Re: Nmap labeled ethernet address problem

[bensonk () acm wwu edu]

I looked into it a few days ago and came to a fairly similar conclusion,
but wasn't confident enough in it to say anything to the mailing list.
But, everything I found agreed with what Kris said.  I also noticed that
if you set an interface alias to something that doesn't start with
"ifname:" the ifconfig tool completely pukes.  So, I think it's either a
problem with the "ip" tool, or whoever's architecting the networking API
in linux not specifying clearly what aliases should look like.  

Benson

On Tue, Apr 29, 2008 at 09:27:21PM -0500, Kris Katterjohn wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hey Fyodor,
>
> Fyodor wrote:
> > Nmap seems to quit when it encounters labeled ethernet addresses on
> > Linux.
> <snip>
> > > # ip addr add 1.1.1.1/32 dev eth0 label eth0vip
> > > # ip addr list dev eth0
> > > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
> > >     link/ether 00:12:79:de:38:13 brd ff:ff:ff:ff:ff:ff
> > >     inet 192.34.35.49/28 brd 192.34.35.63 scope global eth0
> > >     inet 1.1.1.1/32 scope global eth0vip
> > >     inet6 fe80::212:79ff:fede:3813/64 scope link
> > >        valid_lft forever preferred_lft forever
> > > # nmap -sP -PI 192.34.35.1-5
> > >
> > > Starting Nmap 4.60 ( http://nmap.org ) at 2008-04-17 17:33 MDT
> > > Failed to determine the netmask of eth0vip!: No such device (19)
>
> I've been looking into this.  It looks like "labels" are the same as the
> older "aliases", which are traditionally either the same name as the
> interface (as on BSD) or prefixed with the interface name and a colon
> (as on Solaris).  Linux seems to support both.
>
> Nmap already knows about the colon notation:
>
> Strncpy(mydevs[numifaces].devname, ifr->ifr_name, [...]);
> /* devname isn't allowed to have alias qualification */
> if ((p = strchr(mydevs[numifaces].devname, ':')))
>   *p = '\0';
>
> I confirmed that using a label of "eth0:0" works as expected.
>
> After devname stuff, the netmask stuff is done:
>
> Strncpy(tmpifr.ifr_name, ifr->ifr_name, sizeof(tmpifr.ifr_name));
> memcpy(&(tmpifr.ifr_addr), sin, [...]);
> rc = ioctl(sd, SIOCGIFNETMASK, &tmpifr);
>
> But notice that ifr->ifr_name is used rather than devname, so the
> SIOCGIFNETMASK apparently works for aliases and labels *if* they're in
> the right format.
>
> The ip manpage on my system says this about labels:
>
> "Each address may be tagged with a label string.  In order to preserve
> compatibility with Linux-2.0 net aliases, this string must coincide with
> the name of the device or must be prefixed with the device name followed
> by colon."
>
> So it seems that Nmap isn't at fault, but rather the user for selecting
> the improper label and ip for not producing an error or warning.
>
> So given this, I'm not sure what should be done about it :)
>
> > Cheers,
> > -F
>
> Thanks,
> Kris Katterjohn
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iQIVAwUBSBfZB/9K37xXYl36AQLTPw//W6U3AEkbMuB4farS7sAjdwfY5ltpoRBu
> 7qkvKtpAMYyRmwUr/ZJyaLppmUUAtzmzX8t2cK9F5cLHor5Zbp+j4i+DoEiMrgD+
> 4qtrDQ4h7WjNEljE5m5tZqhy/Oa9JD6LGwXLnhsNINi8jYz9+hBDii3fuQu1HLi8
> ILEoRDmN3eEKooX9Fiexk8uDqF+O5TLpFNM08dP7+6nDHxXU+5sraF2IX28MHpZ6
> SKGPu2qKhFd0hdeT+75qiNH447izp9d3B154blxyaf3hOjJ7Vv6Z0n25yRS2wgJk
> 4UCrhEPr2LFaH4xaQixYWh68q5WwoVmEZeHoeXDRKfv2V30Bj3tjq92ZzAR2iNf9
> 1WPPsy8ajcrMCVah3Ndityj2rq8eFR4CgvU9w3kQ0Sp8MK+UzJGGvypMz7tAb+PV
> nKibp29srfF2e+i0GWyeI9AvTHSmAY8m/wTdnBUapi5vV7iRBut5pNQGLPq6atAh
> 7B6+fiTdkjZZsz6A+rL9N7X/Cy3P6ZF0du1+O6MfnBeDTx1LZCeVlnGVLP8MVK6e
> gk6LSdQcmtrb3JTmsTNBO+SA6pGyNV+OdZb2xp6iepwrXfpWPn6OT2QOm7nDRic/
> T/LW34BPYWhEy0KBtlWRpJ11cvd8EalZETG7f7CrW36Tdq6yLObKgxZ2KBdJZ3Xt
> IfjphZ5OCcc=
> =aC3+
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org

Attachment: _bin
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org