Nmap Development mailing list archives
Re: IPv6 scanning problem
From: R D Smith <smith1rd () gmail com>
Date: Fri, 16 Sep 2005 12:30:46 -0400
Thanks! I did get my testing done by assigning global addresses. I'll see if I can apply your patch to the 3.93 code and get the link local address working. R D On 9/16/05, Henryk Plötz <henryk () ploetzli ch> wrote:
Moin, Am Fri, 16 Sep 2005 09:25:23 -0400 schrieb R D Smith:I can't seem to find your previous post in the archive. How do you specify the scope id for nmap?Hmm, it's not in the archive indeed. Wonder why. I'll repost it below. Begin forwarded message: Date: Sat, 28 May 2005 22:53:53 +0200 From: Henryk Plötz <henryk () ploetzli ch> To: nmap-dev () insecure org Subject: [PATCH] Fix IPv6 scope handling Moin, I further looked into the problem with nmap's current handling of scoped IPv6 addresses: In TargetGroup::parse_expr() the sin6_scope_id which getaddrinfo() returns as part of the ai_addr structure is simply thrown away. That way scoped addresses (especially link-local addresses) like fe80::208:39ff:fe2d:1942%wlan0 are not handled correctly. I've attached a simple patch that stores and restores the scope_id so these addresses will work. With patch: | henryk@gleam nmap$ ./nmap -6 fe80::208:39ff:fe2d:1942%wlan0 | | Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-05-28 | 22:45 CEST | Interesting ports on fe80::208:39ff:fe2d:1942 | (The 1662 ports scanned but not shown below are in state: closed) | PORT STATE SERVICE | 22/tcp open ssh | | Nmap finished: 1 IP address (1 host up) scanned in 11.940 seconds Without patch: | henryk@gleam nmap$ nmap -6 fe80::208:39ff:fe2d:1942%wlan0 | Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-05-28 | 22:49 CEST | Strange read error from fe80::208:39ff:fe2d:1942: Transport endpoint | is not connected | Strange read error from fe80::208:39ff:fe2d:1942: Transport endpoint | is not connected ... --snip-- diff -Naur nmap-3.81/TargetGroup.cc nmap-3.81-v6-link_local/TargetGroup.cc --- nmap-3.81/TargetGroup.cc 2004-11-12 10:35:13.000000000 +0100 +++ nmap-3.81-v6-link_local/TargetGroup.cc 2005-05-28 22:31:12.000000000 +0200 @@ -289,6 +289,7 @@ assert(result->ai_addrlen == sizeof(struct sockaddr_in6)); struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) result->ai_addr; memcpy(ip6.s6_addr, sin6->sin6_addr.s6_addr, 16); + scope6 = sin6->sin6_scope_id; ipsleft = 1; freeaddrinfo(result); #else // HAVE_IPV6 @@ -436,6 +437,7 @@ sin6->sin6_len = *sslen; #endif /* SIN_LEN */ memcpy(sin6->sin6_addr.s6_addr, ip6.s6_addr, 16); + sin6->sin6_scope_id = scope6; #else fatal("IPV6 not supported on this platform"); #endif // HAVE_IPV6 diff -Naur nmap-3.81/TargetGroup.h nmap-3.81-v6-link_local/TargetGroup.h --- nmap-3.81/TargetGroup.h 2004-08-29 11:12:03.000000000 +0200 +++ nmap-3.81-v6-link_local/TargetGroup.h 2005-05-28 22:30:02.000000000 +0200 @@ -142,6 +142,7 @@ #if HAVE_IPV6 struct in6_addr ip6; + u_int32_t scope6; #endif /* These 4 are used for the '/mask' style of specifying target --snap-- -- Henryk Plötz Grüße aus Berlin ~~~~~~~ Un-CDs, nein danke! http://www.heise.de/ct/cd-register/ ~~~~~~~ ~ Help Microsoft fight software piracy: Give Linux to a friend today! ~ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- IPv6 scanning problem R D Smith (Sep 16)
- Re: IPv6 scanning problem Henryk Plötz (Sep 16)
- Message not available
- Re: IPv6 scanning problem Henryk Plötz (Sep 16)
- Re: IPv6 scanning problem R D Smith (Sep 16)
- Message not available
- Re: IPv6 scanning problem Henryk Plötz (Sep 16)