From 9b28395cd835cf9ded7e20ba63ead2c0307f973f Mon Sep 17 00:00:00 2001
From: david <david@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 22 Mar 2012 01:30:47 +0000
Subject: [PATCH] Don't allow matching probes that haven't been sent.

This is a reversion of r26232 and r26230, which were themselves
reversions of r26201 and r26202 respectively, in
https://svn.nmap.org/nmap-exp/luis/nmap-os6@26232.

This code has gone back and forth a few times. Looking at it again, I
still think this way is more correct. At any rate, the other way
demonstrably leads to rare assertion failures (which are protecting
against a nonsensical subtraction with an all-zero timeval).
---
 CHANGELOG   | 4 ++++
 FPEngine.cc | 7 +++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 02a3b9d3b..2131c576c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -27,6 +27,10 @@ o [NSE] Added a stun library and the scripts stun-version and stun-info, which
 o [NSE] Added the script duplicates which attempts to determine duplicate
   hosts by analyzing information collected by other scripts. [Patrik Karlsson]
 
+o Changed the way timeout calculations are made in the IPv6 OS engine.
+  In rare cases a certain interleaving of probes and responses would
+  result in an assertion failure.
+
 Nmap 5.61TEST5 [2012-03-09]
 
 o Integrated all of your IPv4 OS fingerprint submissions since June
diff --git a/FPEngine.cc b/FPEngine.cc
index 07dfdaecd..050b9e84a 100644
--- a/FPEngine.cc
+++ b/FPEngine.cc
@@ -2000,7 +2000,6 @@ int FPHost6::schedule() {
               this->fp_probes[i].getRetransmissions());
           }
           this->fp_probes[i].incrementRetransmissions();
-          this->fp_probes[i].resetTimeSent();
           this->netctl->scheduleProbe(&(this->fp_probes[i]), 0);
           break;
         }
@@ -2128,7 +2127,6 @@ int FPHost6::schedule() {
       int whentostart = get_random_u16()%100;
       for (size_t l = 0; l < this->timed_probes; l++) {
         this->fp_probes[l].incrementRetransmissions();
-        this->fp_probes[l].resetTimeSent();
         this->netctl->scheduleProbe(&(this->fp_probes[l]), whentostart + l*100);
       }
       if (o.debugging > 3 && this->timed_probes > 0)
@@ -2516,6 +2514,11 @@ void FPProbe::reset() {
  * PacketParser::is_response(). Check there for a list of matched packets and
  * some usage examples.*/
 bool FPProbe::isResponse(PacketElement *rcvd) {
+  /* If we don't have a record of even sending this probe, no packet can be a
+     response. */
+  if (this->pkt_time.tv_sec == 0 && this->pkt_time.tv_usec == 0)
+    return false;
+
   return PacketParser::is_response(this->pkt, rcvd);
 }