Re: [nmap-svn] r14148 - in nmap-exp/daniel: ncat-sctp nmap-sctp

[Daniel Roethlisberger <daniel () roe ch>]

David Fifield <david () bamsoftware com> 2009-07-10:
> On Fri, Jul 10, 2009 at 01:17:47PM +0200, Daniel Roethlisberger wrote:
> > David Fifield <david () bamsoftware com> 2009-07-09:
> > > On Thu, Jul 09, 2009 at 02:30:05PM -0700, commit-mailer () insecure org wrote:
> > > > Author: daniel
> > > > Date: Thu Jul  9 14:30:05 2009
> > > > New Revision: 14148
> > > >
> > > > Modified:
> > > >    nmap-exp/daniel/ncat-sctp/ncat_broker.c
> > > >    nmap-exp/daniel/ncat-sctp/ncat_listen.c
> > > >    nmap-exp/daniel/ncat-sctp/ncat_main.c
> > > >    nmap-exp/daniel/ncat-sctp/ncat_proxy.c
> > > >    nmap-exp/daniel/ncat-sctp/util.c
> > > >    nmap-exp/daniel/ncat-sctp/util.h
> > > >    nmap-exp/daniel/nmap-sctp/CHANGELOG
> > > >
> > > > Log:
> > > > o [Ncat] Implemented support for SCTP listening sockets, including SSL
> > > >   support.  Since there is no SSL support for SCTP client sockets yet,
> > > >   SSL support is not terribly useful yet. [Daniel Roethlisberger]
> > >
> > > Is this code ready to merge? I'd like to have at least the listen mode
> > > changes as soon as they are ready. If you're happy with the Nsock
> > > changes for connect mode then I want those to be merged too.
> >
> > The listen and connect mode SCTP changes are ready.  I'll merge
> > them probably tonight after some more pre-merge testing.  If you
> > had a chance to test the code currently in the nmap-sctp branch
> > please let me know about any issues or success.
>
> Yeah, I don't have libsctp installed but I have SCTP in the Linux
> kernel. Because of a lack of <netinet/sctp.h>, the configure script in
> nsock and ncat doesn't build in SCTP support. But if I edit the config.h
> files to define HAVE_SCTP, Ncat works with SCTP anyway (after the fix
> described in the next paragraph). So a different test would be nice.

I'll have to do some testing on Linux in order to figure out how
best to test for it.  Probably by compiling a minimal program
instead of testing for the header.

> I was getting this error:
>
> $ ./ncat --sctp scanme.csnc.ch 7 -vvv
> Ncat version 4.85BETA10 ( http://nmap.org/ncat )
> NSOCK (0.0030s) SCTP association requested to 213.144.141.30:7 (IOD #1) EID 8
> NSOCK (0.3870s) Callback: CONNECT ERROR [Connection refused (111)] for EID 8 [213.144.141.30:7]
> DEBUG: Received callback of type CONNECT with status ERROR
> Invalid argument.
>
> I tracked the "Invalid argument" to the send call in this code:
>
>     /* First we want to determine whether the socket really is connected */
>     if (getsockopt(iod->sd, SOL_SOCKET, SO_ERROR, (char *) &optval, &optlen) != 0)
>       optval = socket_errno(); /* Stupid Solaris */
>     switch(optval) {
>     case 0:
> #ifdef LINUX
>       if (!FD_ISSET(iod->sd, &ms->mioi.fds_results_r)) {
>         /* Linux goofiness -- We need to actually test that it is writeable */
>         rc = send(iod->sd, "", 0, 0);
>
> If I comment out the send and assign 0 to rc, Ncat works as expected.
> Maybe SCTP doesn't support zero-length messages or something? I don't
> know what the "Linux goofiness" is for, but maybe that test only applies
> to TCP.

I'll look into it.  Looks like that code really isn't ready for
prime time yet.

> Also, it looks like the <netinet/sctp.h> test is present in
> ncat/configure.ac but not ncat/configure. I think it was there before,
> so it might have gotten lost during a merge.

Thanks, forgot to regen it; I always do that in a separate commit
in order not to clutter the changeset with generated files.

-- 
Daniel Roethlisberger
http://daniel.roe.ch/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org