Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: ioctl issue scanning /24 networks
From: Nicolas Greneche <nicolas.greneche () univ-paris13 fr>
Date: Fri, 06 Jun 2014 14:47:29 +0200

Le 06/06/2014 14:09, Daniel Miller a écrit :

Thanks for your bug report.

On Fri, Jun 6, 2014 at 4:25 AM, Nicolas Greneche
<nicolas.greneche () univ-paris13 fr
<mailto:nicolas.greneche () univ-paris13 fr>> wrote:

    epoll_wait(4, {}, 128, 50)              = 0
    ioctl(3, TIOCGPGRP, [0])                = -1 ENOTTY (Inappropriate
    ioctl for device)
    epoll_wait(4, {}, 128, 50)              = 0
    ioctl(3, TIOCGPGRP, [0])                = -1 ENOTTY (Inappropriate
    ioctl for device)
    epoll_wait(4, {}, 128, 50)              = 0
    ioctl(3, TIOCGPGRP, [0])                = -1 ENOTTY (Inappropriate
    ioctl for device)

    Those messages loop forever. Nmap process never exit.

I'm not sure what's the core issue here, but I did look into the ioctl
calls, and they seem to be coming from tty_getchar in nmap_tty.cc. The
call to tcgetpgrp on fd 3 results in ENOTTY, which is ok because
obviously the process forked by python-nmap is not running in a TTY (a
rare case of ENOTTY actually meaning what it says!). We could try to
avoid polling like this when we can detect this situation, but as the
comment in the function states:

         // This is so that when the terminal has been disconnected, it
will be
         // reconnected when possible. If it slows things down, just
remove it

That's it, i run my program from a screen session.

I think this covers the scenario of running Nmap in a GNU Screen
session, for instance, and then disconnecting the session. The process's
output is no longer a TTY, but when you reconnect, you will regain the
ability to send keyboard interaction messages.

Sorry for the long-winded explanation of part of your strace output, but
I wanted to make sure for myself that a recent change to our keyboard
interaction code was not responsible for your problem. It looks instead
like a Nsock issue, based on the epoll_wait calls.

If you can reliably cause the hang (especially if you can do it without
using python-nmap, but by running the command directly), please let us
know if it still hangs with "--nsock-engine select" and provide some
Nmap debugging output "-d" as well.

I can make a shell script that loop on the network blocks and call nmap command for each block ?

Does "--nsock-engine select" stands for a compilation option (but I didn't see it in ./configure --help) or an argument tu nmap command (not seen in nmap -h) ?


Nicolas Grenèche

URL : http://blog.etcshadow.fr
Tel : 01 49 40 40 35
Fax : 01 48 22 81 50
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]