diff -urNb old.nmap.rev/nmap.cc new.nmap.rev/nmap.cc
--- old.nmap.rev/nmap.cc	Tue May 16 13:22:10 2006
+++ new.nmap.rev/nmap.cc	Tue May 16 13:22:10 2006
@@ -470,6 +470,15 @@
   size_t sslen;
   int option_index;
   bool iflist = false;
+
+  // Pre-specified timing parameters.
+  // These are stored here during the parsing of the arguments so that we can
+  // set the defaults specified by any timing template options (-T2, etc) BEFORE
+  // any of these. In other words, these always take precedence over the templates.
+  int pre_max_parallelism=-1, pre_scan_delay=-1, pre_max_scan_delay=-1;
+  int pre_init_rtt_timeout=-1, pre_min_rtt_timeout=-1, pre_max_rtt_timeout=-1;
+  int pre_max_retries=-1, pre_host_timeout=-1;
+
   struct option long_options[] =
     {
       {"version", no_argument, 0, 'V'},
@@ -591,18 +600,18 @@
         if (l < 20) {
 	  error("WARNING: You specified a round-trip time timeout (%ld ms) that is EXTRAORDINARILY SMALL.  Accuracy may suffer.", l);
 	}
-	o.setMaxRttTimeout(l);
+        pre_max_rtt_timeout = l;
       } else if (optcmp(long_options[option_index].name, "min-rtt-timeout") == 0) {
 	l = tval2msecs(optarg);
 	if (l < 0) fatal("Bogus --min-rtt-timeout argument specified");
 	if (l > 50000) {
 	  error("Warning:  min-rtt-timeout is given in milliseconds, your value seems pretty large.");
 	}
-	o.setMinRttTimeout(l);
+        pre_min_rtt_timeout = l;
       } else if (optcmp(long_options[option_index].name, "initial-rtt-timeout") == 0) {
 	l = tval2msecs(optarg);
 	if (l <= 0) fatal("Bogus --initial-rtt-timeout argument specified.  Must be positive");
-	o.setInitialRttTimeout(l);
+        pre_init_rtt_timeout = l;
       } else if (strcmp(long_options[option_index].name, "excludefile") == 0) {
         excludefd = fopen(optarg, "r");
         if (!excludefd) {
@@ -631,12 +640,12 @@
 	if (o.min_parallelism > 100) {
 	  error("Warning: Your --min-parallelism option is pretty high!  This can hurt reliability.");
 	}
-      } else if (optcmp(long_options[option_index].name, "host-timeout") == 0) {	l = tval2msecs(optarg);
+      } else if (optcmp(long_options[option_index].name, "host-timeout") == 0) {
+        l = tval2msecs(optarg);
 	if (l <= 200) fatal("--host-timeout must be at least 200 milliseconds");
-	o.host_timeout = l;
-	if (o.host_timeout < 1000) {
+	if (l < 1000)
 	  error("host-timeout is given in milliseconds, so you specified less than a second (%lims). This is allowed but not recommended.", o.host_timeout);
-	}
+	pre_host_timeout = l;
       } else if (strcmp(long_options[option_index].name, "ttl") == 0) {
 	o.ttl = atoi(optarg);
 	if (o.ttl < 0 || o.ttl > 255) {
@@ -665,20 +674,16 @@
       } else if (optcmp(long_options[option_index].name, "scan-delay") == 0) {
 	l = tval2msecs(optarg);
 	if (l < 0) fatal("Bogus --scan-delay argument specified.");
-	o.scan_delay = l;
-	if (o.scan_delay > o.maxTCPScanDelay()) o.setMaxTCPScanDelay(o.scan_delay);
-	if (o.scan_delay > o.maxUDPScanDelay()) o.setMaxUDPScanDelay(o.scan_delay);
-	o.max_parallelism = 1;
+        pre_scan_delay = l;
       } else if (optcmp(long_options[option_index].name, "max-scan-delay") == 0) {
 	l = tval2msecs(optarg);
 	if (l < 0) fatal("--max-scan-delay cannot be negative.");
-	o.setMaxTCPScanDelay(l);
-	o.setMaxUDPScanDelay(l);
+        pre_max_scan_delay = l;
       } else if (optcmp(long_options[option_index].name, "max-retries") == 0) {
         int num_retrans = atoi(optarg);
         if (num_retrans < 0)
           fatal("max-retransmissions must be positive");
-        o.setMaxRetransmissions(num_retrans);
+        pre_max_retries = num_retrans;
       } else if (optcmp(long_options[option_index].name, "randomize-hosts") == 0
 		 || strcmp(long_options[option_index].name, "rH") == 0) {
 	o.randomize_hosts = 1;
@@ -856,9 +861,9 @@
       }
       break;  
     case 'M': 
-      o.max_parallelism = atoi(optarg); 
-      if (o.max_parallelism < 1) fatal("Argument to -M must be at least 1!");
-      if (o.max_parallelism > 900) {
+      pre_max_parallelism = atoi(optarg); 
+      if (pre_max_parallelism < 1) fatal("Argument to -M must be at least 1!");
+      if (pre_max_parallelism > 900) {
 	error("Warning: Your max-parallelism (-M) option is extraordinarily high, which can hurt reliability");
       }
       break;
@@ -1046,6 +1051,26 @@
   if (!o.debugging)
     signal(SIGSEGV, sigdie); 
 #endif
+
+  // After the arguments are fully processed we now make any of the timing
+  // tweaks the user might've specified:
+  if (pre_max_parallelism != -1) o.max_parallelism = pre_max_parallelism;
+  if (pre_scan_delay != -1) {
+    o.scan_delay = pre_scan_delay;
+    if (o.scan_delay > o.maxTCPScanDelay()) o.setMaxTCPScanDelay(o.scan_delay);
+    if (o.scan_delay > o.maxUDPScanDelay()) o.setMaxUDPScanDelay(o.scan_delay);
+    o.max_parallelism = 1;
+  }
+  if (pre_max_scan_delay != -1) {
+    o.setMaxTCPScanDelay(pre_max_scan_delay);
+    o.setMaxUDPScanDelay(pre_max_scan_delay);
+  }
+  if (pre_init_rtt_timeout != -1) o.setInitialRttTimeout(pre_init_rtt_timeout);
+  if (pre_min_rtt_timeout != -1) o.setMinRttTimeout(pre_min_rtt_timeout);
+  if (pre_max_rtt_timeout != -1) o.setMaxRttTimeout(pre_max_rtt_timeout);
+  if (pre_max_retries != -1) o.setMaxRetransmissions(pre_max_retries);
+  if (pre_host_timeout != -1) o.host_timeout = pre_host_timeout;
+
 
   if (o.osscan)
     o.reference_FPs = parse_fingerprint_reference_file();