network/netcat-openbsd: Removed unused patches.
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
This commit is contained in:
parent
3fa270fe68
commit
829beda698
|
@ -1,485 +0,0 @@
|
|||
From: Aron Xu <aron@debian.org>
|
||||
Date: Mon, 13 Feb 2012 15:59:31 +0800
|
||||
Subject: port to linux with libsd
|
||||
|
||||
---
|
||||
Makefile | 15 ++++++-
|
||||
nc.1 | 3 -
|
||||
netcat.c | 131 ++++++++++++++++++++++++++++++++++++++++++++++++---------------
|
||||
socks.c | 48 +++++++++++------------
|
||||
4 files changed, 140 insertions(+), 57 deletions(-)
|
||||
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -5,4 +5,17 @@ SRCS= netcat.c atomicio.c socks.c
|
||||
LDADD+= -ltls -lssl -lcrypto
|
||||
DPADD+= ${LIBTLS} ${LIBSSL} ${LIBCRYPTO}
|
||||
|
||||
-.include <bsd.prog.mk>
|
||||
+LIBS= `pkg-config --libs libbsd` -lresolv
|
||||
+OBJS= $(SRCS:.c=.o)
|
||||
+CFLAGS= -g -O2
|
||||
+LDFLAGS= -Wl,--no-add-needed
|
||||
+
|
||||
+all: nc
|
||||
+nc: $(OBJS)
|
||||
+ $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) $(LIBS) -o nc
|
||||
+
|
||||
+$(OBJS): %.o: %.c
|
||||
+ $(CC) $(CFLAGS) -c $< -o $@
|
||||
+
|
||||
+clean:
|
||||
+ rm -f $(OBJS) nc
|
||||
--- a/nc.1
|
||||
+++ b/nc.1
|
||||
@@ -213,8 +213,6 @@ Proxy authentication is only supported f
|
||||
Specify the source port
|
||||
.Nm
|
||||
should use, subject to privilege restrictions and availability.
|
||||
-Cannot be used together with
|
||||
-.Fl l .
|
||||
.It Fl R Ar CAfile
|
||||
Load the root CA bundle for TLS certificate verification from
|
||||
.Ar CAfile ,
|
||||
@@ -274,6 +272,7 @@ For the IPv4 TOS/IPv6 traffic class valu
|
||||
may be one of
|
||||
.Cm critical ,
|
||||
.Cm inetcontrol ,
|
||||
+.Cm lowcost ,
|
||||
.Cm lowdelay ,
|
||||
.Cm netcontrol ,
|
||||
.Cm throughput ,
|
||||
--- a/netcat.c
|
||||
+++ b/netcat.c
|
||||
@@ -32,6 +32,8 @@
|
||||
* *Hobbit* <hobbit@avian.org>.
|
||||
*/
|
||||
|
||||
+#define _GNU_SOURCE
|
||||
+
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/uio.h>
|
||||
@@ -41,6 +43,49 @@
|
||||
#include <netinet/tcp.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <arpa/telnet.h>
|
||||
+#ifdef __linux__
|
||||
+# include <linux/in6.h>
|
||||
+#endif
|
||||
+
|
||||
+#ifndef IPTOS_LOWDELAY
|
||||
+# define IPTOS_LOWDELAY 0x10
|
||||
+# define IPTOS_THROUGHPUT 0x08
|
||||
+# define IPTOS_RELIABILITY 0x04
|
||||
+# define IPTOS_LOWCOST 0x02
|
||||
+# define IPTOS_MINCOST IPTOS_LOWCOST
|
||||
+#endif /* IPTOS_LOWDELAY */
|
||||
+
|
||||
+# ifndef IPTOS_DSCP_AF11
|
||||
+# define IPTOS_DSCP_AF11 0x28
|
||||
+# define IPTOS_DSCP_AF12 0x30
|
||||
+# define IPTOS_DSCP_AF13 0x38
|
||||
+# define IPTOS_DSCP_AF21 0x48
|
||||
+# define IPTOS_DSCP_AF22 0x50
|
||||
+# define IPTOS_DSCP_AF23 0x58
|
||||
+# define IPTOS_DSCP_AF31 0x68
|
||||
+# define IPTOS_DSCP_AF32 0x70
|
||||
+# define IPTOS_DSCP_AF33 0x78
|
||||
+# define IPTOS_DSCP_AF41 0x88
|
||||
+# define IPTOS_DSCP_AF42 0x90
|
||||
+# define IPTOS_DSCP_AF43 0x98
|
||||
+# define IPTOS_DSCP_EF 0xb8
|
||||
+#endif /* IPTOS_DSCP_AF11 */
|
||||
+
|
||||
+#ifndef IPTOS_DSCP_CS0
|
||||
+# define IPTOS_DSCP_CS0 0x00
|
||||
+# define IPTOS_DSCP_CS1 0x20
|
||||
+# define IPTOS_DSCP_CS2 0x40
|
||||
+# define IPTOS_DSCP_CS3 0x60
|
||||
+# define IPTOS_DSCP_CS4 0x80
|
||||
+# define IPTOS_DSCP_CS5 0xa0
|
||||
+# define IPTOS_DSCP_CS6 0xc0
|
||||
+# define IPTOS_DSCP_CS7 0xe0
|
||||
+#endif /* IPTOS_DSCP_CS0 */
|
||||
+
|
||||
+#ifndef IPTOS_DSCP_EF
|
||||
+# define IPTOS_DSCP_EF 0xb8
|
||||
+#endif /* IPTOS_DSCP_EF */
|
||||
+
|
||||
|
||||
#include <ctype.h>
|
||||
#include <err.h>
|
||||
@@ -56,6 +101,8 @@
|
||||
#include <time.h>
|
||||
#include <tls.h>
|
||||
#include <unistd.h>
|
||||
+#include <bsd/stdlib.h>
|
||||
+#include <bsd/string.h>
|
||||
|
||||
#include "atomicio.h"
|
||||
|
||||
@@ -269,10 +316,14 @@ main(int argc, char *argv[])
|
||||
uflag = 1;
|
||||
break;
|
||||
case 'V':
|
||||
+# if defined(RT_TABLEID_MAX)
|
||||
rtableid = (int)strtonum(optarg, 0,
|
||||
RT_TABLEID_MAX, &errstr);
|
||||
if (errstr)
|
||||
errx(1, "rtable %s: %s", errstr, optarg);
|
||||
+# else
|
||||
+ errx(1, "no alternate routing table support available");
|
||||
+# endif
|
||||
break;
|
||||
case 'v':
|
||||
vflag = 1;
|
||||
@@ -321,7 +372,11 @@ main(int argc, char *argv[])
|
||||
oflag = optarg;
|
||||
break;
|
||||
case 'S':
|
||||
+# if defined(TCP_MD5SIG)
|
||||
Sflag = 1;
|
||||
+# else
|
||||
+ errx(1, "no TCP MD5 signature support available");
|
||||
+# endif
|
||||
break;
|
||||
case 'T':
|
||||
errstr = NULL;
|
||||
@@ -346,14 +401,23 @@ main(int argc, char *argv[])
|
||||
argc -= optind;
|
||||
argv += optind;
|
||||
|
||||
+# if defined(RT_TABLEID_MAX)
|
||||
if (rtableid >= 0)
|
||||
if (setrtable(rtableid) == -1)
|
||||
err(1, "setrtable");
|
||||
+# endif
|
||||
|
||||
/* Cruft to make sure options are clean, and used properly. */
|
||||
if (argv[0] && !argv[1] && family == AF_UNIX) {
|
||||
host = argv[0];
|
||||
uport = NULL;
|
||||
+ } else if (!argv[0] && lflag) {
|
||||
+ if (sflag)
|
||||
+ errx(1, "cannot use -s and -l");
|
||||
+ if (pflag)
|
||||
+ errx(1, "cannot use -p and -l");
|
||||
+ if (zflag)
|
||||
+ errx(1, "cannot use -z and -l");
|
||||
} else if (argv[0] && !argv[1]) {
|
||||
if (!lflag)
|
||||
usage(1);
|
||||
@@ -389,33 +453,6 @@ main(int argc, char *argv[])
|
||||
}
|
||||
}
|
||||
|
||||
- if (family == AF_UNIX) {
|
||||
- if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
|
||||
- err(1, "pledge");
|
||||
- } else if (Fflag && Pflag) {
|
||||
- if (pledge("stdio inet dns sendfd tty", NULL) == -1)
|
||||
- err(1, "pledge");
|
||||
- } else if (Fflag) {
|
||||
- if (pledge("stdio inet dns sendfd", NULL) == -1)
|
||||
- err(1, "pledge");
|
||||
- } else if (Pflag && usetls) {
|
||||
- if (pledge("stdio rpath inet dns tty", NULL) == -1)
|
||||
- err(1, "pledge");
|
||||
- } else if (Pflag) {
|
||||
- if (pledge("stdio inet dns tty", NULL) == -1)
|
||||
- err(1, "pledge");
|
||||
- } else if (usetls) {
|
||||
- if (pledge("stdio rpath inet dns", NULL) == -1)
|
||||
- err(1, "pledge");
|
||||
- } else if (pledge("stdio inet dns", NULL) == -1)
|
||||
- err(1, "pledge");
|
||||
-
|
||||
- if (lflag && sflag)
|
||||
- errx(1, "cannot use -s and -l");
|
||||
- if (lflag && pflag)
|
||||
- errx(1, "cannot use -p and -l");
|
||||
- if (lflag && zflag)
|
||||
- errx(1, "cannot use -z and -l");
|
||||
if (!lflag && kflag)
|
||||
errx(1, "must use -l with -k");
|
||||
if (uflag && usetls)
|
||||
@@ -450,8 +487,8 @@ main(int argc, char *argv[])
|
||||
} else {
|
||||
strlcpy(unix_dg_tmp_socket_buf, "/tmp/nc.XXXXXXXXXX",
|
||||
UNIX_DG_TMP_SOCKET_SIZE);
|
||||
- if (mktemp(unix_dg_tmp_socket_buf) == NULL)
|
||||
- err(1, "mktemp");
|
||||
+ if (mkstemp(unix_dg_tmp_socket_buf) == -1)
|
||||
+ err(1, "mkstemp");
|
||||
unix_dg_tmp_socket = unix_dg_tmp_socket_buf;
|
||||
}
|
||||
}
|
||||
@@ -934,8 +971,10 @@ remote_connect(const char *host, const c
|
||||
if (sflag || pflag) {
|
||||
struct addrinfo ahints, *ares;
|
||||
|
||||
+# if defined (SO_BINDANY)
|
||||
/* try SO_BINDANY, but don't insist */
|
||||
setsockopt(s, SOL_SOCKET, SO_BINDANY, &on, sizeof(on));
|
||||
+# endif
|
||||
memset(&ahints, 0, sizeof(struct addrinfo));
|
||||
ahints.ai_family = res->ai_family;
|
||||
ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
|
||||
@@ -1027,9 +1066,15 @@ local_listen(const char *host, const cha
|
||||
res->ai_protocol)) == -1)
|
||||
continue;
|
||||
|
||||
+ ret = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x));
|
||||
+ if (ret == -1)
|
||||
+ err(1, NULL);
|
||||
+
|
||||
+# if defined(SO_REUSEPORT)
|
||||
ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x));
|
||||
if (ret == -1)
|
||||
err(1, NULL);
|
||||
+# endif
|
||||
|
||||
set_common_sockopts(s, res->ai_family);
|
||||
|
||||
@@ -1499,11 +1544,13 @@ set_common_sockopts(int s, int af)
|
||||
{
|
||||
int x = 1;
|
||||
|
||||
+# if defined(TCP_MD5SIG)
|
||||
if (Sflag) {
|
||||
if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG,
|
||||
&x, sizeof(x)) == -1)
|
||||
err(1, NULL);
|
||||
}
|
||||
+# endif
|
||||
if (Dflag) {
|
||||
if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
|
||||
&x, sizeof(x)) == -1)
|
||||
@@ -1514,9 +1561,14 @@ set_common_sockopts(int s, int af)
|
||||
IP_TOS, &Tflag, sizeof(Tflag)) == -1)
|
||||
err(1, "set IP ToS");
|
||||
|
||||
+#if defined(IPV6_TCLASS)
|
||||
else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
|
||||
IPV6_TCLASS, &Tflag, sizeof(Tflag)) == -1)
|
||||
err(1, "set IPv6 traffic class");
|
||||
+#else
|
||||
+ else if (af == AF_INET6)
|
||||
+ errx(1, "can't set IPv6 traffic class (unavailable)");
|
||||
+#endif
|
||||
}
|
||||
if (Iflag) {
|
||||
if (setsockopt(s, SOL_SOCKET, SO_RCVBUF,
|
||||
@@ -1534,19 +1586,34 @@ set_common_sockopts(int s, int af)
|
||||
IP_TTL, &ttl, sizeof(ttl)))
|
||||
err(1, "set IP TTL");
|
||||
|
||||
+#if defined(IPV6_UNICAST_HOPS)
|
||||
else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
|
||||
IPV6_UNICAST_HOPS, &ttl, sizeof(ttl)))
|
||||
err(1, "set IPv6 unicast hops");
|
||||
+#else
|
||||
+ else if (af == AF_INET6)
|
||||
+ errx(1, "can't set IPv6 unicast hops (unavailable)");
|
||||
+#endif
|
||||
}
|
||||
|
||||
if (minttl != -1) {
|
||||
+#if defined(IP_MINTTL)
|
||||
if (af == AF_INET && setsockopt(s, IPPROTO_IP,
|
||||
IP_MINTTL, &minttl, sizeof(minttl)))
|
||||
err(1, "set IP min TTL");
|
||||
+#else
|
||||
+ if (af == AF_INET)
|
||||
+ errx(1, "can't set IP min TTL (unavailable)");
|
||||
+#endif
|
||||
|
||||
+#if defined(IPV6_MINHOPCOUNT)
|
||||
else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
|
||||
IPV6_MINHOPCOUNT, &minttl, sizeof(minttl)))
|
||||
err(1, "set IPv6 min hop count");
|
||||
+#else
|
||||
+ else if (af == AF_INET6)
|
||||
+ errx(1, "can't set IPv6 min hop count (unavailable)");
|
||||
+#endif
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1581,6 +1648,7 @@ process_tos_opt(char *s, int *val)
|
||||
{ "cs7", IPTOS_DSCP_CS7 },
|
||||
{ "ef", IPTOS_DSCP_EF },
|
||||
{ "inetcontrol", IPTOS_PREC_INTERNETCONTROL },
|
||||
+ { "lowcost", IPTOS_LOWCOST },
|
||||
{ "lowdelay", IPTOS_LOWDELAY },
|
||||
{ "netcontrol", IPTOS_PREC_NETCONTROL },
|
||||
{ "reliability", IPTOS_RELIABILITY },
|
||||
@@ -1742,6 +1810,9 @@ report_sock(const char *msg, const struc
|
||||
void
|
||||
help(void)
|
||||
{
|
||||
+# if defined(DEBIAN_VERSION)
|
||||
+ fprintf(stderr, "OpenBSD netcat (Debian patchlevel " DEBIAN_VERSION ")\n");
|
||||
+# endif
|
||||
usage(0);
|
||||
fprintf(stderr, "\tCommand Summary:\n\
|
||||
\t-4 Use IPv4\n\
|
||||
@@ -1784,7 +1855,7 @@ help(void)
|
||||
\t-Z Peer certificate file\n\
|
||||
\t-z Zero-I/O mode [used for scanning]\n\
|
||||
Port numbers can be individual or ranges: lo-hi [inclusive]\n");
|
||||
- exit(1);
|
||||
+ exit(0);
|
||||
}
|
||||
|
||||
void
|
||||
--- a/socks.c
|
||||
+++ b/socks.c
|
||||
@@ -38,7 +38,7 @@
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <resolv.h>
|
||||
-#include <readpassphrase.h>
|
||||
+#include <bsd/readpassphrase.h>
|
||||
#include "atomicio.h"
|
||||
|
||||
#define SOCKS_PORT "1080"
|
||||
@@ -217,11 +217,11 @@ socks_connect(const char *host, const ch
|
||||
buf[2] = SOCKS_NOAUTH;
|
||||
cnt = atomicio(vwrite, proxyfd, buf, 3);
|
||||
if (cnt != 3)
|
||||
- err(1, "write failed (%zu/3)", cnt);
|
||||
+ err(1, "write failed (%zu/3)", (size_t)cnt);
|
||||
|
||||
cnt = atomicio(read, proxyfd, buf, 2);
|
||||
if (cnt != 2)
|
||||
- err(1, "read failed (%zu/3)", cnt);
|
||||
+ err(1, "read failed (%zu/3)", (size_t)cnt);
|
||||
|
||||
if (buf[1] == SOCKS_NOMETHOD)
|
||||
errx(1, "authentication method negotiation failed");
|
||||
@@ -270,11 +270,11 @@ socks_connect(const char *host, const ch
|
||||
|
||||
cnt = atomicio(vwrite, proxyfd, buf, wlen);
|
||||
if (cnt != wlen)
|
||||
- err(1, "write failed (%zu/%zu)", cnt, wlen);
|
||||
+ err(1, "write failed (%zu/%zu)", (size_t)cnt, (size_t)wlen);
|
||||
|
||||
cnt = atomicio(read, proxyfd, buf, 4);
|
||||
if (cnt != 4)
|
||||
- err(1, "read failed (%zu/4)", cnt);
|
||||
+ err(1, "read failed (%zu/4)", (size_t)cnt);
|
||||
if (buf[1] != 0) {
|
||||
errx(1, "connection failed, SOCKSv5 error: %s",
|
||||
socks5_strerror(buf[1]));
|
||||
@@ -283,12 +283,12 @@ socks_connect(const char *host, const ch
|
||||
case SOCKS_IPV4:
|
||||
cnt = atomicio(read, proxyfd, buf + 4, 6);
|
||||
if (cnt != 6)
|
||||
- err(1, "read failed (%zu/6)", cnt);
|
||||
+ err(1, "read failed (%zu/6)", (size_t)cnt);
|
||||
break;
|
||||
case SOCKS_IPV6:
|
||||
cnt = atomicio(read, proxyfd, buf + 4, 18);
|
||||
if (cnt != 18)
|
||||
- err(1, "read failed (%zu/18)", cnt);
|
||||
+ err(1, "read failed (%zu/18)", (size_t)cnt);
|
||||
break;
|
||||
default:
|
||||
errx(1, "connection failed, unsupported address type");
|
||||
@@ -308,11 +308,11 @@ socks_connect(const char *host, const ch
|
||||
|
||||
cnt = atomicio(vwrite, proxyfd, buf, wlen);
|
||||
if (cnt != wlen)
|
||||
- err(1, "write failed (%zu/%zu)", cnt, wlen);
|
||||
+ err(1, "write failed (%zu/%zu)", (size_t)cnt, (size_t)wlen);
|
||||
|
||||
cnt = atomicio(read, proxyfd, buf, 8);
|
||||
if (cnt != 8)
|
||||
- err(1, "read failed (%zu/8)", cnt);
|
||||
+ err(1, "read failed (%zu/8)", (size_t)cnt);
|
||||
if (buf[1] != 90) {
|
||||
errx(1, "connection failed, SOCKSv4 error: %s",
|
||||
socks4_strerror(buf[1]));
|
||||
@@ -326,21 +326,21 @@ socks_connect(const char *host, const ch
|
||||
|
||||
/* Try to be sane about numeric IPv6 addresses */
|
||||
if (strchr(host, ':') != NULL) {
|
||||
- r = snprintf(buf, sizeof(buf),
|
||||
+ r = snprintf((char*)buf, sizeof(buf),
|
||||
"CONNECT [%s]:%d HTTP/1.0\r\n",
|
||||
host, ntohs(serverport));
|
||||
} else {
|
||||
- r = snprintf(buf, sizeof(buf),
|
||||
+ r = snprintf((char*)buf, sizeof(buf),
|
||||
"CONNECT %s:%d HTTP/1.0\r\n",
|
||||
host, ntohs(serverport));
|
||||
}
|
||||
if (r < 0 || (size_t)r >= sizeof(buf))
|
||||
errx(1, "hostname too long");
|
||||
- r = strlen(buf);
|
||||
+ r = strlen((char*)buf);
|
||||
|
||||
cnt = atomicio(vwrite, proxyfd, buf, r);
|
||||
if (cnt != r)
|
||||
- err(1, "write failed (%zu/%d)", cnt, r);
|
||||
+ err(1, "write failed (%zu/%d)", (size_t)cnt, (int)r);
|
||||
|
||||
if (authretry > 1) {
|
||||
char proxypass[256];
|
||||
@@ -348,20 +348,20 @@ socks_connect(const char *host, const ch
|
||||
|
||||
getproxypass(proxyuser, proxyhost,
|
||||
proxypass, sizeof proxypass);
|
||||
- r = snprintf(buf, sizeof(buf), "%s:%s",
|
||||
+ r = snprintf((char*)buf, sizeof(buf), "%s:%s",
|
||||
proxyuser, proxypass);
|
||||
explicit_bzero(proxypass, sizeof proxypass);
|
||||
if (r == -1 || (size_t)r >= sizeof(buf) ||
|
||||
- b64_ntop(buf, strlen(buf), resp,
|
||||
+ b64_ntop(buf, strlen((char*)buf), resp,
|
||||
sizeof(resp)) == -1)
|
||||
errx(1, "Proxy username/password too long");
|
||||
- r = snprintf(buf, sizeof(buf), "Proxy-Authorization: "
|
||||
+ r = snprintf((char*)buf, sizeof(buf), "Proxy-Authorization: "
|
||||
"Basic %s\r\n", resp);
|
||||
if (r < 0 || (size_t)r >= sizeof(buf))
|
||||
errx(1, "Proxy auth response too long");
|
||||
- r = strlen(buf);
|
||||
+ r = strlen((char*)buf);
|
||||
if ((cnt = atomicio(vwrite, proxyfd, buf, r)) != r)
|
||||
- err(1, "write failed (%zu/%d)", cnt, r);
|
||||
+ err(1, "write failed (%zu/%d)", (size_t)cnt, r);
|
||||
explicit_bzero(proxypass, sizeof proxypass);
|
||||
explicit_bzero(buf, sizeof buf);
|
||||
}
|
||||
@@ -371,23 +371,23 @@ socks_connect(const char *host, const ch
|
||||
err(1, "write failed (%zu/2)", cnt);
|
||||
|
||||
/* Read status reply */
|
||||
- proxy_read_line(proxyfd, buf, sizeof(buf));
|
||||
+ proxy_read_line(proxyfd, (char*)buf, sizeof(buf));
|
||||
if (proxyuser != NULL &&
|
||||
- (strncmp(buf, "HTTP/1.0 407 ", 12) == 0 ||
|
||||
- strncmp(buf, "HTTP/1.1 407 ", 12) == 0)) {
|
||||
+ (strncmp((char*)buf, "HTTP/1.0 407 ", 12) == 0 ||
|
||||
+ strncmp((char*)buf, "HTTP/1.1 407 ", 12) == 0)) {
|
||||
if (authretry > 1) {
|
||||
fprintf(stderr, "Proxy authentication "
|
||||
"failed\n");
|
||||
}
|
||||
close(proxyfd);
|
||||
goto again;
|
||||
- } else if (strncmp(buf, "HTTP/1.0 200 ", 12) != 0 &&
|
||||
- strncmp(buf, "HTTP/1.1 200 ", 12) != 0)
|
||||
+ } else if (strncmp((char*)buf, "HTTP/1.0 200 ", 12) != 0 &&
|
||||
+ strncmp((char*)buf, "HTTP/1.1 200 ", 12) != 0)
|
||||
errx(1, "Proxy error: \"%s\"", buf);
|
||||
|
||||
/* Headers continue until we hit an empty line */
|
||||
for (r = 0; r < HTTP_MAXHDRS; r++) {
|
||||
- proxy_read_line(proxyfd, buf, sizeof(buf));
|
||||
+ proxy_read_line(proxyfd, (char*)buf, sizeof(buf));
|
||||
if (*buf == '\0')
|
||||
break;
|
||||
}
|
|
@ -1,872 +0,0 @@
|
|||
From: Guilhem Moulin <guilhem@debian.org>
|
||||
Date: Fri, 09 Jun 2017 13:21:23 +0200
|
||||
Subject: build without TLS support
|
||||
|
||||
tls.h isn't available in libsd-dev, and TLS supports adds options (-C, -Z)
|
||||
that are already used by our Debian-specific patches.
|
||||
|
||||
---
|
||||
Makefile | 2
|
||||
nc.1 | 114 ++---------------------------------------
|
||||
netcat.c | 172 +++++++++++++++++++++++++++++++++++++++++++++++++++++----------
|
||||
3 files changed, 153 insertions(+), 135 deletions(-)
|
||||
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -2,8 +2,6 @@
|
||||
|
||||
PROG= nc
|
||||
SRCS= netcat.c atomicio.c socks.c
|
||||
-LDADD+= -ltls -lssl -lcrypto
|
||||
-DPADD+= ${LIBTLS} ${LIBSSL} ${LIBCRYPTO}
|
||||
|
||||
LIBS= `pkg-config --libs libbsd` -lresolv
|
||||
OBJS= $(SRCS:.c=.o)
|
||||
--- a/nc.1
|
||||
+++ b/nc.1
|
||||
@@ -33,20 +33,14 @@
|
||||
.Nd arbitrary TCP and UDP connections and listens
|
||||
.Sh SYNOPSIS
|
||||
.Nm nc
|
||||
-.Op Fl 46cDdFhklNnrStUuvz
|
||||
-.Op Fl C Ar certfile
|
||||
-.Op Fl e Ar name
|
||||
-.Op Fl H Ar hash
|
||||
+.Op Fl 46DdFhklNnrStUuvz
|
||||
.Op Fl I Ar length
|
||||
.Op Fl i Ar interval
|
||||
-.Op Fl K Ar keyfile
|
||||
.Op Fl M Ar ttl
|
||||
.Op Fl m Ar minttl
|
||||
.Op Fl O Ar length
|
||||
-.Op Fl o Ar staplefile
|
||||
.Op Fl P Ar proxy_username
|
||||
.Op Fl p Ar source_port
|
||||
-.Op Fl R Ar CAfile
|
||||
.Op Fl s Ar source
|
||||
.Op Fl T Ar keyword
|
||||
.Op Fl V Ar rtable
|
||||
@@ -54,7 +48,6 @@
|
||||
.Op Fl w Ar timeout
|
||||
.Op Fl X Ar proxy_protocol
|
||||
.Op Fl x Ar proxy_address Ns Op : Ns Ar port
|
||||
-.Op Fl Z Ar peercertfile
|
||||
.Op Ar destination
|
||||
.Op Ar port
|
||||
.Sh DESCRIPTION
|
||||
@@ -99,28 +92,10 @@ The options are as follows:
|
||||
Use IPv4 addresses only.
|
||||
.It Fl 6
|
||||
Use IPv6 addresses only.
|
||||
-.It Fl C Ar certfile
|
||||
-Load the public key part of the TLS peer certificate from
|
||||
-.Ar certfile ,
|
||||
-in PEM format.
|
||||
-Requires
|
||||
-.Fl c .
|
||||
-.It Fl c
|
||||
-Use TLS to connect or listen.
|
||||
-Cannot be used together with any of the options
|
||||
-.Fl FuU .
|
||||
.It Fl D
|
||||
Enable debugging on the socket.
|
||||
.It Fl d
|
||||
Do not attempt to read from stdin.
|
||||
-.It Fl e Ar name
|
||||
-Only accept the TLS peer certificate if it contains the
|
||||
-.Ar name .
|
||||
-Requires
|
||||
-.Fl c .
|
||||
-If not specified,
|
||||
-.Ar destination
|
||||
-is used.
|
||||
.It Fl F
|
||||
Pass the first connected socket using
|
||||
.Xr sendmsg 2
|
||||
@@ -137,18 +112,7 @@ using the
|
||||
.Cm ProxyUseFdpass
|
||||
option).
|
||||
Cannot be used with
|
||||
-.Fl c
|
||||
-or
|
||||
.Fl U .
|
||||
-.It Fl H Ar hash
|
||||
-Only accept the TLS peer certificate if its hash returned from
|
||||
-.Xr tls_peer_cert_hash 3
|
||||
-matches
|
||||
-.Ar hash .
|
||||
-Requires
|
||||
-.Fl c
|
||||
-and cannot be used with
|
||||
-.Fl T Cm noverify .
|
||||
.It Fl h
|
||||
Print out the
|
||||
.Nm
|
||||
@@ -160,12 +124,6 @@ Sleep for
|
||||
.Ar interval
|
||||
seconds between lines of text sent and received.
|
||||
Also causes a delay time between connections to multiple ports.
|
||||
-.It Fl K Ar keyfile
|
||||
-Load the TLS private key from
|
||||
-.Ar keyfile ,
|
||||
-in PEM format.
|
||||
-Requires
|
||||
-.Fl c .
|
||||
.It Fl k
|
||||
When a connection is completed, listen for another one.
|
||||
Requires
|
||||
@@ -196,15 +154,6 @@ Do not do any DNS or service lookups on
|
||||
hostnames or ports.
|
||||
.It Fl O Ar length
|
||||
Specify the size of the TCP send buffer.
|
||||
-.It Fl o Ar staplefile
|
||||
-During the TLS handshake, load data to be stapled from
|
||||
-.Ar staplefile ,
|
||||
-which is expected to contain an OCSP response from an OCSP server in
|
||||
-DER format.
|
||||
-Requires
|
||||
-.Fl c
|
||||
-and
|
||||
-.Fl C .
|
||||
.It Fl P Ar proxy_username
|
||||
Specifies a username to present to a proxy server that requires authentication.
|
||||
If no username is specified then authentication will not be attempted.
|
||||
@@ -213,13 +162,6 @@ Proxy authentication is only supported f
|
||||
Specify the source port
|
||||
.Nm
|
||||
should use, subject to privilege restrictions and availability.
|
||||
-.It Fl R Ar CAfile
|
||||
-Load the root CA bundle for TLS certificate verification from
|
||||
-.Ar CAfile ,
|
||||
-in PEM format, instead of
|
||||
-.Pa /etc/ssl/cert.pem .
|
||||
-Requires
|
||||
-.Fl c .
|
||||
.It Fl r
|
||||
Choose source and/or destination ports randomly
|
||||
instead of sequentially within a range or in the order that the system
|
||||
@@ -239,35 +181,7 @@ Cannot be used together with
|
||||
or
|
||||
.Fl x .
|
||||
.It Fl T Ar keyword
|
||||
-Change the IPv4 TOS/IPv6 traffic class value or the TLS options.
|
||||
-.Pp
|
||||
-For TLS options,
|
||||
-.Ar keyword
|
||||
-may be one of:
|
||||
-.Cm noverify ,
|
||||
-which disables certificate verification;
|
||||
-.Cm noname ,
|
||||
-which disables certificate name checking;
|
||||
-.Cm clientcert ,
|
||||
-which requires a client certificate on incoming connections; or
|
||||
-.Cm muststaple ,
|
||||
-which requires the peer to provide a valid stapled OCSP response
|
||||
-with the handshake.
|
||||
-The following TLS options specify a value in the form of a
|
||||
-.Ar key Ns = Ns Ar value
|
||||
-pair:
|
||||
-.Cm ciphers ,
|
||||
-which allows the supported TLS ciphers to be specified (see
|
||||
-.Xr tls_config_set_ciphers 3
|
||||
-for further details);
|
||||
-.Cm protocols ,
|
||||
-which allows the supported TLS protocols to be specified (see
|
||||
-.Xr tls_config_parse_protocols 3
|
||||
-for further details).
|
||||
-Specifying TLS options requires
|
||||
-.Fl c .
|
||||
-.Pp
|
||||
-For the IPv4 TOS/IPv6 traffic class value,
|
||||
+Change the IPv4 TOS/IPv6 traffic class value.
|
||||
.Ar keyword
|
||||
may be one of
|
||||
.Cm critical ,
|
||||
@@ -291,13 +205,13 @@ to script telnet sessions.
|
||||
Use
|
||||
.Ux Ns -domain
|
||||
sockets.
|
||||
-Cannot be used together with any of the options
|
||||
-.Fl cFx .
|
||||
+Cannot be used together with
|
||||
+.Fl F
|
||||
+or
|
||||
+.Fl x .
|
||||
.It Fl u
|
||||
Use UDP instead of TCP.
|
||||
Cannot be used together with
|
||||
-.Fl c
|
||||
-or
|
||||
.Fl x .
|
||||
For
|
||||
.Ux Ns -domain
|
||||
@@ -360,12 +274,6 @@ An IPv6 address can be specified unambig
|
||||
in square brackets.
|
||||
A proxy cannot be used with any of the options
|
||||
.Fl lsuU .
|
||||
-.It Fl Z Ar peercertfile
|
||||
-Save the peer certificates to
|
||||
-.Ar peercertfile ,
|
||||
-in PEM format.
|
||||
-Requires
|
||||
-.Fl c .
|
||||
.It Fl z
|
||||
Only scan for listening daemons, without sending any data to them.
|
||||
Cannot be used together with
|
||||
@@ -519,16 +427,6 @@ the source port, with a timeout of 5 sec
|
||||
.Pp
|
||||
.Dl $ nc -p 31337 -w 5 host.example.com 42
|
||||
.Pp
|
||||
-Open a TCP connection to port 443 of www.example.com, and negotiate TLS with
|
||||
-any supported TLS protocol version and "compat" ciphers:
|
||||
-.Pp
|
||||
-.Dl $ nc -cv -T protocols=all -T ciphers=compat www.example.com 443
|
||||
-.Pp
|
||||
-Open a TCP connection to port 443 of www.google.ca, and negotiate TLS.
|
||||
-Check for a different name in the certificate for validation:
|
||||
-.Pp
|
||||
-.Dl $ nc -cv -e adsf.au.doubleclick.net www.google.ca 443
|
||||
-.Pp
|
||||
Open a UDP connection to port 53 of host.example.com:
|
||||
.Pp
|
||||
.Dl $ nc -u host.example.com 53
|
||||
--- a/netcat.c
|
||||
+++ b/netcat.c
|
||||
@@ -99,7 +99,9 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
-#include <tls.h>
|
||||
+#ifdef TLS
|
||||
+# include <tls.h>
|
||||
+#endif
|
||||
#include <unistd.h>
|
||||
#include <bsd/stdlib.h>
|
||||
#include <bsd/string.h>
|
||||
@@ -115,10 +117,12 @@
|
||||
#define POLL_STDOUT 3
|
||||
#define BUFSIZE 16384
|
||||
|
||||
-#define TLS_NOVERIFY (1 << 1)
|
||||
-#define TLS_NONAME (1 << 2)
|
||||
-#define TLS_CCERT (1 << 3)
|
||||
-#define TLS_MUSTSTAPLE (1 << 4)
|
||||
+#ifdef TLS
|
||||
+# define TLS_NOVERIFY (1 << 1)
|
||||
+# define TLS_NONAME (1 << 2)
|
||||
+# define TLS_CCERT (1 << 3)
|
||||
+# define TLS_MUSTSTAPLE (1 << 4)
|
||||
+#endif
|
||||
|
||||
/* Command Line Options */
|
||||
int dflag; /* detached, no stdin */
|
||||
@@ -144,6 +148,7 @@ int Sflag; /* TCP MD5 signature opti
|
||||
int Tflag = -1; /* IP Type of Service */
|
||||
int rtableid = -1;
|
||||
|
||||
+# if defined(TLS)
|
||||
int usetls; /* use TLS */
|
||||
const char *Cflag; /* Public cert file */
|
||||
const char *Kflag; /* Private key file */
|
||||
@@ -156,6 +161,7 @@ char *tls_expecthash; /* required hash
|
||||
char *tls_ciphers; /* TLS ciphers */
|
||||
char *tls_protocols; /* TLS protocols */
|
||||
FILE *Zflag; /* file to save peer cert */
|
||||
+# endif
|
||||
|
||||
int recvcount, recvlimit;
|
||||
int timeout = -1;
|
||||
@@ -170,10 +176,16 @@ int strtoport(char *portstr, int udp);
|
||||
void build_ports(char *);
|
||||
void help(void) __attribute__((noreturn));
|
||||
int local_listen(const char *, const char *, struct addrinfo);
|
||||
+# if defined(TLS)
|
||||
void readwrite(int, struct tls *);
|
||||
+# else
|
||||
+void readwrite(int);
|
||||
+# endif
|
||||
void fdpass(int nfd) __attribute__((noreturn));
|
||||
int remote_connect(const char *, const char *, struct addrinfo);
|
||||
+# if defined(TLS)
|
||||
int timeout_tls(int, struct tls *, int (*)(struct tls *));
|
||||
+# endif
|
||||
int timeout_connect(int, const struct sockaddr *, socklen_t);
|
||||
int socks_connect(const char *, const char *, struct addrinfo,
|
||||
const char *, const char *, struct addrinfo, int, const char *);
|
||||
@@ -183,15 +195,24 @@ int unix_connect(char *);
|
||||
int unix_listen(char *);
|
||||
void set_common_sockopts(int, int);
|
||||
int process_tos_opt(char *, int *);
|
||||
+# if defined(TLS)
|
||||
int process_tls_opt(char *, int *);
|
||||
void save_peer_cert(struct tls *_tls_ctx, FILE *_fp);
|
||||
+# endif
|
||||
void report_sock(const char *, const struct sockaddr *, socklen_t, char *);
|
||||
+# if defined(TLS)
|
||||
void report_tls(struct tls *tls_ctx, char * host);
|
||||
+# endif
|
||||
void usage(int);
|
||||
+# if defined(TLS)
|
||||
ssize_t drainbuf(int, unsigned char *, size_t *, struct tls *);
|
||||
ssize_t fillbuf(int, unsigned char *, size_t *, struct tls *);
|
||||
void tls_setup_client(struct tls *, int, char *);
|
||||
struct tls *tls_setup_server(struct tls *, int, char *);
|
||||
+# else
|
||||
+ssize_t drainbuf(int, unsigned char *, size_t *);
|
||||
+ssize_t fillbuf(int, unsigned char *, size_t *);
|
||||
+# endif
|
||||
|
||||
int
|
||||
main(int argc, char *argv[])
|
||||
@@ -206,8 +227,10 @@ main(int argc, char *argv[])
|
||||
const char *errstr;
|
||||
struct addrinfo proxyhints;
|
||||
char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
|
||||
+# if defined(TLS)
|
||||
struct tls_config *tls_cfg = NULL;
|
||||
struct tls *tls_ctx = NULL;
|
||||
+# endif
|
||||
uint32_t protocols;
|
||||
|
||||
ret = 1;
|
||||
@@ -215,12 +238,18 @@ main(int argc, char *argv[])
|
||||
host = NULL;
|
||||
uport = NULL;
|
||||
sv = NULL;
|
||||
+# if defined(TLS)
|
||||
Rflag = tls_default_ca_cert_file();
|
||||
+# endif
|
||||
|
||||
signal(SIGPIPE, SIG_IGN);
|
||||
|
||||
while ((ch = getopt(argc, argv,
|
||||
+# if defined(TLS)
|
||||
"46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
|
||||
+# else
|
||||
+ "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z"))
|
||||
+# endif
|
||||
!= -1) {
|
||||
switch (ch) {
|
||||
case '4':
|
||||
@@ -242,24 +271,30 @@ main(int argc, char *argv[])
|
||||
else
|
||||
errx(1, "unsupported proxy protocol");
|
||||
break;
|
||||
+# if defined(TLS)
|
||||
case 'C':
|
||||
Cflag = optarg;
|
||||
break;
|
||||
case 'c':
|
||||
usetls = 1;
|
||||
break;
|
||||
+# endif
|
||||
case 'd':
|
||||
dflag = 1;
|
||||
break;
|
||||
+# if defined(TLS)
|
||||
case 'e':
|
||||
tls_expectname = optarg;
|
||||
break;
|
||||
+# endif
|
||||
case 'F':
|
||||
Fflag = 1;
|
||||
break;
|
||||
+# if defined(TLS)
|
||||
case 'H':
|
||||
tls_expecthash = optarg;
|
||||
break;
|
||||
+# endif
|
||||
case 'h':
|
||||
help();
|
||||
break;
|
||||
@@ -268,9 +303,11 @@ main(int argc, char *argv[])
|
||||
if (errstr)
|
||||
errx(1, "interval %s: %s", errstr, optarg);
|
||||
break;
|
||||
+# if defined(TLS)
|
||||
case 'K':
|
||||
Kflag = optarg;
|
||||
break;
|
||||
+# endif
|
||||
case 'k':
|
||||
kflag = 1;
|
||||
break;
|
||||
@@ -299,10 +336,12 @@ main(int argc, char *argv[])
|
||||
case 'p':
|
||||
pflag = optarg;
|
||||
break;
|
||||
+# if defined(TLS)
|
||||
case 'R':
|
||||
tls_cachanged = 1;
|
||||
Rflag = optarg;
|
||||
break;
|
||||
+# endif
|
||||
case 'r':
|
||||
rflag = 1;
|
||||
break;
|
||||
@@ -344,12 +383,14 @@ main(int argc, char *argv[])
|
||||
if ((proxy = strdup(optarg)) == NULL)
|
||||
err(1, NULL);
|
||||
break;
|
||||
+# if defined(TLS)
|
||||
case 'Z':
|
||||
if (strcmp(optarg, "-") == 0)
|
||||
Zflag = stderr;
|
||||
else if ((Zflag = fopen(optarg, "w")) == NULL)
|
||||
err(1, "can't open %s", optarg);
|
||||
break;
|
||||
+# endif
|
||||
case 'z':
|
||||
zflag = 1;
|
||||
break;
|
||||
@@ -368,9 +409,11 @@ main(int argc, char *argv[])
|
||||
errx(1, "TCP send window %s: %s",
|
||||
errstr, optarg);
|
||||
break;
|
||||
+# if defined(TLS)
|
||||
case 'o':
|
||||
oflag = optarg;
|
||||
break;
|
||||
+# endif
|
||||
case 'S':
|
||||
# if defined(TCP_MD5SIG)
|
||||
Sflag = 1;
|
||||
@@ -381,8 +424,10 @@ main(int argc, char *argv[])
|
||||
case 'T':
|
||||
errstr = NULL;
|
||||
errno = 0;
|
||||
+# if defined(TLS)
|
||||
if (process_tls_opt(optarg, &TLSopt))
|
||||
break;
|
||||
+# endif
|
||||
if (process_tos_opt(optarg, &Tflag))
|
||||
break;
|
||||
if (strlen(optarg) > 1 && optarg[0] == '0' &&
|
||||
@@ -392,7 +437,11 @@ main(int argc, char *argv[])
|
||||
Tflag = (int)strtonum(optarg, 0, 255,
|
||||
&errstr);
|
||||
if (Tflag < 0 || Tflag > 255 || errstr || errno)
|
||||
+# if defined(TLS)
|
||||
errx(1, "illegal tos/tls value %s", optarg);
|
||||
+# else
|
||||
+ errx(1, "illegal tos value %s", optarg);
|
||||
+# endif
|
||||
break;
|
||||
default:
|
||||
usage(1);
|
||||
@@ -429,6 +478,7 @@ main(int argc, char *argv[])
|
||||
} else
|
||||
usage(1);
|
||||
|
||||
+# if defined(TLS)
|
||||
if (usetls) {
|
||||
if (Cflag && unveil(Cflag, "r") == -1)
|
||||
err(1, "unveil");
|
||||
@@ -452,15 +502,19 @@ main(int argc, char *argv[])
|
||||
err(1, "unveil");
|
||||
}
|
||||
}
|
||||
+# endif
|
||||
|
||||
if (!lflag && kflag)
|
||||
errx(1, "must use -l with -k");
|
||||
+# if defined(TLS)
|
||||
if (uflag && usetls)
|
||||
errx(1, "cannot use -c and -u");
|
||||
if ((family == AF_UNIX) && usetls)
|
||||
errx(1, "cannot use -c and -U");
|
||||
+# endif
|
||||
if ((family == AF_UNIX) && Fflag)
|
||||
errx(1, "cannot use -F and -U");
|
||||
+# if defined(TLS)
|
||||
if (Fflag && usetls)
|
||||
errx(1, "cannot use -c and -F");
|
||||
if (TLSopt && !usetls)
|
||||
@@ -479,6 +533,7 @@ main(int argc, char *argv[])
|
||||
errx(1, "you must specify -c to use -H");
|
||||
if (tls_expectname && !usetls)
|
||||
errx(1, "you must specify -c to use -e");
|
||||
+# endif
|
||||
|
||||
/* Get name of temporary socket for unix datagram client */
|
||||
if ((family == AF_UNIX) && uflag && !lflag) {
|
||||
@@ -545,6 +600,7 @@ main(int argc, char *argv[])
|
||||
proxyhints.ai_flags |= AI_NUMERICHOST;
|
||||
}
|
||||
|
||||
+# if defined(TLS)
|
||||
if (usetls) {
|
||||
if ((tls_cfg = tls_config_new()) == NULL)
|
||||
errx(1, "unable to allocate TLS config");
|
||||
@@ -580,7 +636,8 @@ main(int argc, char *argv[])
|
||||
err(1, "pledge");
|
||||
} else if (pledge("stdio inet dns", NULL) == -1)
|
||||
err(1, "pledge");
|
||||
- }
|
||||
+ }
|
||||
+# endif
|
||||
if (lflag) {
|
||||
ret = 0;
|
||||
|
||||
@@ -591,6 +648,7 @@ main(int argc, char *argv[])
|
||||
s = unix_listen(host);
|
||||
}
|
||||
|
||||
+# if defined(TLS)
|
||||
if (usetls) {
|
||||
tls_config_verify_client_optional(tls_cfg);
|
||||
if ((tls_ctx = tls_server()) == NULL)
|
||||
@@ -599,6 +657,7 @@ main(int argc, char *argv[])
|
||||
errx(1, "tls configuration failed (%s)",
|
||||
tls_error(tls_ctx));
|
||||
}
|
||||
+# endif
|
||||
/* Allow only one connection at a time, but stay alive. */
|
||||
for (;;) {
|
||||
if (family != AF_UNIX) {
|
||||
@@ -614,7 +673,11 @@ main(int argc, char *argv[])
|
||||
* let it receive datagrams from multiple
|
||||
* socket pairs.
|
||||
*/
|
||||
+# if defined(TLS)
|
||||
readwrite(s, NULL);
|
||||
+# else
|
||||
+ readwrite(s);
|
||||
+# endif
|
||||
} else if (uflag && !kflag) {
|
||||
/*
|
||||
* For UDP and not -k, we will use recvfrom()
|
||||
@@ -639,9 +702,14 @@ main(int argc, char *argv[])
|
||||
report_sock("Connection received",
|
||||
(struct sockaddr *)&z, len, NULL);
|
||||
|
||||
+# if defined(TLS)
|
||||
readwrite(s, NULL);
|
||||
} else {
|
||||
struct tls *tls_cctx = NULL;
|
||||
+# else
|
||||
+ readwrite(s);
|
||||
+ } else {
|
||||
+# endif
|
||||
int connfd;
|
||||
|
||||
len = sizeof(cliaddr);
|
||||
@@ -655,6 +723,7 @@ main(int argc, char *argv[])
|
||||
report_sock("Connection received",
|
||||
(struct sockaddr *)&cliaddr, len,
|
||||
family == AF_UNIX ? host : NULL);
|
||||
+# if defined(TLS)
|
||||
if ((usetls) &&
|
||||
(tls_cctx = tls_setup_server(tls_ctx, connfd, host)))
|
||||
readwrite(connfd, tls_cctx);
|
||||
@@ -664,6 +733,10 @@ main(int argc, char *argv[])
|
||||
timeout_tls(s, tls_cctx, tls_close);
|
||||
close(connfd);
|
||||
tls_free(tls_cctx);
|
||||
+# else
|
||||
+ readwrite(connfd);
|
||||
+ close(connfd);
|
||||
+# endif
|
||||
}
|
||||
if (family == AF_UNIX && uflag) {
|
||||
if (connect(s, NULL, 0) == -1)
|
||||
@@ -678,7 +751,11 @@ main(int argc, char *argv[])
|
||||
|
||||
if ((s = unix_connect(host)) > 0) {
|
||||
if (!zflag)
|
||||
+# if defined(TLS)
|
||||
readwrite(s, NULL);
|
||||
+# else
|
||||
+ readwrite(s);
|
||||
+# endif
|
||||
close(s);
|
||||
} else {
|
||||
warn("%s", host);
|
||||
@@ -699,6 +776,7 @@ main(int argc, char *argv[])
|
||||
for (s = -1, i = 0; portlist[i] != NULL; i++) {
|
||||
if (s != -1)
|
||||
close(s);
|
||||
+# if defined(TLS)
|
||||
tls_free(tls_ctx);
|
||||
tls_ctx = NULL;
|
||||
|
||||
@@ -709,6 +787,7 @@ main(int argc, char *argv[])
|
||||
errx(1, "tls configuration failed (%s)",
|
||||
tls_error(tls_ctx));
|
||||
}
|
||||
+# endif
|
||||
if (xflag)
|
||||
s = socks_connect(host, portlist[i], hints,
|
||||
proxy, proxyport, proxyhints, socksv,
|
||||
@@ -746,6 +825,7 @@ main(int argc, char *argv[])
|
||||
}
|
||||
if (Fflag)
|
||||
fdpass(s);
|
||||
+# if defined(TLS)
|
||||
else {
|
||||
if (usetls)
|
||||
tls_setup_client(tls_ctx, s, host);
|
||||
@@ -754,13 +834,19 @@ main(int argc, char *argv[])
|
||||
if (tls_ctx)
|
||||
timeout_tls(s, tls_ctx, tls_close);
|
||||
}
|
||||
+# else
|
||||
+ else if (!zflag)
|
||||
+ readwrite(s);
|
||||
+# endif
|
||||
}
|
||||
}
|
||||
|
||||
if (s != -1)
|
||||
close(s);
|
||||
+# if defined(TLS)
|
||||
tls_free(tls_ctx);
|
||||
tls_config_free(tls_cfg);
|
||||
+# endif
|
||||
|
||||
return ret;
|
||||
}
|
||||
@@ -802,6 +888,7 @@ unix_bind(char *path, int flags)
|
||||
return s;
|
||||
}
|
||||
|
||||
+# if defined(TLS)
|
||||
int
|
||||
timeout_tls(int s, struct tls *tls_ctx, int (*func)(struct tls *))
|
||||
{
|
||||
@@ -888,6 +975,7 @@ tls_setup_server(struct tls *tls_ctx, in
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
+# endif
|
||||
|
||||
/*
|
||||
* unix_connect()
|
||||
@@ -1113,7 +1201,11 @@ local_listen(const char *host, const cha
|
||||
* Loop that polls on the network file descriptor and stdin.
|
||||
*/
|
||||
void
|
||||
+# if defined(TLS)
|
||||
readwrite(int net_fd, struct tls *tls_ctx)
|
||||
+# else
|
||||
+readwrite(int net_fd)
|
||||
+# endif
|
||||
{
|
||||
struct pollfd pfd[4];
|
||||
int stdin_fd = STDIN_FILENO;
|
||||
@@ -1213,12 +1305,17 @@ readwrite(int net_fd, struct tls *tls_ct
|
||||
/* try to read from stdin */
|
||||
if (pfd[POLL_STDIN].revents & POLLIN && stdinbufpos < BUFSIZE) {
|
||||
ret = fillbuf(pfd[POLL_STDIN].fd, stdinbuf,
|
||||
+# if defined(TLS)
|
||||
&stdinbufpos, NULL);
|
||||
if (ret == TLS_WANT_POLLIN)
|
||||
pfd[POLL_STDIN].events = POLLIN;
|
||||
else if (ret == TLS_WANT_POLLOUT)
|
||||
pfd[POLL_STDIN].events = POLLOUT;
|
||||
- else if (ret == 0 || ret == -1)
|
||||
+ else
|
||||
+# else
|
||||
+ &stdinbufpos);
|
||||
+# endif
|
||||
+ if (ret == 0 || ret == -1)
|
||||
pfd[POLL_STDIN].fd = -1;
|
||||
/* read something - poll net out */
|
||||
if (stdinbufpos > 0)
|
||||
@@ -1230,12 +1327,17 @@ readwrite(int net_fd, struct tls *tls_ct
|
||||
/* try to write to network */
|
||||
if (pfd[POLL_NETOUT].revents & POLLOUT && stdinbufpos > 0) {
|
||||
ret = drainbuf(pfd[POLL_NETOUT].fd, stdinbuf,
|
||||
+# if defined(TLS)
|
||||
&stdinbufpos, tls_ctx);
|
||||
if (ret == TLS_WANT_POLLIN)
|
||||
pfd[POLL_NETOUT].events = POLLIN;
|
||||
else if (ret == TLS_WANT_POLLOUT)
|
||||
pfd[POLL_NETOUT].events = POLLOUT;
|
||||
- else if (ret == -1)
|
||||
+ else
|
||||
+# else
|
||||
+ &stdinbufpos);
|
||||
+# endif
|
||||
+ if (ret == -1)
|
||||
pfd[POLL_NETOUT].fd = -1;
|
||||
/* buffer empty - remove self from polling */
|
||||
if (stdinbufpos == 0)
|
||||
@@ -1247,12 +1349,17 @@ readwrite(int net_fd, struct tls *tls_ct
|
||||
/* try to read from network */
|
||||
if (pfd[POLL_NETIN].revents & POLLIN && netinbufpos < BUFSIZE) {
|
||||
ret = fillbuf(pfd[POLL_NETIN].fd, netinbuf,
|
||||
+# if defined(TLS)
|
||||
&netinbufpos, tls_ctx);
|
||||
if (ret == TLS_WANT_POLLIN)
|
||||
pfd[POLL_NETIN].events = POLLIN;
|
||||
else if (ret == TLS_WANT_POLLOUT)
|
||||
pfd[POLL_NETIN].events = POLLOUT;
|
||||
- else if (ret == -1)
|
||||
+ else
|
||||
+# else
|
||||
+ &netinbufpos);
|
||||
+# endif
|
||||
+ if (ret == -1)
|
||||
pfd[POLL_NETIN].fd = -1;
|
||||
/* eof on net in - remove from pfd */
|
||||
if (ret == 0) {
|
||||
@@ -1279,12 +1386,17 @@ readwrite(int net_fd, struct tls *tls_ct
|
||||
/* try to write to stdout */
|
||||
if (pfd[POLL_STDOUT].revents & POLLOUT && netinbufpos > 0) {
|
||||
ret = drainbuf(pfd[POLL_STDOUT].fd, netinbuf,
|
||||
+# if defined(TLS)
|
||||
&netinbufpos, NULL);
|
||||
if (ret == TLS_WANT_POLLIN)
|
||||
pfd[POLL_STDOUT].events = POLLIN;
|
||||
else if (ret == TLS_WANT_POLLOUT)
|
||||
pfd[POLL_STDOUT].events = POLLOUT;
|
||||
- else if (ret == -1)
|
||||
+ else
|
||||
+# else
|
||||
+ &netinbufpos);
|
||||
+# endif
|
||||
+ if (ret == -1)
|
||||
pfd[POLL_STDOUT].fd = -1;
|
||||
/* buffer empty - remove self from polling */
|
||||
if (netinbufpos == 0)
|
||||
@@ -1308,21 +1420,31 @@ readwrite(int net_fd, struct tls *tls_ct
|
||||
}
|
||||
|
||||
ssize_t
|
||||
+# if defined(TLS)
|
||||
drainbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls)
|
||||
+# else
|
||||
+drainbuf(int fd, unsigned char *buf, size_t *bufpos)
|
||||
+# endif
|
||||
{
|
||||
ssize_t n;
|
||||
ssize_t adjust;
|
||||
|
||||
+# if defined(TLS)
|
||||
if (tls) {
|
||||
n = tls_write(tls, buf, *bufpos);
|
||||
if (n == -1)
|
||||
errx(1, "tls write failed (%s)", tls_error(tls));
|
||||
} else {
|
||||
+# endif
|
||||
n = write(fd, buf, *bufpos);
|
||||
/* don't treat EAGAIN, EINTR as error */
|
||||
if (n == -1 && (errno == EAGAIN || errno == EINTR))
|
||||
+# if defined(TLS)
|
||||
n = TLS_WANT_POLLOUT;
|
||||
}
|
||||
+# else
|
||||
+ n = -2;
|
||||
+# endif
|
||||
if (n <= 0)
|
||||
return n;
|
||||
/* adjust buffer */
|
||||
@@ -1334,21 +1456,31 @@ drainbuf(int fd, unsigned char *buf, siz
|
||||
}
|
||||
|
||||
ssize_t
|
||||
+# if defined(TLS)
|
||||
fillbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls)
|
||||
+# else
|
||||
+fillbuf(int fd, unsigned char *buf, size_t *bufpos)
|
||||
+# endif
|
||||
{
|
||||
size_t num = BUFSIZE - *bufpos;
|
||||
ssize_t n;
|
||||
|
||||
+# if defined(TLS)
|
||||
if (tls) {
|
||||
n = tls_read(tls, buf + *bufpos, num);
|
||||
if (n == -1)
|
||||
errx(1, "tls read failed (%s)", tls_error(tls));
|
||||
} else {
|
||||
+# endif
|
||||
n = read(fd, buf + *bufpos, num);
|
||||
/* don't treat EAGAIN, EINTR as error */
|
||||
if (n == -1 && (errno == EAGAIN || errno == EINTR))
|
||||
+# if defined(TLS)
|
||||
n = TLS_WANT_POLLIN;
|
||||
}
|
||||
+# else
|
||||
+ n = -2;
|
||||
+# endif
|
||||
if (n <= 0)
|
||||
return n;
|
||||
*bufpos += n;
|
||||
@@ -1666,6 +1798,7 @@ process_tos_opt(char *s, int *val)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+# if defined(TLS)
|
||||
int
|
||||
process_tls_opt(char *s, int *flags)
|
||||
{
|
||||
@@ -1779,6 +1912,7 @@ report_tls(struct tls * tls_ctx, char *
|
||||
|
||||
}
|
||||
}
|
||||
+# endif
|
||||
|
||||
void
|
||||
report_sock(const char *msg, const struct sockaddr *sa, socklen_t salen,
|
||||
@@ -1817,17 +1951,12 @@ help(void)
|
||||
fprintf(stderr, "\tCommand Summary:\n\
|
||||
\t-4 Use IPv4\n\
|
||||
\t-6 Use IPv6\n\
|
||||
- \t-C certfile Public key file\n\
|
||||
- \t-c Use TLS\n\
|
||||
\t-D Enable the debug socket option\n\
|
||||
\t-d Detach from stdin\n\
|
||||
- \t-e name\t Required name in peer certificate\n\
|
||||
\t-F Pass socket fd\n\
|
||||
- \t-H hash\t Hash string of peer certificate\n\
|
||||
\t-h This help text\n\
|
||||
\t-I length TCP receive buffer length\n\
|
||||
\t-i interval Delay interval for lines sent, ports scanned\n\
|
||||
- \t-K keyfile Private key file\n\
|
||||
\t-k Keep inbound sockets open for multiple connects\n\
|
||||
\t-l Listen mode, for inbound connects\n\
|
||||
\t-M ttl Outgoing TTL / Hop Limit\n\
|
||||
@@ -1835,14 +1964,12 @@ help(void)
|
||||
\t-N Shutdown the network socket after EOF on stdin\n\
|
||||
\t-n Suppress name/port resolutions\n\
|
||||
\t-O length TCP send buffer length\n\
|
||||
- \t-o staplefile Staple file\n\
|
||||
\t-P proxyuser\tUsername for proxy authentication\n\
|
||||
\t-p port\t Specify local port for remote connects\n\
|
||||
- \t-R CAfile CA bundle\n\
|
||||
\t-r Randomize remote ports\n\
|
||||
\t-S Enable the TCP MD5 signature option\n\
|
||||
\t-s source Local source address\n\
|
||||
- \t-T keyword TOS value or TLS options\n\
|
||||
+ \t-T keyword TOS value\n\
|
||||
\t-t Answer TELNET negotiation\n\
|
||||
\t-U Use UNIX domain socket\n\
|
||||
\t-u UDP mode\n\
|
||||
@@ -1852,7 +1979,6 @@ help(void)
|
||||
\t-w timeout Timeout for connects and final net reads\n\
|
||||
\t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\
|
||||
\t-x addr[:port]\tSpecify proxy address and port\n\
|
||||
- \t-Z Peer certificate file\n\
|
||||
\t-z Zero-I/O mode [used for scanning]\n\
|
||||
Port numbers can be individual or ranges: lo-hi [inclusive]\n");
|
||||
exit(0);
|
||||
@@ -1862,15 +1988,11 @@ void
|
||||
usage(int ret)
|
||||
{
|
||||
fprintf(stderr,
|
||||
- "usage: nc [-46cDdFhklNnrStUuvz] [-C certfile] [-e name] "
|
||||
- "[-H hash] [-I length]\n"
|
||||
- "\t [-i interval] [-K keyfile] [-M ttl] [-m minttl] [-O length]\n"
|
||||
- "\t [-o staplefile] [-P proxy_username] [-p source_port] "
|
||||
- "[-R CAfile]\n"
|
||||
+ "usage: nc [-46DdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
|
||||
+ "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
|
||||
"\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
|
||||
"[-w timeout]\n"
|
||||
"\t [-X proxy_protocol] [-x proxy_address[:port]] "
|
||||
- "[-Z peercertfile]\n"
|
||||
"\t [destination] [port]\n");
|
||||
if (ret)
|
||||
exit(1);
|
|
@ -1,126 +0,0 @@
|
|||
From: Aron Xu <aron@debian.org>
|
||||
Date: Mon, 13 Feb 2012 14:43:56 +0800
|
||||
Subject: connect timeout
|
||||
|
||||
---
|
||||
netcat.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
|
||||
1 file changed, 76 insertions(+), 2 deletions(-)
|
||||
|
||||
--- a/netcat.c
|
||||
+++ b/netcat.c
|
||||
@@ -90,6 +90,7 @@
|
||||
#include <ctype.h>
|
||||
#include <err.h>
|
||||
#include <errno.h>
|
||||
+#include <fcntl.h>
|
||||
#include <limits.h>
|
||||
#include <netdb.h>
|
||||
#include <poll.h>
|
||||
@@ -124,6 +125,10 @@
|
||||
# define TLS_MUSTSTAPLE (1 << 4)
|
||||
#endif
|
||||
|
||||
+#define CONNECTION_SUCCESS 0
|
||||
+#define CONNECTION_FAILED 1
|
||||
+#define CONNECTION_TIMEOUT 2
|
||||
+
|
||||
/* Command Line Options */
|
||||
int dflag; /* detached, no stdin */
|
||||
int Fflag; /* fdpass sock to stdout */
|
||||
@@ -214,6 +219,9 @@ ssize_t drainbuf(int, unsigned char *, s
|
||||
ssize_t fillbuf(int, unsigned char *, size_t *);
|
||||
# endif
|
||||
|
||||
+static int connect_with_timeout(int fd, const struct sockaddr *sa,
|
||||
+ socklen_t salen, int ctimeout);
|
||||
+
|
||||
int
|
||||
main(int argc, char *argv[])
|
||||
{
|
||||
@@ -1079,11 +1087,14 @@ remote_connect(const char *host, const c
|
||||
|
||||
set_common_sockopts(s, res->ai_family);
|
||||
|
||||
- if (timeout_connect(s, res->ai_addr, res->ai_addrlen) == 0)
|
||||
+ if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS)
|
||||
break;
|
||||
- if (vflag)
|
||||
+ if (vflag && error == CONNECTION_FAILED)
|
||||
warn("connect to %s port %s (%s) failed", host, port,
|
||||
uflag ? "udp" : "tcp");
|
||||
+ else if (vflag && error == CONNECTION_TIMEOUT)
|
||||
+ warn("connect to %s port %s (%s) timed out", host, port,
|
||||
+ uflag ? "udp" : "tcp");
|
||||
|
||||
save_errno = errno;
|
||||
close(s);
|
||||
@@ -1124,6 +1135,69 @@ timeout_connect(int s, const struct sock
|
||||
return ret;
|
||||
}
|
||||
|
||||
+static int connect_with_timeout(int fd, const struct sockaddr *sa,
|
||||
+ socklen_t salen, int ctimeout)
|
||||
+{
|
||||
+ int err;
|
||||
+ struct timeval tv, *tvp = NULL;
|
||||
+ fd_set connect_fdset;
|
||||
+ socklen_t len;
|
||||
+ int orig_flags;
|
||||
+
|
||||
+ orig_flags = fcntl(fd, F_GETFL, 0);
|
||||
+ if (fcntl(fd, F_SETFL, orig_flags | O_NONBLOCK) < 0 ) {
|
||||
+ warn("can't set O_NONBLOCK - timeout not available");
|
||||
+ if (connect(fd, sa, salen) == 0)
|
||||
+ return CONNECTION_SUCCESS;
|
||||
+ else
|
||||
+ return CONNECTION_FAILED;
|
||||
+ }
|
||||
+
|
||||
+ /* set connect timeout */
|
||||
+ if (ctimeout > 0) {
|
||||
+ tv.tv_sec = (time_t)ctimeout/1000;
|
||||
+ tv.tv_usec = 0;
|
||||
+ tvp = &tv;
|
||||
+ }
|
||||
+
|
||||
+ /* attempt the connection */
|
||||
+ err = connect(fd, sa, salen);
|
||||
+ if (err != 0 && errno == EINPROGRESS) {
|
||||
+ /* connection is proceeding
|
||||
+ * it is complete (or failed) when select returns */
|
||||
+
|
||||
+ /* initialize connect_fdset */
|
||||
+ FD_ZERO(&connect_fdset);
|
||||
+ FD_SET(fd, &connect_fdset);
|
||||
+
|
||||
+ /* call select */
|
||||
+ do {
|
||||
+ err = select(fd + 1, NULL, &connect_fdset,
|
||||
+ NULL, tvp);
|
||||
+ } while (err < 0 && errno == EINTR);
|
||||
+
|
||||
+ /* select error */
|
||||
+ if (err < 0)
|
||||
+ errx(1,"select error: %s", strerror(errno));
|
||||
+ /* we have reached a timeout */
|
||||
+ if (err == 0)
|
||||
+ return CONNECTION_TIMEOUT;
|
||||
+ /* select returned successfully, but we must test socket
|
||||
+ * error for result */
|
||||
+ len = sizeof(err);
|
||||
+ if (getsockopt(fd, SOL_SOCKET, SO_ERROR, &err, &len) < 0)
|
||||
+ errx(1, "getsockopt error: %s", strerror(errno));
|
||||
+ /* setup errno according to the result returned by
|
||||
+ * getsockopt */
|
||||
+ if (err != 0)
|
||||
+ errno = err;
|
||||
+ }
|
||||
+
|
||||
+ /* return aborted if an error occured, and valid otherwise */
|
||||
+ fcntl(fd, F_SETFL, orig_flags);
|
||||
+ return (err != 0)? CONNECTION_FAILED : CONNECTION_SUCCESS;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* local_listen()
|
||||
* Returns a socket listening on a local port, binds to specified source
|
|
@ -1,28 +0,0 @@
|
|||
From: Aron Xu <aron@debian.org>
|
||||
Date: Mon, 13 Feb 2012 14:45:08 +0800
|
||||
Subject: get sev by name
|
||||
|
||||
---
|
||||
netcat.c | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
--- a/netcat.c
|
||||
+++ b/netcat.c
|
||||
@@ -1680,11 +1680,16 @@ strtoport(char *portstr, int udp)
|
||||
void
|
||||
build_ports(char *p)
|
||||
{
|
||||
+ struct servent *sv;
|
||||
char *n;
|
||||
int hi, lo, cp;
|
||||
int x = 0;
|
||||
|
||||
- if (isdigit((unsigned char)*p) && (n = strchr(p, '-')) != NULL) {
|
||||
+ sv = getservbyname(p, uflag ? "udp" : "tcp");
|
||||
+ if (sv) {
|
||||
+ if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0)
|
||||
+ err(1, "asprintf");
|
||||
+ } else if (isdigit((unsigned char)*p) && (n = strchr(p, '-')) != NULL) {
|
||||
*n = '\0';
|
||||
n++;
|
||||
|
|
@ -1,192 +0,0 @@
|
|||
From: Aron Xu <aron@debian.org>
|
||||
Date: Mon, 13 Feb 2012 14:57:45 +0800
|
||||
Subject: send crlf
|
||||
|
||||
---
|
||||
nc.1 | 9 +++++--
|
||||
netcat.c | 74 ++++++++++++++++++++++++++++++++++-----------------------------
|
||||
2 files changed, 48 insertions(+), 35 deletions(-)
|
||||
|
||||
--- a/nc.1
|
||||
+++ b/nc.1
|
||||
@@ -33,7 +33,7 @@
|
||||
.Nd arbitrary TCP and UDP connections and listens
|
||||
.Sh SYNOPSIS
|
||||
.Nm nc
|
||||
-.Op Fl 46DdFhklNnrStUuvz
|
||||
+.Op Fl 46CDdFhklNnrStUuvz
|
||||
.Op Fl I Ar length
|
||||
.Op Fl i Ar interval
|
||||
.Op Fl M Ar ttl
|
||||
@@ -92,6 +92,11 @@ The options are as follows:
|
||||
Use IPv4 addresses only.
|
||||
.It Fl 6
|
||||
Use IPv6 addresses only.
|
||||
+.It Fl C
|
||||
+Send CRLF as line-ending. Each line feed (LF) character from the input
|
||||
+data is translated into CR+LF before being written to the socket. Line
|
||||
+feed characters that are already preceded with a carriage return (CR)
|
||||
+are not translated. Received data is not affected.
|
||||
.It Fl D
|
||||
Enable debugging on the socket.
|
||||
.It Fl d
|
||||
@@ -377,7 +382,7 @@ More complicated examples can be built u
|
||||
of requests required by the server.
|
||||
As another example, an email may be submitted to an SMTP server using:
|
||||
.Bd -literal -offset indent
|
||||
-$ nc localhost 25 \*(Lt\*(Lt EOF
|
||||
+$ nc [\-C] localhost 25 \*(Lt\*(Lt EOF
|
||||
HELO host.example.com
|
||||
MAIL FROM:\*(Ltuser@host.example.com\*(Gt
|
||||
RCPT TO:\*(Ltuser2@host.example.com\*(Gt
|
||||
--- a/netcat.c
|
||||
+++ b/netcat.c
|
||||
@@ -166,6 +166,8 @@ char *tls_expecthash; /* required hash
|
||||
char *tls_ciphers; /* TLS ciphers */
|
||||
char *tls_protocols; /* TLS protocols */
|
||||
FILE *Zflag; /* file to save peer cert */
|
||||
+# else
|
||||
+int Cflag = 0; /* CRLF line-ending */
|
||||
# endif
|
||||
|
||||
int recvcount, recvlimit;
|
||||
@@ -215,7 +217,7 @@ ssize_t fillbuf(int, unsigned char *, si
|
||||
void tls_setup_client(struct tls *, int, char *);
|
||||
struct tls *tls_setup_server(struct tls *, int, char *);
|
||||
# else
|
||||
-ssize_t drainbuf(int, unsigned char *, size_t *);
|
||||
+ssize_t drainbuf(int, unsigned char *, size_t *, int);
|
||||
ssize_t fillbuf(int, unsigned char *, size_t *);
|
||||
# endif
|
||||
|
||||
@@ -256,7 +258,7 @@ main(int argc, char *argv[])
|
||||
# if defined(TLS)
|
||||
"46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
|
||||
# else
|
||||
- "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z"))
|
||||
+ "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z"))
|
||||
# endif
|
||||
!= -1) {
|
||||
switch (ch) {
|
||||
@@ -286,6 +288,10 @@ main(int argc, char *argv[])
|
||||
case 'c':
|
||||
usetls = 1;
|
||||
break;
|
||||
+# else
|
||||
+ case 'C':
|
||||
+ Cflag = 1;
|
||||
+ break;
|
||||
# endif
|
||||
case 'd':
|
||||
dflag = 1;
|
||||
@@ -1324,12 +1330,6 @@ readwrite(int net_fd)
|
||||
stdinbufpos == 0 && netinbufpos == 0)
|
||||
return;
|
||||
|
||||
- /* help says -i is for "wait between lines sent". We read and
|
||||
- * write arbitrary amounts of data, and we don't want to start
|
||||
- * scanning for newlines, so this is as good as it gets */
|
||||
- if (iflag)
|
||||
- sleep(iflag);
|
||||
-
|
||||
/* poll */
|
||||
num_fds = poll(pfd, 4, timeout);
|
||||
|
||||
@@ -1409,7 +1409,7 @@ readwrite(int net_fd)
|
||||
pfd[POLL_NETOUT].events = POLLOUT;
|
||||
else
|
||||
# else
|
||||
- &stdinbufpos);
|
||||
+ &stdinbufpos, (iflag || Cflag) ? 1 : 0);
|
||||
# endif
|
||||
if (ret == -1)
|
||||
pfd[POLL_NETOUT].fd = -1;
|
||||
@@ -1468,7 +1468,7 @@ readwrite(int net_fd)
|
||||
pfd[POLL_STDOUT].events = POLLOUT;
|
||||
else
|
||||
# else
|
||||
- &netinbufpos);
|
||||
+ &netinbufpos, 0);
|
||||
# endif
|
||||
if (ret == -1)
|
||||
pfd[POLL_STDOUT].fd = -1;
|
||||
@@ -1494,33 +1494,40 @@ readwrite(int net_fd)
|
||||
}
|
||||
|
||||
ssize_t
|
||||
-# if defined(TLS)
|
||||
-drainbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls)
|
||||
-# else
|
||||
-drainbuf(int fd, unsigned char *buf, size_t *bufpos)
|
||||
-# endif
|
||||
+drainbuf(int fd, unsigned char *buf, size_t *bufpos, int oneline)
|
||||
{
|
||||
- ssize_t n;
|
||||
+ ssize_t n, r;
|
||||
ssize_t adjust;
|
||||
+ unsigned char *lf = NULL;
|
||||
|
||||
-# if defined(TLS)
|
||||
- if (tls) {
|
||||
- n = tls_write(tls, buf, *bufpos);
|
||||
- if (n == -1)
|
||||
- errx(1, "tls write failed (%s)", tls_error(tls));
|
||||
- } else {
|
||||
-# endif
|
||||
- n = write(fd, buf, *bufpos);
|
||||
- /* don't treat EAGAIN, EINTR as error */
|
||||
- if (n == -1 && (errno == EAGAIN || errno == EINTR))
|
||||
-# if defined(TLS)
|
||||
- n = TLS_WANT_POLLOUT;
|
||||
- }
|
||||
-# else
|
||||
- n = -2;
|
||||
-# endif
|
||||
+ if (oneline)
|
||||
+ lf = memchr(buf, '\n', *bufpos);
|
||||
+ if (lf == NULL) {
|
||||
+ n = *bufpos;
|
||||
+ oneline = 0;
|
||||
+ }
|
||||
+ else if (Cflag && (lf == buf || buf[lf - buf - 1] != '\r')) {
|
||||
+ n = lf - buf;
|
||||
+ oneline = 2;
|
||||
+ }
|
||||
+ else
|
||||
+ n = lf - buf + 1;
|
||||
+ if (n > 0)
|
||||
+ n = write(fd, buf, n);
|
||||
+
|
||||
+ /* don't treat EAGAIN, EINTR as error */
|
||||
+ if (n == -1 && (errno == EAGAIN || errno == EINTR))
|
||||
+ n = -2;
|
||||
+ if (oneline == 2 && n >= 0)
|
||||
+ n++;
|
||||
if (n <= 0)
|
||||
return n;
|
||||
+
|
||||
+ if (oneline == 2 && (r = atomicio(vwrite, fd, "\r\n", 2)) != 2)
|
||||
+ err(1, "write failed (%zu/2)", r);
|
||||
+ if (oneline > 0 && iflag)
|
||||
+ sleep(iflag);
|
||||
+
|
||||
/* adjust buffer */
|
||||
adjust = *bufpos - n;
|
||||
if (adjust > 0)
|
||||
@@ -2030,6 +2037,7 @@ help(void)
|
||||
fprintf(stderr, "\tCommand Summary:\n\
|
||||
\t-4 Use IPv4\n\
|
||||
\t-6 Use IPv6\n\
|
||||
+ \t-C Send CRLF as line-ending\n\
|
||||
\t-D Enable the debug socket option\n\
|
||||
\t-d Detach from stdin\n\
|
||||
\t-F Pass socket fd\n\
|
||||
@@ -2067,7 +2075,7 @@ void
|
||||
usage(int ret)
|
||||
{
|
||||
fprintf(stderr,
|
||||
- "usage: nc [-46DdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
|
||||
+ "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
|
||||
"\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
|
||||
"\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
|
||||
"[-w timeout]\n"
|
|
@ -1,143 +0,0 @@
|
|||
From: Aron Xu <aron@debian.org>
|
||||
Date: Mon, 13 Feb 2012 15:16:04 +0800
|
||||
Subject: quit timer
|
||||
|
||||
---
|
||||
nc.1 | 10 ++++++++++
|
||||
netcat.c | 50 +++++++++++++++++++++++++++++++++++++++++---------
|
||||
2 files changed, 51 insertions(+), 9 deletions(-)
|
||||
|
||||
--- a/nc.1
|
||||
+++ b/nc.1
|
||||
@@ -41,6 +41,7 @@
|
||||
.Op Fl O Ar length
|
||||
.Op Fl P Ar proxy_username
|
||||
.Op Fl p Ar source_port
|
||||
+.Op Fl q Ar seconds
|
||||
.Op Fl s Ar source
|
||||
.Op Fl T Ar keyword
|
||||
.Op Fl V Ar rtable
|
||||
@@ -167,6 +168,15 @@ Proxy authentication is only supported f
|
||||
Specify the source port
|
||||
.Nm
|
||||
should use, subject to privilege restrictions and availability.
|
||||
+.It Fl q Ar seconds
|
||||
+after EOF on stdin, wait the specified number of
|
||||
+.Ar seconds
|
||||
+and then quit. If
|
||||
+.Ar seconds
|
||||
+is negative, wait forever (default). Specifying a non-negative
|
||||
+.Ar seconds
|
||||
+implies
|
||||
+.Fl N .
|
||||
.It Fl r
|
||||
Choose source and/or destination ports randomly
|
||||
instead of sequentially within a range or in the order that the system
|
||||
--- a/netcat.c
|
||||
+++ b/netcat.c
|
||||
@@ -139,6 +139,7 @@ int Nflag; /* shutdown() network soc
|
||||
int nflag; /* Don't do name look up */
|
||||
char *Pflag; /* Proxy username */
|
||||
char *pflag; /* Localport flag */
|
||||
+int qflag = -1; /* Quit after some secs */
|
||||
int rflag; /* Random ports flag */
|
||||
char *sflag; /* Source Address */
|
||||
int tflag; /* Telnet Emulation */
|
||||
@@ -224,6 +225,8 @@ ssize_t fillbuf(int, unsigned char *, si
|
||||
static int connect_with_timeout(int fd, const struct sockaddr *sa,
|
||||
socklen_t salen, int ctimeout);
|
||||
|
||||
+static void quit();
|
||||
+
|
||||
int
|
||||
main(int argc, char *argv[])
|
||||
{
|
||||
@@ -256,9 +259,9 @@ main(int argc, char *argv[])
|
||||
|
||||
while ((ch = getopt(argc, argv,
|
||||
# if defined(TLS)
|
||||
- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
|
||||
+ "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
|
||||
# else
|
||||
- "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z"))
|
||||
+ "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:z"))
|
||||
# endif
|
||||
!= -1) {
|
||||
switch (ch) {
|
||||
@@ -350,6 +353,13 @@ main(int argc, char *argv[])
|
||||
case 'p':
|
||||
pflag = optarg;
|
||||
break;
|
||||
+ case 'q':
|
||||
+ qflag = strtonum(optarg, INT_MIN, INT_MAX, &errstr);
|
||||
+ if (errstr)
|
||||
+ errx(1, "quit timer %s: %s", errstr, optarg);
|
||||
+ if (qflag >= 0)
|
||||
+ Nflag = 1;
|
||||
+ break;
|
||||
# if defined(TLS)
|
||||
case 'R':
|
||||
tls_cachanged = 1;
|
||||
@@ -1320,15 +1330,27 @@ readwrite(int net_fd)
|
||||
while (1) {
|
||||
/* both inputs are gone, buffers are empty, we are done */
|
||||
if (pfd[POLL_STDIN].fd == -1 && pfd[POLL_NETIN].fd == -1 &&
|
||||
- stdinbufpos == 0 && netinbufpos == 0)
|
||||
- return;
|
||||
+ stdinbufpos == 0 && netinbufpos == 0) {
|
||||
+ if (qflag <= 0)
|
||||
+ return;
|
||||
+ goto delay_exit;
|
||||
+ }
|
||||
/* both outputs are gone, we can't continue */
|
||||
- if (pfd[POLL_NETOUT].fd == -1 && pfd[POLL_STDOUT].fd == -1)
|
||||
- return;
|
||||
+ if (pfd[POLL_NETOUT].fd == -1 && pfd[POLL_STDOUT].fd == -1) {
|
||||
+ if (qflag <= 0)
|
||||
+ return;
|
||||
+ goto delay_exit;
|
||||
+ }
|
||||
/* listen and net in gone, queues empty, done */
|
||||
if (lflag && pfd[POLL_NETIN].fd == -1 &&
|
||||
- stdinbufpos == 0 && netinbufpos == 0)
|
||||
- return;
|
||||
+ stdinbufpos == 0 && netinbufpos == 0) {
|
||||
+ if (qflag <= 0)
|
||||
+ return;
|
||||
+delay_exit:
|
||||
+ close(net_fd);
|
||||
+ signal(SIGALRM, quit);
|
||||
+ alarm(qflag);
|
||||
+ }
|
||||
|
||||
/* poll */
|
||||
num_fds = poll(pfd, 4, timeout);
|
||||
@@ -2053,6 +2075,7 @@ help(void)
|
||||
\t-O length TCP send buffer length\n\
|
||||
\t-P proxyuser\tUsername for proxy authentication\n\
|
||||
\t-p port\t Specify local port for remote connects\n\
|
||||
+ \t-q secs\t quit after EOF on stdin and delay of secs\n\
|
||||
\t-r Randomize remote ports\n\
|
||||
\t-S Enable the TCP MD5 signature option\n\
|
||||
\t-s source Local source address\n\
|
||||
@@ -2077,10 +2100,19 @@ usage(int ret)
|
||||
fprintf(stderr,
|
||||
"usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
|
||||
"\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
|
||||
- "\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
|
||||
+ "\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
|
||||
"[-w timeout]\n"
|
||||
"\t [-X proxy_protocol] [-x proxy_address[:port]] "
|
||||
"\t [destination] [port]\n");
|
||||
if (ret)
|
||||
exit(1);
|
||||
}
|
||||
+
|
||||
+/*
|
||||
+ * quit()
|
||||
+ * handler for a "-q" timeout (exit 0 instead of 1)
|
||||
+ */
|
||||
+static void quit()
|
||||
+{
|
||||
+ exit(0);
|
||||
+}
|
|
@ -1,56 +0,0 @@
|
|||
From: Aron Xu <aron@debian.org>
|
||||
Date: Mon, 13 Feb 2012 15:29:37 +0800
|
||||
Subject: udp scan timeout
|
||||
|
||||
---
|
||||
netcat.c | 23 +++++++++++++++--------
|
||||
1 file changed, 15 insertions(+), 8 deletions(-)
|
||||
|
||||
--- a/netcat.c
|
||||
+++ b/netcat.c
|
||||
@@ -129,6 +129,8 @@
|
||||
#define CONNECTION_FAILED 1
|
||||
#define CONNECTION_TIMEOUT 2
|
||||
|
||||
+#define UDP_SCAN_TIMEOUT 3 /* Seconds */
|
||||
+
|
||||
/* Command Line Options */
|
||||
int dflag; /* detached, no stdin */
|
||||
int Fflag; /* fdpass sock to stdout */
|
||||
@@ -823,7 +825,7 @@ main(int argc, char *argv[])
|
||||
continue;
|
||||
|
||||
ret = 0;
|
||||
- if (vflag || zflag) {
|
||||
+ if (vflag) {
|
||||
/* For UDP, make sure we are connected. */
|
||||
if (uflag) {
|
||||
if (udptest(s) == -1) {
|
||||
@@ -1768,15 +1770,20 @@ build_ports(char *p)
|
||||
int
|
||||
udptest(int s)
|
||||
{
|
||||
- int i, ret;
|
||||
+ int i, t;
|
||||
|
||||
- for (i = 0; i <= 3; i++) {
|
||||
- if (write(s, "X", 1) == 1)
|
||||
- ret = 1;
|
||||
- else
|
||||
- ret = -1;
|
||||
+ if ((write(s, "X", 1) != 1) ||
|
||||
+ ((write(s, "X", 1) != 1) && (errno == ECONNREFUSED)))
|
||||
+ return -1;
|
||||
+
|
||||
+ /* Give the remote host some time to reply. */
|
||||
+ for (i = 0, t = (timeout == -1) ? UDP_SCAN_TIMEOUT : (timeout / 1000);
|
||||
+ i < t; i++) {
|
||||
+ sleep(1);
|
||||
+ if ((write(s, "X", 1) != 1) && (errno == ECONNREFUSED))
|
||||
+ return -1;
|
||||
}
|
||||
- return ret;
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
void
|
|
@ -1,235 +0,0 @@
|
|||
From: Aron Xu <aron@debian.org>
|
||||
Date: Mon, 13 Feb 2012 15:56:51 +0800
|
||||
Subject: dccp support
|
||||
|
||||
---
|
||||
nc.1 | 4 ++
|
||||
netcat.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++++----------
|
||||
2 files changed, 79 insertions(+), 14 deletions(-)
|
||||
|
||||
--- a/nc.1
|
||||
+++ b/nc.1
|
||||
@@ -33,7 +33,7 @@
|
||||
.Nd arbitrary TCP and UDP connections and listens
|
||||
.Sh SYNOPSIS
|
||||
.Nm nc
|
||||
-.Op Fl 46CDdFhklNnrStUuvz
|
||||
+.Op Fl 46CDdFhklNnrStUuvZz
|
||||
.Op Fl I Ar length
|
||||
.Op Fl i Ar interval
|
||||
.Op Fl M Ar ttl
|
||||
@@ -289,6 +289,8 @@ An IPv6 address can be specified unambig
|
||||
in square brackets.
|
||||
A proxy cannot be used with any of the options
|
||||
.Fl lsuU .
|
||||
+.It Fl Z
|
||||
+DCCP mode.
|
||||
.It Fl z
|
||||
Only scan for listening daemons, without sending any data to them.
|
||||
Cannot be used together with
|
||||
--- a/netcat.c
|
||||
+++ b/netcat.c
|
||||
@@ -146,6 +146,7 @@ int rflag; /* Random ports flag */
|
||||
char *sflag; /* Source Address */
|
||||
int tflag; /* Telnet Emulation */
|
||||
int uflag; /* UDP - Default to TCP */
|
||||
+int dccpflag; /* DCCP - Default to TCP */
|
||||
int vflag; /* Verbosity */
|
||||
int xflag; /* Socks proxy */
|
||||
int zflag; /* Port Scan Flag */
|
||||
@@ -224,6 +225,7 @@ ssize_t drainbuf(int, unsigned char *, s
|
||||
ssize_t fillbuf(int, unsigned char *, size_t *);
|
||||
# endif
|
||||
|
||||
+char *proto_name(int uflag, int dccpflag);
|
||||
static int connect_with_timeout(int fd, const struct sockaddr *sa,
|
||||
socklen_t salen, int ctimeout);
|
||||
|
||||
@@ -263,7 +265,7 @@ main(int argc, char *argv[])
|
||||
# if defined(TLS)
|
||||
"46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
|
||||
# else
|
||||
- "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:z"))
|
||||
+ "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:Zz"))
|
||||
# endif
|
||||
!= -1) {
|
||||
switch (ch) {
|
||||
@@ -380,6 +382,13 @@ main(int argc, char *argv[])
|
||||
case 'u':
|
||||
uflag = 1;
|
||||
break;
|
||||
+ case 'Z':
|
||||
+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
|
||||
+ dccpflag = 1;
|
||||
+# else
|
||||
+ errx(1, "no DCCP support available");
|
||||
+# endif
|
||||
+ break;
|
||||
case 'V':
|
||||
# if defined(RT_TABLEID_MAX)
|
||||
rtableid = (int)strtonum(optarg, 0,
|
||||
@@ -484,6 +493,10 @@ main(int argc, char *argv[])
|
||||
|
||||
/* Cruft to make sure options are clean, and used properly. */
|
||||
if (argv[0] && !argv[1] && family == AF_UNIX) {
|
||||
+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
|
||||
+ if (dccpflag)
|
||||
+ errx(1, "cannot use -Z and -U");
|
||||
+# endif
|
||||
host = argv[0];
|
||||
uport = NULL;
|
||||
} else if (!argv[0] && lflag) {
|
||||
@@ -578,8 +591,20 @@ main(int argc, char *argv[])
|
||||
if (family != AF_UNIX) {
|
||||
memset(&hints, 0, sizeof(struct addrinfo));
|
||||
hints.ai_family = family;
|
||||
- hints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
|
||||
- hints.ai_protocol = uflag ? IPPROTO_UDP : IPPROTO_TCP;
|
||||
+ if (uflag) {
|
||||
+ hints.ai_socktype = SOCK_DGRAM;
|
||||
+ hints.ai_protocol = IPPROTO_UDP;
|
||||
+ }
|
||||
+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
|
||||
+ else if (dccpflag) {
|
||||
+ hints.ai_socktype = SOCK_DCCP;
|
||||
+ hints.ai_protocol = IPPROTO_DCCP;
|
||||
+ }
|
||||
+# endif
|
||||
+ else {
|
||||
+ hints.ai_socktype = SOCK_STREAM;
|
||||
+ hints.ai_protocol = IPPROTO_TCP;
|
||||
+ }
|
||||
if (nflag)
|
||||
hints.ai_flags |= AI_NUMERICHOST;
|
||||
}
|
||||
@@ -587,7 +612,10 @@ main(int argc, char *argv[])
|
||||
if (xflag) {
|
||||
if (uflag)
|
||||
errx(1, "no proxy support for UDP mode");
|
||||
-
|
||||
+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
|
||||
+ if (dccpflag)
|
||||
+ errx(1, "no proxy support for DCCP mode");
|
||||
+# endif
|
||||
if (lflag)
|
||||
errx(1, "no proxy support for listen");
|
||||
|
||||
@@ -834,19 +862,20 @@ main(int argc, char *argv[])
|
||||
}
|
||||
}
|
||||
|
||||
+ char *proto = proto_name(uflag, dccpflag);
|
||||
/* Don't look up port if -n. */
|
||||
if (nflag)
|
||||
sv = NULL;
|
||||
else {
|
||||
sv = getservbyport(
|
||||
ntohs(atoi(portlist[i])),
|
||||
- uflag ? "udp" : "tcp");
|
||||
+ proto);
|
||||
}
|
||||
|
||||
fprintf(stderr,
|
||||
"Connection to %s %s port [%s/%s] "
|
||||
"succeeded!\n", host, portlist[i],
|
||||
- uflag ? "udp" : "tcp",
|
||||
+ proto,
|
||||
sv ? sv->s_name : "*");
|
||||
}
|
||||
if (Fflag)
|
||||
@@ -1061,6 +1090,24 @@ unix_listen(char *path)
|
||||
return s;
|
||||
}
|
||||
|
||||
+char *proto_name(int uflag, int dccpflag) {
|
||||
+
|
||||
+ char *proto = NULL;
|
||||
+ if (uflag) {
|
||||
+ proto = "udp";
|
||||
+ }
|
||||
+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
|
||||
+ else if (dccpflag) {
|
||||
+ proto = "dccp";
|
||||
+ }
|
||||
+# endif
|
||||
+ else {
|
||||
+ proto = "tcp";
|
||||
+ }
|
||||
+
|
||||
+ return proto;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* remote_connect()
|
||||
* Returns a socket connected to a remote host. Properly binds to a local
|
||||
@@ -1091,8 +1138,21 @@ remote_connect(const char *host, const c
|
||||
# endif
|
||||
memset(&ahints, 0, sizeof(struct addrinfo));
|
||||
ahints.ai_family = res->ai_family;
|
||||
- ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
|
||||
- ahints.ai_protocol = uflag ? IPPROTO_UDP : IPPROTO_TCP;
|
||||
+ if (uflag) {
|
||||
+ ahints.ai_socktype = SOCK_DGRAM;
|
||||
+ ahints.ai_protocol = IPPROTO_UDP;
|
||||
+
|
||||
+ }
|
||||
+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
|
||||
+ else if (dccpflag) {
|
||||
+ hints.ai_socktype = SOCK_DCCP;
|
||||
+ hints.ai_protocol = IPPROTO_DCCP;
|
||||
+ }
|
||||
+# endif
|
||||
+ else {
|
||||
+ ahints.ai_socktype = SOCK_STREAM;
|
||||
+ ahints.ai_protocol = IPPROTO_TCP;
|
||||
+ }
|
||||
ahints.ai_flags = AI_PASSIVE;
|
||||
if ((error = getaddrinfo(sflag, pflag, &ahints, &ares)))
|
||||
errx(1, "getaddrinfo: %s", gai_strerror(error));
|
||||
@@ -1104,15 +1164,16 @@ remote_connect(const char *host, const c
|
||||
}
|
||||
|
||||
set_common_sockopts(s, res->ai_family);
|
||||
+ char *proto = proto_name(uflag, dccpflag);
|
||||
|
||||
if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS)
|
||||
break;
|
||||
if (vflag && error == CONNECTION_FAILED)
|
||||
warn("connect to %s port %s (%s) failed", host, port,
|
||||
- uflag ? "udp" : "tcp");
|
||||
- else if (vflag && error == CONNECTION_TIMEOUT)
|
||||
+ proto);
|
||||
+ else if (vflag && error == CONNECTION_TIMEOUT)
|
||||
warn("connect to %s port %s (%s) timed out", host, port,
|
||||
- uflag ? "udp" : "tcp");
|
||||
+ proto);
|
||||
|
||||
save_errno = errno;
|
||||
close(s);
|
||||
@@ -1716,7 +1777,8 @@ build_ports(char *p)
|
||||
int hi, lo, cp;
|
||||
int x = 0;
|
||||
|
||||
- sv = getservbyname(p, uflag ? "udp" : "tcp");
|
||||
+ char *proto = proto_name(uflag, dccpflag);
|
||||
+ sv = getservbyname(p, proto);
|
||||
if (sv) {
|
||||
if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0)
|
||||
err(1, "asprintf");
|
||||
@@ -2096,6 +2158,7 @@ help(void)
|
||||
\t-w timeout Timeout for connects and final net reads\n\
|
||||
\t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\
|
||||
\t-x addr[:port]\tSpecify proxy address and port\n\
|
||||
+ \t-Z DCCP mode\n\
|
||||
\t-z Zero-I/O mode [used for scanning]\n\
|
||||
Port numbers can be individual or ranges: lo-hi [inclusive]\n");
|
||||
exit(0);
|
||||
@@ -2105,7 +2168,7 @@ void
|
||||
usage(int ret)
|
||||
{
|
||||
fprintf(stderr,
|
||||
- "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
|
||||
+ "usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]\n"
|
||||
"\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
|
||||
"\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
|
||||
"[-w timeout]\n"
|
|
@ -1,89 +0,0 @@
|
|||
From: Aron Xu <aron@debian.org>
|
||||
Date: Mon, 13 Feb 2012 19:06:52 +0800
|
||||
Subject: broadcast support
|
||||
|
||||
---
|
||||
nc.1 | 4 +++-
|
||||
netcat.c | 22 ++++++++++++++++++++--
|
||||
2 files changed, 23 insertions(+), 3 deletions(-)
|
||||
|
||||
--- a/nc.1
|
||||
+++ b/nc.1
|
||||
@@ -33,7 +33,7 @@
|
||||
.Nd arbitrary TCP and UDP connections and listens
|
||||
.Sh SYNOPSIS
|
||||
.Nm nc
|
||||
-.Op Fl 46CDdFhklNnrStUuvZz
|
||||
+.Op Fl 46bCDdFhklNnrStUuvZz
|
||||
.Op Fl I Ar length
|
||||
.Op Fl i Ar interval
|
||||
.Op Fl M Ar ttl
|
||||
@@ -93,6 +93,8 @@ The options are as follows:
|
||||
Use IPv4 addresses only.
|
||||
.It Fl 6
|
||||
Use IPv6 addresses only.
|
||||
+.It Fl b
|
||||
+Allow broadcast.
|
||||
.It Fl C
|
||||
Send CRLF as line-ending. Each line feed (LF) character from the input
|
||||
data is translated into CR+LF before being written to the socket. Line
|
||||
--- a/netcat.c
|
||||
+++ b/netcat.c
|
||||
@@ -132,6 +132,7 @@
|
||||
#define UDP_SCAN_TIMEOUT 3 /* Seconds */
|
||||
|
||||
/* Command Line Options */
|
||||
+int bflag; /* Allow Broadcast */
|
||||
int dflag; /* detached, no stdin */
|
||||
int Fflag; /* fdpass sock to stdout */
|
||||
unsigned int iflag; /* Interval Flag */
|
||||
@@ -263,9 +264,9 @@ main(int argc, char *argv[])
|
||||
|
||||
while ((ch = getopt(argc, argv,
|
||||
# if defined(TLS)
|
||||
- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
|
||||
+ "46bC:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
|
||||
# else
|
||||
- "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:Zz"))
|
||||
+ "46bCDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:Zz"))
|
||||
# endif
|
||||
!= -1) {
|
||||
switch (ch) {
|
||||
@@ -275,6 +276,13 @@ main(int argc, char *argv[])
|
||||
case '6':
|
||||
family = AF_INET6;
|
||||
break;
|
||||
+ case 'b':
|
||||
+# if defined(SO_BROADCAST)
|
||||
+ bflag = 1;
|
||||
+# else
|
||||
+ errx(1, "no broadcast frame support available");
|
||||
+# endif
|
||||
+ break;
|
||||
case 'U':
|
||||
family = AF_UNIX;
|
||||
break;
|
||||
@@ -1853,6 +1861,15 @@ set_common_sockopts(int s, int af)
|
||||
{
|
||||
int x = 1;
|
||||
|
||||
+# if defined(SO_BROADCAST)
|
||||
+ if (bflag) {
|
||||
+ /* allow datagram sockets to send packets to a broadcast address
|
||||
+ * (this option has no effect on stream-oriented sockets) */
|
||||
+ if (setsockopt(s, SOL_SOCKET, SO_BROADCAST,
|
||||
+ &x, sizeof(x)) == -1)
|
||||
+ err(1, NULL);
|
||||
+ }
|
||||
+# endif
|
||||
# if defined(TCP_MD5SIG)
|
||||
if (Sflag) {
|
||||
if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG,
|
||||
@@ -2128,6 +2145,7 @@ help(void)
|
||||
fprintf(stderr, "\tCommand Summary:\n\
|
||||
\t-4 Use IPv4\n\
|
||||
\t-6 Use IPv6\n\
|
||||
+ \t-b Allow broadcast\n\
|
||||
\t-C Send CRLF as line-ending\n\
|
||||
\t-D Enable the debug socket option\n\
|
||||
\t-d Detach from stdin\n\
|
|
@ -1,49 +0,0 @@
|
|||
From: Aron Xu <aron@debian.org>
|
||||
Date: Tue, 14 Feb 2012 23:02:00 +0800
|
||||
Subject: serialized handling multiple clients
|
||||
|
||||
---
|
||||
netcat.c | 17 ++++++++---------
|
||||
1 file changed, 8 insertions(+), 9 deletions(-)
|
||||
|
||||
--- a/netcat.c
|
||||
+++ b/netcat.c
|
||||
@@ -708,7 +708,10 @@ main(int argc, char *argv[])
|
||||
s = unix_bind(host, 0);
|
||||
else
|
||||
s = unix_listen(host);
|
||||
- }
|
||||
+ } else
|
||||
+ s = local_listen(host, uport, hints);
|
||||
+ if (s < 0)
|
||||
+ err(1, NULL);
|
||||
|
||||
# if defined(TLS)
|
||||
if (usetls) {
|
||||
@@ -722,13 +725,6 @@ main(int argc, char *argv[])
|
||||
# endif
|
||||
/* Allow only one connection at a time, but stay alive. */
|
||||
for (;;) {
|
||||
- if (family != AF_UNIX) {
|
||||
- if (s != -1)
|
||||
- close(s);
|
||||
- s = local_listen(host, uport, hints);
|
||||
- }
|
||||
- if (s == -1)
|
||||
- err(1, NULL);
|
||||
if (uflag && kflag) {
|
||||
/*
|
||||
* For UDP and -k, don't connect the socket,
|
||||
@@ -805,8 +801,11 @@ main(int argc, char *argv[])
|
||||
err(1, "connect");
|
||||
}
|
||||
|
||||
- if (!kflag)
|
||||
+ if (!kflag) {
|
||||
+ if (s != -1)
|
||||
+ close(s);
|
||||
break;
|
||||
+ }
|
||||
}
|
||||
} else if (family == AF_UNIX) {
|
||||
ret = 0;
|
|
@ -1,101 +0,0 @@
|
|||
From: Thomas Habets <habets@google.com>
|
||||
Date: Sat, 18 Feb 2017 21:07:22 +0000
|
||||
Subject: Set TCP MD5SIG correctly for client connections
|
||||
|
||||
---
|
||||
netcat.c | 31 ++++++++++++++++++++++++-------
|
||||
1 file changed, 24 insertions(+), 7 deletions(-)
|
||||
|
||||
--- a/netcat.c
|
||||
+++ b/netcat.c
|
||||
@@ -46,6 +46,9 @@
|
||||
#ifdef __linux__
|
||||
# include <linux/in6.h>
|
||||
#endif
|
||||
+#if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN)
|
||||
+# include <bsd/readpassphrase.h>
|
||||
+#endif
|
||||
|
||||
#ifndef IPTOS_LOWDELAY
|
||||
# define IPTOS_LOWDELAY 0x10
|
||||
@@ -175,6 +178,9 @@ FILE *Zflag; /* file to save peer ce
|
||||
int Cflag = 0; /* CRLF line-ending */
|
||||
# endif
|
||||
|
||||
+# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN)
|
||||
+char Sflag_password[TCP_MD5SIG_MAXKEYLEN];
|
||||
+# endif
|
||||
int recvcount, recvlimit;
|
||||
int timeout = -1;
|
||||
int family = AF_UNSPEC;
|
||||
@@ -205,7 +211,7 @@ int udptest(int);
|
||||
int unix_bind(char *, int);
|
||||
int unix_connect(char *);
|
||||
int unix_listen(char *);
|
||||
-void set_common_sockopts(int, int);
|
||||
+void set_common_sockopts(int, const struct sockaddr *);
|
||||
int process_tos_opt(char *, int *);
|
||||
# if defined(TLS)
|
||||
int process_tls_opt(char *, int *);
|
||||
@@ -458,7 +464,10 @@ main(int argc, char *argv[])
|
||||
break;
|
||||
# endif
|
||||
case 'S':
|
||||
-# if defined(TCP_MD5SIG)
|
||||
+# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN)
|
||||
+ if (readpassphrase("TCP MD5SIG password: ",
|
||||
+ Sflag_password, TCP_MD5SIG_MAXKEYLEN, RPP_REQUIRE_TTY) == NULL)
|
||||
+ errx(1, "Unable to read TCP MD5SIG password");
|
||||
Sflag = 1;
|
||||
# else
|
||||
errx(1, "no TCP MD5 signature support available");
|
||||
@@ -1170,7 +1179,7 @@ remote_connect(const char *host, const c
|
||||
freeaddrinfo(ares);
|
||||
}
|
||||
|
||||
- set_common_sockopts(s, res->ai_family);
|
||||
+ set_common_sockopts(s, res->ai_addr);
|
||||
char *proto = proto_name(uflag, dccpflag);
|
||||
|
||||
if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS)
|
||||
@@ -1324,7 +1333,7 @@ local_listen(const char *host, const cha
|
||||
err(1, NULL);
|
||||
# endif
|
||||
|
||||
- set_common_sockopts(s, res->ai_family);
|
||||
+ set_common_sockopts(s, res->ai_addr);
|
||||
|
||||
if (bind(s, (struct sockaddr *)res->ai_addr,
|
||||
res->ai_addrlen) == 0)
|
||||
@@ -1856,9 +1865,10 @@ udptest(int s)
|
||||
}
|
||||
|
||||
void
|
||||
-set_common_sockopts(int s, int af)
|
||||
+set_common_sockopts(int s, const struct sockaddr* sa)
|
||||
{
|
||||
int x = 1;
|
||||
+ int af = sa->sa_family;
|
||||
|
||||
# if defined(SO_BROADCAST)
|
||||
if (bflag) {
|
||||
@@ -1869,10 +1879,17 @@ set_common_sockopts(int s, int af)
|
||||
err(1, NULL);
|
||||
}
|
||||
# endif
|
||||
-# if defined(TCP_MD5SIG)
|
||||
+# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN)
|
||||
if (Sflag) {
|
||||
+ struct tcp_md5sig sig;
|
||||
+ memset(&sig, 0, sizeof(sig));
|
||||
+ memcpy(&sig.tcpm_addr, sa, sizeof(struct sockaddr_storage));
|
||||
+ sig.tcpm_keylen = TCP_MD5SIG_MAXKEYLEN < strlen(Sflag_password)
|
||||
+ ? TCP_MD5SIG_MAXKEYLEN
|
||||
+ : strlen(Sflag_password);
|
||||
+ strlcpy(sig.tcpm_key, Sflag_password, sig.tcpm_keylen);
|
||||
if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG,
|
||||
- &x, sizeof(x)) == -1)
|
||||
+ &sig, sizeof(sig)) == -1)
|
||||
err(1, NULL);
|
||||
}
|
||||
# endif
|
|
@ -1,191 +0,0 @@
|
|||
From: Guilhem Moulin <guilhem@debian.org>
|
||||
Date: Mon, 22 Oct 2018 04:15:52 +0200
|
||||
Subject: destination port list
|
||||
|
||||
---
|
||||
nc.1 | 26 ++++++++++++++++---
|
||||
netcat.c | 86 ++++++++++++++++++++++++++++++++-------------------------------
|
||||
2 files changed, 68 insertions(+), 44 deletions(-)
|
||||
|
||||
--- a/nc.1
|
||||
+++ b/nc.1
|
||||
@@ -414,15 +414,35 @@ The
|
||||
flag can be used to tell
|
||||
.Nm
|
||||
to report open ports,
|
||||
-rather than initiate a connection.
|
||||
+rather than initiate a connection. Usually it's useful to turn on verbose
|
||||
+output to stderr by use this option in conjunction with
|
||||
+.Fl v
|
||||
+option.
|
||||
+.Pp
|
||||
For example:
|
||||
.Bd -literal -offset indent
|
||||
-$ nc -z host.example.com 20-30
|
||||
+$ nc \-zv host.example.com 20-30
|
||||
Connection to host.example.com 22 port [tcp/ssh] succeeded!
|
||||
Connection to host.example.com 25 port [tcp/smtp] succeeded!
|
||||
.Ed
|
||||
.Pp
|
||||
-The port range was specified to limit the search to ports 20 \- 30.
|
||||
+The port range was specified to limit the search to ports 20 \- 30, and is
|
||||
+scanned by increasing order (unless the
|
||||
+.Fl r
|
||||
+flag is set).
|
||||
+.Pp
|
||||
+You can also specify a list of ports to scan, for example:
|
||||
+.Bd -literal -offset indent
|
||||
+$ nc \-zv host.example.com http 20 22-23
|
||||
+nc: connect to host.example.com 80 (tcp) failed: Connection refused
|
||||
+nc: connect to host.example.com 20 (tcp) failed: Connection refused
|
||||
+Connection to host.example.com port [tcp/ssh] succeeded!
|
||||
+nc: connect to host.example.com 23 (tcp) failed: Connection refused
|
||||
+.Ed
|
||||
+.Pp
|
||||
+The ports are scanned by the order you given (unless the
|
||||
+.Fl r
|
||||
+flag is set).
|
||||
.Pp
|
||||
Alternatively, it might be useful to know which server software
|
||||
is running, and which versions.
