Nmap Development mailing list archives
HAVE_IP_IP_SUM 0 doesn't work for root
From: "Hendrickson, Bill J." <hendrickson-bill () zai com>
Date: Tue, 24 Jan 2006 15:56:26 -0500
Hello, I'm cross-compiling nmap and running into the "Host seems down" when the resulting binary is run as root, even after using the HAVE_IP_IP_SUM 0 suggestion. here's my setup: Nmap ver: 3.95 openssl ver: 0.9.7d libpcap ver: 0.8.1 zlib ver: 1.1.3 target ARCH: arm target OS: linux (Embedix) target kernel: 2.4.19 build/host ARCH: i686 build/host OS: Red Hat Enterprise Linux WS release 3 Update 4 build/host kernel: 2.4.21-27.EL build/host cross CC: gcc-cross-sa1100-2.95.2-0 (from www.zaurususergroup.org) build/host binutils: binutils-cross-arm-2.11.2-0 build/host glibc: glibc-arm-2.2.2-0 steps i took to build nmap on build/host: cross-compile/install zlib ( to /opt/nmap ) cross-compile/install libpcap ( to /opt/nmap ) cross-compile/install openssl ( to /opt/nmap ) cross-compile nmap... # ./configure \ --prefix=/opt/nmap \ --with-openssl=/opt/nmap \ --with-libpcap=/opt/nmap \ --host=armv4l-unknown-linux-gnu \ --build=i686 \ --without-nmapfe \ --with-pcap=linux configure ends OK add/modify '#define HAVE_IP_IP_SUM 0' in config.h and nbase/nbase_config.h # make make has some warnings: In file included from tcpip.h: 234, from output.h:122, from nmap.h:405, from main.cc:102: /opt/Embedix/tools/arm-linux/include/netinet/ip_icmp.h:168: warning: 'icmp_pptr' redefined libdnet-stripped/include/dnet/icmp.h:131: warning: this is the location of the previous definition /opt/Embedix/tools/arm-linux/include/netinet/ip_icmp.h:169: warning: 'icmp_gwaddr' redefined libdnet-stripped/include/dnet/icmp.h:144: warning: this is the location of the previous definition /opt/Embedix/tools/arm-linux/include/netinet/ip_icmp.h:277: warning: 'ICMP_INFOTYPE' redefined libdnet-stripped/include/dnet/icmp.h:144: warning: this is the location of the previous definition repeats these warnings for targets.cc,utils.cc, idle_scan.cc, osscan.cc, output.cc,scan_engine.cc, timing.cc, charpool.cc, services.cc, protocols.cc, nmap_rpc.cc, portlist.cc, NmapOps.cc, TargetGroup.cc, Target.cc, FingerPrintResults.cc, service_scan.cc, NmapOutputTable.cc, MACLookup.cc but it finishes successfully (at least it makes the binary 'nmap' and returns with exit code '0') # make install installs all stuff to /opt/nmap so i copy /opt/nmap/* to the proper locations on my ARM PC, ssh to it, and run nmap as root: # nmap localhost -> works as expected # nmap -O localhost -> works as expected # nmap remotepc -> does not work "Note: Host seems down.", etc. "Nmap finished: 1 IP address (0 hosts up)", etc. # nmap -P0 remotepc -> does not work "Nmap finished: 1 IP address (0 hosts up)", etc. now run as joe user: # su -l joe -c 'nmap localhost' -> works as expected # su -l joe -c 'nmap remotepc' -> works as expected so for the interim, i used a wrapper script for root to do this so I could start nmapping. however, as soon as I tried: # su -l joe -c 'nmap -O remotepc' i realized i was caught in a vicious loop, b/c '-O' and others need root juice. buggah! I am stuck. what else can i try? google led me to the HAVE_IP_IP_SUM tip, but nothing else. is there some other way to tell if the created binary has properly integrated that value? btw, the compiler and target machines are not (and cannot easily be) connected to the internet, so bear that in mind... thanx (i.a.) bill _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- HAVE_IP_IP_SUM 0 doesn't work for root Hendrickson, Bill J. (Jan 24)