Wednesday, May 2, 2012

Tip: Fix nmap "Error compiling our pcap filter: icmp7 not supported" on FreeBSD

I was going to start Nmap 5.61TEST5 on FreeBSD when it bricked with the following error:
 Starting Nmap 5.61TEST5 ( http://nmap.org ) at 2012-05-02 15:17 WEST  
 Error compiling our pcap filter: icmp6 not supported  
Found that weird because last time I used security/nmap it worked fine but then again that was something like 3 years ago and the port and the application have been updated since. This lead me to think that most likely an OPTION had been introduced to the port:

  1. # cd /usr/ports/security/nmap
  2. # make config===> No options to configure

While investigating the issue I came across problem report ports/159376: security/nmap 5.59BETA1 not working which described the cause of the problem: since NMAP 5.59BETA1 that there was no option to build the port without IPv6 support.

I was pretty sure I've disabled IPv6 and I confirmed that:

  1. # grep INET6 /etc/src.confWITHOUT_INET6=YES

Fortunately since NMAP 5.61TEST2 a patch was added that introduced a workaround for systems build with WITHOUT_INET6 by using net/libpcap.

This is also documented under /usr/ports/security/nmap/Makefile:
 # XXX: Workaround if OS is build with WITHOUT_INET6  
 # PR: ports/159376  
 #  
 # Note: If this option is specified in src.conf it has to  
 # be defined as param -DWITHOUT_INET6 during build time  
 # since the port system has no access to src.conf  
 .if defined(WITHOUT_INET6)  
 LIB_DEPENDS+= pcap.1:${PORTSDIR}/net/libpcap  
 CONFIGURE_ARGS+= --with-libpcap=${LOCALBASE}  
 .endif
The -DWITHOUT_INET6 option needs to be passed to make while building the port, like so:

  1. # make deinstall clean
  2. # make -DWITHOUT_INET6 install clean

Nothing like well documented problem reports and Makefiles ;)

No comments: