Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SMB parallelization

From: Ron <ron () skullsecurity net>
Date: Thu, 23 Sep 2010 23:06:54 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I wasn't joking about being tired! The patch is attached now. 

On Thu, 23 Sep 2010 23:02:30 -0500 Ron <ron () skullsecurity net> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm finishing off a 15-hour day of SMB work, but it's been incredibly
productive! This is my final submission for now, I hope I can still
type coherently. :)

Anyway, I was asked to look into how to parallelize the SMB protocol
today. I started by doing a quick and dirty prototype in Nmap for
testing. Once I was off the clock, I went back and refined my code to
make it work nicely. 

Basically, this removed all need for mutexes. Most (consumer)
versions of Windows can handle roughly 11 SMB connections at once
(globally). Once that's exceeded, an identifiable error message comes
back. In my patch, if we see that error message, we back off for
rand(1..10) seconds then try again. The 10th time we get it, we give
up with the message, "Too many active connections" (the same error
Windows itself uses). 

The second issue is that opening the pipe would fail at random. To
solve that, I a) put a mutex around the create_file call (which
seemed to have a race condition of some sort), and b) the rare
occasions we DO get the error, we back off for 100ms (which is more
than enough) and try again - up to 10 times again. I only got the
error about 1/50 of the time, and never twice in 100ms. 

Me and Brandon did some largescale testing against a /16. Without the
patch, it took about 4000s. After applying the patch, it's down to
about 1000s. That's a 4x speedup! We compared the outputs, and the
patched one was about 98% the size of the unpatched. The difference
there could simply be explained by the number of hosts found - the
unpatched scan found 28 more hosts. I suggested doing a Levenshtein
distance calculation on the two files, but Brandon didn't want to
spend the rest of the universe's lifespan on the calculation so we
decided to say "the files were the same within experimental error". 

Anyway, I feel really good about the patch and it actually offers
significant speedup over the original code. Let me know what you
think! 

Ron
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkycItYACgkQ2t2zxlt4g/TUMACg3uOdrCHSyLP51cbbgQfmzoy2
xPEAnR8kSeVWybxOWsv2EvvPKYbXJhTg
=Qtm8
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkycI94ACgkQ2t2zxlt4g/RljgCgh4ZDO5cZkpBqte/BCOxLz60b
hBEAoJqJrfQwTyw8m/Vjd1g+374EQY1m
=w3vy
-----END PGP SIGNATURE-----

Attachment: smb-parallel.patch
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: