Nmap Development: RE: nmap stuck in infinite loop

Nmap Development mailing list archives

RE: nmap stuck in infinite loop

From: "Ganga Bhavani" <GBhavani () everdreamcorp com>
Date: Tue, 14 Feb 2006 13:24:18 -0800

Thanks. --host_timeout mitigates the problem by timing out, when the nmap hits the race condition. It would be great if 
the author can fix this problem.

Thanks,
Ganga

-----Original Message-----
From: nmap-dev-bounces () insecure org
[mailto:nmap-dev-bounces () insecure org]On Behalf Of Michael Hornung
Sent: Monday, February 13, 2006 1:12 PM
To: nmap-dev () insecure org
Subject: Re: nmap stuck in infinite loop 


Ganga, I'm glad someone else has corroborated the same problem I reported 
on 26 January.  Unfortunately I have not fixed it but instead reverted to 
3.93 which still meets my needs and does not exhibit that problem.

-Mike

On Mon, 13 Feb 2006 at 10:24, Ganga Bhavani wrote:

|HI,
|
| I'm running nmap-3.95 in Windows xp system with the following command line parameter on Class B network. 
|
|nmap -O -F -debug -debug -debug -debug 10.10.191.0/16. 
|
|The nmap is executing in the infinite loop. It has been logging the following message for more than 30hrs. 
|
|**TIMING STATS**: IP, probes active/freshportsleft/retry_stack/outstanding/retra
|nwait/onbench, cwnd/ccthresh/delay, timeout/srtt/rttvar/
|   Groupstats (1/30 incomplete): 0/*/*/*/*/* 12.05/2/* 1890847/272571/404569
|   10.10.4.84: 0/0/4/0/0/0 1.00/2/0 1642338/346594/323936
|
|The code has been stuck in the following while loop in scan_engine.cc.
|  while(USI->numIncompleteHosts() != 0) {
|    doAnyPings(USI);
|    doAnyRetransmits(USI);
|    doAnyNewProbes(USI);
|    gettimeofday(&USI->now, NULL);
|    // printf("TRACE: Finished doAnyNewProbes() at %.4fs\n", o.TimeSinceStartMS(
|&USI->now) / 1000.0);
|    printAnyStats(USI);
|    waitForResponses(USI);
|    gettimeofday(&USI->now, NULL);
|    // printf("TRACE: Finished waitForResponses() at %.4fs\n", o.TimeSinceStartM
|S(&USI->now) / 1000.0);
|    processData(USI);
|  }
|
|I figured out that the probes active, freshports left,outstanding, retranwait,onbench are all 0 excpet the retry_stack 
is 4 and num of incomplete hosts is 1.When I further debugged, I found that it is not sending any probe or retransmit. 
|In this state, sendOK is returning false because the condition  if (TIMEVAL_MSEC_SUBTRACT(USI->now, last_wait) > 
to_ms) is true. And due to the failure of the sendOK, the functions in the "while" loop are not sending any 
probe/ping/retransmit.
|It does not remove the number of incomplete hosts as the retry stack size is more than 0. Due to this race condition, 
nmap goes into infinite loop and never recovers. 
|
|Can someone familiar with this part of the code help me fix this issue ?
|
|Thanks,
|Ganga
| 
|
|
|
|
|
|_______________________________________________
|Sent through the nmap-dev mailing list
|http://cgi.insecure.org/mailman/listinfo/nmap-dev
|
|


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

By Date By Thread

Current thread:

nmap stuck in infinite loop Ganga Bhavani (Feb 13)
- Re: nmap stuck in infinite loop Michael Hornung (Feb 13)
- Re: nmap stuck in infinite loop Fyodor (Feb 17)
  - Re: nmap stuck in infinite loop Sullo (Feb 24)
- <Possible follow-ups>
- RE: nmap stuck in infinite loop Ganga Bhavani (Feb 14)
- RE: nmap stuck in infinite loop Ganga Bhavani (Feb 17)
- RE: nmap stuck in infinite loop Ganga Bhavani (Feb 24)