Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [Nmap, Ncat] Odd Nsock bug related to ENETUNREACH
From: Henri Doreau <henri.doreau () gmail com>
Date: Thu, 5 Jun 2014 21:43:26 +0200

2014-06-05 13:38 GMT+02:00 Jacek Wielemborek <d33tah () gmail com>:

While working on my prototype, I noticed that when you try to
make a connection that results in ENETUNREACH (tested by issuing
ncat -w 1), Nsock blocks forever even if a timeout was
specified. This is probably because it performs a non-blocking
connect() and ignores any error codes other than EINPROGRESS or
EAGAIN, yet it schedules an event. Then, the main loop calls
engine's file descriptor watching function (epoll, select etc) on
an empty FD set, effectively waiting forever.

This affects NSE scripts as well. Create test.nse file with the
folowing code and run nmap --script test.nse -d -sn:

local stdnse = require "stdnse"
local nmap = require "nmap"

hostrule = function()
  return true

action = function(host)
        stdnse.print_debug("test.nse started!")
        local sock = nmap.new_socket()
        local constatus, conerr = sock:connect("", 80)


I believe that Nsock should run the connect handler immediately
when it detects the error, behaving in a way similar to other
error messages.

The box I tested it on is Fedora 20, kernel
3.14.2-200.fc20.x86_64. I can provide any further details if

Jacek Wielemborek

Interesting... I need to investigate this. I have added a new nsock
regression test. What I could observe is that the error is delivered,
but it breaks afterwards due to bad refcounts or something like this
(according to the engine you use). There's definitely something wrong

I'll have a closer look as soon as time permits.


Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]