pool/netcat-openbsd
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 648975 from network:utilities

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/648975
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/netcat-openbsd?expand=0&rev=24
This commit is contained in:
Dominique Leuenberger 2018-11-26 09:16:01 +00:00 committed by Git OBS Bridge
commit afd0012796
19 changed files with 1029 additions and 695 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
broadcast-support.patch Normal file
View File

@ -0,0 +1,89 @@
From: Aron Xu <aron@debian.org>
Date: Mon, 13 Feb 2012 19:06:52 +0800
Subject: broadcast support
---
nc.1 | 4 +++-
netcat.c | 22 ++++++++++++++++++++--
2 files changed, 23 insertions(+), 3 deletions(-)
--- a/nc.1
+++ b/nc.1
@@ -33,7 +33,7 @@
.Nd arbitrary TCP and UDP connections and listens
.Sh SYNOPSIS
.Nm nc
-.Op Fl 46CDdFhklNnrStUuvZz
+.Op Fl 46bCDdFhklNnrStUuvZz
.Op Fl I Ar length
.Op Fl i Ar interval
.Op Fl M Ar ttl
@@ -93,6 +93,8 @@ The options are as follows:
Use IPv4 addresses only.
.It Fl 6
Use IPv6 addresses only.
+.It Fl b
+Allow broadcast.
.It Fl C
Send CRLF as line-ending. Each line feed (LF) character from the input
data is translated into CR+LF before being written to the socket. Line
--- a/netcat.c
+++ b/netcat.c
@@ -133,6 +133,7 @@
#define UDP_SCAN_TIMEOUT 3 /* Seconds */
/* Command Line Options */
+int bflag; /* Allow Broadcast */
int dflag; /* detached, no stdin */
int Fflag; /* fdpass sock to stdout */
unsigned int iflag; /* Interval Flag */
@@ -261,9 +262,9 @@ main(int argc, char *argv[])
while ((ch = getopt(argc, argv,
# if defined(TLS)
- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
+ "46bC:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
# else
- "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:Zz"))
+ "46bCDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:Zz"))
# endif
!= -1) {
switch (ch) {
@@ -273,6 +274,13 @@ main(int argc, char *argv[])
case '6':
family = AF_INET6;
break;
+ case 'b':
+# if defined(SO_BROADCAST)
+ bflag = 1;
+# else
+ errx(1, "no broadcast frame support available");
+# endif
+ break;
case 'U':
family = AF_UNIX;
break;
@@ -1843,6 +1851,15 @@ set_common_sockopts(int s, int af)
{
int x = 1;
+# if defined(SO_BROADCAST)
+ if (bflag) {
+ /* allow datagram sockets to send packets to a broadcast address
+ * (this option has no effect on stream-oriented sockets) */
+ if (setsockopt(s, SOL_SOCKET, SO_BROADCAST,
+ &x, sizeof(x)) == -1)
+ err(1, NULL);
+ }
+# endif
# if defined(TCP_MD5SIG)
if (Sflag) {
if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG,
@@ -2122,6 +2139,7 @@ help(void)
fprintf(stderr, "\tCommand Summary:\n\
\t-4 Use IPv4\n\
\t-6 Use IPv6\n\
+ \t-b Allow broadcast\n\
\t-C Send CRLF as line-ending\n\
\t-D Enable the debug socket option\n\
\t-d Detach from stdin\n\

470
compile-without-TLS-support.patch → build-without-TLS-support.patch
View File

@ -1,15 +1,15 @@
From: Guilhem Moulin <guilhem@debian.org>
Date: Fri, 09 Jun 2017 13:21:23 +0200
Subject: compile without TLS support
Subject: build without TLS support
tls.h isn't available in libsd-dev, and -C is already taken for
CRLF line-ending in the Debian-specific patches.
tls.h isn't available in libsd-dev, and TLS supports adds options (-C, -Z)
that are already used by our Debian-specific patches.
---
Makefile | 2
nc.1 | 63 -----------------------
netcat.c | 166 +++++++++++++++++++++++++++++++++++++++++++++++++++++----------
3 files changed, 144 insertions(+), 87 deletions(-)
nc.1 | 114 ++---------------------------------------
netcat.c | 172 +++++++++++++++++++++++++++++++++++++++++++++++++++++----------
3 files changed, 152 insertions(+), 136 deletions(-)
--- a/Makefile
+++ b/Makefile
@ -46,145 +46,219 @@ CRLF line-ending in the Debian-specific patches.
.Op Fl s Ar source
.Op Fl T Ar keyword
.Op Fl V Ar rtable
@@ -101,20 +95,10 @@ to use IPv4 addresses only.
Forces
.Nm
to use IPv6 addresses only.
@@ -54,7 +48,6 @@
.Op Fl w Ar timeout
.Op Fl X Ar proxy_protocol
.Op Fl x Ar proxy_address Ns Op : Ns Ar port
-.Op Fl Z Ar peercertfile
.Op Ar destination
.Op Ar port
.Sh DESCRIPTION
@@ -99,28 +92,10 @@ The options are as follows:
Use IPv4 addresses only.
.It Fl 6
Use IPv6 addresses only.
-.It Fl C Ar certfile
-Specifies the filename from which the public key part of the TLS
-certificate is loaded, in PEM format.
-May only be used with TLS.
-Load the public key part of the TLS peer certificate from
-.Ar certfile ,
-in PEM format.
-Requires
-.Fl c .
-.It Fl c
-If using a TCP socket to connect or listen, use TLS.
-Illegal if not using TCP sockets.
-Use TLS to connect or listen.
-Cannot be used together with any of the options
-.Fl FuU .
.It Fl D
Enable debugging on the socket.
.It Fl d
Do not attempt to read from stdin.
-.It Fl e Ar name
-Specify the name that must be present in the peer certificate when using TLS.
-Illegal if not using TLS.
-Only accept the TLS peer certificate if it contains the
-.Ar name .
-Requires
-.Fl c .
-If not specified,
-.Ar destination
-is used.
.It Fl F
Pass the first connected socket using
.Xr sendmsg 2
@@ -130,11 +114,6 @@ using the
.Xr ssh_config 5
@@ -137,18 +112,7 @@ using the
.Cm ProxyUseFdpass
option).
Cannot be used with
-.Fl c
-or
.Fl U .
-.It Fl H Ar hash
-Specifies the required hash string of the peer certificate when using TLS.
-The string format required is that used by
-.Xr tls_peer_cert_hash 3 .
-Illegal if not using TLS, and may not be used with -T noverify.
-Only accept the TLS peer certificate if its hash returned from
-.Xr tls_peer_cert_hash 3
-matches
-.Ar hash .
-Requires
-.Fl c
-and cannot be used with
-.Fl T Cm noverify .
.It Fl h
Prints out
Print out the
.Nm
@@ -144,10 +123,6 @@ Specifies the size of the TCP receive bu
.It Fl i Ar interval
Specifies a delay time interval between lines of text sent and received.
@@ -160,12 +124,6 @@ Sleep for
.Ar interval
seconds between lines of text sent and received.
Also causes a delay time between connections to multiple ports.
-.It Fl K Ar keyfile
-Specifies the filename from which the private key
-is loaded in PEM format.
-May only be used with TLS.
-Load the TLS private key from
-.Ar keyfile ,
-in PEM format.
-Requires
-.Fl c .
.It Fl k
Forces
.Nm
@@ -188,12 +163,6 @@ Do not do any DNS or service lookups on
When a connection is completed, listen for another one.
Requires
@@ -196,15 +154,6 @@ Do not do any DNS or service lookups on
hostnames or ports.
.It Fl O Ar length
Specifies the size of the TCP send buffer.
Specify the size of the TCP send buffer.
-.It Fl o Ar staplefile
-Specifies the filename from which to load data to be stapled
-during the TLS handshake.
-The file is expected to contain an OCSP response from an OCSP server in
-During the TLS handshake, load data to be stapled from
-.Ar staplefile ,
-which is expected to contain an OCSP response from an OCSP server in
-DER format.
-May only be used with TLS and when a certificate is being used.
-Requires
-.Fl c
-and
-.Fl C .
.It Fl P Ar proxy_username
Specifies a username to present to a proxy server that requires authentication.
If no username is specified then authentication will not be attempted.
@@ -202,12 +171,6 @@ Proxy authentication is only supported f
Specifies the source port
@@ -213,13 +162,6 @@ Proxy authentication is only supported f
Specify the source port
.Nm
should use, subject to privilege restrictions and availability.
-.It Fl R Ar CAfile
-Specifies the filename from which the root CA bundle for certificate
-verification is loaded, in PEM format.
-Illegal if not using TLS.
-The default is
-Load the root CA bundle for TLS certificate verification from
-.Ar CAfile ,
-in PEM format, instead of
-.Pa /etc/ssl/cert.pem .
-Requires
-.Fl c .
.It Fl r
Specifies that source and/or destination ports should be chosen randomly
Choose source and/or destination ports randomly
instead of sequentially within a range or in the order that the system
@@ -224,24 +187,7 @@ It is an error to use this option in con
.Fl l
option.
@@ -239,35 +181,7 @@ Cannot be used together with
or
.Fl x .
.It Fl T Ar keyword
-Change IPv4 TOS value or TLS options.
-For TLS options
-Change the IPv4 TOS/IPv6 traffic class value or the TLS options.
-.Pp
-For TLS options,
-.Ar keyword
-may be one of
-.Ar tlsall ;
-which allows the use of all supported TLS protocols and ciphers,
-.Ar noverify ;
-may be one of:
-.Cm noverify ,
-which disables certificate verification;
-.Ar noname ,
-.Cm noname ,
-which disables certificate name checking;
-.Ar clientcert ,
-.Cm clientcert ,
-which requires a client certificate on incoming connections; or
-.Ar muststaple ,
-.Cm muststaple ,
-which requires the peer to provide a valid stapled OCSP response
-with the handshake.
-It is illegal to specify TLS options if not using TLS.
-The following TLS options specify a value in the form of a
-.Ar key Ns = Ns Ar value
-pair:
-.Cm ciphers ,
-which allows the supported TLS ciphers to be specified (see
-.Xr tls_config_set_ciphers 3
-for further details);
-.Cm protocols ,
-which allows the supported TLS protocols to be specified (see
-.Xr tls_config_parse_protocols 3
-for further details).
-Specifying TLS options requires
-.Fl c .
-.Pp
-For IPv4 TOS value
+Change IPv4 TOS value.
-For the IPv4 TOS/IPv6 traffic class value,
+Change the IPv4 TOS/IPv6 traffic class value.
.Ar keyword
may be one of
.Ar critical ,
@@ -483,11 +429,6 @@ the source port, with a timeout of 5 sec
.Cm critical ,
@@ -291,13 +205,13 @@ to script telnet sessions.
Use
.Ux Ns -domain
sockets.
-Cannot be used together with any of the options
-.Fl cFx .
+Cannot be used together with
+.Fl F
+or
+.Fl x .
.It Fl u
Use UDP instead of TCP.
Cannot be used together with
-.Fl c
-or
.Fl x .
For
.Ux Ns -domain
@@ -360,12 +274,6 @@ An IPv6 address can be specified unambig
in square brackets.
A proxy cannot be used with any of the options
.Fl lsuU .
-.It Fl Z Ar peercertfile
-Save the peer certificates to
-.Ar peercertfile ,
-in PEM format.
-Requires
-.Fl c .
.It Fl z
Only scan for listening daemons, without sending any data to them.
Cannot be used together with
@@ -519,16 +427,6 @@ the source port, with a timeout of 5 sec
.Pp
.Dl $ nc -p 31337 -w 5 host.example.com 42
.Pp
-Open a TCP connection to port 443 of www.google.ca, and negotiate TLS.
-Check for a different name in the certificate for validation.
-Open a TCP connection to port 443 of www.example.com, and negotiate TLS with
-any supported TLS protocol version and "compat" ciphers:
-.Pp
-.Dl $ nc -v -c -e adsf.au.doubleclick.net www.google.ca 443
-.Dl $ nc -cv -T protocols=all -T ciphers=compat www.example.com 443
-.Pp
-Open a TCP connection to port 443 of www.google.ca, and negotiate TLS.
-Check for a different name in the certificate for validation:
-.Pp
-.Dl $ nc -cv -e adsf.au.doubleclick.net www.google.ca 443
-.Pp
Open a UDP connection to port 53 of host.example.com:
.Pp
.Dl $ nc -u host.example.com 53
--- a/netcat.c
+++ b/netcat.c
@@ -99,7 +99,9 @@
@@ -98,7 +98,9 @@
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <unistd.h>
-#include <tls.h>
+#ifdef TLS
+# include <tls.h>
+#endif
#include <unistd.h>
#include <bsd/stdlib.h>
#include <bsd/string.h>
#include "atomicio.h"
@@ -112,13 +114,15 @@
#define POLL_NETIN 2
#define POLL_STDOUT 3
#define BUFSIZE 16384
-#define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
@@ -113,12 +115,14 @@
#define POLL_NETIN 2
#define POLL_STDOUT 3
#define BUFSIZE 16384
-#define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
+#ifdef TLS
+# define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
+# define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
-#define TLS_ALL (1 << 1)
-#define TLS_NOVERIFY (1 << 2)
-#define TLS_NONAME (1 << 3)
-#define TLS_CCERT (1 << 4)
-#define TLS_MUSTSTAPLE (1 << 5)
+# define TLS_ALL (1 << 1)
+# define TLS_NOVERIFY (1 << 2)
+# define TLS_NONAME (1 << 3)
+# define TLS_CCERT (1 << 4)
+# define TLS_MUSTSTAPLE (1 << 5)
-#define TLS_NOVERIFY (1 << 1)
-#define TLS_NONAME (1 << 2)
-#define TLS_CCERT (1 << 3)
-#define TLS_MUSTSTAPLE (1 << 4)
+# define TLS_NOVERIFY (1 << 1)
+# define TLS_NONAME (1 << 2)
+# define TLS_CCERT (1 << 3)
+# define TLS_MUSTSTAPLE (1 << 4)
+#endif
/* Command Line Options */
@ -197,18 +271,18 @@ CRLF line-ending in the Debian-specific patches.
int usetls; /* use TLS */
char *Cflag; /* Public cert file */
char *Kflag; /* Private key file */
@@ -153,6 +158,7 @@ int tls_cachanged; /* Using non-defau
int TLSopt; /* TLS options */
char *tls_expectname; /* required name in peer cert */
char *tls_expecthash; /* required hash of peer cert */
@@ -156,6 +161,7 @@ char *tls_expecthash; /* required hash
char *tls_ciphers; /* TLS ciphers */
char *tls_protocols; /* TLS protocols */
FILE *Zflag; /* file to save peer cert */
+# endif
int recvcount, recvlimit;
int timeout = -1;
int family = AF_UNSPEC;
@@ -165,10 +171,16 @@ void atelnet(int, unsigned char *, unsig
@@ -170,10 +176,16 @@ int strtoport(char *portstr, int udp);
void build_ports(char *);
void help(void);
int local_listen(char *, char *, struct addrinfo);
void help(void) __attribute__((noreturn));
int local_listen(const char *, const char *, struct addrinfo);
+# if defined(TLS)
void readwrite(int, struct tls *);
+# else
@ -222,16 +296,17 @@ CRLF line-ending in the Debian-specific patches.
int timeout_connect(int, const struct sockaddr *, socklen_t);
int socks_connect(const char *, const char *, struct addrinfo,
const char *, const char *, struct addrinfo, int, const char *);
@@ -178,14 +190,23 @@ int unix_connect(char *);
@@ -183,15 +195,24 @@ int unix_connect(char *);
int unix_listen(char *);
void set_common_sockopts(int, int);
int map_tos(char *, int *);
int process_tos_opt(char *, int *);
+# if defined(TLS)
int map_tls(char *, int *);
int process_tls_opt(char *, int *);
void save_peer_cert(struct tls *_tls_ctx, FILE *_fp);
+# endif
void report_connect(const struct sockaddr *, socklen_t, char *);
+# if defined(TLS)
void report_tls(struct tls *tls_ctx, char * host, char *tls_expectname);
void report_tls(struct tls *tls_ctx, char * host);
+# endif
void usage(int);
+# if defined(TLS)
@ -246,7 +321,7 @@ CRLF line-ending in the Debian-specific patches.
int
main(int argc, char *argv[])
@@ -200,8 +221,10 @@ main(int argc, char *argv[])
@@ -206,8 +227,10 @@ main(int argc, char *argv[])
const char *errstr;
struct addrinfo proxyhints;
char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
@ -254,22 +329,22 @@ CRLF line-ending in the Debian-specific patches.
struct tls_config *tls_cfg = NULL;
struct tls *tls_ctx = NULL;
+# endif
uint32_t protocols;
ret = 1;
socksv = 5;
@@ -212,7 +235,11 @@ main(int argc, char *argv[])
@@ -219,7 +242,11 @@ main(int argc, char *argv[])
signal(SIGPIPE, SIG_IGN);
while ((ch = getopt(argc, argv,
+# if defined(TLS)
"46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vw:X:x:z")) != -1) {
"46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
+# else
+ "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vw:X:x:z")) != -1) {
+ "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z"))
+# endif
!= -1) {
switch (ch) {
case '4':
family = AF_INET;
@@ -233,24 +260,30 @@ main(int argc, char *argv[])
@@ -241,24 +268,30 @@ main(int argc, char *argv[])
