From owner-freebsd-net@FreeBSD.ORG Thu Mar 13 16:25:43 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7E67AACC for ; Thu, 13 Mar 2014 16:25:43 +0000 (UTC) Received: from mail-ve0-x230.google.com (mail-ve0-x230.google.com [IPv6:2607:f8b0:400c:c01::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 41F10E22 for ; Thu, 13 Mar 2014 16:25:43 +0000 (UTC) Received: by mail-ve0-f176.google.com with SMTP id cz12so1346824veb.35 for ; Thu, 13 Mar 2014 09:25:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=mUuRCHRDv11SUNen5Koqzsxw19uoMqp7QIS6ctZWi1w=; b=lBgSYI37wXqq90D/iKs2xVCkOzqDzm+E8aQbAsLvePyARMM35f2irbbLu5yjp8IeN1 3bvaPhN+b4Ne6SSveuT4Etr/KgMFpCK7waR1y/ptlvkHOpapIznBPHxDeQafHEVkdpiD GaoQCknN6TfCfysq8FLhb1LDpqMLNgVrlUAGb7Z4onfsI3v3RtCcGJCpyrCvRW9Nw2R7 ZaHLQUT/d2byDiD1ZeCZxvWkss5yghieiedL/ZWmYWvaVpfeugIuqVonOGnF5dXd3dbu XajlI2v3d0u4ynfPTLBXEyWN09EvqoEUPSND00u+3jdOcQJlZoH9Ha2SKXqXrejgiDBa 1jhA== MIME-Version: 1.0 X-Received: by 10.58.207.34 with SMTP id lt2mr196295vec.49.1394727942433; Thu, 13 Mar 2014 09:25:42 -0700 (PDT) Received: by 10.52.139.66 with HTTP; Thu, 13 Mar 2014 09:25:42 -0700 (PDT) Date: Thu, 13 Mar 2014 10:25:42 -0600 Message-ID: Subject: NMap scans extremely slow on FreeBSD 10, possibly BIOCIMMEDIATE From: Ken Harvey To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Mar 2014 16:25:43 -0000 I am attempting to troubleshoot a problem with nmap on FreeBSD 10. The issue that I am having is that when running nmap -O 10.1.2.3 it is taking around 220 seconds to complete. While if I run that same command using Windows or Linux the command completes in around 2.3 seconds. Currently FreeBSD is 100 times slower for nmap scans then Linux or Windows. After reading through the forums and the mailing list archives I think the problem may be associated with BIOCIMMEDIATE. bpf is waiting for the buffer to fill, or for the ttl to expire before it processes the packets, rather than processing them upon receiving them. I may be incorrect in this theory, but I am unsure how to verify plausibility. While looking at /usr/includes/net/bpf.h I do see that BIOCIMMEDIATE is implemented. So I am now wondering if nmap or libpcap is sending the proper switch to bpf for it to enable BIOCIMMEDIATE. Is there a way for me to verify whether BIOCIMMEDIATE is being called in bpf? Is there a better way for me to try and troubleshoot this issue? You can view my forum post at https://forums.freebsd.org/viewtopic.php?f=7&t=45286 It has a little bit more detail then this post, but it also has a lot of my random troubleshooting steps as well. Currently I am a little over my head, and I am unsure how to or where to begin troubleshooting this problem. While I do want to get this issue resolved, I also would like to learn how to troubleshoot issues like these. Any help or guidance would be greatly appreciated.