Nmap Development mailing list archives
Re: Why the "Linux goofiness" socket writability check?
From: David Fifield <david () bamsoftware com>
Date: Sat, 18 Jul 2009 21:15:00 -0600
On Tue, Jul 14, 2009 at 11:58:47AM -0600, David Fifield wrote:
What is the purpose of this code in handle_connect_result in nsock/src/nsock_core.c? switch(socket_error) { case 0: #ifdef LINUX if (!FD_ISSET(iod->sd, &ms->mioi.fds_results_r)) { /* Linux goofiness -- We need to actually test that it is writeable */ rc = send(iod->sd, "", 0, 0); if (rc < 0 ) { nse->status = NSE_STATUS_ERROR; nse->errnum = ECONNREFUSED; } else { nse->status = NSE_STATUS_SUCCESS; } } else { nse->status = NSE_STATUS_SUCCESS; } #else nse->status = NSE_STATUS_SUCCESS; #endif break; The function is called whenever the iod->sd bit is set in either fds_results_r, fds_results_w, or fds_results_x. The code is saying, if it was not because fds_results_r was set (presumably fds_results_w was set--the socket is writable), then do a 0-length send to test if the socket really is writable. The code predates the public Subversion repository, so I can't get a log message from when it was added. This code is problematic for a couple of reasons. First, this breaks SCTP connections, because SCTP does not support 0-length sends. You an "Invalid argument" error. http://seclists.org/nmap-dev/2009/q3/0088.html. Second, I found now that UDP connects are also routed through handle_connect_result, Nsock UDP connections are sending a packet with an empty payload right after connection.
Fyodor didn't remember what this code was for but it dates back to 2000 at least. (There was a problem with the permissions in the Subversion repository, but Fyodor changed it and now you can see log messages going back further.) We decided to remove it and see if it causes problems. It is removed in r14426. I tried to find an old Linux to test it with. I tried a Linux 2.4 live CD but Nmap wouldn't run compiled against a newer Glibc, even compiled statically. I compiled it under a 2.6.8.1 live CD from 2004, and version detection, NSE, and Ncat worked without any problem. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Why the "Linux goofiness" socket writability check? David Fifield (Jul 14)
- Re: Why the "Linux goofiness" socket writability check? David Fifield (Jul 18)
- Re: Why the "Linux goofiness" socket writability check? Kris Katterjohn (Jul 18)
- Re: Why the "Linux goofiness" socket writability check? David Fifield (Jul 18)
- Re: Why the "Linux goofiness" socket writability check? David Fifield (Jul 18)
- Re: Why the "Linux goofiness" socket writability check? Kris Katterjohn (Jul 18)
- Re: Why the "Linux goofiness" socket writability check? Solar Designer (Jul 19)
- Re: Why the "Linux goofiness" socket writability check? David Fifield (Jul 21)
- Re: Why the "Linux goofiness" socket writability check? David Fifield (Jul 18)