Nmap Development: Re: "dnet: Failed to open device" errors on AIX, as root

[Ben Lentz <ben.lentz () gmail com>]

> Thanks for this output. I think I see what the bug is; in short, it
> looks like a known bug in AIX.
>
> "BIND TO AF_NDD ADDRESS INCORRECTLY FAILS WITH EEXISTS"
> http://www-01.ibm.com/support/docview.wss?uid=isg1IZ76058
> http://www-01.ibm.com/support/docview.wss?uid=isg1IZ67350
>
> The important part of the truss output is
>
> 10485844: 95158519: socket(23, 2, 1)                    = 3
> 10485844: 95158519: bind(3, 0x2FF2024C, 36)             Err#17 EEXIST
> 10485844: 95158519: close(3)                            = 0
>
> which corresponds to this code in in libdnet-stripped/src/eth-ndd.c:
>
>          if ((e->fd = socket(AF_NDD, SOCK_DGRAM, NDD_PROT_ETHER))<  0)
>                  return (eth_close(e));
>          sa.sndd_8022_family = AF_NDD;
>          sa.sndd_8022_len = sizeof(sa);
>          sa.sndd_8022_filtertype = NS_ETHERTYPE;
>          sa.sndd_8022_ethertype = ETH_TYPE_IP;
>          sa.sndd_8022_filterlen = sizeof(struct ns_8022);
>          strlcpy(sa.sndd_8022_nddname, device, sizeof(sa.sndd_8022_nddname));
>          if (bind(e->fd, (struct sockaddr *)&sa, sizeof(sa))<  0)
>                  return (eth_close(e));
>
> It looks like there is an update for the problem that you may be able to
> install. Short of that, I don't think there's anything we can do, so I
> hope the --send-ip workaround is good enough.
>
> David Fifield
Well, that's pretty embarrassing. On AIX 6.1 TL7 SP5 the level of the 
affected AIX fileset devices.common.IBM.ethernet.rte is 6.1.7.16. I 
clicked around through a dozen or so of those APARs and didn't find my 
affected level in the list.
I did more testing, all of the following versions of AIX are giving me 
the same problem (all are /reasonably/ up to date):
- AIX 5.3 TL12 SP5 (5300-12-05-1140) devices.common.IBM.ethernet.rte 
5.3.12.3 - Released the 40th week of 2011
- AIX 6.1 TL6 SP8 (6100-06-08-1216) devices.common.IBM.ethernet.rte 
6.1.6.18 - Released the 16th week of 2012
- AIX 6.1 TL7 SP5 (6100-07-05-1228) devices.common.IBM.ethernet.rte 
6.1.7.16 - Released the 28th week of 2012
The --send-ip workaround works fine on all of the above levels.

The good news is that my systems are all covered under software 
maintenance so I will complain to IBM and report back the result of the 
PMR to this mailing list if you folks are interested.
David, thank you so much for your help. I realize AIX isn't the most 
prevalent of platforms for the nmap user community and I greatly 
appreciate your time.
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/