|
||||
--- a/netcat.c
|
||||
+++ b/netcat.c
|
||||
@@ -191,7 +191,7 @@ int minttl = -1;
|
||||
|
||||
void atelnet(int, unsigned char *, unsigned int);
|
||||
int strtoport(char *portstr, int udp);
|
||||
-void build_ports(char *);
|
||||
+void build_ports(char **);
|
||||
void help(void) __attribute__((noreturn));
|
||||
int local_listen(const char *, const char *, struct addrinfo);
|
||||
# if defined(TLS)
|
||||
@@ -242,7 +242,7 @@ int
|
||||
main(int argc, char *argv[])
|
||||
{
|
||||
int ch, s = -1, ret, socksv;
|
||||
- char *host, *uport;
|
||||
+ char *host, **uport;
|
||||
struct addrinfo hints;
|
||||
struct servent *sv;
|
||||
socklen_t len;
|
||||
@@ -526,11 +526,11 @@ main(int argc, char *argv[])
|
||||
} else if (argv[0] && !argv[1]) {
|
||||
if (!lflag)
|
||||
usage(1);
|
||||
- uport = argv[0];
|
||||
+ uport = &argv[0];
|
||||
host = NULL;
|
||||
} else if (argv[0] && argv[1]) {
|
||||
host = argv[0];
|
||||
- uport = argv[1];
|
||||
+ uport = &argv[1];
|
||||
} else
|
||||
usage(1);
|
||||
|
||||
@@ -718,7 +718,7 @@ main(int argc, char *argv[])
|
||||
else
|
||||
s = unix_listen(host);
|
||||
} else
|
||||
- s = local_listen(host, uport, hints);
|
||||
+ s = local_listen(host, *uport, hints);
|
||||
if (s < 0)
|
||||
err(1, NULL);
|
||||
|
||||
@@ -1786,57 +1786,61 @@ strtoport(char *portstr, int udp)
|
||||
* that we should try to connect to.
|
||||
*/
|
||||
void
|
||||
-build_ports(char *p)
|
||||
+build_ports(char **p)
|
||||
{
|
||||
struct servent *sv;
|
||||
char *n;
|
||||
int hi, lo, cp;
|
||||
int x = 0;
|
||||
+ int i;
|
||||
|
||||
char *proto = proto_name(uflag, dccpflag);
|
||||
- sv = getservbyname(p, proto);
|
||||
- if (sv) {
|
||||
- if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0)
|
||||
- err(1, "asprintf");
|
||||
- } else if (isdigit((unsigned char)*p) && (n = strchr(p, '-')) != NULL) {
|
||||
- *n = '\0';
|
||||
- n++;
|
||||
-
|
||||
- /* Make sure the ports are in order: lowest->highest. */
|
||||
- hi = strtoport(n, uflag);
|
||||
- lo = strtoport(p, uflag);
|
||||
- if (lo > hi) {
|
||||
- cp = hi;
|
||||
- hi = lo;
|
||||
- lo = cp;
|
||||
- }
|
||||
-
|
||||
- /*
|
||||
- * Initialize portlist with a random permutation. Based on
|
||||
- * Knuth, as in ip_randomid() in sys/netinet/ip_id.c.
|
||||
- */
|
||||
- if (rflag) {
|
||||
- for (x = 0; x <= hi - lo; x++) {
|
||||
- cp = arc4random_uniform(x + 1);
|
||||
- portlist[x] = portlist[cp];
|
||||
- if (asprintf(&portlist[cp], "%d", x + lo) == -1)
|
||||
- err(1, "asprintf");
|
||||
+ for (i = 0; p[i] != NULL; i++) {
|
||||
+ sv = getservbyname(p[i], proto);
|
||||
+ if (sv) {
|
||||
+ if (asprintf(&portlist[x], "%d", ntohs(sv->s_port)) < 0)
|
||||
+ err(1, "asprintf");
|
||||
+ x++;
|
||||
+ } else if (isdigit((unsigned char)*p[i]) && (n = strchr(p[i], '-')) != NULL) {
|
||||
+ *n = '\0';
|
||||
+ n++;
|
||||
+
|
||||
+ /* Make sure the ports are in order: lowest->highest. */
|
||||
+ hi = strtoport(n, uflag);
|
||||
+ lo = strtoport(p[i], uflag);
|
||||
+ if (lo > hi) {
|
||||
+ cp = hi;
|
||||
+ hi = lo;
|
||||
+ lo = cp;
|
||||
}
|
||||
- } else { /* Load ports sequentially. */
|
||||
+
|
||||
+ /* Load ports sequentially. */
|
||||
for (cp = lo; cp <= hi; cp++) {
|
||||
if (asprintf(&portlist[x], "%d", cp) == -1)
|
||||
err(1, "asprintf");
|
||||
x++;
|
||||
}
|
||||
+ } else {
|
||||
+ hi = strtoport(p[i], uflag);
|
||||
+ if (asprintf(&portlist[x], "%d", hi) < 0)
|
||||
+ err(1, "asprintf");
|
||||
+ x++;
|
||||
}
|
||||
- } else {
|
||||
- char *tmp;
|
||||
+ }
|
||||
|
||||
- hi = strtoport(p, uflag);
|
||||
- if (asprintf(&tmp, "%d", hi) != -1)
|
||||
- portlist[0] = tmp;
|
||||
- else
|
||||
- err(1, NULL);
|
||||
+ /*
|
||||
+ * Initialize portlist with a random permutation using
|
||||
+ * Fisher–Yates shuffle.
|
||||
+ */
|
||||
+ if (rflag) {
|
||||
+ for (i = x-1; i > 0; i--) {
|
||||
+ cp = arc4random_uniform(i+1);
|
||||
+ if (cp != i) {
|
||||
+ n = portlist[i];
|
||||
+ portlist[i] = portlist[cp];
|
||||
+ portlist[cp] = n;
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
|
@ -1,108 +0,0 @@
|
|||
From: Guilhem Moulin <guilhem@debian.org>
|
||||
Date: Mon, 22 Oct 2018 04:50:54 +0200
|
||||
Subject: use -s/-p flags to specify listen address
|
||||
|
||||
---
|
||||
nc.1 | 18 ++++++++++++++----
|
||||
netcat.c | 51 +++++++++++++++++++++++++++++++--------------------
|
||||
2 files changed, 45 insertions(+), 24 deletions(-)
|
||||
|
||||
--- a/nc.1
|
||||
+++ b/nc.1
|
||||
@@ -143,8 +143,20 @@ multiple hosts.
|
||||
.It Fl l
|
||||
Listen for an incoming connection rather than initiating a
|
||||
connection to a remote host.
|
||||
-Cannot be used together with any of the options
|
||||
-.Fl psxz .
|
||||
+The
|
||||
+.Ar destination
|
||||
+and
|
||||
+.Ar port
|
||||
+to listen on can be specified either as non-optional arguments, or with
|
||||
+options
|
||||
+.Fl s
|
||||
+and
|
||||
+.Fl p
|
||||
+respectively.
|
||||
+Cannot be used together with
|
||||
+.Fl x
|
||||
+or
|
||||
+.Fl z .
|
||||
Additionally, any timeouts specified with the
|
||||
.Fl w
|
||||
option are ignored.
|
||||
@@ -194,8 +206,6 @@ For
|
||||
datagram sockets, specifies the local temporary socket file
|
||||
to create and use so that datagrams can be received.
|
||||
Cannot be used together with
|
||||
-.Fl l
|
||||
-or
|
||||
.Fl x .
|
||||
.It Fl T Ar keyword
|
||||
Change the IPv4 TOS/IPv6 traffic class value.
|
||||
--- a/netcat.c
|
||||
+++ b/netcat.c
|
||||
@@ -509,31 +509,42 @@ main(int argc, char *argv[])
|
||||
# endif
|
||||
|
||||
/* Cruft to make sure options are clean, and used properly. */
|
||||
- if (argv[0] && !argv[1] && family == AF_UNIX) {
|
||||
-# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
|
||||
- if (dccpflag)
|
||||
- errx(1, "cannot use -Z and -U");
|
||||
-# endif
|
||||
- host = argv[0];
|
||||
- uport = NULL;
|
||||
- } else if (!argv[0] && lflag) {
|
||||
- if (sflag)
|
||||
- errx(1, "cannot use -s and -l");
|
||||
- if (pflag)
|
||||
- errx(1, "cannot use -p and -l");
|
||||
- if (zflag)
|
||||
- errx(1, "cannot use -z and -l");
|
||||
- } else if (argv[0] && !argv[1]) {
|
||||
- if (!lflag)
|
||||
- usage(1);
|
||||
- uport = &argv[0];
|
||||
- host = NULL;
|
||||
- } else if (argv[0] && argv[1]) {
|
||||
+ if (argc == 0 && lflag) {
|
||||
+ uport = &pflag;
|
||||
+ host = sflag;
|
||||
+ } else if (argc == 1 && !pflag &&
|
||||
+ /* `nc -l 12345` or `nc -U bar` or `nc -uU -s foo bar` */
|
||||
+ (!sflag || (family == AF_UNIX && uflag && !lflag))) {
|
||||
+ if (family == AF_UNIX) {
|
||||
+ host = argv[0];
|
||||
+ uport = NULL;
|
||||
+ } else if (lflag) {
|
||||
+ host = NULL;
|
||||
+ uport = argv;
|
||||
+ }
|
||||
+ } else if (argc >= 2) {
|
||||
+ if (lflag && (pflag || sflag || argc > 2))
|
||||
+ usage(1); /* conflict */
|
||||
host = argv[0];
|
||||
uport = &argv[1];
|
||||
} else
|
||||
usage(1);
|
||||
|
||||
+ if (family == AF_UNIX) {
|
||||
+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
|
||||
+ if (dccpflag)
|
||||
+ errx(1, "cannot use -Z and -U");
|
||||
+# endif
|
||||
+ if (uport && *uport)
|
||||
+ errx(1, "cannot use port with -U");
|
||||
+ if (!host)
|
||||
+ errx(1, "missing socket pathname");
|
||||
+ } else if (!uport || !*uport)
|
||||
+ errx(1, "missing port number");
|
||||
+
|
||||
+ if (lflag && zflag)
|
||||
+ errx(1, "cannot use -z and -l");
|
||||
+
|
||||
# if defined(TLS)
|
||||
if (usetls) {
|
||||
if (Cflag && unveil(Cflag, "r") == -1)
|
|
@ -1,145 +0,0 @@
|
|||
From: Aron Xu <aron@debian.org>
|
||||
Date: Mon, 13 Feb 2012 19:06:52 +0800
|
||||
Subject: misc failures and features
|
||||
|
||||
---
|
||||
Makefile | 3 ++-
|
||||
nc.1 | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
netcat.c | 14 ++++++++++++--
|
||||
3 files changed, 65 insertions(+), 3 deletions(-)
|
||||
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -3,7 +3,8 @@
|
||||
PROG= nc
|
||||
SRCS= netcat.c atomicio.c socks.c
|
||||
|
||||
-LIBS= `pkg-config --libs libbsd` -lresolv
|
||||
+PKG_CONFIG ?= pkg-config
|
||||
+LIBS= `$(PKG_CONFIG) --libs libbsd` -lresolv
|
||||
OBJS= $(SRCS:.c=.o)
|
||||
CFLAGS= -g -O2
|
||||
LDFLAGS= -Wl,--no-add-needed
|
||||
--- a/nc.1
|
||||
+++ b/nc.1
|
||||
@@ -365,6 +365,54 @@ and which side is being used as a
|
||||
The connection may be terminated using an
|
||||
.Dv EOF
|
||||
.Pq Sq ^D .
|
||||
+.Pp
|
||||
+There is no
|
||||
+.Fl c
|
||||
+or
|
||||
+.Fl e
|
||||
+option in this netcat, but you still can execute a command after connection
|
||||
+being established by redirecting file descriptors. Be cautious here because
|
||||
+opening a port and let anyone connected execute arbitrary command on your
|
||||
+site is DANGEROUS. If you really need to do this, here is an example:
|
||||
+.Pp
|
||||
+On
|
||||
+.Sq server
|
||||
+side:
|
||||
+.Pp
|
||||
+.Dl $ rm -f /tmp/f; mkfifo /tmp/f
|
||||
+.Dl $ cat /tmp/f | /bin/sh -i 2>&1 | nc -l 127.0.0.1 1234 > /tmp/f
|
||||
+.Pp
|
||||
+On
|
||||
+.Sq client
|
||||
+side:
|
||||
+.Pp
|
||||
+.Dl $ nc host.example.com 1234
|
||||
+.Dl $ (shell prompt from host.example.com)
|
||||
+.Pp
|
||||
+By doing this, you create a fifo at /tmp/f and make nc listen at port 1234
|
||||
+of address 127.0.0.1 on
|
||||
+.Sq server
|
||||
+side, when a
|
||||
+.Sq client
|
||||
+establishes a connection successfully to that port, /bin/sh gets executed
|
||||
+on
|
||||
+.Sq server
|
||||
+side and the shell prompt is given to
|
||||
+.Sq client
|
||||
+side.
|
||||
+.Pp
|
||||
+When connection is terminated,
|
||||
+.Nm
|
||||
+quits as well. Use
|
||||
+.Fl k
|
||||
+if you want it keep listening, but if the command quits this option won't
|
||||
+restart it or keep
|
||||
+.Nm
|
||||
+running. Also don't forget to remove the file descriptor once you don't need
|
||||
+it anymore:
|
||||
+.Pp
|
||||
+.Dl $ rm -f /tmp/f
|
||||
+.Pp
|
||||
.Sh DATA TRANSFER
|
||||
The example in the previous section can be expanded to build a
|
||||
basic data transfer model.
|
||||
@@ -517,6 +565,9 @@ Original implementation by
|
||||
.br
|
||||
Rewritten with IPv6 support by
|
||||
.An Eric Jackson Aq Mt ericj@monkey.org .
|
||||
+.br
|
||||
+Modified for Debian port by Aron Xu
|
||||
+.Aq aron@debian.org .
|
||||
.Sh CAVEATS
|
||||
UDP port scans using the
|
||||
.Fl uz
|
||||
--- a/netcat.c
|
||||
+++ b/netcat.c
|
||||
@@ -98,6 +98,7 @@
|
||||
#include <netdb.h>
|
||||
#include <poll.h>
|
||||
#include <signal.h>
|
||||
+#include <stddef.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
@@ -246,7 +247,10 @@ main(int argc, char *argv[])
|
||||
struct addrinfo hints;
|
||||
struct servent *sv;
|
||||
socklen_t len;
|
||||
- struct sockaddr_storage cliaddr;
|
||||
+ union {
|
||||
+ struct sockaddr_storage storage;
|
||||
+ struct sockaddr_un forunix;
|
||||
+ } cliaddr;
|
||||
char *proxy = NULL, *proxyport = NULL;
|
||||
const char *errstr;
|
||||
struct addrinfo proxyhints;
|
||||
@@ -948,6 +952,8 @@ unix_bind(char *path, int flags)
|
||||
0)) == -1)
|
||||
return -1;
|
||||
|
||||
+ unlink(path);
|
||||
+
|
||||
memset(&s_un, 0, sizeof(struct sockaddr_un));
|
||||
s_un.sun_family = AF_UNIX;
|
||||
|
||||
@@ -1073,8 +1079,10 @@ unix_connect(char *path)
|
||||
if ((s = unix_bind(unix_dg_tmp_socket, SOCK_CLOEXEC)) == -1)
|
||||
return -1;
|
||||
} else {
|
||||
- if ((s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) == -1)
|
||||
+ if ((s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) == -1) {
|
||||
+ errx(1, "create unix socket failed");
|
||||
return -1;
|
||||
+ }
|
||||
}
|
||||
|
||||
memset(&s_un, 0, sizeof(struct sockaddr_un));
|
||||
@@ -1084,10 +1092,12 @@ unix_connect(char *path)
|
||||
sizeof(s_un.sun_path)) {
|
||||
close(s);
|
||||
errno = ENAMETOOLONG;
|
||||
+ warn("unix connect abandoned");
|
||||
return -1;
|
||||
}
|
||||
if (connect(s, (struct sockaddr *)&s_un, sizeof(s_un)) == -1) {
|
||||
save_errno = errno;
|
||||
+ warn("unix connect failed");
|
||||
close(s);
|
||||
errno = save_errno;
|
||||
return -1;
|
Loading…
Reference in New Issue