Nmap Development mailing list archives

Re: Nmap/libnetutil: route tables rework

From: Djalal Harouni <tixxdz () opendz org>
Date: Wed, 3 Oct 2012 18:23:23 +0100

Hi David,

On Thu, Sep 27, 2012 at 01:06:59AM -0700, David Fifield wrote:

On Tue, Jun 26, 2012 at 06:50:48PM +0100, Djalal Harouni wrote:

This is a quick summary of the network routes bugs that were reported by
Nmap users on nmap-dev, and others that I've found my self. Some of them
are easy to fix, others are not. David I need your point on the provided
solution and what do you think of updating libdnet ?


Thank you so much, Djalal, for doing this work. I extensively refactored
and rebased this patch set, to the reduced attached patches. I refer to
your patches from
http://seclists.org/nmap-dev/2012/q3/4
http://seclists.org/nmap-dev/2012/q3/115

Thanks, these are the good ones.

I grouped many of the patches differently, and some of them I omitted.
[PATCH 1/4] is, I think, the main idea of this set of patches, which is
that libdnet should return an interface along with each route. Many
other changes seemed to be more complicated than they needed to be; I
tried to simplify them and hopefully I didn't change how they work. This
is a summary of how I handled each of them.

Correct, the main idea was from the
"[PATCH 1/4] Add intf_name to the route_entry struct."

Merged to trunk.
      [PATCH 04/24] libdnet-stripped/route-linux: avoid an off-by-one overwrite.

Ok svn r29878 commit seems to handle this, just a small note: the commit
log says that "sscanf doesn't include the terminator." which is perhaps
ambiguous...

If this is a string input conversion, then it will add a null terminator
that is not *counted* by the maximum field width.

      [PATCH 19/24] libdnet-stripped/route-linux: ipv4 route input contains 11 element

Ok commit r29879.

      [PATCH 17/24] libdnet-stripped/route-linux: check if the IPv6 route is usable

Ok commit r29880.

      [PATCH 20/24] libdnet-stripped/route-linux: ipv6 route: check the number of input elements

Ok commit r29880

Ok commit r29881 is also nice, thanks.

Merged into attached "[PATCH 1/4] Add intf_name to the route_entry struct."
      [PATCH 01/24] libdnet-stripped/route: add the interface name to the route_entry struct
      [PATCH 02/24] libdnet-stripped/route-linux: route_entry should be zeroed
      [PATCH 07/24] libdnet-stripped/route-linux: add a missing struct key word
      [PATCH 24/24] libdnet: intialize route_entry on every loop

Correct! handled by commit svn r29882...

Merged into attached "[PATCH 2/4] Set intf_name in route-linux.c."
      [PATCH 03/24] libdnet-stripped/route-linux: read ipv4 interface name from route entries
      [PATCH 05/24] libdnet-stripped/route-linux: read interface name from IPv6 routes

Ok! handled by commit svn r29883

Merged into attached "[PATCH 4/4] check if the gateway was set in the current route."
      [PATCH 13/24] libnetutil: check if the gateway was set in the current route
      [PATCH 14/24] libnetutil: Add a comment to note the check on the gateway

Nice! handled by commit svn r29885


David I'll double check what remains soon. Thanks!

Omitted; sys_route already has an interface_info member; it should not
have a redundant devname as well. We match interfaces by name before
entering sysroutes_dnet_find_interfaces, removing the need for name
comparisons in each loop in sysroutes_dnet_find_interfaces. These
patches together are replaced by "[PATCH 3/4] Assign sys_route
interfaces immediately when iface names come from libdnet."
      [PATCH 06/24] libnetutil: add the device name support to sys_route struct
      [PATCH 08/24] libnetutil: copy device name from libdnet
      [PATCH 11/24] libnetutil: check the device name before matching remaining routes
      [PATCH 15/24] libnetutil: check the device name before the gateway/destination match
      [PATCH 24/24] libnetutil: separate interface name check
      [PATCH 16/24] libnetutil: add an error message to note that the device was not found

Omitted; I did not understand the purpose of this patch. May be
unnecessary for the same reason as the previous group.
      [PATCH 21/24] libnetutil: check if this is the default route

Omitted because not necessary.
      [PATCH 09/24] libnetutil: Check the device name before any match
      [PATCH 10/24] libnetutil: revert last commit
      [PATCH 12/24] libnetutil: Add sys_route pointer to reduce dereferences
      [PATCH 18/24] libdnet-stripped/route-linux: make iflags unsigned int

Omitted; see below.
      [PATCH 22/24] libnetutil: fix the ppp match logic

[PATCH 22/24] seems wrong to me. The PPP two-step matching logic
definitely worked when it was added in r11591.
http://seclists.org/nmap-dev/2008/q4/576
It was intentional to match one route's gateway against another route's
destination, and not the other way around. Also, with [PATCH 22/24],
Nmap reports fewer routes for me on Windows:

 **************************ROUTES**************************
 DST/MASK                                 DEV  GATEWAY
 172.16.3.62/32                           eth0
-255.255.255.255/32                       eth0
 192.168.0.255/32                         eth0
 127.0.0.1/32                             lo0
 127.255.255.255/32                       lo0
 172.16.3.255/32                          eth0
 192.168.0.2/32                           eth0
-255.255.255.255/32                       eth0
 172.16.3.0/24                            eth0
 192.168.0.0/24                           eth0
 127.0.0.0/8                              lo0
-224.0.0.0/4                              eth0
-224.0.0.0/4                              eth0
 0.0.0.0/0                                eth0 192.168.0.1
 fe80::356c:d34c:f247:36ef/128            eth0
 ::1/128                                  lo0
 2001:470:1f05:155e::2/128                eth0
 2001:0:9d38:6ab8:1076:3f8d:b4db:5ee3/128 tun0
 fe80::1076:3f8d:b4db:5ee3/128            eth0
 2001:470:1f05:155e::/64                  eth0
 fe80::/64                                eth0
 fe80::/64                                eth0
 2001::/32                                tun0
-ff00::/8                                 eth0
-ff00::/8                                 eth0
-ff00::/8                                 eth0
 ::/0                                     eth0 2001:470:1f05:155e::1

I agree with out that sysroutes_dnet_find_interfaces is still kind of a
bogus idea, matching routes to interfaces by addresses only because
libdnet was formerly not able to give us an interface for each route.
This method will continue to be used on all platforms for which libdnet
has not been extended to return interfaces, which in this patch set is
all but Linux. I don't think it will be hard to add further support for
the other most common platforms.

Please check out these patches and tell me what you think.

David Fifield


-- 
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: Nmap/libnetutil: route tables rework Djalal Harouni (Oct 03)
- Re: Nmap/libnetutil: route tables rework David Fifield (Oct 03)
- Re: Nmap/libnetutil: route tables rework Djalal Harouni (Oct 14)