Re: Nmap labeled ethernet address problem

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey Fyodor,

Fyodor wrote:
> Nmap seems to quit when it encounters labeled ethernet addresses on
> Linux.
<snip>
> > # ip addr add 1.1.1.1/32 dev eth0 label eth0vip
> > # ip addr list dev eth0
> > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
> >     link/ether 00:12:79:de:38:13 brd ff:ff:ff:ff:ff:ff
> >     inet 192.34.35.49/28 brd 192.34.35.63 scope global eth0
> >     inet 1.1.1.1/32 scope global eth0vip
> >     inet6 fe80::212:79ff:fede:3813/64 scope link
> >        valid_lft forever preferred_lft forever
> > # nmap -sP -PI 192.34.35.1-5
> >
> > Starting Nmap 4.60 ( http://nmap.org ) at 2008-04-17 17:33 MDT
> > Failed to determine the netmask of eth0vip!: No such device (19)

I've been looking into this.  It looks like "labels" are the same as the
older "aliases", which are traditionally either the same name as the
interface (as on BSD) or prefixed with the interface name and a colon
(as on Solaris).  Linux seems to support both.

Nmap already knows about the colon notation:

Strncpy(mydevs[numifaces].devname, ifr->ifr_name, [...]);
/* devname isn't allowed to have alias qualification */
if ((p = strchr(mydevs[numifaces].devname, ':')))
  *p = '\0';

I confirmed that using a label of "eth0:0" works as expected.

After devname stuff, the netmask stuff is done:

Strncpy(tmpifr.ifr_name, ifr->ifr_name, sizeof(tmpifr.ifr_name));
memcpy(&(tmpifr.ifr_addr), sin, [...]);
rc = ioctl(sd, SIOCGIFNETMASK, &tmpifr);

But notice that ifr->ifr_name is used rather than devname, so the
SIOCGIFNETMASK apparently works for aliases and labels *if* they're in
the right format.

The ip manpage on my system says this about labels:

"Each address may be tagged with a label string.  In order to preserve
compatibility with Linux-2.0 net aliases, this string must coincide with
the name of the device or must be prefixed with the device name followed
by colon."

So it seems that Nmap isn't at fault, but rather the user for selecting
the improper label and ip for not producing an error or warning.

So given this, I'm not sure what should be done about it :)

> Cheers,
> -F

Thanks,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSBfZB/9K37xXYl36AQLTPw//W6U3AEkbMuB4farS7sAjdwfY5ltpoRBu
7qkvKtpAMYyRmwUr/ZJyaLppmUUAtzmzX8t2cK9F5cLHor5Zbp+j4i+DoEiMrgD+
4qtrDQ4h7WjNEljE5m5tZqhy/Oa9JD6LGwXLnhsNINi8jYz9+hBDii3fuQu1HLi8
ILEoRDmN3eEKooX9Fiexk8uDqF+O5TLpFNM08dP7+6nDHxXU+5sraF2IX28MHpZ6
SKGPu2qKhFd0hdeT+75qiNH447izp9d3B154blxyaf3hOjJ7Vv6Z0n25yRS2wgJk
4UCrhEPr2LFaH4xaQixYWh68q5WwoVmEZeHoeXDRKfv2V30Bj3tjq92ZzAR2iNf9
1WPPsy8ajcrMCVah3Ndityj2rq8eFR4CgvU9w3kQ0Sp8MK+UzJGGvypMz7tAb+PV
nKibp29srfF2e+i0GWyeI9AvTHSmAY8m/wTdnBUapi5vV7iRBut5pNQGLPq6atAh
7B6+fiTdkjZZsz6A+rL9N7X/Cy3P6ZF0du1+O6MfnBeDTx1LZCeVlnGVLP8MVK6e
gk6LSdQcmtrb3JTmsTNBO+SA6pGyNV+OdZb2xp6iepwrXfpWPn6OT2QOm7nDRic/
T/LW34BPYWhEy0KBtlWRpJ11cvd8EalZETG7f7CrW36Tdq6yLObKgxZ2KBdJZ3Xt
IfjphZ5OCcc=
=aC3+
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org