From 412fcbcca0656fa3f38b4f425cbaabd6877b31a9 Mon Sep 17 00:00:00 2001 From: kris Date: Thu, 5 Aug 2010 01:55:05 +0000 Subject: [PATCH] o [NSE] Added a "times" table to the host table passed to scripts. This table contains Nmap's timing data (srtt, the smoothed round trip time; rttvar, the rtt variance; and timeout), all represented as floating-point seconds. The ipidseq and qscan scripts were updated to utilize the host's timeout value instead of the very conservative guess of 3 seconds for read timeouts. [Kris] --- CHANGELOG | 7 +++++++ docs/scripting.xml | 13 +++++++++++++ nse_nmaplib.cc | 6 ++++++ scripts/ipidseq.nse | 2 +- scripts/qscan.nse | 8 +++++++- 5 files changed, 34 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 04b2356e5..4e74d1b1a 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,12 @@ # Nmap Changelog ($Id$); -*-text-*- +o [NSE] Added a "times" table to the host table passed to scripts. + This table contains Nmap's timing data (srtt, the smoothed round + trip time; rttvar, the rtt variance; and timeout), all represented + as floating-point seconds. The ipidseq and qscan scripts were + updated to utilize the host's timeout value instead of the very + conservative guess of 3 seconds for read timeouts. [Kris] + o [Nmap, Nping] Fixed the fragmentation options (-f in Nmap, --mtu in both) which broke in 5.35DC1. Instead of sending multiple fragments, the original packet was sent whole. In some circumstances, sending diff --git a/docs/scripting.xml b/docs/scripting.xml index 6499a6c03..cf30f990d 100644 --- a/docs/scripting.xml +++ b/docs/scripting.xml @@ -1425,6 +1425,19 @@ LUALIB_API int luaopen_openssl(lua_State *L) { + + + + + + This table contains Nmap's timing data for the host (see + ). This includes "srtt" (smoothed + round trip time), "rttvar" (round trip time variance), and "timeout" + (the probe timeout), all given in floating-point seconds. + + + + diff --git a/nse_nmaplib.cc b/nse_nmaplib.cc index d1895d2ec..185875ec4 100644 --- a/nse_nmaplib.cc +++ b/nse_nmaplib.cc @@ -145,6 +145,12 @@ void set_hostinfo(lua_State *L, Target *currenths) { lua_setfield(L, -2, "bin_ip_src"); } + lua_newtable(L); + setnfield(L, -1, "srtt", (lua_Number) currenths->to.srtt / 1000000.0); + setnfield(L, -1, "rttvar", (lua_Number) currenths->to.rttvar / 1000000.0); + setnfield(L, -1, "timeout", (lua_Number) currenths->to.timeout / 1000000.0); + lua_setfield(L, -2, "times"); + FingerPrintResults *FPR = currenths->FPR; /* if there has been an os scan which returned a pretty certain diff --git a/scripts/ipidseq.nse b/scripts/ipidseq.nse index 71b249646..01d262a12 100644 --- a/scripts/ipidseq.nse +++ b/scripts/ipidseq.nse @@ -224,7 +224,7 @@ action = function(host) pcap:pcap_open(host.interface, 104, 0, callback, "tcp and dst host " .. saddr .. " and src host " .. daddr .. " and src port " .. port) - pcap:set_timeout(3000) + pcap:set_timeout(host.times.timeout * 1000) local tcp = genericpkt(host, port) diff --git a/scripts/qscan.nse b/scripts/qscan.nse index a6c702d02..a248df9ff 100644 --- a/scripts/qscan.nse +++ b/scripts/qscan.nse @@ -382,7 +382,13 @@ action = function(host) try = nmap.new_try(function() sock:ip_close() end) - pcap:set_timeout(3000) + -- Simply double the calculated host timeout to account for possible + -- extra time due to port forwarding or whathaveyou. Nmap has all + -- ready scanned this host, so the timing should have taken into + -- account some of the RTT differences, but I think it really depends + -- on how many ports were scanned and how many were forwarded where. + -- Play it safer here. + pcap:set_timeout(2 * host.times.timeout * 1000) local tcp = genericpkt(host)