From 262c14730897cfd29b8193937d8f9fa49a09a825 Mon Sep 17 00:00:00 2001
From: david <david@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sat, 17 Aug 2013 02:18:09 +0000
Subject: [PATCH] Match icmpid in icmp_probe_match.

Remainder of Chris Johnson's patch from
http://seclists.org/nmap-dev/2013/q3/296.

Previously, Nmap could match replies that came in response to an
original probe, with one of the retransmissions of the probe. One effect
was that latency would be measured to be smaller than it should. Chris
Johnson summarized the problem and showed how to reproduce it at
http://seclists.org/nmap-dev/2013/q3/113.
---
 scan_engine.cc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/scan_engine.cc b/scan_engine.cc
index 6dea10339..7cc80119b 100644
--- a/scan_engine.cc
+++ b/scan_engine.cc
@@ -2583,6 +2583,10 @@ static bool icmp_probe_match(const UltraScanInfo *USI, const UltraProbe *probe,
       probe->ipid() == ipid)
     return false; /* We saw the packet we ourselves sent */
 
+  /* Check that the randomly-generated ping ident matches. */
+  if (ntohs(ping->id) != probe->icmpid())
+    return false;
+
   return true;
 }