Nmap Development mailing list archives
Re: Sergey. [Status report 10/17]
From: Patrick Donnelly <batrick () batbytes com>
Date: Wed, 6 Jul 2016 11:58:04 -0400
Hi Sergey, On Tue, Jul 5, 2016 at 8:37 PM, Sergey Khegay <g.sergeykhegay () gmail com> wrote:
- Tested libssh2 port to Windows. Although it works, there is a big performance issue. At first I thought that it is Windows platform related, but after couple tests it turned out that Linux platform is also affected. The problem is that when using libssh2 module, there is a huge memory consumption: Using ssh-brute.nse script for testing with --max-parallelism=100 and brute.threads=100 (aka max_threads) and 12000 account to iterate, the virtual memory claimed rises from 18 MB to over 2 GB (!). Testing under the same conditions but with different, ftp-brute.nse, brute script did not reveal such huge memory consumption. Interestingly, when I run the script on my Mac, the NSE manages to iterate over all credentials and find the correct pair. Although when on Windows 7, the nmap process gives up with a segmentation fault when ~ 2 GB of memory is claimed (private working set). The segmentation fault is thrown because of these two lines of code nse_libssh2: l_session_open(..) state->session = libssh2_session_init(); ... libssh2_session_set_blocking(state->session, 0); Because the memory is exhausted (unlikely there is any other reason), `libssh2_session_init()` fails to allocate space for a ssh2 session, hence `state->session` is set to NULL. The segmentation fault happens in `libssh2_session_set_blocking(state->session, 0)` because the function tries to access session descriptor at the 0 (NULL) location. My assumption is that Lua's garbage collection is to blame, probably a user data created to track ssh2 state is not cleaned properly upon completion. nse_libssh2: l_session_open(..) ssh_userdata *state = (ssh_userdata *)lua_newuserdata(L, sizeof(ssh_userdata)); I have not figured out how to properly check the assumption yet and force Lua to clean up userdata.
It's extremely unlikely there is a problem with Lua GC. After a glance at nse_libssh2, I see no obvious leaks. Use: https://www.lua.org/manual/5.3/manual.html#pdf-collectgarbage to see how many bytes are in use by Lua. I suspect the actual problem is in some windows specific code in libssh2 or in nse_libssh2. -- Patrick Donnelly _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Sergey. [Status report 10/17] Sergey Khegay (Jul 05)
- Re: Sergey. [Status report 10/17] Patrick Donnelly (Jul 06)
- Re: Sergey. [Status report 10/17] Sergey Khegay (Jul 06)
- <Possible follow-ups>
- Sergey. [Status report 10/17] Sergey Khegay (Jul 12)
- Re: Sergey. [Status report 10/17] Patrick Donnelly (Jul 06)