else
errx(1, "unsupported proxy protocol");
break;
@ -300,7 +375,7 @@ CRLF line-ending in the Debian-specific patches.
case 'h':
help();
break;
@@ -259,9 +292,11 @@ main(int argc, char *argv[])
@@ -267,9 +300,11 @@ main(int argc, char *argv[])
if (errstr)
errx(1, "interval %s: %s", errstr, optarg);
break;
@ -312,7 +387,7 @@ CRLF line-ending in the Debian-specific patches.
case 'k':
kflag = 1;
break;
@@ -290,10 +325,12 @@ main(int argc, char *argv[])
@@ -298,10 +333,12 @@ main(int argc, char *argv[])
case 'p':
pflag = optarg;
break;
@ -325,7 +400,22 @@ CRLF line-ending in the Debian-specific patches.
case 'r':
rflag = 1;
break;
@@ -348,9 +385,11 @@ main(int argc, char *argv[])
@@ -343,12 +380,14 @@ main(int argc, char *argv[])
if ((proxy = strdup(optarg)) == NULL)
err(1, NULL);
break;
+# if defined(TLS)
case 'Z':
if (strcmp(optarg, "-") == 0)
Zflag = stderr;
else if ((Zflag = fopen(optarg, "w")) == NULL)
err(1, "can't open %s", optarg);
break;
+# endif
case 'z':
zflag = 1;
break;
@@ -367,9 +406,11 @@ main(int argc, char *argv[])
errx(1, "TCP send window %s: %s",
errstr, optarg);
break;
@ -337,18 +427,18 @@ CRLF line-ending in the Debian-specific patches.
case 'S':
# if defined(TCP_MD5SIG)
Sflag = 1;
@@ -363,8 +402,10 @@ main(int argc, char *argv[])
@@ -380,8 +421,10 @@ main(int argc, char *argv[])
case 'T':
errstr = NULL;
errno = 0;
if (map_tos(optarg, &Tflag))
break;
+# if defined(TLS)
if (map_tls(optarg, &TLSopt))
if (process_tls_opt(optarg, &TLSopt))
break;
+# endif
if (process_tos_opt(optarg, &Tflag))
break;
if (strlen(optarg) > 1 && optarg[0] == '0' &&
optarg[1] == 'x')
Tflag = (int)strtol(optarg, NULL, 16);
@@ -372,7 +413,11 @@ main(int argc, char *argv[])
@@ -391,7 +434,11 @@ main(int argc, char *argv[])
Tflag = (int)strtonum(optarg, 0, 255,
&errstr);
if (Tflag < 0 || Tflag > 255 || errstr || errno)
@ -360,7 +450,19 @@ CRLF line-ending in the Debian-specific patches.
break;
default:
usage(1);
@@ -411,12 +456,15 @@ main(int argc, char *argv[])
@@ -428,6 +475,7 @@ main(int argc, char *argv[])
} else
usage(1);
+# if defined(TLS)
if (usetls) {
if (Cflag && unveil(Cflag, "r") == -1)
err(1, "unveil");
@@ -450,15 +498,19 @@ main(int argc, char *argv[])
err(1, "unveil");
}
}
+# endif
if (!lflag && kflag)
errx(1, "must use -l with -k");
@ -376,7 +478,7 @@ CRLF line-ending in the Debian-specific patches.
if (Fflag && usetls)
errx(1, "cannot use -c and -F");
if (TLSopt && !usetls)
@@ -433,6 +481,7 @@ main(int argc, char *argv[])
@@ -477,6 +529,7 @@ main(int argc, char *argv[])
errx(1, "you must specify -c to use -H");
if (tls_expectname && !usetls)
errx(1, "you must specify -c to use -e");
@ -384,27 +486,25 @@ CRLF line-ending in the Debian-specific patches.
/* Get name of temporary socket for unix datagram client */
if ((family == AF_UNIX) && uflag && !lflag) {
@@ -499,6 +548,7 @@ main(int argc, char *argv[])
@@ -543,6 +596,7 @@ main(int argc, char *argv[])
proxyhints.ai_flags |= AI_NUMERICHOST;
}
+# if defined(TLS)
if (usetls) {
if (Pflag) {
if (pledge("stdio inet dns tty rpath", NULL) == -1)
@@ -544,8 +594,11 @@ main(int argc, char *argv[])
if ((tls_cfg = tls_config_new()) == NULL)
errx(1, "unable to allocate TLS config");
@@ -578,7 +632,8 @@ main(int argc, char *argv[])
err(1, "pledge");
} else if (pledge("stdio inet dns", NULL) == -1)
err(1, "pledge");
}
- }
+ }
+# endif
if (lflag) {
+# if defined(TLS)
struct tls *tls_cctx = NULL;
+# endif
int connfd;
ret = 0;
@@ -556,6 +609,7 @@ main(int argc, char *argv[])
@@ -589,6 +644,7 @@ main(int argc, char *argv[])
s = unix_listen(host);
}
@ -412,39 +512,42 @@ CRLF line-ending in the Debian-specific patches.
if (usetls) {
tls_config_verify_client_optional(tls_cfg);
if ((tls_ctx = tls_server()) == NULL)
@@ -564,6 +618,7 @@ main(int argc, char *argv[])
@@ -597,6 +653,7 @@ main(int argc, char *argv[])
errx(1, "tls configuration failed (%s)",
tls_error(tls_ctx));
}
+# endif
/* Allow only one connection at a time, but stay alive. */
for (;;) {
if (family != AF_UNIX)
@@ -575,7 +630,11 @@ main(int argc, char *argv[])
* receive datagrams from multiple socket pairs.
*/
if (uflag && kflag)
if (family != AF_UNIX) {
@@ -612,7 +669,11 @@ main(int argc, char *argv[])
* let it receive datagrams from multiple
* socket pairs.
*/
+# if defined(TLS)
readwrite(s, NULL);
+# else
+ readwrite(s);
+# endif
/*
* For UDP and not -k, we will use recvfrom() initially
* to wait for a caller, then use the regular functions
@@ -600,7 +659,11 @@ main(int argc, char *argv[])
} else if (uflag && !kflag) {
/*
* For UDP and not -k, we will use recvfrom()
@@ -636,9 +697,14 @@ main(int argc, char *argv[])
if (vflag)
report_connect((struct sockaddr *)&z, len, NULL);
+# if defined(TLS)
readwrite(s, NULL);
} else {
struct tls *tls_cctx = NULL;
+# else
+ readwrite(s);
+ } else {
+# endif
} else {
int connfd;
len = sizeof(cliaddr);
connfd = accept4(s, (struct sockaddr *)&cliaddr,
@@ -612,6 +675,7 @@ main(int argc, char *argv[])
@@ -651,6 +717,7 @@ main(int argc, char *argv[])
if (vflag)
report_connect((struct sockaddr *)&cliaddr, len,
family == AF_UNIX ? host : NULL);
@ -452,17 +555,18 @@ CRLF line-ending in the Debian-specific patches.
if ((usetls) &&
(tls_cctx = tls_setup_server(tls_ctx, connfd, host)))
readwrite(connfd, tls_cctx);
@@ -622,6 +686,9 @@ main(int argc, char *argv[])
tls_free(tls_cctx);
tls_cctx = NULL;
}
@@ -660,6 +727,10 @@ main(int argc, char *argv[])
timeout_tls(s, tls_cctx, tls_close);
close(connfd);
tls_free(tls_cctx);
+# else
+ readwrite(connfd);
+ close(connfd);
+# endif
close(connfd);
}
if (family != AF_UNIX)
@@ -639,7 +706,11 @@ main(int argc, char *argv[])
if (family == AF_UNIX && uflag) {
if (connect(s, NULL, 0) < 0)
@@ -674,7 +745,11 @@ main(int argc, char *argv[])
if ((s = unix_connect(host)) > 0) {
if (!zflag)
@ -474,15 +578,15 @@ CRLF line-ending in the Debian-specific patches.
close(s);
} else
ret = 1;
@@ -659,6 +730,7 @@ main(int argc, char *argv[])
@@ -693,6 +768,7 @@ main(int argc, char *argv[])
for (s = -1, i = 0; portlist[i] != NULL; i++) {
if (s != -1)
close(s);
+# if defined(TLS)
if (usetls) {
if ((tls_ctx = tls_client()) == NULL)
errx(1, "tls client creation failed");
@@ -666,6 +738,7 @@ main(int argc, char *argv[])
tls_free(tls_ctx);
tls_ctx = NULL;
@@ -703,6 +779,7 @@ main(int argc, char *argv[])
errx(1, "tls configuration failed (%s)",
tls_error(tls_ctx));
}
@ -490,7 +594,7 @@ CRLF line-ending in the Debian-specific patches.
if (xflag)
s = socks_connect(host, portlist[i], hints,
proxy, proxyport, proxyhints, socksv,
@@ -703,6 +776,7 @@ main(int argc, char *argv[])
@@ -740,6 +817,7 @@ main(int argc, char *argv[])
}
if (Fflag)
fdpass(s);
@ -498,9 +602,9 @@ CRLF line-ending in the Debian-specific patches.
else {
if (usetls)
tls_setup_client(tls_ctx, s, host);
@@ -714,13 +788,19 @@ main(int argc, char *argv[])
tls_ctx = NULL;
}
@@ -748,13 +826,19 @@ main(int argc, char *argv[])
if (tls_ctx)
timeout_tls(s, tls_ctx, tls_close);
}
+# else
+ else if (!zflag)
@ -511,22 +615,22 @@ CRLF line-ending in the Debian-specific patches.
if (s != -1)
close(s);
+# if defined(TLS)
tls_free(tls_ctx);
tls_config_free(tls_cfg);
+# endif
exit(ret);
return ret;
}
@@ -759,6 +839,7 @@ unix_bind(char *path, int flags)
return (s);
@@ -794,6 +878,7 @@ unix_bind(char *path, int flags)
return s;
}
+# if defined(TLS)
int
timeout_tls(int s, struct tls *tls_ctx, int (*func)(struct tls *))
{
@@ -840,6 +921,7 @@ tls_setup_server(struct tls *tls_ctx, in
@@ -880,6 +965,7 @@ tls_setup_server(struct tls *tls_ctx, in
}
return NULL;
}
@ -534,7 +638,7 @@ CRLF line-ending in the Debian-specific patches.
/*
* unix_connect()
@@ -1052,7 +1134,11 @@ local_listen(char *host, char *port, str
@@ -1092,7 +1178,11 @@ local_listen(const char *host, const cha
* Loop that polls on the network file descriptor and stdin.
*/
void
@ -546,7 +650,7 @@ CRLF line-ending in the Debian-specific patches.
{
struct pollfd pfd[4];
int stdin_fd = STDIN_FILENO;
@@ -1152,12 +1238,17 @@ readwrite(int net_fd, struct tls *tls_ct
@@ -1192,12 +1282,17 @@ readwrite(int net_fd, struct tls *tls_ct
/* try to read from stdin */
if (pfd[POLL_STDIN].revents & POLLIN && stdinbufpos < BUFSIZE) {
ret = fillbuf(pfd[POLL_STDIN].fd, stdinbuf,
@ -565,7 +669,7 @@ CRLF line-ending in the Debian-specific patches.
pfd[POLL_STDIN].fd = -1;
/* read something - poll net out */
if (stdinbufpos > 0)
@@ -1169,12 +1260,17 @@ readwrite(int net_fd, struct tls *tls_ct
@@ -1209,12 +1304,17 @@ readwrite(int net_fd, struct tls *tls_ct
/* try to write to network */
if (pfd[POLL_NETOUT].revents & POLLOUT && stdinbufpos > 0) {
ret = drainbuf(pfd[POLL_NETOUT].fd, stdinbuf,
@ -584,7 +688,7 @@ CRLF line-ending in the Debian-specific patches.
pfd[POLL_NETOUT].fd = -1;
/* buffer empty - remove self from polling */
if (stdinbufpos == 0)
@@ -1186,12 +1282,17 @@ readwrite(int net_fd, struct tls *tls_ct
@@ -1226,12 +1326,17 @@ readwrite(int net_fd, struct tls *tls_ct
/* try to read from network */
if (pfd[POLL_NETIN].revents & POLLIN && netinbufpos < BUFSIZE) {
ret = fillbuf(pfd[POLL_NETIN].fd, netinbuf,
@ -603,7 +707,7 @@ CRLF line-ending in the Debian-specific patches.
pfd[POLL_NETIN].fd = -1;
/* eof on net in - remove from pfd */
if (ret == 0) {
@@ -1212,12 +1313,17 @@ readwrite(int net_fd, struct tls *tls_ct
@@ -1258,12 +1363,17 @@ readwrite(int net_fd, struct tls *tls_ct
/* try to write to stdout */
if (pfd[POLL_STDOUT].revents & POLLOUT && netinbufpos > 0) {
ret = drainbuf(pfd[POLL_STDOUT].fd, netinbuf,
@ -622,7 +726,7 @@ CRLF line-ending in the Debian-specific patches.
pfd[POLL_STDOUT].fd = -1;
/* buffer empty - remove self from polling */
if (netinbufpos == 0)
@@ -1241,19 +1347,29 @@ readwrite(int net_fd, struct tls *tls_ct
@@ -1287,19 +1397,29 @@ readwrite(int net_fd, struct tls *tls_ct
}
ssize_t
@ -652,7 +756,7 @@ CRLF line-ending in the Debian-specific patches.
if (n <= 0)
return n;
/* adjust buffer */
@@ -1265,19 +1381,29 @@ drainbuf(int fd, unsigned char *buf, siz
@@ -1311,19 +1431,29 @@ drainbuf(int fd, unsigned char *buf, siz
}
ssize_t
@ -682,15 +786,15 @@ CRLF line-ending in the Debian-specific patches.
if (n <= 0)
return n;
*bufpos += n;
@@ -1581,6 +1707,7 @@ map_tos(char *s, int *val)
return (0);
@@ -1641,6 +1771,7 @@ process_tos_opt(char *s, int *val)
return 0;
}
+# if defined(TLS)
int
map_tls(char *s, int *val)
process_tls_opt(char *s, int *flags)
{
@@ -1662,6 +1789,7 @@ report_tls(struct tls * tls_ctx, char *
@@ -1754,6 +1885,7 @@ report_tls(struct tls * tls_ctx, char *
}
}
@ -698,7 +802,7 @@ CRLF line-ending in the Debian-specific patches.
void
report_connect(const struct sockaddr *sa, socklen_t salen, char *path)
@@ -1704,17 +1832,12 @@ help(void)
@@ -1796,17 +1928,12 @@ help(void)
fprintf(stderr, "\tCommand Summary:\n\
\t-4 Use IPv4\n\
\t-6 Use IPv6\n\
@ -716,7 +820,7 @@ CRLF line-ending in the Debian-specific patches.
\t-k Keep inbound sockets open for multiple connects\n\
\t-l Listen mode, for inbound connects\n\
\t-M ttl Outgoing TTL / Hop Limit\n\
@@ -1722,14 +1845,12 @@ help(void)
@@ -1814,14 +1941,12 @@ help(void)
\t-N Shutdown the network socket after EOF on stdin\n\
\t-n Suppress name/port resolutions\n\
\t-O length TCP send buffer length\n\
@ -732,7 +836,15 @@ CRLF line-ending in the Debian-specific patches.
\t-t Answer TELNET negotiation\n\
\t-U Use UNIX domain socket\n\
\t-u UDP mode\n\
@@ -1747,11 +1868,8 @@ void
@@ -1831,7 +1956,6 @@ help(void)
\t-w timeout Timeout for connects and final net reads\n\
\t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\
\t-x addr[:port]\tSpecify proxy address and port\n\
- \t-Z Peer certificate file\n\
\t-z Zero-I/O mode [used for scanning]\n\
Port numbers can be individual or ranges: lo-hi [inclusive]\n");
exit(0);
@@ -1841,15 +1965,11 @@ void
usage(int ret)
{
fprintf(stderr,
@ -743,6 +855,10 @@ CRLF line-ending in the Debian-specific patches.
- "[-R CAfile]\n"
+ "usage: nc [-46DdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
+ "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
"\t [-s source] [-T keyword] [-V rtable] [-w timeout] "
"[-X proxy_protocol]\n"
"\t [-x proxy_address[:port]] [destination] [port]\n");
"\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
"[-w timeout]\n"
"\t [-X proxy_protocol] [-x proxy_address[:port]] "
- "[-Z peercertfile]\n"
"\t [destination] [port]\n");
if (ret)
exit(1);

10
connect-timeout.patch
View File

@ -17,7 +17,7 @@ Subject: connect timeout
#include <netdb.h>
#include <poll.h>
@@ -124,6 +125,10 @@
# define TLS_MUSTSTAPLE (1 << 5)
# define TLS_MUSTSTAPLE (1 << 4)
#endif
+#define CONNECTION_SUCCESS 0
@ -27,7 +27,7 @@ Subject: connect timeout
/* Command Line Options */
int dflag; /* detached, no stdin */
int Fflag; /* fdpass sock to stdout */
@@ -208,6 +213,9 @@ ssize_t drainbuf(int, unsigned char *, s
@@ -214,6 +219,9 @@ ssize_t drainbuf(int, unsigned char *, s
ssize_t fillbuf(int, unsigned char *, size_t *);
# endif
@ -37,7 +37,7 @@ Subject: connect timeout
int
main(int argc, char *argv[])
{
@@ -1022,11 +1030,14 @@ remote_connect(const char *host, const c
@@ -1066,11 +1074,14 @@ remote_connect(const char *host, const c
set_common_sockopts(s, res->ai_family);
@ -54,8 +54,8 @@ Subject: connect timeout
save_errno = errno;
close(s);
@@ -1067,6 +1078,69 @@ timeout_connect(int s, const struct sock
return (ret);
@@ -1111,6 +1122,69 @@ timeout_connect(int s, const struct sock
return ret;
}
+static int connect_with_timeout(int fd, const struct sockaddr *sa,

