From f4e06ca3d7daca9c99355d7bdde124b08988d269 Mon Sep 17 00:00:00 2001 From: david Date: Tue, 24 Jul 2012 00:24:11 +0000 Subject: [PATCH] Ignore RTN_UNREACHABLE routes in route_dst_netlink. According to rtnetlink(7), such routes are "an unreachable destination." I get such a route when I ifdown my he-ipv6 interface: $ /sbin/route -n -A inet6 Kernel IPv6 routing table Destination Next Hop Flag Met Ref Use If ::/0 :: !n -1 1 26122 lo The problem with not ignoring such routes is that Nmap will think that the interface to use is lo, and consequently that all the targets are localhost addresses. Ping scan will succeed with a localhost-response, but trying to send any packets will fail with "destination unreachable." Maybe we should do the same thing for these additional values of rtm_type? RTN_BLACKHOLE a packet dropping route RTN_PROHIBIT a packet rejection route --- CHANGELOG | 2 ++ libnetutil/netutil.cc | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 996588c05..bcffec4c2 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,7 @@ # Nmap Changelog ($Id$); -*-text-*- +o Linux unreachable routes are now properly ignored. [David Fifield] + o [NSE] Added smb-vuln-ms10-054 script which check the target system for MS10-054 vulnerability in SMB. [Aleksandar] diff --git a/libnetutil/netutil.cc b/libnetutil/netutil.cc index 977064b11..1f74752cc 100644 --- a/libnetutil/netutil.cc +++ b/libnetutil/netutil.cc @@ -3093,6 +3093,10 @@ static int route_dst_netlink(const struct sockaddr_storage *dst, netutil_fatal("%s: wrong size reply in recvmsg", __func__); len -= NLMSG_LENGTH(sizeof(*nlmsg)); + /* See rtnetlink(7). Anything matching this route is actually unroutable. */ + if (rtmsg->rtm_type == RTN_UNREACHABLE) + return 0; + /* Default values to be possibly overridden. */ rnfo->direct_connect = 1; rnfo->nexthop.ss_family = AF_UNSPEC;