Nmap 3.75 slow on Solaris [patch]

[Ben Harris <bjh21 () cam ac uk>]

Nmap 3.75 seems to be much slower than 3.25 when running on Solaris.  A 
simple -sS against 1024 ports on one machine took over a minute and a half 
with 3.75, versus four seconds with 3.25.  It looks like libpcap's 
getmsg() calls are taking much longer to return than they used to, which 
seems to come down to the new SBIOCSCHUNK call in pcap-dlpi.c.  Removing 
that call (trivial patch attached) causes nmap to go at its old speed.

I'm not sure why the timeout set by SBIOCSTIME isn't (reliably) firing, 
but I suspect the following sentence from bufmod(7):

# The module restarts the timeout period when it receives a read side data 
# message and a timeout is not currently active.

This means that if there's a steady, but slow, stream of network traffic, 
bufmod will slowly accumulate it until its got 64k, even if that takes 
much longer than the timeout programmed by pcap.  I'm not sure what a 
proper solution would be, though I have a suspicion it involved 
non-blocking reads, moving the timeout into libpcap, and SB_SEND_ON_WRITE, 
which is more than I have time for right now.  Sorry.


In case it matters, this is standard Nmap 3.75 running on:
SunOS harpy.csi.cam.ac.uk 5.8 Generic_108528-22 sun4m sparc SUNW,SPARCstation-10
Network is le(7), IPv4 only.

--
Ben Harris, University of Cambridge Computing Service.  Tel: (01223) 334728

Attachment: sbiocschunk.patch
Description: anti-SBIOCSCHUNK patch for Nmap 3.75

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org