Re: Nmap/libnetutil: route tables rework

[Djalal Harouni <tixxdz () opendz org>]

David sorry for the delay (paper work).

On Wed, Oct 03, 2012 at 06:23:23PM +0100, Djalal Harouni wrote:
> Hi David,
[...]
> David I'll double check what remains soon. Thanks!
>
> > Omitted; sys_route already has an interface_info member; it should not
> > have a redundant devname as well. We match interfaces by name before
> > entering sysroutes_dnet_find_interfaces, removing the need for name
> > comparisons in each loop in sysroutes_dnet_find_interfaces. These
> > patches together are replaced by "[PATCH 3/4] Assign sys_route
> > interfaces immediately when iface names come from libdnet."
> >     [PATCH 06/24] libnetutil: add the device name support to sys_route struct
> >     [PATCH 08/24] libnetutil: copy device name from libdnet
> >     [PATCH 11/24] libnetutil: check the device name before matching remaining routes
> >     [PATCH 15/24] libnetutil: check the device name before the gateway/destination match
> >     [PATCH 24/24] libnetutil: separate interface name check
> >     [PATCH 16/24] libnetutil: add an error message to note that the device was not found
This is cleaner. Thanks!


> > Omitted; I did not understand the purpose of this patch. May be
> > unnecessary for the same reason as the previous group.
> >     [PATCH 21/24] libnetutil: check if this is the default route
This patch is completed by the:
[PATCH 22/24] libnetutil: fix the ppp match logic

Ok, never mind!


> > Omitted because not necessary.
> >     [PATCH 09/24] libnetutil: Check the device name before any match
> >     [PATCH 10/24] libnetutil: revert last commit
These are buggy patches.

> >     [PATCH 12/24] libnetutil: Add sys_route pointer to reduce dereferences
> >     [PATCH 18/24] libdnet-stripped/route-linux: make iflags unsigned int
Ok

> > Omitted; see below.
> >     [PATCH 22/24] libnetutil: fix the ppp match logic
> >
> > [PATCH 22/24] seems wrong to me. The PPP two-step matching logic
> > definitely worked when it was added in r11591.
> > http://seclists.org/nmap-dev/2008/q4/576
> > It was intentional to match one route's gateway against another route's
> > destination, and not the other way around. Also, with [PATCH 22/24],
> > Nmap reports fewer routes for me on Windows:
Ok! sorry I can't test it since I don't have a PPP interface under hands.


> >  **************************ROUTES**************************
> >  DST/MASK                                 DEV  GATEWAY
> >  172.16.3.62/32                           eth0
> > -255.255.255.255/32                       eth0
> >  192.168.0.255/32                         eth0
> >  127.0.0.1/32                             lo0
> >  127.255.255.255/32                       lo0
> >  172.16.3.255/32                          eth0
> >  192.168.0.2/32                           eth0
> > -255.255.255.255/32                       eth0
> >  172.16.3.0/24                            eth0
> >  192.168.0.0/24                           eth0
> >  127.0.0.0/8                              lo0
> > -224.0.0.0/4                              eth0
> > -224.0.0.0/4                              eth0
> >  0.0.0.0/0                                eth0 192.168.0.1
> >  fe80::356c:d34c:f247:36ef/128            eth0
> >  ::1/128                                  lo0
> >  2001:470:1f05:155e::2/128                eth0
> >  2001:0:9d38:6ab8:1076:3f8d:b4db:5ee3/128 tun0
> >  fe80::1076:3f8d:b4db:5ee3/128            eth0
> >  2001:470:1f05:155e::/64                  eth0
> >  fe80::/64                                eth0
> >  fe80::/64                                eth0
> >  2001::/32                                tun0
> > -ff00::/8                                 eth0
> > -ff00::/8                                 eth0
> > -ff00::/8                                 eth0
> >  ::/0                                     eth0 2001:470:1f05:155e::1
> >
> > I agree with out that sysroutes_dnet_find_interfaces is still kind of a
> > bogus idea, matching routes to interfaces by addresses only because
> > libdnet was formerly not able to give us an interface for each route.
> > This method will continue to be used on all platforms for which libdnet
> > has not been extended to return interfaces, which in this patch set is
> > all but Linux. I don't think it will be hard to add further support for
> > the other most common platforms.
I agree, and you have already added support for Windows and OS X.

Yes making sysroutes_dnet_find_interfaces() a no-op is the best solution.

> > Please check out these patches and tell me what you think.
> >
> > David Fifield
Thanks David for cleaning and committing these series!

I hope that we have closed this bug.

-- 
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/