Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [nmap-svn] r14148 - in nmap-exp/daniel: ncat-sctp nmap-sctp

From: David Fifield <david () bamsoftware com>
Date: Fri, 10 Jul 2009 12:03:52 -0600
On Fri, Jul 10, 2009 at 01:17:47PM +0200, Daniel Roethlisberger wrote:

David Fifield <david () bamsoftware com> 2009-07-09:

On Thu, Jul 09, 2009 at 02:30:05PM -0700, commit-mailer () insecure org wrote:

Author: daniel
Date: Thu Jul  9 14:30:05 2009
New Revision: 14148

Modified:
   nmap-exp/daniel/ncat-sctp/ncat_broker.c
   nmap-exp/daniel/ncat-sctp/ncat_listen.c
   nmap-exp/daniel/ncat-sctp/ncat_main.c
   nmap-exp/daniel/ncat-sctp/ncat_proxy.c
   nmap-exp/daniel/ncat-sctp/util.c
   nmap-exp/daniel/ncat-sctp/util.h
   nmap-exp/daniel/nmap-sctp/CHANGELOG

Log:
o [Ncat] Implemented support for SCTP listening sockets, including SSL
  support.  Since there is no SSL support for SCTP client sockets yet,
  SSL support is not terribly useful yet. [Daniel Roethlisberger]


Is this code ready to merge? I'd like to have at least the listen mode
changes as soon as they are ready. If you're happy with the Nsock
changes for connect mode then I want those to be merged too.


The listen and connect mode SCTP changes are ready.  I'll merge
them probably tonight after some more pre-merge testing.  If you
had a chance to test the code currently in the nmap-sctp branch
please let me know about any issues or success.


Yeah, I don't have libsctp installed but I have SCTP in the Linux
kernel. Because of a lack of <netinet/sctp.h>, the configure script in
nsock and ncat doesn't build in SCTP support. But if I edit the config.h
files to define HAVE_SCTP, Ncat works with SCTP anyway (after the fix
described in the next paragraph). So a different test would be nice.

I was getting this error:

$ ./ncat --sctp scanme.csnc.ch 7 -vvv
Ncat version 4.85BETA10 ( http://nmap.org/ncat )
NSOCK (0.0030s) SCTP association requested to 213.144.141.30:7 (IOD #1) EID 8
NSOCK (0.3870s) Callback: CONNECT ERROR [Connection refused (111)] for EID 8 [213.144.141.30:7]
DEBUG: Received callback of type CONNECT with status ERROR
Invalid argument.

I tracked the "Invalid argument" to the send call in this code:

    /* First we want to determine whether the socket really is connected */
    if (getsockopt(iod->sd, SOL_SOCKET, SO_ERROR, (char *) &optval, &optlen) != 0)
      optval = socket_errno(); /* Stupid Solaris */
    switch(optval) {
    case 0:
#ifdef LINUX
      if (!FD_ISSET(iod->sd, &ms->mioi.fds_results_r)) {
        /* Linux goofiness -- We need to actually test that it is writeable */
        rc = send(iod->sd, "", 0, 0);

If I comment out the send and assign 0 to rc, Ncat works as expected.
Maybe SCTP doesn't support zero-length messages or something? I don't
know what the "Linux goofiness" is for, but maybe that test only applies
to TCP.

Also, it looks like the <netinet/sctp.h> test is present in
ncat/configure.ac but not ncat/configure. I think it was there before,
so it might have gotten lost during a merge.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: