Nmap Development mailing list archives
Re: [NSE] host.times{} for srtt, rttvar and timeout
From: David Fifield <david () bamsoftware com>
Date: Wed, 4 Aug 2010 15:00:33 -0600
On Wed, Aug 04, 2010 at 03:47:29PM -0500, Kris Katterjohn wrote:
I've attached a patch to add a "times" table to the host table passed to scripts, which contains the srtt, rttvar and timeout values calculated for the host. My main reason is that the raw IP scripts I've written have taken a very conservative guess at timeouts (several seconds), when in fact taking whole multiples of the host's actual timeout value is often still less than that. Use of this isn't necessarily restricted to raw IP functionality in scripts, but it is my primary intention right now. Scripts could adjust the timeout based on the timing level, but why use that in this specific case when Nmap has already probed the host and knows far more than the default starting timing option? If I were using the timing level, I might go with the max timeout (e.g., 1.25s for -T4) as a guess to be safe since the actual conditions are unclear. But what if Nmap's calculated timeout value from scanning is actually 0.5s? Or 0.2s? Even doubling these would be a good savings for every lack of reply. And with lower timing levels like the default -T3 with a max RTT timeout of 10s and an initial of 1s, well, you see it could be difficult to get a good guess based on these varying levels without wasting a lot of time. This also means users have some control over this with --{min,max}-rtt-timeout just like other parts of Nmap. Even just using the timing levels won't notify scripts of any other timing options which override template values. While the timeout value is my concern here, creating the times table makes the most sense for future use. I don't see any reason why scripts should be able to alter these values, so storing the (relatively small) values in host{} makes sense IMO. Otherwise, a get_times()/set_times() could be placed in the nmap module much like getting/setting port states. The attached patch adds the times{} to host{} with the srtt, rttvar and timeout values in fractional seconds from the original microseconds. The patch also uses the timeout values for ipidseq and qscan. My out-standing path-mtu script could take advantage of this as well. sniffer-detect uses pcap_receive with ethernet sending, but uses its own time intervals for retransmitting. dhcp-discover's timeout probably won't make use of this due to the rate-limiting described in the script's timeout @args section. Any comments are appreciated. I'd like to commit this later this week if there are no objections.
It looks fine to me. Please also add a quick description of the new fields to scripting.xml, under id="nse-api-arguments". David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] host.times{} for srtt, rttvar and timeout Kris Katterjohn (Aug 04)
- Re: [NSE] host.times{} for srtt, rttvar and timeout David Fifield (Aug 04)
- Re: [NSE] host.times{} for srtt, rttvar and timeout Kris Katterjohn (Aug 04)
- Re: [NSE] host.times{} for srtt, rttvar and timeout David Fifield (Aug 04)