59
dccp-support.patch
View File

@ -4,8 +4,8 @@ Subject: dccp support
---
nc.1 | 4 ++
netcat.c | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++++----------
2 files changed, 82 insertions(+), 15 deletions(-)
netcat.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++++----------
2 files changed, 79 insertions(+), 14 deletions(-)
--- a/nc.1
+++ b/nc.1
@ -18,15 +18,15 @@ Subject: dccp support
.Op Fl I Ar length
.Op Fl i Ar interval
.Op Fl M Ar ttl
@@ -286,6 +286,8 @@ for SOCKS, 3128 for HTTPS).
An IPv6 address can be specified unambiguously by enclosing
.Ar proxy_address
@@ -289,6 +289,8 @@ An IPv6 address can be specified unambig
in square brackets.
A proxy cannot be used with any of the options
.Fl lsuU .
+.It Fl Z
+DCCP mode.
.It Fl z
Specifies that
.Nm
Only scan for listening daemons, without sending any data to them.
Cannot be used together with
--- a/netcat.c
+++ b/netcat.c
@@ -147,6 +147,7 @@ int rflag; /* Random ports flag */
@ -37,7 +37,7 @@ Subject: dccp support
int vflag; /* Verbosity */
int xflag; /* Socks proxy */
int zflag; /* Port Scan Flag */
@@ -219,6 +220,7 @@ ssize_t drainbuf(int, unsigned char *, s
@@ -225,6 +226,7 @@ ssize_t drainbuf(int, unsigned char *, s
ssize_t fillbuf(int, unsigned char *, size_t *);
# endif
@ -45,19 +45,16 @@ Subject: dccp support
static int connect_with_timeout(int fd, const struct sockaddr *sa,
socklen_t salen, int ctimeout);
@@ -252,9 +254,9 @@ main(int argc, char *argv[])
while ((ch = getopt(argc, argv,
@@ -261,7 +263,7 @@ main(int argc, char *argv[])
# if defined(TLS)
- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:z")) != -1) {
+ "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:Zz")) != -1) {
"46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
# else
- "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:z")) != -1) {
+ "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:Zz")) != -1) {
- "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:z"))
+ "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:Zz"))
# endif
!= -1) {
switch (ch) {
case '4':
@@ -370,6 +372,13 @@ main(int argc, char *argv[])
@@ -378,6 +380,13 @@ main(int argc, char *argv[])
case 'u':
uflag = 1;
break;
@ -71,12 +68,10 @@ Subject: dccp support
case 'V':
# if defined(RT_TABLEID_MAX)
rtableid = (int)strtonum(optarg, 0,
@@ -461,6 +470,12 @@ main(int argc, char *argv[])
@@ -482,6 +491,10 @@ main(int argc, char *argv[])
/* Cruft to make sure options are clean, and used properly. */
if (argv[0] && !argv[1] && family == AF_UNIX) {
+ if (uflag)
+ errx(1, "cannot use -u and -U");
+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
+ if (dccpflag)
+ errx(1, "cannot use -Z and -U");
@ -84,7 +79,7 @@ Subject: dccp support
host = argv[0];
uport = NULL;
} else if (!argv[0] && lflag) {
@@ -527,8 +542,20 @@ main(int argc, char *argv[])
@@ -575,8 +588,20 @@ main(int argc, char *argv[])
if (family != AF_UNIX) {
memset(&hints, 0, sizeof(struct addrinfo));
hints.ai_family = family;
@ -107,7 +102,7 @@ Subject: dccp support
if (nflag)
hints.ai_flags |= AI_NUMERICHOST;
}
@@ -536,7 +563,10 @@ main(int argc, char *argv[])
@@ -584,7 +609,10 @@ main(int argc, char *argv[])
if (xflag) {
if (uflag)
errx(1, "no proxy support for UDP mode");
@ -119,7 +114,7 @@ Subject: dccp support
if (lflag)
errx(1, "no proxy support for listen");
@@ -798,19 +828,20 @@ main(int argc, char *argv[])
@@ -841,19 +869,20 @@ main(int argc, char *argv[])
}
}
@ -142,8 +137,8 @@ Subject: dccp support
sv ? sv->s_name : "*");
}
if (Fflag)
@@ -1017,6 +1048,24 @@ unix_listen(char *path)
return (s);
@@ -1063,6 +1092,24 @@ unix_listen(char *path)
return s;
}
+char *proto_name(int uflag, int dccpflag) {
@ -167,7 +162,7 @@ Subject: dccp support
/*
* remote_connect()
* Returns a socket connected to a remote host. Properly binds to a local
@@ -1047,8 +1096,21 @@ remote_connect(const char *host, const c
@@ -1093,8 +1140,21 @@ remote_connect(const char *host, const c
# endif
memset(&ahints, 0, sizeof(struct addrinfo));
ahints.ai_family = res->ai_family;
@ -191,7 +186,7 @@ Subject: dccp support
ahints.ai_flags = AI_PASSIVE;
if ((error = getaddrinfo(sflag, pflag, &ahints, &ares)))
errx(1, "getaddrinfo: %s", gai_strerror(error));
@@ -1060,15 +1122,16 @@ remote_connect(const char *host, const c
@@ -1106,15 +1166,16 @@ remote_connect(const char *host, const c
}
set_common_sockopts(s, res->ai_family);
@ -211,7 +206,7 @@ Subject: dccp support
save_errno = errno;
close(s);
@@ -1654,7 +1717,8 @@ build_ports(char *p)
@@ -1706,7 +1767,8 @@ build_ports(char *p)
int hi, lo, cp;
int x = 0;
@ -221,7 +216,7 @@ Subject: dccp support
if (sv) {
if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0)
err(1, "asprintf");
@@ -1991,6 +2055,7 @@ help(void)
@@ -2090,6 +2152,7 @@ help(void)
\t-w timeout Timeout for connects and final net reads\n\
\t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\
\t-x addr[:port]\tSpecify proxy address and port\n\
@ -229,12 +224,12 @@ Subject: dccp support
\t-z Zero-I/O mode [used for scanning]\n\
Port numbers can be individual or ranges: lo-hi [inclusive]\n");
exit(0);
@@ -2000,7 +2065,7 @@ void
@@ -2099,7 +2162,7 @@ void
usage(int ret)
{
fprintf(stderr,
- "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
+ "usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]\n"
"\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
"\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-w timeout] "
"[-X proxy_protocol]\n"
"\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
"[-w timeout]\n"

191
destination-port-list.patch Normal file
View File

@ -0,0 +1,191 @@
From: Guilhem Moulin <guilhem@debian.org>
Date: Mon, 22 Oct 2018 04:15:52 +0200
Subject: destination port list
---
nc.1 | 26 ++++++++++++++++---
netcat.c | 86 ++++++++++++++++++++++++++++++++-------------------------------
2 files changed, 68 insertions(+), 44 deletions(-)
--- a/nc.1
+++ b/nc.1
@@ -414,15 +414,35 @@ The
flag can be used to tell
.Nm
to report open ports,
-rather than initiate a connection.
+rather than initiate a connection. Usually it's useful to turn on verbose
+output to stderr by use this option in conjunction with
+.Fl v
+option.
+.Pp
For example:
.Bd -literal -offset indent
-$ nc -z host.example.com 20-30
+$ nc \-zv host.example.com 20-30
Connection to host.example.com 22 port [tcp/ssh] succeeded!
Connection to host.example.com 25 port [tcp/smtp] succeeded!
.Ed
.Pp
-The port range was specified to limit the search to ports 20 \- 30.
+The port range was specified to limit the search to ports 20 \- 30, and is
+scanned by increasing order (unless the
+.Fl r
+flag is set).
+.Pp
+You can also specify a list of ports to scan, for example:
+.Bd -literal -offset indent
+$ nc \-zv host.example.com http 20 22-23
+nc: connect to host.example.com 80 (tcp) failed: Connection refused
+nc: connect to host.example.com 20 (tcp) failed: Connection refused
+Connection to host.example.com port [tcp/ssh] succeeded!
+nc: connect to host.example.com 23 (tcp) failed: Connection refused
+.Ed
+.Pp
+The ports are scanned by the order you given (unless the
+.Fl r
+flag is set).
.Pp
Alternatively, it might be useful to know which server software
is running, and which versions.
--- a/netcat.c
+++ b/netcat.c
@@ -192,7 +192,7 @@ int minttl = -1;
void atelnet(int, unsigned char *, unsigned int);
int strtoport(char *portstr, int udp);
-void build_ports(char *);
+void build_ports(char **);
void help(void) __attribute__((noreturn));
int local_listen(const char *, const char *, struct addrinfo);
# if defined(TLS)
@@ -243,7 +243,7 @@ int
main(int argc, char *argv[])
{
int ch, s = -1, ret, socksv;
- char *host, *uport;
+ char *host, **uport;
struct addrinfo hints;
struct servent *sv;
socklen_t len;
@@ -524,11 +524,11 @@ main(int argc, char *argv[])
} else if (argv[0] && !argv[1]) {
if (!lflag)
usage(1);
- uport = argv[0];
+ uport = &argv[0];
host = NULL;
} else if (argv[0] && argv[1]) {
host = argv[0];
- uport = argv[1];
+ uport = &argv[1];
} else
usage(1);
@@ -715,7 +715,7 @@ main(int argc, char *argv[])
else
s = unix_listen(host);
} else
- s = local_listen(host, uport, hints);
+ s = local_listen(host, *uport, hints);
if (s < 0)
err(1, NULL);
@@ -1775,57 +1775,61 @@ strtoport(char *portstr, int udp)
* that we should try to connect to.
*/
void
-build_ports(char *p)
+build_ports(char **p)
{
struct servent *sv;
char *n;
int hi, lo, cp;
int x = 0;
+ int i;
char *proto = proto_name(uflag, dccpflag);
- sv = getservbyname(p, proto);
- if (sv) {
- if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0)
- err(1, "asprintf");
- } else if ((n = strchr(p, '-')) != NULL) {
- *n = '\0';
- n++;
-
- /* Make sure the ports are in order: lowest->highest. */
- hi = strtoport(n, uflag);
- lo = strtoport(p, uflag);
- if (lo > hi) {
- cp = hi;
- hi = lo;
- lo = cp;
- }
-
- /*
- * Initialize portlist with a random permutation. Based on
- * Knuth, as in ip_randomid() in sys/netinet/ip_id.c.
- */
- if (rflag) {
- for (x = 0; x <= hi - lo; x++) {
- cp = arc4random_uniform(x + 1);
- portlist[x] = portlist[cp];
- if (asprintf(&portlist[cp], "%d", x + lo) < 0)
- err(1, "asprintf");
+ for (i = 0; p[i] != NULL; i++) {
+ sv = getservbyname(p[i], proto);
+ if (sv) {
+ if (asprintf(&portlist[x], "%d", ntohs(sv->s_port)) < 0)
+ err(1, "asprintf");
+ x++;
+ } else if ((n = strchr(p[i], '-')) != NULL) {
+ *n = '\0';
+ n++;
+
+ /* Make sure the ports are in order: lowest->highest. */
+ hi = strtoport(n, uflag);
+ lo = strtoport(p[i], uflag);
+ if (lo > hi) {
+ cp = hi;
+ hi = lo;
+ lo = cp;
}
- } else { /* Load ports sequentially. */
+
+ /* Load ports sequentially. */
for (cp = lo; cp <= hi; cp++) {
if (asprintf(&portlist[x], "%d", cp) < 0)
err(1, "asprintf");
x++;
}
+ } else {
+ hi = strtoport(p[i], uflag);
+ if (asprintf(&portlist[x], "%d", hi) < 0)
+ err(1, "asprintf");
+ x++;
}
- } else {
- char *tmp;
+ }
- hi = strtoport(p, uflag);
- if (asprintf(&tmp, "%d", hi) != -1)
- portlist[0] = tmp;
- else
- err(1, NULL);
+ /*
+ * Initialize portlist with a random permutation using
+ * FisherYates shuffle.
+ */
+ if (rflag) {
+ for (i = x-1; i > 0; i--) {
+ cp = arc4random_uniform(i+1);
+ if (cp != i) {
+ n = portlist[i];
+ portlist[i] = portlist[cp];
+ portlist[cp] = n;
+ }
+ }
}
}

