Interfaces cannot be enumerated on pure IPv6 Linux

[nnposter]

Interfaces cannot be enumerated on a Linux system (Ubuntu 18.04 tested) if it completely lacks IPv4 addresses (including the loopback):

$ ./nmap --iflist
Starting Nmap 7.92SVN ( https://nmap.org ) at 2021-12-18 19:06 MST
INTERFACES: NONE FOUND(!)
ROUTES: NONE FOUND(!)
$ 

As expected, a privileged scan will fail:

$ ./nmap -6 ::1
Starting Nmap 7.92SVN ( https://nmap.org ) at 2021-12-18 19:08 MST
route_dst_netlink: can't find interface "lo"
$ 

Adding a single IPv4 address to any one of the interfaces is an effective workaround:

$ ip a add 169.254.11.22/16 dev ens38
$ nmap --iflist
Starting Nmap 7.92SVN ( https://nmap.org ) at 2021-12-18 19:11 MST
************************INTERFACES************************
DEV   (SHORT) IP/MASK                      TYPE     UP MTU   MAC
ens38 (ens38) 169.254.11.22/16             ethernet up 1500  00:0C:29:D5:7E:57
ens38 (ens38) fe80::4eec:c4e9:392b:bb7d/64 ethernet up 1500  00:0C:29:D5:7E:57
ens33 (ens33) (none)/0                     ethernet up 1500  00:0C:29:D5:7E:4D
lo    (lo)    (none)/0                     loopback up 65536
lo    (lo)    ::1/128                      loopback up 65536

**************************ROUTES**************************
DST/MASK                      DEV   METRIC GATEWAY
169.254.0.0/16                ens38 0
::1/128                       lo    0
fe80::4eec:c4e9:392b:bb7d/128 ens38 0
::1/128                       lo    256
fe80::/64                     ens38 101
fe80::/64                     ens38 256
ff00::/8                      ens38 256

$ nmap -6 ::1
Starting Nmap 7.92SVN ( https://nmap.org ) at 2021-12-18 19:11 MST
Nmap scan report for ip6-localhost (::1)
Host is up (0.0000040s latency).
Not shown: 999 closed tcp ports (reset)
PORT    STATE SERVICE
631/tcp open  ipp

Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds
$

The issue can be traced to a SIOCGIFCONF ioctl call in libdnet:

nmap/libdnet-stripped/src/intf.c

Line 917 in 88c7e9d

if (ioctl(intf->fd, SIOCGIFCONF, &intf->ifc) < 0) {

Specifically, the call succeeds but returns a zero-length array of ifreq structures, which is not altogether surprising. Quoting from the manpage for netdevice:

Return a list of interface (transport layer) addresses. This currently means only addresses of the AF_INET (IPv4) family for compatibility.

The zero-length array is rejected later in the code:

nmap/libdnet-stripped/src/intf.c

Lines 696 to 699 in 88c7e9d

	if (intf->ifc.ifc_len < (int)sizeof(*ifr)) {
	errno = EINVAL;
	return (-1);
	}

I have not investigated what the best course of remediation could be.

[dmiller-nmap]

@nnposter Can you try this patch and see if it works?

diff --git a/libdnet-stripped/src/intf.c b/libdnet-stripped/src/intf.c
index 6180d85..d4faaeb 100644
--- a/libdnet-stripped/src/intf.c
+++ b/libdnet-stripped/src/intf.c
@@ -693,7 +693,7 @@ _intf_get_aliases(intf_t *intf, struct intf_entry *entry)
        struct addr *ap, *lap;
        char *p;

-       if (intf->ifc.ifc_len < (int)sizeof(*ifr)) {
+       if (intf->ifc.ifc_len < (int)sizeof(*ifr) && intf->ifc.ifc_len != 0) {
                errno = EINVAL;
                return (-1);
        }

[nnposter]

Works!