Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fix for route_dst_netlink: can't find interface

From: David Fifield <david () bamsoftware com>
Date: Sun, 25 Sep 2011 12:57:01 -0700
On Sun, Sep 25, 2011 at 12:20:58PM -0400, Joe McEachern wrote:

Hi,

Running nmap-5.61TEST1 on Ubuntu 10.10
Linux cooley 2.6.35-22-generic #35-Ubuntu SMP Sat Oct 16 20:45:36 UTC 2010
x86_64 GNU/Linux

For some of the IPv6 scans, we always hit a route_dst_netlink: can't find
interface "cdr0" error. cdr0 is a dynamic TAP interface on our system.

We are doing scans like these ...

nmap -n -T4 -v -oN - -PN -sS -6 fe80::2e6b:f5ff:fe1a:9107%cdr0

nmap --iflist shows the interface, but its does not list its IPv6 address.
The address is reported correctly using ifconfig.

I traced the problem back to a libdnet issue in libdnet-stripped/src/intf.c.
When reading /proc/net/if_inet6 there is an assumption that the if_index is
only a 2 digit hex value. This is true most of the time, but if your system
creates/deletes lots of dynamic interfaces, eventually the if_index on an
interface will be greater than 255 and consume more digits in
/proc/net/if_inet6. The sscanf will fail and the IPv6 address will not be
read.

$ ifconfig -a
cdr0      Link encap:Ethernet  HWaddr 00:0a:0a:00:00:01
          inet6 addr: fe80::20a:aff:fe00:1/64 Scope:Link
          inet6 addr: 4444::20a:aff:fe00:1/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

$ nmap --iflist

Starting Nmap 5.61TEST1 ( http://nmap.org ) at 2011-09-24 09:16 EDT
************************INTERFACES************************
DEV      (SHORT)    IP/MASK                     TYPE     UP   MTU   MAC
lo       (lo)       127.0.0.1/8                 loopback up   16436
lo       (lo)       ::1/128                     loopback up   16436
eth1     (eth1)     (null)/0                    ethernet up   1500
 00:04:23:C5:C2:A0
eth0     (eth0)     172.16.1.198/24             ethernet up   1500
 00:1C:C0:93:33:FB
eth0     (eth0)     4444::21c:c0ff:fe93:33fb/64 ethernet up   1500
 00:1C:C0:93:33:FB
eth0     (eth0)     fe80::21c:c0ff:fe93:33fb/64 ethernet up   1500
 00:1C:C0:93:33:FB
eth2     (eth2)     (null)/0                    ethernet up   1500
 00:04:23:C5:C2:A1
vboxnet0 (vboxnet0) (null)/0                    ethernet down 1500
 0A:00:27:00:00:00
cdr0     (cdr0)     (null)/0                    ethernet up   1500
 00:0A:0A:00:00:01


Here is an example of our /proc/net/if_inet6

joe@cooley:~/nmap/nmap-5.61TEST1$ cat /proc/net/if_inet6
fe80000000000000020a0afffe000001 21d 40 20 80     cdr0
4444000000000000020a0afffe000001 21d 40 00 80     cdr0
00000000000000000000000000000001 01 80 10 80       lo

One fix is to relax the %02 to just %x during the sscanf. I've verified that
this resolves the issue for us and IPv6 scans now work for us.


Thanks for excellent analysis and a clear explanation. I have applied
your patch.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: