From 695b1a3a2dde44f251b68c3e4ceebce9fceea89c Mon Sep 17 00:00:00 2001
From: david <david@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 30 Aug 2007 06:30:29 +0000
Subject: [PATCH] Merge r5728:5733 from
 /nmap-exp/david/nmap-massping-migration.

Increase PING_GROUP_SZ to 4096.

Remove a broken test for wierd_responses (subnet broadcast addresses) and write a note that a working test is needed.
---
 nmap.h         |  2 +-
 scan_engine.cc | 16 +++++++++++++---
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/nmap.h b/nmap.h
index 99bdfe0fb..8382c45ab 100644
--- a/nmap.h
+++ b/nmap.h
@@ -327,7 +327,7 @@ void *realloc();
 /* Number of hosts we pre-ping and then scan.  We do a lot more if
    randomize_hosts is set.  Every one you add to this leads to ~1K of
    extra always-resident memory in nmap */
-#define PING_GROUP_SZ 2048
+#define PING_GROUP_SZ 4096
 
 /* DO NOT change stuff after this point */
 #define UC(b)   (((int)b)&0xff)
diff --git a/scan_engine.cc b/scan_engine.cc
index a91d60739..03bb52693 100644
--- a/scan_engine.cc
+++ b/scan_engine.cc
@@ -3815,6 +3815,18 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
         probeI = hss->probes_outstanding.end();
         listsz = hss->num_probes_outstanding();
 
+        /* A check for wierd_responses is needed here. This is not currently
+           possible because we don't have a good way to look up the original
+           target of an ICMP probe based on the response. (massping encoded an
+           array index in the ICMP sequence, which won't work here.) Once we've
+           found the host that sent the probe that elicited the response, the
+           test for wierd_responses is
+              if (sending_host->v4host().s_addr != ip->ip_src.s_addr)
+                hss->target->wierd_responses++;
+           (That is, the target that sent the probe is not the same one that
+           sent the response.)
+         */
+
         goodone = false;
 
         /* Find the probe that provoked this response. */
@@ -3826,10 +3838,8 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
             continue;
 
           /* Ensure the connection info matches. */
-          if (hss->target->v4sourceip()->s_addr != ip->ip_dst.s_addr) {
-            hss->target->wierd_responses++;
+          if (hss->target->v4sourceip()->s_addr != ip->ip_dst.s_addr)
             continue;
-          }
 
           /* Sometimes we get false results when scanning localhost with
              -p- because we scan localhost with src port = dst port and