adds the times{} to host{} with the srtt, rttvar and
timeout values in fractional seconds from the original microseconds.  The
patch also uses the timeout values for ipidseq and qscan.  My out-standing
path-mtu script could take advantage of this as well.  sniffer-detect uses
pcap_receive with ethernet sending, but uses its own time intervals for
retransmitting.  dhcp-discover's timeout probably won't make use of this due
to the rate-limiting described in the script's timeout @args section.

Any comments are appreciated.  I'd like to commit this later this week if
there are no objections.

Cheers,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJMWdHgAAoJEEQxgFs5kUfuvicP+gKslCgHxw2hjgnykGVF1uno
5Pdl0QnF0Mcf7EuIKbyx5bskI3bcKe8snO+DYZw4xsobqVFnbmwfFTw6q8DQ8G7i
osT8kEDeXcCxXutSZVS0tOm3o0iyfJWdr1FPwOhq+OZn+5Go8EHlETMuQj24Az60
5Xw41huXowRMfA+Fywri1vywRpLB26vhpjb587Mii68VbIlFK5e2nwJT9scC4ru3
iKAOWZWjpSUHJTRAE29yQyfQdLFLTnIjoW1Cz92omDRxD4USTaYr7TuzBwCgFuIF
yNIYhVDF1OEfRJFc/gls3EfmFh8xVpHETiCI9smS6cUVwDlXHqGrjppUJ+5w2L1K
5aMl+cvM2D9r4DUf1yfIObuAnGow+0Y61H7FCTaiBc3y9zJ1moorQYacT1VboeE1
WOUf9xy3oyWiQ7Kit/je7OAxQFaUV5ardITLvlePGxILoRmnMUHtzXl4Eb+pc5Rv
RNeJj6xhM7gu4hyGYxPTfeH26ZqeLEqSNrWQf5KkZYiW2M5dje6cXbem6dd8yRo6
jEMu975wK+T9o9BfpqaL3DboUSjx/ZJgUQNmGhrF8yARMLMbxDMlhG3YT7O2LTjs
NCUy0QA5NYFnazmIpTtrmcvWW1V5yZGHxMO1b//Pbotpm66mNh/190T4R5hYDS79
SUfZFKiS3JheZisARm9y
=7+B9
-----END PGP SIGNATURE-----

Attachment: timeout.patch
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/