Put the test for HOST_DOWN or HOST_UP once again after the test for

num_probes_active == 0 in HostScanStats::completed. The reason for this is fairly subtle and I didn't realize it at first: We have to make sure there are no active probes because once in the completed list, probes don't time out. Probes that are active stay active in the count. If the congestion window ever falls below the number of these active probes, the program will hang waiting for them to time out. We could get away with this in the case of up hosts, because we call HostScanStats::destroyAllOutstandingProbes in that case. We could do that in the down case too, but that would prohibit a down host from being found up later on. That's currently a matter of some luck; we don't keep sending probes after a host is down but will accept replies to any other probes that have already been sent.
2025-12-24 00:19:01 +00:00 · 2009-01-04 16:45:17 +00:00
parent af1ccf0cfe
commit 3ed62451bb
1 changed files with 6 additions and 6 deletions
--- a/scan_engine.cc
+++ b/scan_engine.cc
@@ -2169,18 +2169,18 @@ void HostScanStats::markProbeTimedout(list<UltraProbe *>::iterator probeI) {
 }

 bool HostScanStats::completed() {
-  /* With ping scan, we are done once we know the host is up or down. */
-  if (USI->ping_scan && ((target->flags & HOST_UP)
-    || (target->flags & HOST_DOWN) || target->weird_responses)) {
-    return true;
-  }
-
  /* If there are probes active or awaiting retransmission, we are not done. */
  if (num_probes_active != 0 || num_probes_waiting_retransmit != 0
    || !probe_bench.empty() || !retry_stack.empty()) {
    return false;
  }

+  /* With ping scan, we are done once we know the host is up or down. */
+  if (USI->ping_scan && ((target->flags & HOST_UP)
+    || (target->flags & HOST_DOWN) || target->weird_responses)) {
+    return true;
+  }
+
  /* With other types of scan, we are done when there are no more ports to
     probe. */
  return freshPortsLeft() == 0;