Nmap Development mailing list archives

Re: route_dst_netlink: can't find interface

From: Djalal Harouni <tixxdz () opendz org>
Date: Mon, 24 Sep 2012 13:24:09 +0100

Hi,

Thanks for the output, please see below.

On Sun, Sep 23, 2012 at 02:29:06PM -0700, David Fifield wrote:

On Sat, Sep 22, 2012 at 04:45:21PM +0200, Sebastiaan Vileijn wrote:

I'm running nmap-6.01 on Gentoo Linux. nmap is unable to find any of the interfaces on the machine:

# nmap -version

Nmap version 6.01 ( http://nmap.org )
Platform: i686-pc-linux-gnu
Compiled with: liblua-5.1.4 openssl-1.0.0j libpcre-8.30 libpcap-1.1.1 nmap-libdnet-1.12 ipv6
Compiled without:

# nmap -sP 192.168.5.1

Starting Nmap 6.01 ( http://nmap.org ) at 2012-09-22 14:02 CEST
route_dst_netlink: can't find interface "eth0"

#  nmap --iflist -d3

Starting Nmap 6.01 ( http://nmap.org ) at 2012-09-22 16:05 CEST
Fetchfile found /usr/bin/../share/nmap/nmap-services
PORTS: Using top 1000 ports found open (TCP:1000, UDP:0, SCTP:0)
INTERFACES: NONE FOUND(!)
Reason: getinterfaces_dnet: intf_loop() failed
ROUTES: NONE FOUND(!)
Reason: getsysroutes_dnet: sysroutes_dnet_find_interfaces() failed

# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:05:5d:06:7f:71 brd ff:ff:ff:ff:ff:ff
3: eth4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:40:f4:6e:15:a8 brd ff:ff:ff:ff:ff:ff
4: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:c0:df:0e:10:ff brd ff:ff:ff:ff:ff:ff
5: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:50:da:4b:76:97 brd ff:ff:ff:ff:ff:ff
    inet 192.168.5.2/24 brd 192.168.5.255 scope global eth0
    inet 192.168.5.3/24 brd 192.168.5.255 scope global secondary eth0
    inet6 fe80::250:daff:fe4b:7697/64 scope link 
       valid_lft forever preferred_lft forever
6: wifi0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 199
    link/ieee802.11 00:13:46:74:2e:1a brd ff:ff:ff:ff:ff:ff
7: ath0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether 00:13:46:74:2e:1a brd ff:ff:ff:ff:ff:ff
    inet 192.168.20.1/24 brd 192.168.20.255 scope global ath0
    inet6 fe80::213:46ff:fe74:2e1a/64 scope link 
       valid_lft forever preferred_lft forever

interface ath0/wifi0 seems to be the culprit. If I unload the kernel modules , nmap is able to find the other 
interfaces:

# nmap --iflist

Starting Nmap 6.01 ( http://nmap.org ) at 2012-09-22 15:08 CEST
************************INTERFACES************************
DEV  (SHORT) IP/MASK                     TYPE     UP   MTU   MAC
lo   (lo)    127.0.0.1/8                 loopback up   16436
lo   (lo)    ::1/128                     loopback up   16436
eth2 (eth2)  (null)/0                    ethernet down 1500  00:05:5D:06:7F:71
eth4 (eth4)  (null)/0                    ethernet down 1500  00:40:F4:6E:15:A8
eth3 (eth3)  (null)/0                    ethernet down 1500  00:C0:DF:0E:10:FF
eth0 (eth0)  192.168.5.2/24              ethernet up   1500  00:50:DA:4B:76:97
eth0 (eth0)  192.168.5.3/24              ethernet up   1500  00:50:DA:4B:76:97
eth0 (eth0)  fe80::250:daff:fe4b:7697/64 ethernet up   1500  00:50:DA:4B:76:97

**************************ROUTES**************************
DST/MASK       DEV  GATEWAY
192.168.5.0/24 eth0
127.0.0.0/8    lo   127.0.0.1
0.0.0.0/0      eth0 192.168.5.1

ath0/wifi0 is an Atheros wireless network card using the madwifi svn r4165 kernel module. The card is operating in 
access point mode.
Any pointers on how I can debug this? I've tried nmap from svn (r29847) as well, but it failed too.


Please double-check that the svn version doesn't work. This sounds very
much like this bug:

Re: libdnet problem with monitor mode interfaces
http://seclists.org/nmap-dev/2012/q2/529

If this doesn't work, there is probably a failure inside libdnet. Try
running nmap in gdb and setting a breakpoint on the functions addr_ston
and intf_loop. Try using the "fin" command to see if any of the calls
are exiting abnormally.

David the 'ip addr show' maps to 'link/ieee802.11'

From [1] line 99:

__PF(IEEE80211,ieee802.11)

From [2] line 86:

#define ARPHRD_IEEE80211 801          /* IEEE 802.11                  */

Adding this to libdnet would do the trick.

[1] http://git.kernel.org/?p=linux/kernel/git/shemminger/iproute2.git;a=blob;f=lib/ll_types.c#l99
[2] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=blob;f=include/linux/if_arp.h#l86

I'll write a patch later, thanks.

-- 
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

route_dst_netlink: can't find interface Sebastiaan Vileijn (Sep 23)
- Re: route_dst_netlink: can't find interface David Fifield (Sep 23)
  - Re: route_dst_netlink: can't find interface Djalal Harouni (Sep 24)
    - Re: route_dst_netlink: can't find interface David Fifield (Sep 24)
    - Re: route_dst_netlink: can't find interface Djalal Harouni (Sep 26)
- Re: route_dst_netlink: can't find interface Djalal Harouni (Sep 25)
  - Re: route_dst_netlink: can't find interface Sebastiaan Vileijn (Sep 27)