From ee3c89afe4f05a5d900705ac3950e830586e0344 Mon Sep 17 00:00:00 2001
From: kris <kris@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri, 23 Jul 2010 10:43:04 +0000
Subject: [PATCH] o [NSE] When receiving raw packets from Pcap, the packet
 capture time   is now available to scripts as an additional return value from
   pcap_receive().  It is returned as the floating point number of   seconds
 since the epoch.  The qscan.nse script was updated to use   this more
 accurate data instead of using the clock_ms() function   (which returns the
 current time). [Kris]

---
 CHANGELOG          |  7 +++++++
 nse_nsock.cc       | 12 +++++++++---
 nselib/nmap.luadoc |  5 +++--
 scripts/qscan.nse  | 12 +++++++++---
 4 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 2c9f9433d..5935ec271 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,12 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE] When receiving raw packets from Pcap, the packet capture time
+  is now available to scripts as an additional return value from
+  pcap_receive().  It is returned as the floating point number of
+  seconds since the epoch.  The qscan.nse script was updated to use
+  this more accurate data instead of using the clock_ms() function
+  (which returns the current time). [Kris]
+
 o [Zenmap] Fixed a crash that would happen after opening the search
   window, entering a relative date criterion such as "after:-7", and
   then clicking the "Expressions" button. The error message was
diff --git a/nse_nsock.cc b/nse_nsock.cc
index c53a57129..a4a4b9470 100644
--- a/nse_nsock.cc
+++ b/nse_nsock.cc
@@ -135,6 +135,8 @@ struct ncap_request
                                                   * statusstring contains error 
                                                   * description */
   char *r_status;                                /* errorstring */
+  struct timeval recvtime;                       /* Time packet was received,
+                                                  * if r_success is true */
 
   unsigned char *r_layer2;
   size_t r_layer2_len;
@@ -1767,9 +1769,10 @@ void ncap_request_set_result(nsock_event nse, struct ncap_request *nr)
       const unsigned char *l2_data, *l3_data;
 
       size_t l2_len, l3_len, packet_len;
+      struct timeval tv;
 
       nse_readpcap(nse, &l2_data, &l2_len, &l3_data, &l3_len,
-          &packet_len, NULL);
+          &packet_len, &tv);
       char *packet = (char *) safe_malloc(l2_len + l3_len);
 
       nr->r_layer2 = (unsigned char *) packet;
@@ -1779,6 +1782,7 @@ void ncap_request_set_result(nsock_event nse, struct ncap_request *nr)
       nr->r_layer2_len = l2_len;
       nr->r_layer3_len = l3_len;
       nr->packetsz = packet_len;
+      nr->recvtime = tv;
       break;
     }
     case NSE_STATUS_ERROR:
@@ -1819,12 +1823,14 @@ int ncap_restore_lua(ncap_request * nr)
     lua_pushnumber(L, nr->packetsz);
     lua_pushlstring(L, (char *) nr->r_layer2, nr->r_layer2_len);
     lua_pushlstring(L, (char *) nr->r_layer3, nr->r_layer3_len);
+    lua_pushnumber(L, (double) nr->recvtime.tv_sec + (double) nr->recvtime.tv_usec / 1000000);
   } else
   {
     lua_pushnil(L);
     lua_pushstring(L, nr->r_status);
     lua_pushnil(L);
     lua_pushnil(L);
+    lua_pushnil(L);
   }
   bool suspended = nr->suspended;
 
@@ -1842,9 +1848,9 @@ int ncap_restore_lua(ncap_request * nr)
   free(nr);
 
   if (suspended)                       /* lua process is suspended */
-    nse_restore(L, 4);
+    nse_restore(L, 5);
   else                                 /* not suspended, just pass output */
-    return 4;
+    return 5;
   return 0;
 }
 
diff --git a/nselib/nmap.luadoc b/nselib/nmap.luadoc
index d8fa03137..cdbca5cd6 100644
--- a/nselib/nmap.luadoc
+++ b/nselib/nmap.luadoc
@@ -564,15 +564,16 @@ function pcap_register(packet_hash)
 --
 -- If an error or timeout occurs, the function returns false and an error
 -- message. Otherwise, the function returns true followed by the packet length,
--- the layer two header, and the layer three header.
+-- layer two header, layer three header and packet capture time.
 -- @return Status (true or false).
 -- @return The length of the captured packet (this may be smaller than the
 -- actual packet length since packets are truncated when the Libpcap snaplen
 -- parameter is smaller than the total packet length).
 -- @return Data from the second OSI layer (e.g. ethernet headers).
 -- @return Data from the third OSI layer (e.g. IPv4 headers).
+-- @return Packet capture time, as floating point seconds since the epoch
 -- @see pcap_open, pcap_register
--- @usage status, plen, l2_data, l3_data = socket:pcap_receive()
+-- @usage status, plen, l2_data, l3_data, time = socket:pcap_receive()
 function pcap_receive()
 
 --- Closes a pcap device.
diff --git a/scripts/qscan.nse b/scripts/qscan.nse
index df04a0f41..f12820aa9 100644
--- a/scripts/qscan.nse
+++ b/scripts/qscan.nse
@@ -367,7 +367,7 @@ action = function(host)
 	local saddr = packet.toip(host.bin_ip_src)
 	local daddr = packet.toip(host.bin_ip)
 	local port
-	local start, stop
+	local start
 	local rtt
 	local stats = {}
 	local try = nmap.new_try()
@@ -410,9 +410,15 @@ action = function(host)
 
 			stats[j].sent = stats[j].sent + 1
 
-			local status, len, _, pkt = pcap:pcap_receive()
+			local status, len, _, pkt, stop = pcap:pcap_receive()
 
-			stop = nmap.clock_ms()
+			if not stop then
+				-- probably a timeout, just grab current time
+				stop = nmap.clock_ms()
+			else
+				-- we gotta use msecs
+				stop = stop * 1000
+			end
 
 			rtt = stop - start