Re: AIX libdnet-stripped patch

["Peter O'Gorman" <nmap-dev () mlists thewrittenword com>]

On Mon, Jan 09, 2012 at 07:43:13PM -0600, Peter O'Gorman wrote:
> I understand now, on AIX 6.1 and 7.1 the patch to eth_send is not
> needed, but it is required on 5.3 and 5.2.
>
> Without it I get:
> Starting Nmap 5.51 ( http://nmap.org ) at 2012-01-10 01:34 UTC
> WARNING:  eth_send of ARP packet returned -1 rather than expected 42
> (errno=59: Message too long)
> WARNING:  eth_send of ARP packet returned -1 rather than expected 42
> (errno=59: Message too long)
> Note: Host seems down. If it is really up, but blocking our ping probes,
> try -Pn
> Nmap done: 1 IP address (0 hosts up) scanned in 1.70 seconds
>
> The write fails with EMSGSIZE for any attempt to write less than the
> minimum ethernet packet size.

Hi,

Did I fail to explain the reason for the patch adequately?

On AIX 6 and later the write() in eth_send currently succeeds even
though nmap is asking it to send an ethernet packet with a payload of
less than 46 bytes because the kernel is padding the payload to bring it
up to the minimum length for an ethernet frame. This appears to be
common behavior.

On earlier AIX systems however, the kernel does not pad short writes,
the write fails with the EMSGSIZE error, causing the above error for
nmap.

The solution is to zero pad the packet before calling write().

Thanks,
Peter
-- 
Peter O'Gorman
pogma () thewrittenword com
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/