Re: nmap won't work with policy route

[David Fifield <david () bamsoftware com>]

On Wed, Mar 06, 2013 at 08:34:48PM +0100, John Bond wrote:
> I took a quick look at this on a system where we have a similar routing
> config.  See below for details.  I tried with nmap 5.5* (what ever is in
> centos 6.3) and i got the error described in the original email and --route-dst
> is unavailable.  using the version from nmap i get the following
>
> sudo ./nmap -e eth0 --route-dst 8.8.8.8
>
> Starting Nmap 6.26SVN ( http://nmap.org ) at 2013-03-06 19:24 UTC
> 8.8.8.8
> eth0 eth0 srcaddr 192.0.2.115 nexthop 192.0.2.126
>
> sudo ./nmap -e eth1 --route-dst 8.8.8.8
>
> Starting Nmap 6.26SVN ( http://nmap.org ) at 2013-03-06 19:24 UTC
> 8.8.8.8
> eth1 eth1 srcaddr 192.0.2.102 nexthop 192.0.2.97
>
> So everything at this point looks correct; however when i do the actual
> scan i notice that the wrong source address is selected.
>
> sudo ./nmap -e eth0 -sP 8.8.8.8
> 19:27:24.359034 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
> 8.8.8.8 tell 192.0.2.102, length 28
>
> as an FYI using ping picks the correct source
>
> ping -I eth0 8.8.8.8
> 18:53:35.791022 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
> 8.8.8.8 tell 192.0.2.115, length 28

Thank you for checking this, John. I'd like you to please try this patch
and see if it resolves the problem. It provides the desired output
interface (RTA_OIF) to the netlink interface to help it make its routing
decision.

David Fifield

Attachment: route_dst-oif.patch
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/