Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Problems with nmap with openvz or bridge interfaces
From: Djalal Harouni <tixxdz () opendz org>
Date: Mon, 18 Jun 2012 17:06:05 +0100

First, the solution for OpenVZ containers:
One should setup a veth interface [2] which is like an ethernet device,
and should support all Nmap features...

On Thu, Jun 14, 2012 at 01:17:22PM -0500, Daniel Miller wrote:
I was chatting with Leonardo Amaral on IRC, and he was experiencing the 
same problem. I suggested the patch from 
http://seclists.org/nmap-dev/2012/q2/584 and that solved it for the 
bridge, but not the openvz interface. nmap --iflist was showing 
"INTERFACES: NONE FOUND(!)". I've CC'd him so he can reply with more 
details.
These are virtual network interfaces of type "void" [1]

OpenVZ containers use them for their venet interfaces [2], they do not
support mac addresses, nor arp...

Adding and using the following, like in the previous patch should let Nmap
print interfaces:
#define ARP_HRD_VOID    0xFFFF  /* Void type, nothing is known */

Please note that: that memcpy() for venet is nop since they do not
support MAC addresses.


However I'm sure that this will faile at least for:
(1) Privileged scans will fail for venet interfaces and other IPv6 tricks.

(2) Can't list Nmap routes correctly due to another bug which I'm tracking.
  This is related to the IPv6 merge 'r23778' and some parts that were
  removed.




This is just a note on how Nmap should report interfaces (before adding
any patch):
(1) 'nmap --iflist' should report all the available interfaces and routes.

(2) Add a 'fully supported' field to network interfaces output, to inform
users and reduce the noise about this.



[1] http://lxr.free-electrons.com/ident?i=ARPHRD_VOID
[2] http://wiki.openvz.org/Differences_between_venet_and_veth

Dan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

-- 
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault