o Added EPROTO to the list of known error codes in service scan. Daniel

Miller reported that an EPROTO was causing Nmap to exit after sending the Sqlping probe during service scan. The error message was "Unexpected error in NSE_TYPE_READ callback. Error code: 71 (Protocol error)". We suspect this was caused by a forged ICMP packet sent by an active firewall.
2026-02-14 17:36:33 +00:00 · 2010-05-06 21:36:11 +00:00
parent e961d42ca4
commit 6fa497f04e
2 changed files with 11 additions and 0 deletions
--- a/7
+++ b/7
@@ -1,5 +1,12 @@
 # Nmap Changelog ($Id$); -*-text-*-

+o Added EPROTO to the list of known error codes in service scan. Daniel
+  Miller reported that an EPROTO was causing Nmap to exit after sending
+  the Sqlping probe during service scan. The error message was
+  "Unexpected error in NSE_TYPE_READ callback. Error code: 71 (Protocol
+  error)". We suspect this was caused by a forged ICMP packet sent by an
+  active firewall.
+
 o [NSE] The dns-recursion script now marks the port when it gets a
  response. This is a patch from Olivier M.

--- a/service_scan.cc
+++ b/service_scan.cc
@@ -2268,6 +2268,10 @@ static void servicescan_read_handler(nsock_pool nsp, nsock_event nse, void *myda
 #ifndef WIN32
    case EPIPE:
 #endif
+    case EPROTO:
+      // EPROTO is suspected to be caused by an active IDS/IPS that forges ICMP
+      // type-12 errors ("Parameter problem"). It's been seen in response to the
+      // Sqlping probe.
    case EIO:
      // Usually an SSL error of some sort (those are presently
      // hardcoded to EIO).  I'll just try the next probe.