Save timing ping probes between calls to ultra_scan. This allows, for example,

to reuse an ACK ping probe from host detection during a SYN port scan. This can
greatly speed up a scan if the SYN scan finds only filtered ports.

One difficulty with implementing this is that not all ping probes are
appropriate for all scan types.
  nmap -PA -sU scanme.nmap.org
would cache the ACK ping probe and send ACK pings during the UDP scan. But the
pcap filter for the UDP scan doesn't catch TCP packets, so the replies would
not be noticed and they would show up as dropped pings. Likewise,
  nmap -PR -sS 192.168.0.1
would segfault when it tried to use an uninitialized Ethernet descriptor to
send an ARP ping during the SYN scan, which would use raw sockets.

To fix this I added a function pingprobe_is_appropriate that determines whether
a given ping probe is appropriate for the current scan type. If not, the
constructor for HostScanStats just erases the ping probe.

More types of ping probes could be made "appropriate." TCP timing pings work
during a UDP scan if only the pcap filter is expanded to include TCP packets.

Target.h

@@ -113,6 +113,7 @@
 #include "portreasons.h"
 #include "portlist.h"
 #include "tcpip.h"
+#include "scan_engine.h"
 
 #ifndef INET6_ADDRSTRLEN
 #define INET6_ADDRSTRLEN 46
@@ -267,6 +268,13 @@ class Target {
 
   state_reason_t reason;
 
+  /* A probe that is known to receive a response. This is used to hold the
+     current timing ping probe type during scanning. */
+  probespec pingprobe;
+  /* The state the port or protocol entered when the response to pingprobe was
+     received. */
+  int pingprobe_state;
+
   private:
   void Initialize();
   void FreeInternal(); // Free memory allocated inside this object