Re: Addressing the hang on Windows 2012 R2 w/WinPcap

[食肉大灰兔V5 <hsluoyz () gmail com>]

Hi Dan,

> From my perspective, WinPcap's binding adapters is designed to be
reentrant, as no shared variables are used. And the NdisOpenAdapter
function called by WinPcap should be reentrant too according to MSDN:
https://msdn.microsoft.com/en-us/library/ee481122.aspx. So it's hard to see
what happens, more details are needed to clarify this, e.g. at which source
code line this hang happens, or how to reproduce this issue.

The global mutex workaround can't address the hang occurs between two
different applications-- as they can't share the named mutex.

WinPcap's adapter binding happens whenever packet.dll's PacketOpenAdapter
is called, however this behavior has been changed in Vista and later (NDIS
6). That is adapters can be only bound once for all at the driver's loading
moment. Although Windows provides shims for NDIS 5 legacy compatibility,
this old driver model has already been marked as deprecated for quite a
time. So you can try Npcap 0.05 to see what happens. Latest installer can
be found at:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.05.exe.


Cheers,
Yang

On Mon, Sep 21, 2015 at 12:00 PM, Daniel Miller <bonsaiviking () gmail com>
wrote:

> List,
>
> I recently pushed a change in r35259 to try to address a hang that several
> of our users have experienced on Windows 8.1 and 2012 R2. Specifically,
> Nmap hangs when multiple nmap.exe processes are run in parallel and reach
> the same scan phase at the same time. In debugging the issue with WinPcap's
> debug DLLs, we traced the problem to concurrent access to the WinPcap NPF
> driver.
>
> The change in r35259 introduces a global mutex to control access to the
> NPF driver. The locations to control were determined by working backwards
> from the OpenServiceA calls within WinPcap to the Packet.DLL functions that
> contained them. There were calls to these functions in libpcap, libdnet,
> and libnetutil.
>
> I am not a Windows programming expert, so I cannot be certain that this is
> the best approach, or that I did not do something unorthodox or
> inadvisable. I have CC'd some of our best Windows minds (apologies to
> anyone I didn't think of in the space of 10 seconds) and I'm hoping to hear
> their thoughts on this, or any concerns that anyone may have with this
> change. I intend to put this into the next (and final) BETA release this
> week for broader testing, so I would like a little more assurance that it
> is safe and sane.
>
> Dan
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/