HAVE_IP_IP_SUM 0 doesn't work for root

["Hendrickson, Bill J." <hendrickson-bill () zai com>]

Hello,

I'm cross-compiling nmap and running into the "Host seems down" when the resulting
binary is run as root, even after using the HAVE_IP_IP_SUM 0 suggestion.

here's my setup:

Nmap ver: 3.95
openssl ver: 0.9.7d
libpcap ver: 0.8.1
zlib ver: 1.1.3

target ARCH: arm
target OS: linux (Embedix)
target kernel: 2.4.19

build/host ARCH: i686
build/host OS: Red Hat Enterprise Linux WS release 3 Update 4
build/host kernel: 2.4.21-27.EL
build/host cross CC: gcc-cross-sa1100-2.95.2-0 (from www.zaurususergroup.org)
build/host binutils: binutils-cross-arm-2.11.2-0
build/host glibc: glibc-arm-2.2.2-0

steps i took to build nmap on build/host:

cross-compile/install zlib    ( to /opt/nmap )
cross-compile/install libpcap ( to /opt/nmap )
cross-compile/install openssl ( to /opt/nmap )

cross-compile nmap...

# ./configure \
  --prefix=/opt/nmap \
  --with-openssl=/opt/nmap \
  --with-libpcap=/opt/nmap \
  --host=armv4l-unknown-linux-gnu \
  --build=i686 \
  --without-nmapfe \
  --with-pcap=linux

configure ends OK

add/modify '#define HAVE_IP_IP_SUM 0' in config.h and nbase/nbase_config.h

# make

make has some warnings:

In file included from tcpip.h: 234,
                   from output.h:122,
                 from nmap.h:405,
                   from main.cc:102:
/opt/Embedix/tools/arm-linux/include/netinet/ip_icmp.h:168: warning: 'icmp_pptr' redefined
libdnet-stripped/include/dnet/icmp.h:131: warning: this is the location of the previous definition
/opt/Embedix/tools/arm-linux/include/netinet/ip_icmp.h:169: warning: 'icmp_gwaddr' redefined
libdnet-stripped/include/dnet/icmp.h:144: warning: this is the location of the previous definition
/opt/Embedix/tools/arm-linux/include/netinet/ip_icmp.h:277: warning: 'ICMP_INFOTYPE' redefined
libdnet-stripped/include/dnet/icmp.h:144: warning: this is the location of the previous definition

repeats these warnings for targets.cc,utils.cc, idle_scan.cc, osscan.cc, output.cc,scan_engine.cc,
timing.cc, charpool.cc, services.cc, protocols.cc, nmap_rpc.cc, portlist.cc, NmapOps.cc,
TargetGroup.cc, Target.cc, FingerPrintResults.cc, service_scan.cc, NmapOutputTable.cc, MACLookup.cc

but it finishes successfully (at least it makes the binary 'nmap' and returns with exit code '0')

# make install
installs all stuff to /opt/nmap

so i copy /opt/nmap/* to the proper locations on my ARM PC, ssh to it, and run nmap as root:

# nmap localhost                -> works as expected

# nmap -O localhost             -> works as expected

# nmap remotepc                 -> does not work
"Note: Host seems down.", etc.
"Nmap finished: 1 IP address (0 hosts up)", etc.

# nmap -P0 remotepc             -> does not work
"Nmap finished: 1 IP address (0 hosts up)", etc.

now run as joe user:

# su -l joe -c 'nmap localhost' -> works as expected

# su -l joe -c 'nmap remotepc'  -> works as expected

so for the interim, i used a wrapper script for root to do this so I could start nmapping. 
however, as soon as I tried:

# su -l joe -c 'nmap -O remotepc'
i realized i was caught in a vicious loop, b/c '-O' and others need root juice.  buggah!

I am stuck.  what else can i try?  google led me to the HAVE_IP_IP_SUM tip, but nothing else.  
is there some other way to tell if the created binary has properly integrated that value?

btw, the compiler and target machines are not (and cannot easily be) connected to the internet,
so bear that in mind...

thanx (i.a.)

bill


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev