From eb7fda541e9c40456a2e24023be5797cd6a4ec83 Mon Sep 17 00:00:00 2001
From: david <david@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 18 Dec 2008 04:49:49 +0000
Subject: [PATCH] Fix global congestion control in OS scan.

Like ultra_scan, OS scan has global and host-based congestion control
mechanisms like those in TCP. Part of global congestion control is
keeping track of how many probes are outstanding in the network; OS scan
keeps the number in a member variable called num_probes_active.

num_probes_active is meant to be the sum of the sizes of each host's
list of outstanding probes. It was correctly being decremented whenever
a probe was removed from an active list, but it was never incremented.
num_probes_active was always zero or negative, and therefore never
exceeded the global congestion window. This almost completely disabled
global congestion control.

With this fix OS scan will send a maximum of ten probes immediately at
the beginning of the scan. Previously it was limited only by the number
of hosts being scanned (20 or 30).
---
 osscan2.cc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/osscan2.cc b/osscan2.cc
index ad61249fa..4fe685535 100644
--- a/osscan2.cc
+++ b/osscan2.cc
@@ -991,6 +991,7 @@ void HostOsScan::updateActiveSeqProbes(HostOsScanStats *hss) {
     /* Is the probe timedout? */
     if (TIMEVAL_SUBTRACT(now, probe->sent) > (long) timeProbeTimeout(hss)) {
       hss->removeActiveProbe(probeI);
+      assert(stats->num_probes_active > 0);
       stats->num_probes_active--;
     }
   }
@@ -1074,11 +1075,13 @@ void HostOsScan::updateActiveTUIProbes(HostOsScanStats *hss) {
       if(probe->tryno >= 3) {
         /* The probe is expired. */
         hss->removeActiveProbe(probeI);
+        assert(stats->num_probes_active > 0);
         stats->num_probes_active--;
       }
       else {
         /* It is timedout, move it to the sendlist */
         hss->moveProbeToUnSendList(probeI);
+        assert(stats->num_probes_active > 0);
         stats->num_probes_active--;
       }
     }
@@ -1276,6 +1279,7 @@ void HostOsScan::sendNextProbe(HostOsScanStats *hss) {
   stats->num_probes_sent++;
 
   hss->moveProbeToActiveList(probeI);
+  stats->num_probes_active++;
 
   if (o.debugging > 1) {
     log_write(LOG_PLAIN, "Send probe (type: %s, subid: %d) to %s\n",
@@ -1521,7 +1525,8 @@ bool HostOsScan::processResp(HostOsScanStats *hss, struct ip *ip, unsigned int l
 
     /* delete the probe. */
     hss->removeActiveProbe(probeI);
-    this->stats->num_probes_active--;
+    assert(stats->num_probes_active > 0);
+    stats->num_probes_active--;
 
     return true;
   }