Home page logo
/

nmap-dev logo Nmap Development mailing list archives

RE: nmap stuck in infinite loop
From: "Ganga Bhavani" <GBhavani () everdreamcorp com>
Date: Fri, 24 Feb 2006 11:49:39 -0800

It worked perfectly fine.  Thanks for the patch.

-Ganga

-----Original Message-----
From: nmap-dev-bounces () insecure org
[mailto:nmap-dev-bounces () insecure org]On Behalf Of Ganga Bhavani
Sent: Friday, February 17, 2006 9:57 AM
To: Fyodor
Cc: nmap-dev () insecure org
Subject: RE: nmap stuck in infinite loop


Thanks for the patch. I'll patch in the code and execute over the week-end. I'll let you know the result by next week.

Thanks,
Ganga

-----Original Message-----
From: Fyodor [mailto:fyodor () insecure org]
Sent: Thursday, February 16, 2006 5:35 PM
To: Ganga Bhavani
Cc: nmap-dev () insecure org
Subject: Re: nmap stuck in infinite loop


On Mon, Feb 13, 2006 at 10:24:30AM -0800, Ganga Bhavani wrote:

 I'm running nmap-3.95 in Windows xp system with the following command line parameter on Class B network. 

nmap -O -F -debug -debug -debug -debug 10.10.191.0/16. 

The nmap is executing in the infinite loop. It has been logging the following message for more than 30hrs. 

Thanks for the report.  Here is a patch which I hope solves the
problem:

--- scan_engine.cc      (revision 3120)
+++ scan_engine.cc      (working copy)
@@ -807,6 +807,7 @@
 
   /* Returns true if the GLOBAL system says that sending is OK.*/
 bool GroupScanStats::sendOK() {
+  int recentsends;
 
   if (USI->scantype == CONNECT_SCAN && CSI->numSDs >= CSI->maxSocketsAllowed)
     return false;
@@ -815,7 +816,9 @@
      the last listen call, at least for systems such as Windoze that
      don't give us a proper pcap time.  Also for connect scans, since
      we don't get an exact response time with them either. */
-  if (USI->scantype == CONNECT_SCAN || !pcap_recv_timeval_valid()) {
+  recentsends = USI->gstats->probes_sent - USI->gstats->probes_sent_at_last_wait;
+  if (recentsends > 0 && 
+      (USI->scantype == CONNECT_SCAN || !pcap_recv_timeval_valid())) {
     int to_ms = (int) MAX(to.srtt * .75 / 1000, 50);
     if (TIMEVAL_MSEC_SUBTRACT(USI->now, last_wait) > to_ms)
       return false;
@@ -828,7 +831,7 @@
      responses when I scan localhost.  And half of those are the @#$#
      sends being received.  I think I'll put a limit of 50 sends per
      wait */
-  if (USI->gstats->probes_sent - USI->gstats->probes_sent_at_last_wait >= 50)
+  if (recentsends >= 50)
     return false;
 
   /* When there is only one target left, let the host congestion
@@ -969,7 +972,7 @@
 
   getTiming(&tmng);
   if (tmng.cwnd >= num_probes_active + .5 && 
-      (freshPortsLeft() || num_probes_waiting_retransmit)) {
+      (freshPortsLeft() || num_probes_waiting_retransmit || !retry_stack.empty())) {
     if (when) *when = USI->now;
     return true;
   }

If you have a Windows development environment set up, would you apply
this patch and see if it resolves the problem?  If you aren't set up
for that, just let me know and I'll build Windows binaries with the
patch.  The next release will contain the patch too.

Cheers,
Fyodor


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault