Nmap Development mailing list archives
Re: Nmap/libnetutil: route tables rework
From: Hani Benhabiles <kroosec () gmail com>
Date: Sat, 21 Jul 2012 12:25:04 +0100
On 07/15/2012 03:47 PM, Djalal Harouni wrote:
When I add --send-eth, I get a "failed to determine next hop MAC address" error from the ip_send() function.On Fri, Jul 13, 2012 at 04:22:59PM +0100, Hani Benhabiles wrote:Hi list, Hi Djalal, I have been experimenting wrong values in Nmap routing table with tap interfaces while using the latest svn version (r29192). $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.220.0 192.168.2.2 255.255.255.0 UG 0 0 0 tap0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0 192.168.1.0 0.0.0.0 255.255.255.0 U 2 0 0 wlan0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlan0 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0 $ nmap --iflist Starting Nmap 6.02 ( http://nmap.org ) at 2012-07-12 11:02 CET ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MTU MAC lo (lo) 127.0.0.1/8 loopback up 16436 lo (lo) ::1/128 loopback up 16436 eth0 (eth0) (null)/0 ethernet up 1500 00:26:2D:92:55:8E wlan0 (wlan0) 192.168.1.51/24 ethernet up 1500 C4:17:FE:D2:53:05 wlan0 (wlan0) fe80::c617:feff:fed2:5305/64 ethernet up 1500 C4:17:FE:D2:53:05 tap0 (tap0) 192.168.2.1/24 ethernet up 1500 52:1A:E1:78:1B:61 tap0 (tap0) fe80::501a:e1ff:fe78:1b61/64 ethernet up 1500 52:1A:E1:78:1B:61 **************************ROUTES************************** DST/MASK DEV GATEWAY 192.168.220.0/24 tap0 192.168.2.2 192.168.2.0/24 wlan0 192.168.1.0/24 wlan0 169.254.0.0/16 wlan0 0.0.0.0/0 wlan0 192.168.1.1 yet, nmap --route-dst shows the correct interface to use (tap0) for 192.168.2.0/24 $ nmap --route-dst 192.168.2.2 192.168.2.2 tap0 tap0 srcaddr 192.168.2.1 direct Nmap has no problem finding the correct device for 192.168.220.0/24 (route manually added), but fails to do so with 192.168.2.0/24 (directly connected to tap0) and puts instead wlan0. This is related to what you reported, although the very very long patch didn't solve the issue, building from your Github repo [1] seems to fix the issue. :)Ok, I'll try to sync the patch.$ nmap --iflist Starting Nmap 6.02 ( http://nmap.org ) at 2012-07-12 12:46 CET ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MTU MAC lo (lo) 127.0.0.1/8 loopback up 16436 lo (lo) ::1/128 loopback up 16436 eth0 (eth0) (null)/0 ethernet up 1500 00:26:2D:92:55:8E wlan0 (wlan0) 192.168.1.51/24 ethernet up 1500 C4:17:FE:D2:53:05 wlan0 (wlan0) fe80::c617:feff:fed2:5305/64 ethernet up 1500 C4:17:FE:D2:53:05 tap0 (tap0) 192.168.2.1/24 ethernet up 1500 52:1A:E1:78:1B:61 tap0 (tap0) fe80::501a:e1ff:fe78:1b61/64 ethernet up 1500 52:1A:E1:78:1B:61 **************************ROUTES************************** DST/MASK DEV GATEWAY 192.168.220.0/24 tap0 192.168.2.2 192.168.2.0/24 tap0 192.168.1.0/24 wlan0 0.0.0.0/0 wlan0 192.168.1.1 ::1/128 lo fe80::/64 wlan0 fe80::/64 tap0 So this is a +1 for merging the work. But what I have been experimenting now is that in NSE, code like this: local sock = nmap.new_dnet() sock:ip_open() sock:ip_send(packet) would send the packet through the default route interface (for multicast targets, at least) and not the one specified by the -e option. I don't know if this is really related bug or is due to another issue.Thank you for reporting this. Are you sending at the ethernet level ? please add '--send-eth' and see. If your packets are still routed through the default route interface, then I can see the problem: nse_dnet.cc:ip_send() => nmap_route_dst() returns 0 And we jmp to the 'usesock' label using the IP layer. We can fix this by forcing libnetutil/netutil.cc:route_dst_generic() to use the interface users choose, I can't see another solution especially if we miss the route tables check, and this will be the case of all non handled IPs. At that point we can consider that users know what they want. I'll fix it later.
Cheers, Hani. -- Hani Benhabiles Twitter: https://twitter.com/#!/kroosec Blog: http://kroosec.blogspot.com _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Nmap/libnetutil: route tables rework Djalal Harouni (Jul 01)
- Re: Nmap/libnetutil: route tables rework Djalal Harouni (Jul 09)
- Re: Nmap/libnetutil: route tables rework Hani Benhabiles (Jul 13)
- Re: Nmap/libnetutil: route tables rework Djalal Harouni (Jul 15)
- Re: Nmap/libnetutil: route tables rework Hani Benhabiles (Jul 21)
- Re: Nmap/libnetutil: route tables rework Hani Benhabiles (Jul 13)
- Re: Nmap/libnetutil: route tables rework Djalal Harouni (Jul 09)
- <Possible follow-ups>
- Re: Nmap/libnetutil: route tables rework David Fifield (Sep 27)
- Re: Nmap/libnetutil: route tables rework David Fifield (Sep 28)
- Re: Nmap/libnetutil: route tables rework David Fifield (Sep 28)
- Re: Nmap/libnetutil: route tables rework David Fifield (Sep 29)
- Re: Nmap/libnetutil: route tables rework David Fifield (Sep 28)