Nmap Development mailing list archives

Re: IPv6 scanning problem

From: R D Smith <smith1rd () gmail com>
Date: Fri, 16 Sep 2005 12:30:46 -0400

Thanks!

I did get my testing done by assigning global addresses. I'll see if I
can apply your patch to the 3.93 code and get the link local address
working.

R D

On 9/16/05, Henryk Plötz <henryk () ploetzli ch> wrote:

Moin,

Am Fri, 16 Sep 2005 09:25:23 -0400 schrieb R D Smith:

I can't seem to find your previous post in the archive.  How do you
specify the scope id for nmap?


Hmm, it's not in the archive indeed. Wonder why. I'll repost it below.


Begin forwarded message:

Date: Sat, 28 May 2005 22:53:53 +0200
From: Henryk Plötz <henryk () ploetzli ch>
To: nmap-dev () insecure org
Subject: [PATCH] Fix IPv6 scope handling


Moin,

I further looked into the problem with nmap's current handling of scoped
IPv6 addresses: In TargetGroup::parse_expr() the sin6_scope_id which
getaddrinfo() returns as part of the ai_addr structure is simply thrown
away. That way scoped addresses (especially link-local addresses) like
fe80::208:39ff:fe2d:1942%wlan0 are not handled correctly. I've attached
a simple patch that stores and restores the scope_id so these addresses
will work.

With patch:
| henryk@gleam nmap$ ./nmap -6 fe80::208:39ff:fe2d:1942%wlan0
|
| Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-05-28
| 22:45 CEST
| Interesting ports on fe80::208:39ff:fe2d:1942
| (The 1662 ports scanned but not shown below are in state: closed)
| PORT    STATE SERVICE
| 22/tcp  open  ssh
|
| Nmap finished: 1 IP address (1 host up) scanned in 11.940 seconds

Without patch:
| henryk@gleam nmap$ nmap -6 fe80::208:39ff:fe2d:1942%wlan0
| Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-05-28
| 22:49 CEST
| Strange read error from fe80::208:39ff:fe2d:1942: Transport endpoint
| is not connected
| Strange read error from fe80::208:39ff:fe2d:1942: Transport endpoint
| is not connected
 ...

--snip--
diff -Naur nmap-3.81/TargetGroup.cc nmap-3.81-v6-link_local/TargetGroup.cc
--- nmap-3.81/TargetGroup.cc    2004-11-12 10:35:13.000000000 +0100
+++ nmap-3.81-v6-link_local/TargetGroup.cc      2005-05-28 22:31:12.000000000 +0200
@@ -289,6 +289,7 @@
     assert(result->ai_addrlen == sizeof(struct sockaddr_in6));
     struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) result->ai_addr;
     memcpy(ip6.s6_addr, sin6->sin6_addr.s6_addr, 16);
+    scope6 = sin6->sin6_scope_id;
     ipsleft = 1;
     freeaddrinfo(result);
 #else // HAVE_IPV6
@@ -436,6 +437,7 @@
     sin6->sin6_len = *sslen;
 #endif /* SIN_LEN */
     memcpy(sin6->sin6_addr.s6_addr, ip6.s6_addr, 16);
+    sin6->sin6_scope_id = scope6;
 #else
     fatal("IPV6 not supported on this platform");
 #endif // HAVE_IPV6
diff -Naur nmap-3.81/TargetGroup.h nmap-3.81-v6-link_local/TargetGroup.h
--- nmap-3.81/TargetGroup.h     2004-08-29 11:12:03.000000000 +0200
+++ nmap-3.81-v6-link_local/TargetGroup.h       2005-05-28 22:30:02.000000000 +0200
@@ -142,6 +142,7 @@

 #if HAVE_IPV6
   struct in6_addr ip6;
+  u_int32_t scope6;
 #endif

   /* These 4 are used for the '/mask' style of specifying target
--snap--

--
Henryk Plötz
Grüße aus Berlin
~~~~~~~ Un-CDs, nein danke! http://www.heise.de/ct/cd-register/ ~~~~~~~
~ Help Microsoft fight software piracy: Give Linux to a friend today! ~


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

Current thread:

IPv6 scanning problem R D Smith (Sep 16)
- Re: IPv6 scanning problem Henryk Plötz (Sep 16)
  - Message not available
    - Re: IPv6 scanning problem Henryk Plötz (Sep 16)
    - Re: IPv6 scanning problem R D Smith (Sep 16)