Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PATCH] nping: bind to interface on Linux for IPv4 send-ip

From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 10 Feb 2025 15:08:48 -0600
Thanks, Valdik! I reviewed the code and moved the call to
socket_bindtodevice() to ProbeMode::start() so that it will affect all
modes, not just TCP. The change is in r39078.

Dan

On Thu, May 30, 2024 at 12:54 PM David Fifield <david () bamsoftware com>
wrote:


I was going to ask if the same is needed for IPv6, but SO_BINDTODEVICE
is already being set for IPv6:

https://github.com/nmap/nmap/blob/b6e67f834c8cae6c91a33e13ded0c4936534c3df/nping/ProbeMode.cc#L723

There's a function socket_bindtodevice in Nbase that should perhaps be
used in both these places:

https://github.com/nmap/nmap/blob/b6e67f834c8cae6c91a33e13ded0c4936534c3df/nbase/nbase_misc.c#L264

https://github.com/nmap/nmap/commit/6ec453e4e8ec5e1d7270d305f5818611fd92431c

On Thu, May 30, 2024 at 07:43:46PM +0300, ValdikSS via dev wrote:

Linux RAW sockets need to be bound to interface, if the interface is
L3 tunnel (OpenVPN TUN for example).
Otherwise the packet goes via default route, regardless of
`--interface` or `--source-ip` options.
---
 nping/ProbeMode.cc | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/nping/ProbeMode.cc b/nping/ProbeMode.cc
index 199329b40..ba4c3f82d 100644
--- a/nping/ProbeMode.cc
+++ b/nping/ProbeMode.cc
@@ -807,6 +807,17 @@ int ProbeMode::fillPacketTCP(NpingTarget *target,

u16 port, u8 *buff, int buffle

         }else{
             t.setSum();
         }
+
+        /* Bind IPv4 socket to a specific network interface */
+        if ( o.issetDevice() )  {
+            /* It seems that SO_BINDTODEVICE only work on Linux */
+            #ifdef LINUX
+            if (setsockopt(rawfd, SOL_SOCKET, SO_BINDTODEVICE,

o.getDevice(), strlen(o.getDevice())+1) == -1) {

+                nping_warning(QT_2, "Error binding IPv4 socket to

device %s", o.getDevice() );

+            }
+            #endif
+        }
+
         /* Store result in user supplied buffer */
         *filledlen = i.dumpToBinaryBuffer(buff, bufflen);

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at https://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at https://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread:

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy