Nmap Development mailing list archives
Re: nmap unable to find routes in FreeBSD jails
From: David Fifield <david () bamsoftware com>
Date: Thu, 27 Sep 2012 01:32:54 -0700
On Mon, Apr 30, 2012 at 03:39:38PM -0700, David Thiel wrote:
Hello list, I'm running a couple of hosts that use multiple FreeBSD jails (9.0-RELEASE), but noticed recently that I'm unable to perform any scans from within them, because nmap is unable to determine its routes. I've ensured that security.jail.allow_raw_sockets is set, and I've even temporarily exposed /dev/mem and /dev/kmem along with /dev/bpf*, to see if that helped things, but to no avail. netstat -rn works just fine, so I'm not sure what's preventing nmap from going. Any troubleshooting help would be appreciated; I've included some basic info below. # nmap insecure.org Starting Nmap 5.61TEST5 ( http://nmap.org ) at 2012-04-30 20:38 UTC nexthost: failed to determine route to insecure.org (74.207.254.18) QUITTING! # nmap -dd -iflist Starting Nmap 5.61TEST5 ( http://nmap.org ) at 2012-04-30 19:51 UTC ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MTU MAC usbus0 (usbus0) (null)/0 other up 0 em0 (em0) 206.125.172.20/32 ethernet up 1500 52:54:00:27:27:81 lo0 (lo0) (null)/0 loopback up 16384 lo1 (lo1) (null)/0 loopback up 16384 ROUTES: NONE FOUND(!) Reason:
I'm not sure what the problem is. Your ktrace shows this sequence: 37625 nmap CALL socket(PF_ROUTE,SOCK_RAW,0x2) 37625 nmap RET socket 4 37625 nmap CALL __sysctl(0x7fffffffc920,0x6,0,0x7fffffffc938,0,0) 37625 nmap SCTL "net.routetable.0.0.1.0" 37625 nmap RET __sysctl 0 37625 nmap CALL __sysctl(0x7fffffffc920,0x6,0x802433140,0x7fffffffc938,0,0) 37625 nmap SCTL "net.routetable.0.0.1.0" 37625 nmap RET __sysctl 0 37625 nmap CALL close(0x4) 37625 nmap RET close 0 37625 nmap CALL write(0x1,0x80243c000,0x16) 37625 nmap GIO fd 1 wrote 22 bytes "ROUTES: NONE FOUND(!) " which corresponds to this code in libdnet-stripped/src/route-bsd.c. #ifdef HAVE_SYS_SYSCTL_H int mib[6] = { CTL_NET, PF_ROUTE, 0, 0 /* XXX */, NET_RT_DUMP, 0 }; size_t len; if (sysctl(mib, 6, NULL, &len, NULL, 0) < 0) return (-1); if (len == 0) return (0); if ((buf = malloc(len)) == NULL) return (-1); if (sysctl(mib, 6, buf, &len, NULL, 0) < 0) { free(buf); return (-1); } lim = buf + len; next = buf; #elif defined(HAVE_GETKERNINFO) The syscalls appear to succeed, so it might be a problem later on in route_loop, in the loop with the comment /* This loop assumes that RTA_DST, RTA_GATEWAY, and RTA_NETMASK have the * values, 1, 2, and 4 respectively. Cf. Unix Network Programming, * p. 494, function get_rtaddrs. */ You might try attaching gdb the route_loop function and see if any of those "continues" is preventing routes from being added to Nmap's list. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: nmap unable to find routes in FreeBSD jails David Fifield (Sep 27)