o Nmap sometimes sent packets with incorrect IP checksums,
particularly when sending the UDP probes in OS detection. This has
been fixed. Thanks to Gisle Vanem for reporting and investigating the
bug. [David]
o In the interest of forward compatibility, the xmloutputversion
attribute in Nmap XML output is no longer constrained to be a
certain string ("1.02"). The xmloutputversion should be taken as
merely advisory by authors of parsers.
The partial checksum for the TCP/UDP pseudo-header is calculated and then it is
added to the checksum for the rest of the packet. I started to write the
functions for such incremental checksum calculation but then I saw they are
already implemented in libdnet.
formula algebraically reduced to
1.0 - gstats->numprobes / host->freshPortsLeft(), which doesn't regard the
number of sent probes, leading to long stalls in the completion when, for
example, maxtries is increased.
probes that will be sent and calculate from that. This makes the 100%
completion match up closely with the end of the scan, as the estimate gets
better as the scan gets closer to finishing. It also works against filtered
hosts. There is still the related problem that the completion time estimate
uses a global average to estimate completion rate, so it tends to
underestimate.
estimates, and don't consider the number of outstanding probes or number of
retries. The old code would overestimate completion, causing a period of 99.99%
completion at the end of a scan (which caused earlier estimates to be too
soon). For a long UDP scan this puts the completion estimate right on after a
little time to allow for convergence. See
http://www.bamsoftware.com/wiki/Nmap/CompletionTimeEstimates.
instead of a custom hash table and an STL list instead of a custom linked list.
The biggest gain comes from using the list.sort method rather than inserting
ports in sorted order (equivalent to insertion sort). The new code passes
Doug's p-switch-tests.
Here are time comparisons, using the old and new services code, and using the
standard nmap-services file and the 65535-port nmap-services-huge. The times
are the duration of the call to nmap_services_init. Three trials were done for
each case, except for the old-code/nmap-services-huge case.
nmap-services:
old code: 0.215 0.201 0.227 (average 0.214 s)
new code: 0.025 0.022 0.023 (average 0.023 s)
nmap-services-huge:
old code: 441.014 (average 441.014 s)
new code: 0.984 0.975 0.978 (average 0.979 s)
