From 9cd1ef697b0139812a66e41bd4a20bdc897d4509 Mon Sep 17 00:00:00 2001
From: david <david@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri, 16 Mar 2012 20:02:57 +0000
Subject: [PATCH] Update nsock_tod before creating a timer.

nsock_tod is Nsock's idea of the current time. It is updated when an
nsock_pool is initialized, on each iteration of nsock_loop, and in a few
other places. What could go wrong, with respect to timers, is a sequence
like this:
	nsp_new
	[... some long delay ...]
	nsock_create_timer(timeout)
	nsock_loop
The time elapsed after the creatino of the timer until it fires would
not be timeout, but rather timeout - delay. If the delay was long
enough, the timer would fire as loop as nsock_loop was entered.

This showed itself in IPv6 OS detection. We schedule 6 timers
immediately, 100 ms apart. If the pcap_open or anything else took too
long, then the timers would fire all at once. This messed up the
calculation of the TCP_ISR feature.

Perhaps we should do this when any new event is created? It is already
done manually at the beginning of each of the connect functions.
---
 CHANGELOG                | 4 ++++
 nsock/src/nsock_timers.c | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/CHANGELOG b/CHANGELOG
index 6f282caee..07b65872e 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,9 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o Fixed a bug that could cause Nsock timers to fire too early. This
+  could happen for the timed probes in IPv6 OS detection, causing an
+  incorrect measurement of the TCP_ISR feature. [David Fifield]
+
 o [NSE] Added a stun library and the scripts stun-version and stun-info, which
   extract version information and the external NAT:ed address.
   [Patrik Karlsson]
diff --git a/nsock/src/nsock_timers.c b/nsock/src/nsock_timers.c
index 1d350ace1..254ce1dfc 100644
--- a/nsock/src/nsock_timers.c
+++ b/nsock/src/nsock_timers.c
@@ -57,6 +57,8 @@
 
 #include "nsock_internal.h"
 
+extern struct timeval nsock_tod;
+
 /* Send back an NSE_TYPE_TIMER after the number of milliseconds specified.  Of
  * course it can also return due to error, cancellation, etc. */
 nsock_event_id nsock_timer_create(nsock_pool ms_pool, nsock_ev_handler handler,
@@ -64,6 +66,8 @@ nsock_event_id nsock_timer_create(nsock_pool ms_pool, nsock_ev_handler handler,
   mspool *nsp = (mspool *)ms_pool;
   msevent *nse;
 
+  gettimeofday(&nsock_tod, NULL);
+
   nse = msevent_new(nsp, NSE_TYPE_TIMER, NULL, timeout_msecs, handler, userdata);
   assert(nse);