Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Interfaces cannot be enumerated on pure IPv6 Linux #2416

Closed
nnposter opened this issue Dec 19, 2021 · 2 comments
Closed

Interfaces cannot be enumerated on pure IPv6 Linux #2416

nnposter opened this issue Dec 19, 2021 · 2 comments

Comments

@nnposter
Copy link

nnposter commented Dec 19, 2021

Interfaces cannot be enumerated on a Linux system (Ubuntu 18.04 tested) if it completely lacks IPv4 addresses (including the loopback):

$ ./nmap --iflist
Starting Nmap 7.92SVN ( https://nmap.org ) at 2021-12-18 19:06 MST
INTERFACES: NONE FOUND(!)
ROUTES: NONE FOUND(!)
$ 

As expected, a privileged scan will fail:

$ ./nmap -6 ::1
Starting Nmap 7.92SVN ( https://nmap.org ) at 2021-12-18 19:08 MST
route_dst_netlink: can't find interface "lo"
$ 

Adding a single IPv4 address to any one of the interfaces is an effective workaround:

$ ip a add 169.254.11.22/16 dev ens38
$ nmap --iflist
Starting Nmap 7.92SVN ( https://nmap.org ) at 2021-12-18 19:11 MST
************************INTERFACES************************
DEV   (SHORT) IP/MASK                      TYPE     UP MTU   MAC
ens38 (ens38) 169.254.11.22/16             ethernet up 1500  00:0C:29:D5:7E:57
ens38 (ens38) fe80::4eec:c4e9:392b:bb7d/64 ethernet up 1500  00:0C:29:D5:7E:57
ens33 (ens33) (none)/0                     ethernet up 1500  00:0C:29:D5:7E:4D
lo    (lo)    (none)/0                     loopback up 65536
lo    (lo)    ::1/128                      loopback up 65536

**************************ROUTES**************************
DST/MASK                      DEV   METRIC GATEWAY
169.254.0.0/16                ens38 0
::1/128                       lo    0
fe80::4eec:c4e9:392b:bb7d/128 ens38 0
::1/128                       lo    256
fe80::/64                     ens38 101
fe80::/64                     ens38 256
ff00::/8                      ens38 256

$ nmap -6 ::1
Starting Nmap 7.92SVN ( https://nmap.org ) at 2021-12-18 19:11 MST
Nmap scan report for ip6-localhost (::1)
Host is up (0.0000040s latency).
Not shown: 999 closed tcp ports (reset)
PORT    STATE SERVICE
631/tcp open  ipp

Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds
$

The issue can be traced to a SIOCGIFCONF ioctl call in libdnet:

if (ioctl(intf->fd, SIOCGIFCONF, &intf->ifc) < 0) {

Specifically, the call succeeds but returns a zero-length array of ifreq structures, which is not altogether surprising. Quoting from the manpage for netdevice:

Return a list of interface (transport layer) addresses. This currently means only addresses of the AF_INET (IPv4) family for compatibility.

The zero-length array is rejected later in the code:

if (intf->ifc.ifc_len < (int)sizeof(*ifr)) {
errno = EINVAL;
return (-1);
}

I have not investigated what the best course of remediation could be.

@dmiller-nmap
Copy link

dmiller-nmap commented Jun 30, 2022

@nnposter Can you try this patch and see if it works?

diff --git a/libdnet-stripped/src/intf.c b/libdnet-stripped/src/intf.c
index 6180d85..d4faaeb 100644
--- a/libdnet-stripped/src/intf.c
+++ b/libdnet-stripped/src/intf.c
@@ -693,7 +693,7 @@ _intf_get_aliases(intf_t *intf, struct intf_entry *entry)
        struct addr *ap, *lap;
        char *p;

-       if (intf->ifc.ifc_len < (int)sizeof(*ifr)) {
+       if (intf->ifc.ifc_len < (int)sizeof(*ifr) && intf->ifc.ifc_len != 0) {
                errno = EINVAL;
                return (-1);
        }

@nnposter
Copy link
Author

nnposter commented Jul 3, 2022

Works!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants