Nmap Development mailing list archives
Re: max-retries not playing well
From: Jon Passki <jon.passki () hursk com>
Date: Sun, 2 Jul 2006 11:45:22 -0500
(Gratuitous self-reply) On Jun 30, 2006, at 12:56 PM, Jon Passki wrote: [snipped a lot of good stuff :-) ]
So, some hosts had 5-11 probes sent to one port, which would seem to violate the --max-retries 3 setting on the command line. I'm assuming this is a bug. Is there any further reporting I can provide?
Okay, ran w/ -d6 and got some good debugging info. From a quick glance, the hosts that had an increased max_successful_tryno greater than --max-retries are having ICMP type=3/code=1 errors set back by an upstream router. These seem rate limited, so UltraScan is not seeing a 1 to 1 probe/response and starts to up max_successful_tryno beyond --max-retries. On a side, it will also start to increase the scan delay, too, which sucks for my current application (also read it in scan_engine.cc around line 1926). I did another test w/ --max- scan-delay 120 and that was honored by the forced increase on the received ICMP errors. Looking at the source, I'm gleaming the following --) In ultra_scan(), waitForResponses() it seems is the routine that brought back the ICMP error message for processing via get_pcap_results() via ultrascan_port_probe_update() via ultrascan_adjust_times() --) processData() defines "bool tryno_capped = false, tryno_mayincrease = false;" at line 3253 --) processData() calls "maxtries = host->allowedTryno(&tryno_capped, &tryno_mayincrease);" shortly thereafter HostScanStats::allowedTryno(): [...] maxval = MAX(1, max_successful_tryno + 1); if (maxval > (unsigned int) USI->perf.tryno_cap) { if (capped) *capped = true; maxval = USI->perf.tryno_cap; tryno_mayincrease = false; /* It never exceeds the cap */ } else if (capped) *capped = false; [went to bed] I threw some debugging code in there and noticed that USI->perf.tryno_cap was set to 10, not 3 as I had set it to on the command line. That explains why retransmits were occurring at a higher rate. It gets initialized at init_perf_values() with the return of o.getMaxRetransmissions(). Throwing some more debugging code in there shows o.getMaxRetransmissions() set to 10 [I really could have got here faster just by seeing the output of --version- trace, oh well :-) ]. That's odd, since o.setMaxRetransmissions should have set it to 3. pre_max_retries does get set to 3 from the optargs, so it seems it's getting clobbered somewhere else. Huh, pre_max_retries gets clobbered to "-1" before it reaches: if (pre_max_retries != -1) o.setMaxRetransmissions(pre_max_retries); Ah ha!!! Found the bug :-) Scoping issue caused by casting pre_max_retries twice in nmap_main() --- nmap.cc 2006-07-02 11:42:34.000000000 -0500 +++ nmap.cc.orig 2006-07-02 11:31:30.000000000 -0500 @@ -685,7 +685,7 @@ if (l < 0) fatal("--max-scan-delay cannot be negative."); pre_max_scan_delay = l; } else if (optcmp(long_options[option_index].name, "max- retries") == 0) { - pre_max_retries = atoi(optarg); + int pre_max_retries = atoi(optarg); if (pre_max_retries < 0) fatal("max-retransmissions must be positive"); } else if (optcmp(long_options[option_index].name, "randomize- hosts") == 0 begin 644 nmap.cc.patch M+2TM(&YM87`N8V,),C`P-BTP-RTP,B`Q,3HT,CHS-"XP,#`P,#`P,#`@+3`U M,#`**RLK(&YM87`N8V,N;W)I9PDR,#`V+3`W+3`R(#$Q.C,Q.C,P+C`P,#`P M,#`P,"`M,#4P,`I`0"`M-C@U+#<@*S8X-2PW($!`"B`):68@*&P@/"`P*2!F M871A;"@B+2UM87@M<V-A;BUD96QA>2!C86YN;W0@8F4@;F5G871I=F4N(BD[ M"B`)<')E7VUA>%]S8V%N7V1E;&%Y(#T@;#L*("`@("`@('T@96QS92!I9B`H M;W!T8VUP*&QO;F=?;W!T:6]N<UMO<'1I;VY?:6YD97A=+FYA;64L(")M87@M M<F5T<FEE<R(I(#T](#`I('L*+2`@("`@("`@<')E7VUA>%]R971R:65S(#T@ M871O:2AO<'1A<F<I.PHK("`@("`@("!I;G0@<')E7VUA>%]R971R:65S(#T@ M871O:2AO<'1A<F<I.PH@("`@("`@("!I9B`H<')E7VUA>%]R971R:65S(#P@ M,"D*("`@("`@("`@("!F871A;"@B;6%X+7)E=')A;G-M:7-S:6]N<R!M=7-T M(&)E('!O<VET:79E(BD["B`@("`@("!](&5L<V4@:68@*&]P=&-M<"AL;VYG M7V]P=&EO;G-;;W!T:6]N7VEN9&5X72YN86UE+"`B<F%N9&]M:7IE+6AO<W1S ((BD@/3T@,`H` ` end Thanks for the great tool, guys and girls! I know a bit more about it now :-) Jon _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Re: max-retries not playing well Jon Passki (Jul 02)
- Re: max-retries not playing well Jon Passki (Jul 02)
- Re: max-retries not playing well Fyodor (Jul 02)
- Re: max-retries not playing well Jon Passki (Jul 02)