'nmap -S <src_addr>' does not use 'iproute2' alternate routing table

[starlight.2012q3 () binnacle cx]

'nmap' does not make use of 'iproute2'
alternate routing tables selected by
source address.  So

# nmap -e eth4 -S 172.29.87.84 <target>

Uses the generic default-route of
172.29.79.2 via 'eth5' instead of the
source-route default of 172.29.86.1
via 'eth4'.  Confirmed this with
'tcpdump'.

Seems like 'nmap' ought to handle this
scenario correctly.  In our case 'eth4'
faces the Internet and 'eth5' routes
through a Cisco ASA, so it is preferable
to use the direct path for scanning.

Both 'ping' and 'traceroute' correctly
use the source address selected routing
table.  Checked it with 'tcpdump'.

Built 'nmap' from SVN 29648 pulled 8/22/12.

-----

$ ip rule show
0:      from all lookup local
32764:  from 172.29.86.4 lookup eth4
32765:  from 172.29.79.1 lookup eth5
32766:  from all lookup main
32767:  from all lookup default

$ ip route show table eth4
172.29.79.0/24 dev eth5  scope link
172.29.88.0/24 dev eth1  scope link
172.29.87.0/24 dev eth0  scope link
172.29.86.0/24 dev eth4  scope link  src 172.29.86.4
127.0.0.0/8 dev lo  scope link
default via 172.29.86.1 dev eth4

$ ip route show table main
172.29.79.0/24 dev eth5  scope link  src 172.29.79.1
172.29.91.0/24 via 172.29.83.6 dev tun0
172.29.88.0/24 dev eth1  scope link  src 172.29.88.1
172.29.87.0/24 dev eth0  scope link  src 172.29.87.1
172.29.86.0/24 dev eth4  scope link  src 172.29.86.4
172.29.85.0/24 dev tun1  scope link  src 172.29.85.1
172.29.83.0/24 dev tun0  scope link  src 172.29.83.1
172.29.82.0/24 dev tun2  scope link  src 172.29.82.1
172.29.81.0/24 dev tun3  scope link  src 172.29.81.1
default via 172.29.79.2 dev eth5

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/