mailing list archives
Re: nmap: [REGRESSION 5.00-3 -> 6.00-0.3] -sP fails with "nexthost: failed to determine route to X.X.X.X"
From: David Fifield <david () bamsoftware com>
Date: Tue, 6 Aug 2013 17:08:14 -0700
On Tue, Aug 06, 2013 at 10:30:26AM +0300, Timo Juhani Lindfors wrote:
David Fifield <david () bamsoftware com> writes:
Another thing to try: The --route-dst option makes Nmap make a routing
decision, without sending pings or any other traffic. Try something like
sudo nmap --route-dst 10.7.24.1
and see if it increases the number of ARP entries in the cache. If so,
we will have the problem localized closely.
$ for i in $(seq 20 30); do sudo nmap --route-dst 10.7.24.$i > /dev/null 2>&1; ip ntable show dev eth0 name arp_cache
| grep refcnt; done
refcnt 17 reachable 26920 base_reachable 30000 retrans 1000
refcnt 18 reachable 26920 base_reachable 30000 retrans 1000
refcnt 19 reachable 26920 base_reachable 30000 retrans 1000
refcnt 20 reachable 26920 base_reachable 30000 retrans 1000
Thanks for this. I think I have traced down the commit where it started,
r24413. In this commit, we connect a dummy SOCK_DGRAM socket in order to
find out what the kernel thinks our source address should be. I found
that it is exactly at the call to connect in get_srcaddr that an ARP
cache entry gets added.
You can try reproducing it yourself with this Python program:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0)
You should see the cache size change when calling this program with
different IP addresses as arguments.
I was able to reproduce the problem on Debian wheezy (Linux 3.2) with
Nmap 6.00 and 6.40. But: I do not get the problem on Debian testing
(currently Linux 3.9) with any version of Nmap.
I don't know the best thing to do here--r24413 fixed another bug, and
newer releases of Linux don't seem to have the problem. Can you think of
other ways to fix it? Perhaps there is a netlink interface to find out
the recommended source address?
A workaround is to use the -S option (source address).
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/