-6 -sP --traceroute

[jah <jah () zadkiel plus com>]

Hi folks,

If you do

nmap -6 --traceroute <target>

you get a warning to the effect that traceroute is disabled, because it
doesn't work for connect scans - and the scan then proceeds.  On the
other hand,

nmap -6 --traceroute <target> -sP

isn't handled the same way and on windows the scan proceeds until, in
traceroute, we try to index a std::set with NULL instead of a interface
name in win32_warn_raw_sockets().  The attached output.cc.patch prevents
this.
On !windows, the null fails an assertion a little further on, in
my_pcap_open_live() and the patch brings windows into line with this. 
The null pointer arises because a target->devicename is never filled
whilst -6 scanning since any communication is done through the OS.

If I'm not mistaken, --traceroute and -6 are currently incompatible and
so I think disabling traceroute with a warning for "-6 -sP --traceroute"
in the same manner as "-6 --traceroute" is a reasonable thing to do. 
The attached nmap.cc.patch wraps a check for -6 and --traceroute in a
#if HAVE_IPV6 directive and will prevent the --traceroute code ever
being reached.

A side effect of not having a device/interface name available is that,
in NSE, host.interface is not available (neither are src_mac_addr and
mac_addr) and this affects any scripts designed for IPv6 that might use
dnet or pcap as part of the raw sockets api.
At the very least, it's necessary to pass the interface name to any
script (using --script-args) so that the script has something to pass to
pcap_open() and ethernet_open().

I haven't looked in depth at the code, but it seems that collecting
route6 info somewhere during a scan (maybe only if scripting is going to
be run) ought to be enough to improve NSE ethernet/pcap functionality
for IPv6.  Does anyone know any different?  Or a better way?

Regards,

jah

--- nmap.cc.orig        2009-06-03 03:09:06.097625000 +0100
+++ nmap.cc     2009-06-03 03:19:30.722625000 +0100
@@ -1324,7 +1324,13 @@
     }
   }
 
- if(o.traceroute && (o.idlescan || o.connectscan)) {
+#if HAVE_IPV6
+  if(o.af() == AF_INET6 && o.traceroute) {
+     error("Warning: Traceroute does not support IPv6, disabling...");
+     o.traceroute = 0;
+  } else
+#endif
+  if(o.traceroute && (o.idlescan || o.connectscan)) {
     error("Warning: Traceroute does not support idle or connect scan, disabling...");
     o.traceroute = 0;
   }

--- output.cc.orig      2009-06-03 03:40:07.425750000 +0100
+++ output.cc   2009-05-28 03:04:56.540000000 +0100
@@ -293,7 +293,7 @@
 void win32_warn_raw_sockets(const char *devname) {
   static set<string> shown_names;
 
-  if (shown_names.find(devname) == shown_names.end()) {
+  if (devname != NULL && shown_names.find(devname) == shown_names.end()) {
     error("WARNING: Using raw sockets because %s is not an ethernet device. This probably won't work on Windows.\n", 
devname);
     shown_names.insert(devname);
   }


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org