We count a drop for congestion control purposes if we receive a response
to a retransmitted probe, because that means that the reply to the
original probe was dropped. However, we weren't taking into account that
we are at the same time receiving a positive response, and should
increase the window accordingly. There are now three things that can
happen:
Response to first probe: ACK
Response to retransmission: DROP, then ACK
Probe timeout: DROP
The comment in struct_ip.h explains the reasoning for this. The AIX C library
uses #defines that change the names of members of struct ip, and conflict with
some existing code. (Notably struct ip_hdr in libdnet and IPv4Header::h in
libnetutil.) We can still use the AIX files if we include <netinet/ip.h> after
this other code has been preprocessed. That's hard to enforce when
<netinet/ip.h> is included from another header file; this new file allows
including it always late, and only where needed.
Heretofore we have always extracted teh destination address directly
from the packet contents. But the raw packet bytes do not contain enough
information in one case: IPv6 link-local addresses. For those we really
need the scope ID, and for that we must pass this information all the
way down.
Before this, I got "no route to host" on OS link-local addresses. I
think that it was working on Linux only on accident, by the OS picking a
default interface or something.
A RST/ACK can only be matched to a SYN or FIN. A bare RST cannot
be matched to a SYN or FIN.
Matthew Stickney and Joe McEachern found cases where this caused replies
to be missed (specifically, RST/ACK in reponse to a NULL probe) and also
found standards justification for hosts returning RST/ACK in such a
situation.
There is a special test that uses IP IDs to check if a presumed reply
from localhost is actually one of our own probes. However the test
didn't bail out ofter finding one of these matches, so a retransmission
(with a different IP ID) could match and look like a protocol reply from
localhost.
We should have the multiprotocol version be the main version, with
IPv4-only code being a noted exception. Also these functions are almost
the same so one can call the other.
returning floating-point seconds. Everywhere o.TimeSinceStartMS was
called, the return value was being divided by 1000.0, which had the same
effect but would overflow when the difference exceeded about 25 days
(2^31 milliseconds). This patch is by Daniel Miller.
number to guarantee it's nonzero (which some target hosts require) rather
than looping for new random numbers.
* ICMP ID values are unimportant, as long as they are nonzero
* The original code to get random numbers was exactly duplicated (new variable,
comment, loop, even whitespace) in the same function, so using a single
variable set initially (albeit differently) simplifies duplication
scan. ARP scan had a hardcoded initial timeout of 100 ms, which could be
lower than the minimum requested. The default minimum timeout is also
100 ms, so this has no effect if --min-rtt-timeout is not used.
a struct of the same name in <netinet/sctp.h>. This caused a
compiliation error when Nmap was compiled with an OpenSSL that had
SCTP support. [Olli Hauer, Daniel Roethlisberger]
flag) is received in response. This can be due to an extremely rare TCP feature
known as a simultaneous open or split handshake connection.
see http://nmap.org/misc/split-handshake.pdf
Added a reason code: ER_SYN and associated reason string: "split-handshake-syn".