2
get-sev-by-name.patch
View File

@ -8,7 +8,7 @@ Subject: get sev by name
--- a/netcat.c
+++ b/netcat.c
@@ -1603,11 +1603,16 @@ strtoport(char *portstr, int udp)
@@ -1653,11 +1653,16 @@ strtoport(char *portstr, int udp)
void
build_ports(char *p)
{

277
misc-failures-and-features.patch
View File

@ -3,10 +3,10 @@ Date: Mon, 13 Feb 2012 19:06:52 +0800
Subject: misc failures and features
---
Makefile | 3 +-
nc.1 | 76 +++++++++++++++++++++++++++++++++++++++++++++++++---
netcat.c | 91 ++++++++++++++++++++++++++++++++++++++++++++-------------------
3 files changed, 138 insertions(+), 32 deletions(-)
Makefile | 3 ++-
nc.1 | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
netcat.c | 14 ++++++++++++--
3 files changed, 65 insertions(+), 3 deletions(-)
--- a/Makefile
+++ b/Makefile
@ -22,25 +22,7 @@ Subject: misc failures and features
LDFLAGS= -Wl,--no-add-needed
--- a/nc.1
+++ b/nc.1
@@ -33,7 +33,7 @@
.Nd arbitrary TCP and UDP connections and listens
.Sh SYNOPSIS
.Nm nc
-.Op Fl 46CDdFhklNnrStUuvZz
+.Op Fl 46bCDdFhklNnrStUuvZz
.Op Fl I Ar length
.Op Fl i Ar interval
.Op Fl M Ar ttl
@@ -96,6 +96,8 @@ to use IPv4 addresses only.
Forces
.Nm
to use IPv6 addresses only.
+.It Fl b
+Allow broadcast.
.It Fl C
Send CRLF as line-ending.
.It Fl D
@@ -352,6 +354,54 @@ and which side is being used as a
@@ -365,6 +365,54 @@ and which side is being used as a
The connection may be terminated using an
.Dv EOF
.Pq Sq ^D .
@ -95,41 +77,7 @@ Subject: misc failures and features
.Sh DATA TRANSFER
The example in the previous section can be expanded to build a
basic data transfer model.
@@ -411,15 +461,30 @@ The
flag can be used to tell
.Nm
to report open ports,
-rather than initiate a connection.
+rather than initiate a connection. Usually it's useful to turn on verbose
+output to stderr by use this option in conjunction with
+.Fl v
+option.
+.Pp
For example:
.Bd -literal -offset indent
-$ nc -z host.example.com 20-30
+$ nc \-zv host.example.com 20-30
Connection to host.example.com 22 port [tcp/ssh] succeeded!
Connection to host.example.com 25 port [tcp/smtp] succeeded!
.Ed
.Pp
-The port range was specified to limit the search to ports 20 \- 30.
+The port range was specified to limit the search to ports 20 \- 30, and is
+scanned by increasing order.
+.Pp
+You can also specify a list of ports to scan, for example:
+.Bd -literal -offset indent
+$ nc \-zv host.example.com 80 20 22
+nc: connect to host.example.com 80 (tcp) failed: Connection refused
+nc: connect to host.example.com 20 (tcp) failed: Connection refused
+Connection to host.example.com port [tcp/ssh] succeeded!
+.Ed
+.Pp
+The ports are scanned by the order you given.
.Pp
Alternatively, it might be useful to know which server software
is running, and which versions.
@@ -484,6 +549,9 @@ Original implementation by *Hobbit*
@@ -517,6 +565,9 @@ Original implementation by
.br
Rewritten with IPv6 support by
.An Eric Jackson Aq Mt ericj@monkey.org .
@ -149,29 +97,7 @@ Subject: misc failures and features
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
@@ -136,6 +137,7 @@
#define UDP_SCAN_TIMEOUT 3 /* Seconds */
/* Command Line Options */
+int bflag; /* Allow Broadcast */
int dflag; /* detached, no stdin */
int Fflag; /* fdpass sock to stdout */
unsigned int iflag; /* Interval Flag */
@@ -186,7 +188,7 @@ int ttl = -1;
int minttl = -1;
void atelnet(int, unsigned char *, unsigned int);
-void build_ports(char *);
+void build_ports(char **);
void help(void);
int local_listen(char *, char *, struct addrinfo);
# if defined(TLS)
@@ -236,11 +238,14 @@ int
main(int argc, char *argv[])
{
int ch, s = -1, ret, socksv;
- char *host, *uport;
+ char *host, **uport;
@@ -247,7 +248,10 @@ main(int argc, char *argv[])
struct addrinfo hints;
struct servent *sv;
socklen_t len;
@ -180,203 +106,40 @@ Subject: misc failures and features
+ struct sockaddr_storage storage;
+ struct sockaddr_un forunix;
+ } cliaddr;
char *proxy, *proxyport = NULL;
char *proxy = NULL, *proxyport = NULL;
const char *errstr;
struct addrinfo proxyhints;
@@ -260,9 +265,9 @@ main(int argc, char *argv[])
while ((ch = getopt(argc, argv,
# if defined(TLS)
- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:Zz")) != -1) {
+ "46bC:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:Zz")) != -1) {
# else
- "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:Zz")) != -1) {
+ "46bCDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:Zz")) != -1) {
# endif
switch (ch) {
case '4':
@@ -271,6 +276,13 @@ main(int argc, char *argv[])
case '6':
family = AF_INET6;
break;
+ case 'b':
+# if defined(SO_BROADCAST)
+ bflag = 1;
+# else
+ errx(1, "no broadcast frame support available");
+# endif
+ break;
case 'U':
family = AF_UNIX;
break;
@@ -479,32 +491,39 @@ main(int argc, char *argv[])
/* Cruft to make sure options are clean, and used properly. */
if (argv[0] && !argv[1] && family == AF_UNIX) {
- if (uflag)
- errx(1, "cannot use -u and -U");
# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
if (dccpflag)
errx(1, "cannot use -Z and -U");
# endif
host = argv[0];
uport = NULL;
- } else if (!argv[0] && lflag) {
- if (sflag)
- errx(1, "cannot use -s and -l");
- if (zflag)
- errx(1, "cannot use -z and -l");
- if (pflag)
- uport=pflag;
- } else if (argv[0] && !argv[1]) {
- if (!lflag)
- usage(1);
- uport = argv[0];
+ } else if (argv[0] && !argv[1] && lflag) {
+ if (pflag) {
+ uport = &pflag;
+ host = argv[0];
+ } else {
+ uport = argv;
+ host = NULL;
+ }
+ } else if (!argv[0] && lflag && pflag) {
+ uport = &pflag;
host = NULL;
} else if (argv[0] && argv[1]) {
host = argv[0];
- uport = argv[1];
+ uport = &argv[1];
} else
usage(1);
+ if (lflag) {
+ if (sflag)
+ errx(1, "cannot use -s and -l");
+ if (zflag)
+ errx(1, "cannot use -z and -l");
+ if (pflag)
+ /* This still does not work well because of getopt mess
+ errx(1, "cannot use -p and -l"); */
+ uport = &pflag;
+ }
if (!lflag && kflag)
errx(1, "must use -l with -k");
# if defined(TLS)
@@ -674,7 +693,7 @@ main(int argc, char *argv[])
else
s = unix_listen(host);
} else
- s = local_listen(host, uport, hints);
+ s = local_listen(host, *uport, hints);
if (s < 0)
err(1, NULL);
@@ -683,7 +702,8 @@ main(int argc, char *argv[])
local = ":::";
else
local = "0.0.0.0";
- fprintf(stderr, "Listening on [%s] (family %d, port %d)\n",
+ if (vflag && (family != AF_UNIX))
+ fprintf(stderr, "Listening on [%s] (family %d, port %s)\n",
host ?: local,
family,
*uport);
@@ -898,6 +918,8 @@ unix_bind(char *path, int flags)
@@ -952,6 +956,8 @@ unix_bind(char *path, int flags)
0)) < 0)
return (-1);
return -1;
+ unlink(path);
+ unlink(path);
+
memset(&s_un, 0, sizeof(struct sockaddr_un));
s_un.sun_family = AF_UNIX;
@@ -1015,8 +1037,10 @@ unix_connect(char *path)
@@ -1075,8 +1081,10 @@ unix_connect(char *path)
if ((s = unix_bind(unix_dg_tmp_socket, SOCK_CLOEXEC)) < 0)
return (-1);
return -1;
} else {
- if ((s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) < 0)
+ if ((s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) < 0) {
+ errx(1,"create unix socket failed");
return (-1);
+ errx(1, "create unix socket failed");
return -1;
+ }
}
memset(&s_un, 0, sizeof(struct sockaddr_un));
@@ -1026,10 +1050,12 @@ unix_connect(char *path)
@@ -1086,10 +1094,12 @@ unix_connect(char *path)
sizeof(s_un.sun_path)) {
close(s);
errno = ENAMETOOLONG;
+ warn("unix connect abandoned");
return (-1);
+ warn("unix connect abandoned");
return -1;
}
if (connect(s, (struct sockaddr *)&s_un, sizeof(s_un)) < 0) {
save_errno = errno;
+ warn("unix connect failed");
+ warn("unix connect failed");
close(s);
errno = save_errno;
return (-1);
@@ -1718,25 +1744,26 @@ strtoport(char *portstr, int udp)
* that we should try to connect to.
*/
void
-build_ports(char *p)
+build_ports(char **p)
{
struct servent *sv;
char *n;
int hi, lo, cp;
int x = 0;
+ int i;
char *proto = proto_name(uflag, dccpflag);
- sv = getservbyname(p, proto);
+ sv = getservbyname(*p, proto);
if (sv) {
if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0)
err(1, "asprintf");
- } else if ((n = strchr(p, '-')) != NULL) {
+ } else if ((n = strchr(*p, '-')) != NULL) {
*n = '\0';
n++;
/* Make sure the ports are in order: lowest->highest. */
hi = strtoport(n, uflag);
- lo = strtoport(p, uflag);
+ lo = strtoport(*p, uflag);
if (lo > hi) {
cp = hi;
hi = lo;
@@ -1764,7 +1791,7 @@ build_ports(char *p)
} else {
char *tmp;
- hi = strtoport(p, uflag);
+ hi = strtoport(*p, uflag);
if (asprintf(&tmp, "%d", hi) != -1)
portlist[0] = tmp;
else
@@ -1802,6 +1829,15 @@ set_common_sockopts(int s, const struct
int x = 1;
int af = sa->sa_family;
+# if defined(SO_BROADCAST)
+ if (bflag) {
+ /* allow datagram sockets to send packets to a broadcast address
+ * (this option has no effect on stream-oriented sockets) */
+ if (setsockopt(s, SOL_SOCKET, SO_BROADCAST,
+ &x, sizeof(x)) == -1)
+ err(1, NULL);
+ }
+# endif
# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN)
if (Sflag) {
struct tcp_md5sig sig;
@@ -2042,6 +2078,7 @@ help(void)
fprintf(stderr, "\tCommand Summary:\n\
\t-4 Use IPv4\n\
\t-6 Use IPv6\n\
+ \t-b Allow broadcast\n\
\t-C Send CRLF as line-ending\n\
\t-D Enable the debug socket option\n\
\t-d Detach from stdin\n\
return -1;

