When iterating over the interface list on systems that have sa_len, only

allow the sa_len to increase the size of the current structure, not
decrease it below sizeof(struct ifreq). Doing it this way makes it work
on NetBSD. This technique more or less matches that used in Unix Network
Programming, 3rd Edition, section 17.6. The old implementation was
likely incorrect, though it happened to work on FreeBSD.

CHANGELOG

@@ -2,6 +2,12 @@
 
 [NOT YET RELEASED]
 
+o Fixed reading of the interface table on NetBSD. Running nmap
+  --iflist would report "INTERFACES: NONE FOUND(!)" and any scan done
+  as root would fail with "WARNING: Unable to find appropriate
+  interface for system route to...". This was first reported by Jay
+  Fink, and had already been patched in the NetBSD pkgsrc tree.
+
 o [NSE] The unpwdb library now has a default time limit on the
   usernames and passwords iterators. This will prevent brute force
   scripts from running for a long time when a service is slow. These

tcpip.cc

@@ -3105,12 +3105,12 @@ static struct interface_info *getinterfaces_siocgifconf(int *howmany) {
     int rc;
     char *p;
 
-    /* On some platforms (such as FreeBSD), the length of each ifr changes
-       based on the sockaddr type used, so we get the next length now. */
-#if HAVE_SOCKADDR_SA_LEN
-    len = ifr->ifr_addr.sa_len + sizeof(ifr->ifr_name);
-#else
     len = sizeof(struct ifreq);
+#if HAVE_SOCKADDR_SA_LEN
+    /* Some platforms (such as FreeBSD) have an sa_len member that may make the
+       ifr longer than sizeof(struct ifreq). */
+    if (ifr->ifr_addr.sa_len > sizeof(ifr->ifr_ifru))
+      len += ifr->ifr_addr.sa_len - sizeof(ifr->ifr_ifru);
 #endif
 
     /* skip any device with no name */