Nmap Development mailing list archives
Re: NSE Socket Operation on a non-socket
From: David Fifield <david () bamsoftware com>
Date: Tue, 21 Jul 2009 13:32:11 -0600
On Sat, Jul 18, 2009 at 11:05:09PM -0600, David Fifield wrote:
On Sat, Jul 18, 2009 at 04:54:41AM +0100, jah wrote:I've been struggling with an error which I can reliably reproduce with the following (r14408) nmap command against a windows machine with tcp ports 445 and 3389 open: nmap -sSV -p 445,3389 -PN -n --script banner,smb-enum-shares -d <target> The error looks like this: NSOCK (-1950392.4020s) nsock_loop error 10038: An operation was attempted on something that is not a socket. NSE: Script Engine Scan Aborted. An error was thrown by the engine: a fatal error occurred in nsock_loop stack traceback: [C]: ? [C]: in function 'nsock_loop' C:\Program Files\Nmap\nse_main.lua:605: in function 'run' C:\Program Files\Nmap\nse_main.lua:734: in function <C:\Program Files\Nmap\nse_main.lua:693> [C]: ?I got this error too on Windows a few days ago while running an NSE benchmark test for Patrick. It happened every time with
I think I have found the cause of this problem. This too is related to the change to counting the number of pending reads and writes on sockets to control the select sets. Re: Ncat with ssl using 100% cpu (PATCH) http://seclists.org/nmap-dev/2009/q3/0019.html Re: Assertion failure in nsock_core http://seclists.org/nmap-dev/2009/q3/0128.html The error happens when handle_connect_result is called for an SSL connection. At this point the socket's read and write counts are decremented (to zero). Usually after the TCP connection, handle_connect_result needs to be called again to handle an SSL_ERROR_WANT_READ. In this case the read count is incremented (to one). It is normally decremented to zero after that, but in case of a connection timeout it is not. So the socket descriptor remains in the select set and causes the error when selected on. jah, I bet if you look at your error logs, you will see something like NSOCK (55.7810s) Callback: SSL-CONNECT TIMEOUT for EID 3353 [136.148.92.51:80] near the bottom of the file. I will work on fixing this. I'll at least make the socket counts go to zero when an event is deleted. handle_connect_result could be improved too. It's a complicated state machine that handles a lot of different cases and it's hard to trace all the possible paths. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: NSE Socket Operation on a non-socket, (continued)
- Re: NSE Socket Operation on a non-socket Joao Correa (Jul 18)
- Re: NSE Socket Operation on a non-socket David Fifield (Jul 18)
- Re: NSE Socket Operation on a non-socket Joao Correa (Jul 19)
- Re: NSE Socket Operation on a non-socket jah (Jul 19)
- Re: NSE Socket Operation on a non-socket Joao Correa (Jul 21)
- [NSE] - dns.query() return types jah (Jul 21)
- Re: [NSE] - dns.query() return types David Fifield (Jul 21)
- Re: [NSE] - dns.query() return types jah (Jul 22)
- Re: NSE Socket Operation on a non-socket Joao Correa (Jul 19)
- Re: NSE Socket Operation on a non-socket jah (Jul 21)
- Re: NSE Socket Operation on a non-socket David Fifield (Jul 21)