Nmap Development mailing list archives
Re: [NSE] rpc library; errors during nfsd startup
From: Patrik Karlsson <patrik () cqure net>
Date: Sun, 25 Apr 2010 20:54:07 +0200
Hi Djalal, Thanks for the patch, it looked good and I've commited it as r17391. I would appreciate if someone could try to run the scripts rpcinfo,nfs-* (eg. --script rpcinfo,nfs-*) against a Mac OS X server. I've done so against a 10.6.3 OS X server running in VMWare Fusion but I'm experiencing some problems. When the scripts are run in parallel (per default) they almost always return with various errors. Looking at packet captures reveals that the server detects Incorrect TCP checksums and resets the connection. I'm not seeing this at all running against my other test platforms (mostly Linux) and I would like to make sure this error is specific to the OS X virtual test environment. //Patrik On 23 apr 2010, at 19.37, Djalal Harouni wrote:
Hi David, This is another patch to add more RPC error stats/messages and to add more debug output, this is against Patrik's last patches r17374. thx. On 2010-04-21 19:17:47 -0600, David Fifield wrote:This is related to your patch, Djalal, but it affects the current code and your patched code so I'm replying here. I get errors if I run the nfs and rpc scripts quickly after restarting nfsd on the remote. This is what I see with the current code if I run the scan up to about 3 seconds after restarting nfsd. PORT STATE SERVICE REASON 111/tcp open rpcbind syn-ack | rpcinfo: | 100000 2 111/tcp rpcbind | 100000 2 111/udp rpcbind | 100021 0,1,3,4 877/udp nlockmgr | 100021 0,1,3,4 1022/tcp nlockmgr | 100024 1 905/udp status |_ 100024 1 1021/tcp status | nfs-acls: |_ Failed to list mount points | nfs-dirlist: |_ Failed to list mount points | nfs-showmount: |_ Failed to list mount points | nfs-statfs: |_ Failed to list mount points Compare this to the output if I run later: PORT STATE SERVICE REASON 111/tcp open rpcbind syn-ack | rpcinfo: | 100000 2 111/tcp rpcbind | 100000 2 111/udp rpcbind | 100003 2,3 2049/tcp nfs | 100003 2,3 2049/udp nfs | 100005 1,3 821/udp mountd | 100005 1,3 1009/tcp mountd | 100011 1,2 658/udp rquotad | 100021 0,1,3,4 877/udp nlockmgr | 100021 0,1,3,4 1022/tcp nlockmgr | 100024 1 905/udp status |_ 100024 1 1021/tcp status | nfs-showmount: |_ /Users/david 192.168.0.0 | nfs-statfs: | /Users/david |_ ERROR: Mount failed | nfs-acls: | /Users/david |_ ERROR: Mount failed | nfs-dirlist: | /Users/david |_ ERROR: Mount failed The change is even more obvious with the patched library. If I scan within 3 seconds of restarting nfsd I get lots of errors. NSE: 'nfs-dirlist' (thread: 0xa00ff70) against 192.168.0.190:111 threw an error! ./nselib/rpc.lua:1280: bad argument #2 to 'format' (string expected, got nil) stack traceback: [C]: in function 'format' ./nselib/rpc.lua:1280: in function 'ShowMounts' ./scripts/nfs-dirlist.nse:47: in function <./scripts/nfs-dirlist.nse:40> (tail call): ? NSE: 'nfs-statfs' (thread: 0xa018d00) against 192.168.0.190:111 threw an error! ./nselib/rpc.lua:1280: bad argument #2 to 'format' (string expected, got nil) stack traceback: [C]: in function 'format' ./nselib/rpc.lua:1280: in function 'ShowMounts' ./scripts/nfs-statfs.nse:40: in function <./scripts/nfs-statfs.nse:37> (tail call): ? NSE: 'nfs-showmount' (thread: 0xa0303f8) against 192.168.0.190:111 threw an error! ./nselib/rpc.lua:1280: bad argument #2 to 'format' (string expected, got nil) stack traceback: [C]: in function 'format' ./nselib/rpc.lua:1280: in function 'ShowMounts' ./scripts/nfs-showmount.nse:39: in function <./scripts/nfs-showmount.nse:34> (tail call): ? NSE: Finished 'rpcinfo' (thread: 0xa01a250) against 192.168.0.190:111. NSE: 'nfs-acls' (thread: 0xa00e9d8) against 192.168.0.190:111 threw an error! ./nselib/rpc.lua:1280: bad argument #2 to 'format' (string expected, got nil) stack traceback: [C]: in function 'format' ./nselib/rpc.lua:1280: in function 'ShowMounts' ./scripts/nfs-acls.nse:42: in function <./scripts/nfs-acls.nse:37> (tail call): ? Completed NSE at 19:16, 0.11s elapsed NSE: Script Scanning completed. Nmap scan report for 192.168.0.190 Fetchfile found ./nmap-mac-prefixes MAC prefix 0001C8 is duplicated in ./nmap-mac-prefixes; ignoring duplicates. MAC prefix 080030 is duplicated in ./nmap-mac-prefixes; ignoring duplicates. MAC prefix 080030 is duplicated in ./nmap-mac-prefixes; ignoring duplicates. Host is up, received arp-response (0.00022s latency). Scanned at 2010-04-21 19:16:52 MDT for 0s PORT STATE SERVICE REASON 111/tcp open rpcbind syn-ack | rpcinfo: | 100000 2 111/tcp rpcbind | 100000 2 111/udp rpcbind | 100021 0,1,3,4 877/udp nlockmgr | 100021 0,1,3,4 1022/tcp nlockmgr | 100024 1 905/udp status |_ 100024 1 1021/tcp status The expected output is this. PORT STATE SERVICE REASON 111/tcp open rpcbind syn-ack | rpcinfo: | 100000 2 111/tcp rpcbind | 100000 2 111/udp rpcbind | 100003 2,3 2049/tcp nfs | 100003 2,3 2049/udp nfs | 100005 1,3 915/udp mountd | 100005 1,3 1008/tcp mountd | 100011 1,2 652/udp rquotad | 100021 0,1,3,4 877/udp nlockmgr | 100021 0,1,3,4 1022/tcp nlockmgr | 100024 1 905/udp status |_ 100024 1 1021/tcp status | nfs-showmount: |_ /Users/david 192.168.0.0 | nfs-dirlist: | /Users/david |_ ERROR: rpc.Helper.Dir: Mount: Reply state was not Accepted(0) as expected | nfs-statfs: | /Users/david |_ ERROR: rpc.Helper.ExportStats: Mount: Reply state was not Accepted(0) as expected | nfs-acls: | /Users/david |_ ERROR: rpc.Helper.GetAttributes: Mount: Reply state was not Accepted(0) as expected This is with the Mac OS X nfsd. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/-- tixxdz <rpc.lua.diff>_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
-- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] rpc library, (continued)
- Re: [NSE] rpc library Djalal Harouni (Apr 17)
- Re: [NSE] rpc library Patrik Karlsson (Apr 18)
- Re: [NSE] rpc library Djalal Harouni (Apr 18)
- Re: [NSE] rpc library David Fifield (Apr 21)
- Re: [NSE] rpc library; trusted inputs? David Fifield (Apr 21)
- Re: [NSE] rpc library; trusted inputs? Djalal Harouni (Apr 26)
- Re: [NSE] rpc library; trusted inputs? David Fifield (Apr 26)
- Re: [NSE] rpc library; errors during nfsd startup David Fifield (Apr 21)
- Re: [NSE] rpc library; errors during nfsd startup Patrik Karlsson (Apr 22)
- Re: [NSE] rpc library; errors during nfsd startup Djalal Harouni (Apr 23)
- Re: [NSE] rpc library; errors during nfsd startup Patrik Karlsson (Apr 25)
- Re: [NSE] rpc library; errors during nfsd startup Djalal Harouni (Apr 25)
- Re: [NSE] rpc library; errors during nfsd startup David Fifield (May 04)