Re: [PATCH]: Ignore VMWare Fusion interfaces on MACOSX

[Kurt Grutzmacher <grutz () jingojango net>]

On Fri, Aug 24, 2007 at 08:54:36PM -0700, Fyodor wrote:
> Hi Kurt.  Thanks for your research, and the patch!  But maybe we
> should take a more generic approach.  How about if we skip the device
> (same behavior as your patch), but further down in the function such
> that it only happens when the eth_open_cached() fails.  The error
> message should be kept (possibly reworded), but changed into a
> warning.  

I'm not sure there's a way to separate bad interfaces from good ones
without disrupting functionality of aborting on bad interfaces. Since
getinterfaces() runs through every known interface displaying a message
would be annoying and users attempting to nmap on interfaces that are
invalid will just get no results.

However if we just do this:

if (!ethsd) {
  if (strncmp(mydevs[numifaces].devname, "vmnet", 5) != 0) 
    fatal("%s: Failed to open ethernet interface (%s). A possible cause on BSD operating systems is running out of BPF 
devices (see http://seclists.org/lists/nmap-dev/2006/Jan-Mar/0014.html).\n", __func__,
      mydevs[numifaces].devname);
  continue;
}

Then OSX/Fusion users won't get the fatal, any attempt to nmap a Fusion
interface will give a nexthost error (nexthost: failed to determine route)
and when Fusion fixes their problem we won't need to make any changes
because ethsd will be set. Still sort of a kludge but unless we change
the return data from libdnet's eth_open() it's gonna be difficult to tell.


-- 
                 ..:[ grutz at jingojango dot net ]:..
     GPG fingerprint: 5FD6 A27D 63DB 3319 140F  B3FB EC95 2A03 8CB3 ECB4
        "There's just no amusing way to say, 'I have a CISSP'."

Attachment: _bin
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org