23
netcat-openbsd.changes
View File

@ -1,3 +1,26 @@
-------------------------------------------------------------------
Wed Nov 14 13:12:29 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
- Update to 1.195 release matching with debian
- Added new patches:
* broadcast-support.patch
* build-without-TLS-support.patch
* destination-port-list.patch
* use-flags-to-specify-listen-address.patch
- Refreshed patches:
* connect-timeout.patch
* dccp-support.patch
* get-sev-by-name.patch
* misc-failures-and-features.patch
* port-to-linux-with-libsd.patch
* quit-timer.patch
* send-crlf.patch
* serialized-handling-multiple-clients.patch
* set-TCP-MD5SIG-correctly-for-client-connections.patch
* udp-scan-timeout.patch
* verbose-numeric-port.patch
- Drop patch compile-without-TLS-support.patch, renamed
-------------------------------------------------------------------
Mon Jul 17 13:11:34 UTC 2017 - tchvatal@suse.com

25
netcat-openbsd.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package netcat-openbsd
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -12,21 +12,21 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: netcat-openbsd
Version: 1.178
Version: 1.195
Release: 0
Summary: TCP/IP swiss army knife
License: BSD-3-Clause
Group: Productivity/Networking/Other
Url: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/nc/
URL: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/nc/
Source0: http://http.debian.net/debian/pool/main/n/netcat-openbsd/netcat-openbsd_%{version}.orig.tar.gz
#Patches from: http://http.debian.net/debian/pool/main/n/netcat-openbsd/netcat-openbsd_%{version}-2.debian.tar.xz
#Patches from: http://http.debian.net/debian/pool/main/n/netcat-openbsd/netcat-openbsd_%{version}-1.debian.tar.xz
Patch0: port-to-linux-with-libsd.patch
Patch1: compile-without-TLS-support.patch
Patch1: build-without-TLS-support.patch
Patch2: connect-timeout.patch
Patch3: get-sev-by-name.patch
Patch4: send-crlf.patch
@ -34,9 +34,12 @@ Patch5: quit-timer.patch
Patch6: udp-scan-timeout.patch
Patch7: verbose-numeric-port.patch
Patch8: dccp-support.patch
Patch9: serialized-handling-multiple-clients.patch
Patch10: set-TCP-MD5SIG-correctly-for-client-connections.patch
Patch11: misc-failures-and-features.patch
Patch9: broadcast-support.patch
Patch10: serialized-handling-multiple-clients.patch
Patch11: set-TCP-MD5SIG-correctly-for-client-connections.patch
Patch12: destination-port-list.patch
Patch13: use-flags-to-specify-listen-address.patch
Patch14: misc-failures-and-features.patch
BuildRequires: pkgconfig
BuildRequires: pkgconfig(libbsd)
Provides: nc6 = %{version}
@ -73,7 +76,7 @@ ln -s -f nc.1%{ext_man} %{buildroot}/%{_mandir}/man1/netcat.1%{ext_man}
%files
%{_bindir}/nc
%{_bindir}/netcat
%{_mandir}/man1/nc.1%{ext_man}
%{_mandir}/man1/netcat.1%{ext_man}
%{_mandir}/man1/nc.1%{?ext_man}
%{_mandir}/man1/netcat.1%{?ext_man}
%changelog

3
netcat-openbsd_1.178.orig.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:918330a41ee8ea938144ab1c59fa27533654ebff983bfb5255f730a3d9b06239
size 21630

3
netcat-openbsd_1.195.orig.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0e283b2a214313c69447cd962c528ac19afb3ddfe606b25de6d179f187cde4c3
size 22480

