Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [PATCH] NSE ipv4 checks
From: Djalal Harouni <tixxdz () opendz org>
Date: Sat, 2 Apr 2011 20:26:01 +0100

On 2011-03-28 22:55:33 +0200, Henri Doreau wrote:
2011/3/28 Henri Doreau <henri.doreau () greenbone net>:
2011/3/27 Djalal Harouni <tixxdz () opendz org>:

Speaking about NSE IPv6, there are some scripts which assume that they
are running in the IPv4 mode even if the '-6' option was specified. This
is buggy code.

Scripts that are using protocols which are available _only_ in one mode
IPv4 or IPv6, can call the nmap.address_family() function, check the
returned string 'inet' or 'inet6' and fail silently with a debug


Please find attached a patch that add such a check for several IPv4
only scripts. I have only checked and fixed scripts that perform "raw"
packets manipulation.

The patch also contains error messages standardization, replacing
nmap.log_write() with hardcoded script name by the more common
stdnse.print_debug() using the SCRIPT_NAME variable (as noticed in
The same scripts and functions are concerned by both modifications.


[1] http://seclists.org/nmap-dev/2010/q4/551

With the attachment this time... :-)
Thx Henri.

I'm not sure about the path-mtu since I know that PMTU discovery is
available in IPv6 but perhaps in a different way ? 

Just a small correction in the diff, the debug message of the
dhcp-discover.nse should use SCRIPT_NAME instead of SCRIPT_FAMILY.

David and others what do you think about this ? my concern is reducing
scan failures (aborts).

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]