Copy the patch from the SVN.

Author: d33tah

nsock/include/nsock.h

@@ -443,6 +443,14 @@ int nsock_iod_set_localaddr(nsock_iod iod, struct sockaddr_storage *ss, size_t s
  * destroyed */
 int nsock_iod_set_ipoptions(nsock_iod iod, void *ipopts, size_t ipoptslen);
 
+/* Sets IPv4 TTL to apply before connect(). */
+int nsock_iod_set_ttl(nsock_iod nsi, int ttl);
+
+/* Sets connection lingering options to apply before connect().  It makes a copy
+ * of the options, so you can free() yours if necessary.  This copy is freed
+ * when the iod is destroyed */
+int nsock_iod_set_linger(nsock_iod nsi, struct linger lingeropts);
+
 /* Returns that host/port/protocol information for the last communication (or
  * comm. attempt) this nsi has been involved with.  By "involved" with I mean
  * interactions like establishing (or trying to) a connection or sending a UDP

nsock/src/nsock_connect.c

@@ -104,6 +104,21 @@ static int mksock_set_ipopts(struct npool *ms, struct niod *iod) {
   return 0;
 }
 
+static int mksock_set_ttl(struct npool *ms, struct niod *iod) {
+  int rc;
+
+  errno = 0;
+  rc = setsockopt(iod->sd, IPPROTO_IP, IP_TTL, (const char *) &(iod->ttl),
+                  iod->ttl);
+  if (rc == -1) {
+    int err = socket_errno();
+
+    nsock_log_error("Setting of TTL failed (IOD #%li): %s (%d)",
+                    iod->id, socket_strerror(err), err);
+  }
+  return 0;
+}
+
 static int mksock_bind_device(struct npool *ms, struct niod *iod) {
   int rc;
 
@@ -159,6 +174,9 @@ static int nsock_make_socket(struct npool *ms, struct niod *iod, int family, int
   if (iod->ipoptslen && family == AF_INET)
     mksock_set_ipopts(ms, iod);
 
+  if (iod->ttl != -1)
+    mksock_set_ttl(ms, iod);
+
   if (ms->device)
     mksock_bind_device(ms, iod);
 

nsock/src/nsock_event.c

@@ -460,7 +460,18 @@ struct nevent *event_new(struct npool *nsp, enum nse_type type,
 #endif
 
   if (timeout_msecs != -1) {
-    assert(timeout_msecs >= 0);
+
+    /* FIXME: port scanning behind SOCKS4 fails on the assertion above, most
+       likely because of problems with the reliability of gettimeofday. This
+       conditional statement is a kludge meant to make SOCKS4 port scanning
+       work. This should be removed and the underlying problem actually
+       solved.
+
+       Also see here: http://seclists.org/nmap-dev/2015/q2/375
+    */
+    if (timeout_msecs < 0)
+      timeout_msecs = 0;
     TIMEVAL_MSEC_ADD(nse->timeout, nsock_tod, timeout_msecs);
   }
 

nsock/src/nsock_internal.h

@@ -295,6 +295,12 @@ struct niod {
   void *ipopts;
   int ipoptslen;
 
+  int ttl;
+
+  /* structure used to trigger connection lingering */
+  struct linger lingeropts;
+  int lingeropts_set;
+
   /* Pointer to mspcap struct (used only if pcap support is included) */
   void *pcap;
 

nsock/src/nsock_iod.c

@@ -136,6 +136,9 @@ nsock_iod nsock_iod_new2(nsock_pool nsockp, int sd, void *userdata) {
   nsi->ipopts = NULL;
   nsi->ipoptslen = 0;
 
+  nsi->ttl = -1;
+  nsi->lingeropts_set = 0;
+
 #if HAVE_OPENSSL
   nsi->ssl_session = NULL;
 #endif
@@ -403,6 +406,28 @@ int nsock_iod_set_ipoptions(nsock_iod iod, void *opts, size_t optslen) {
   return 0;
 }
 
+/* Sets IPv4 TTL to apply before connect(). */
+int nsock_iod_set_ttl(nsock_iod iod, int ttl) {
+  struct niod *nsi = (struct niod *)iod;
+
+  assert(nsi);
+
+  nsi->ttl = ttl;
+  return 0;
+}
+
+/* Sets connection lingering options to apply before connect().  It makes a copy
+ * of the options, so you can free() yours if necessary.  This copy is freed
+ * when the iod is destroyed */
+int nsock_iod_set_linger(nsock_iod nsi, struct linger lingeropts_arg)
+{
+  struct niod *iod = (struct niod *)nsi;
+  assert(iod);
+  iod->lingeropts = lingeropts_arg;
+  iod->lingeropts_set = 1;
+  return 0;
+}
+
 /* I didn't want to do this.  Its an ugly hack, but I suspect it will be
  * necessary.  I certainly can't reproduce in nsock EVERYTHING you might want
  * to do with a socket.  So I'm offering you this function to obtain the socket

scan_engine.cc

@@ -835,7 +835,10 @@ static void set_default_port_state(std::vector<Target *> &targets, stype scantyp
     case ACK_SCAN:
     case WINDOW_SCAN:
     case CONNECT_SCAN:
-      (*target)->ports.setDefaultPortState(IPPROTO_TCP, PORT_FILTERED);
+        (*target)->ports.setDefaultPortState(IPPROTO_TCP, PORT_CLOSEDFILTERED);
+      else
+        (*target)->ports.setDefaultPortState(IPPROTO_TCP, PORT_FILTERED);
       break;
     case SCTP_INIT_SCAN:
       (*target)->ports.setDefaultPortState(IPPROTO_SCTP, PORT_FILTERED);
@@ -1567,11 +1570,10 @@ void HostScanStats::destroyOutstandingProbe(std::list<UltraProbe *>::iterator pr
     num_probes_waiting_retransmit--;
   }
 
-  /* Remove it from scan watch lists, if it exists on them. */
-  if (probe->type == UltraProbe::UP_CONNECT && probe->CP()->sd > 0)
-    USI->gstats->CSI->clearSD(probe->CP()->sd);
-
   probes_outstanding.erase(probeI);
+  if (o.debugging > 8)
+    log_write(LOG_PLAIN, "HostScanStats::destroyOutstandingProbe[%p]"
+              " - Deleting probe dport=%d\n", probe, probe->dport());
   delete probe;
 }
 
@@ -1686,12 +1688,15 @@ void HostScanStats::markProbeTimedout(std::list<UltraProbe *>::iterator probeI)
     /* I'll leave it in the queue in case some response ever does come */
     num_probes_waiting_retransmit++;
 
-  if (probe->type == UltraProbe::UP_CONNECT && probe->CP()->sd >= 0 ) {
     /* Free the socket as that is a valuable resource, though it is a shame
        late responses will not be permitted */
-    USI->gstats->CSI->clearSD(probe->CP()->sd);
-    close(probe->CP()->sd);
-    probe->CP()->sd = -1;
+      nsock_iod_delete(probe->CP()->sock_nsi, NSOCK_PENDING_SILENT);
+      probe->CP()->connected = false;
+    }
   }
 }
 
@@ -1953,6 +1958,9 @@ void HostScanStats::moveProbeToBench(std::list<UltraProbe *>::iterator probeI) {
   probe_bench.push_back(*probe->pspec());
   probes_outstanding.erase(probeI);
   num_probes_waiting_retransmit--;
+  if (o.debugging > 8)
+    log_write(LOG_PLAIN, "HostScanStats::moveProbeToBench[%p]"
+              " - Deleting probe dport=%d\n", probe, probe->dport());
   delete probe;
 }
 

scan_engine.h

@@ -135,6 +135,7 @@
 #include "tcpip.h"
 #include <list>
 #include <vector>
+#include "nsock.h"
 
 struct probespec_tcpdata {
   u16 dport;
@@ -218,7 +219,10 @@ class ConnectProbe {
 public:
   ConnectProbe();
   ~ConnectProbe();
-  int sd; /* Socket descriptor used for connection.  -1 if not valid. */
+  nsock_iod sock_nsi;
+  int connect_result;
+  bool self_connect;
 };
 
 struct IPExtraProbeData_icmp {
@@ -359,21 +363,9 @@ class ConnectScanInfo {
   ConnectScanInfo();
   ~ConnectScanInfo();
 
-  /* Watch a socket descriptor (add to fd_sets and maxValidSD).  Returns
-     true if the SD was absent from the list, false if you tried to
-     watch an SD that was already being watched. */
-  bool watchSD(int sd);
-
-  /* Clear SD from the fd_sets and maxValidSD.  Returns true if the SD
-   was in the list, false if you tried to clear an sd that wasn't
-   there in the first place. */
-  bool clearSD(int sd);
-  int maxValidSD; /* The maximum socket descriptor in any of the fd_sets */
-  fd_set fds_read;
-  fd_set fds_write;
-  fd_set fds_except;
   int numSDs; /* Number of socket descriptors being watched */
   int maxSocketsAllowed; /* No more than this many sockets may be created @once */
+  nsock_pool nsp;
 };
 
 class HostScanStats;