Re: [NSE] host.times{} for srtt, rttvar and timeout

[David Fifield <david () bamsoftware com>]

On Wed, Aug 04, 2010 at 03:47:29PM -0500, Kris Katterjohn wrote:
> I've attached a patch to add a "times" table to the host table passed to
> scripts, which contains the srtt, rttvar and timeout values calculated for the
> host.  My main reason is that the raw IP scripts I've written have taken a
> very conservative guess at timeouts (several seconds), when in fact taking
> whole multiples of the host's actual timeout value is often still less than
> that.  Use of this isn't necessarily restricted to raw IP functionality in
> scripts, but it is my primary intention right now.
>
> Scripts could adjust the timeout based on the timing level, but why use that
> in this specific case when Nmap has already probed the host and knows far more
> than the default starting timing option?  If I were using the timing level, I
> might go with the max timeout (e.g., 1.25s for -T4) as a guess to be safe
> since the actual conditions are unclear.  But what if Nmap's calculated
> timeout value from scanning is actually 0.5s?  Or 0.2s?  Even doubling these
> would be a good savings for every lack of reply.  And with lower timing levels
> like the default -T3 with a max RTT timeout of 10s and an initial of 1s, well,
> you see it could be difficult to get a good guess based on these varying
> levels without wasting a lot of time.  This also means users have some control
> over this with --{min,max}-rtt-timeout just like other parts of Nmap.  Even
> just using the timing levels won't notify scripts of any other timing options
> which override template values.
>
> While the timeout value is my concern here, creating the times table makes
> the most sense for future use.
>
> I don't see any reason why scripts should be able to alter these values, so
> storing the (relatively small) values in host{} makes sense IMO.  Otherwise, a
> get_times()/set_times() could be placed in the nmap module much like
> getting/setting port states.
>
> The attached patch adds the times{} to host{} with the srtt, rttvar and
> timeout values in fractional seconds from the original microseconds.  The
> patch also uses the timeout values for ipidseq and qscan.  My out-standing
> path-mtu script could take advantage of this as well.  sniffer-detect uses
> pcap_receive with ethernet sending, but uses its own time intervals for
> retransmitting.  dhcp-discover's timeout probably won't make use of this due
> to the rate-limiting described in the script's timeout @args section.
>
> Any comments are appreciated.  I'd like to commit this later this week if
> there are no objections.

It looks fine to me. Please also add a quick description of the new
fields to scripting.xml, under id="nse-api-arguments".

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/