185
port-to-linux-with-libsd.patch
View File

@ -3,11 +3,11 @@ Date: Mon, 13 Feb 2012 15:59:31 +0800
Subject: port to linux with libsd
---
Makefile | 15 +++++++-
nc.1 | 4 --
netcat.c | 118 +++++++++++++++++++++++++++++++++++++++++++++++----------------
socks.c | 46 ++++++++++++------------
4 files changed, 127 insertions(+), 56 deletions(-)
Makefile | 15 ++++++-
nc.1 | 3 -
netcat.c | 131 ++++++++++++++++++++++++++++++++++++++++++++++++---------------
socks.c | 46 +++++++++++-----------
4 files changed, 139 insertions(+), 56 deletions(-)
--- a/Makefile
+++ b/Makefile
@ -32,24 +32,23 @@ Subject: port to linux with libsd
+ rm -f $(OBJS) nc
--- a/nc.1
+++ b/nc.1
@@ -202,9 +202,6 @@ Proxy authentication is only supported f
Specifies the source port
@@ -213,8 +213,6 @@ Proxy authentication is only supported f
Specify the source port
.Nm
should use, subject to privilege restrictions and availability.
-It is an error to use this option in conjunction with the
-.Fl l
-option.
-Cannot be used together with
-.Fl l .
.It Fl R Ar CAfile
Specifies the filename from which the root CA bundle for certificate
verification is loaded, in PEM format.
@@ -249,6 +246,7 @@ For IPv4 TOS value
Load the root CA bundle for TLS certificate verification from
.Ar CAfile ,
@@ -274,6 +272,7 @@ For the IPv4 TOS/IPv6 traffic class valu
may be one of
.Ar critical ,
.Ar inetcontrol ,
+.Ar lowcost ,
.Ar lowdelay ,
.Ar netcontrol ,
.Ar throughput ,
.Cm critical ,
.Cm inetcontrol ,
+.Cm lowcost ,
.Cm lowdelay ,
.Cm netcontrol ,
.Cm throughput ,
--- a/netcat.c
+++ b/netcat.c
@@ -32,6 +32,8 @@
@ -113,14 +112,14 @@ Subject: port to linux with libsd
#include <errno.h>
@@ -55,6 +100,8 @@
#include <time.h>
#include <unistd.h>
#include <tls.h>
#include <unistd.h>
+#include <bsd/stdlib.h>
+#include <bsd/string.h>
#include "atomicio.h"
#define PORT_MAX 65535
@@ -260,10 +307,14 @@ main(int argc, char *argv[])
@@ -268,10 +315,14 @@ main(int argc, char *argv[])
uflag = 1;
break;
case 'V':
@ -135,7 +134,7 @@ Subject: port to linux with libsd
break;
case 'v':
vflag = 1;
@@ -301,7 +352,11 @@ main(int argc, char *argv[])
@@ -320,7 +371,11 @@ main(int argc, char *argv[])
oflag = optarg;
break;
case 'S':
@ -147,7 +146,7 @@ Subject: port to linux with libsd
break;
case 'T':
errstr = NULL;
@@ -326,32 +381,23 @@ main(int argc, char *argv[])
@@ -345,14 +400,23 @@ main(int argc, char *argv[])
argc -= optind;
argv += optind;
@ -155,24 +154,6 @@ Subject: port to linux with libsd
if (rtableid >= 0)
if (setrtable(rtableid) == -1)
err(1, "setrtable");
-
- if (family == AF_UNIX) {
- if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
- err(1, "pledge");
- } else if (Fflag) {
- if (Pflag) {
- if (pledge("stdio inet dns sendfd tty", NULL) == -1)
- err(1, "pledge");
- } else if (pledge("stdio inet dns sendfd", NULL) == -1)
- err(1, "pledge");
- } else if (Pflag) {
- if (pledge("stdio inet dns tty", NULL) == -1)
- err(1, "pledge");
- } else if (usetls) {
- if (pledge("stdio rpath inet dns", NULL) == -1)
- err(1, "pledge");
- } else if (pledge("stdio inet dns", NULL) == -1)
- err(1, "pledge");
+# endif
/* Cruft to make sure options are clean, and used properly. */
@ -182,17 +163,38 @@ Subject: port to linux with libsd
+ } else if (!argv[0] && lflag) {
+ if (sflag)
+ errx(1, "cannot use -s and -l");
+ if (pflag)
+ errx(1, "cannot use -p and -l");
+ if (zflag)
+ errx(1, "cannot use -z and -l");
+ if (pflag)
+ uport=pflag;
} else if (argv[0] && !argv[1]) {
if (!lflag)
if (!lflag)
usage(1);
@@ -363,12 +409,6 @@ main(int argc, char *argv[])
} else
usage(1);
@@ -387,33 +451,6 @@ main(int argc, char *argv[])
}
}
- if (family == AF_UNIX) {
- if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
- err(1, "pledge");
- } else if (Fflag && Pflag) {
- if (pledge("stdio inet dns sendfd tty", NULL) == -1)
- err(1, "pledge");
- } else if (Fflag) {
- if (pledge("stdio inet dns sendfd", NULL) == -1)
- err(1, "pledge");
- } else if (Pflag && usetls) {
- if (pledge("stdio rpath inet dns tty", NULL) == -1)
- err(1, "pledge");
- } else if (Pflag) {
- if (pledge("stdio inet dns tty", NULL) == -1)
- err(1, "pledge");
- } else if (usetls) {
- if (pledge("stdio rpath inet dns", NULL) == -1)
- err(1, "pledge");
- } else if (pledge("stdio inet dns", NULL) == -1)
- err(1, "pledge");
-
- if (lflag && sflag)
- errx(1, "cannot use -s and -l");
- if (lflag && pflag)
@ -202,7 +204,7 @@ Subject: port to linux with libsd
if (!lflag && kflag)
errx(1, "must use -l with -k");
if (uflag && usetls)
@@ -401,8 +441,8 @@ main(int argc, char *argv[])
@@ -448,8 +485,8 @@ main(int argc, char *argv[])
} else {
strlcpy(unix_dg_tmp_socket_buf, "/tmp/nc.XXXXXXXXXX",
UNIX_DG_TMP_SOCKET_SIZE);
@ -213,7 +215,7 @@ Subject: port to linux with libsd
unix_dg_tmp_socket = unix_dg_tmp_socket_buf;
}
}
@@ -880,8 +920,10 @@ remote_connect(const char *host, const c
@@ -923,8 +960,10 @@ remote_connect(const char *host, const c
if (sflag || pflag) {
struct addrinfo ahints, *ares;
@ -224,7 +226,7 @@ Subject: port to linux with libsd
memset(&ahints, 0, sizeof(struct addrinfo));
ahints.ai_family = res->ai_family;
ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
@@ -973,9 +1015,15 @@ local_listen(char *host, char *port, str
@@ -1016,9 +1055,15 @@ local_listen(const char *host, const cha
res->ai_protocol)) < 0)
continue;
@ -240,7 +242,7 @@ Subject: port to linux with libsd
set_common_sockopts(s, res->ai_family);
@@ -1425,11 +1473,13 @@ set_common_sockopts(int s, int af)
@@ -1474,11 +1519,13 @@ set_common_sockopts(int s, int af)
{
int x = 1;
@ -254,33 +256,57 @@ Subject: port to linux with libsd
if (Dflag) {
if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
&x, sizeof(x)) == -1)
@@ -1460,8 +1510,11 @@ set_common_sockopts(int s, int af)
@@ -1489,9 +1536,14 @@ set_common_sockopts(int s, int af)
IP_TOS, &Tflag, sizeof(Tflag)) == -1)
err(1, "set IP ToS");
+#if defined(IPV6_TCLASS)
else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
IPV6_TCLASS, &Tflag, sizeof(Tflag)) == -1)
err(1, "set IPv6 traffic class");
+#else
+ else if (af == AF_INET6)
+ errx(1, "can't set IPv6 traffic class (unavailable)");
+#endif
}
if (Iflag) {
if (setsockopt(s, SOL_SOCKET, SO_RCVBUF,
@@ -1509,19 +1561,34 @@ set_common_sockopts(int s, int af)
IP_TTL, &ttl, sizeof(ttl)))
err(1, "set IP TTL");
- else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
+ else
+#if defined(IPV6_UNICAST_HOPS)
+ if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
IPV6_UNICAST_HOPS, &ttl, sizeof(ttl)))
+#endif
err(1, "set IPv6 unicast hops");
+#else
+ else if (af == AF_INET6)
+ errx(1, "can't set IPv6 unicast hops (unavailable)");
+#endif
}
@@ -1470,8 +1523,11 @@ set_common_sockopts(int s, int af)
if (minttl != -1) {
+#if defined(IP_MINTTL)
if (af == AF_INET && setsockopt(s, IPPROTO_IP,
IP_MINTTL, &minttl, sizeof(minttl)))
err(1, "set IP min TTL");
- else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
+ else
+#if defined(IPV6_MINHOPCOUNT)
+ if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
IPV6_MINHOPCOUNT, &minttl, sizeof(minttl)))
+#else
+ if (af == AF_INET)
+ errx(1, "can't set IP min TTL (unavailable)");
+#endif
+#if defined(IPV6_MINHOPCOUNT)
else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
IPV6_MINHOPCOUNT, &minttl, sizeof(minttl)))
err(1, "set IPv6 min hop count");
+#else
+ else if (af == AF_INET6)
+ errx(1, "can't set IPv6 min hop count (unavailable)");
+#endif
}
}
@@ -1507,6 +1563,7 @@ map_tos(char *s, int *val)
@@ -1556,6 +1623,7 @@ process_tos_opt(char *s, int *val)
{ "cs7", IPTOS_DSCP_CS7 },
{ "ef", IPTOS_DSCP_EF },
{ "inetcontrol", IPTOS_PREC_INTERNETCONTROL },
@ -288,7 +314,7 @@ Subject: port to linux with libsd
{ "lowdelay", IPTOS_LOWDELAY },
{ "netcontrol", IPTOS_PREC_NETCONTROL },
{ "reliability", IPTOS_RELIABILITY },
@@ -1640,6 +1697,9 @@ report_connect(const struct sockaddr *sa
@@ -1721,6 +1789,9 @@ report_connect(const struct sockaddr *sa
void
help(void)
{
@ -298,8 +324,8 @@ Subject: port to linux with libsd
usage(0);
fprintf(stderr, "\tCommand Summary:\n\
\t-4 Use IPv4\n\
@@ -1680,7 +1740,7 @@ help(void)
\t-x addr[:port]\tSpecify proxy address and port\n\
@@ -1763,7 +1834,7 @@ help(void)
\t-Z Peer certificate file\n\
\t-z Zero-I/O mode [used for scanning]\n\
Port numbers can be individual or ranges: lo-hi [inclusive]\n");
- exit(1);
@ -318,7 +344,7 @@ Subject: port to linux with libsd
#include "atomicio.h"
#define SOCKS_PORT "1080"
@@ -219,11 +219,11 @@ socks_connect(const char *host, const ch
@@ -217,11 +217,11 @@ socks_connect(const char *host, const ch
buf[2] = SOCKS_NOAUTH;
cnt = atomicio(vwrite, proxyfd, buf, 3);
if (cnt != 3)
@ -332,7 +358,7 @@ Subject: port to linux with libsd
if (buf[1] == SOCKS_NOMETHOD)
errx(1, "authentication method negotiation failed");
@@ -272,11 +272,11 @@ socks_connect(const char *host, const ch
@@ -270,11 +270,11 @@ socks_connect(const char *host, const ch
cnt = atomicio(vwrite, proxyfd, buf, wlen);
if (cnt != wlen)
@ -346,7 +372,7 @@ Subject: port to linux with libsd
if (buf[1] != 0) {
errx(1, "connection failed, SOCKSv5 error: %s",
socks5_strerror(buf[1]));
@@ -285,12 +285,12 @@ socks_connect(const char *host, const ch
@@ -283,12 +283,12 @@ socks_connect(const char *host, const ch
case SOCKS_IPV4:
cnt = atomicio(read, proxyfd, buf + 4, 6);
if (cnt != 6)
@ -361,7 +387,7 @@ Subject: port to linux with libsd
break;
default:
errx(1, "connection failed, unsupported address type");
@@ -310,11 +310,11 @@ socks_connect(const char *host, const ch
@@ -308,11 +308,11 @@ socks_connect(const char *host, const ch
cnt = atomicio(vwrite, proxyfd, buf, wlen);
if (cnt != wlen)
@ -375,7 +401,7 @@ Subject: port to linux with libsd
if (buf[1] != 90) {
errx(1, "connection failed, SOCKSv4 error: %s",
socks4_strerror(buf[1]));
@@ -328,39 +328,39 @@ socks_connect(const char *host, const ch
@@ -326,21 +326,21 @@ socks_connect(const char *host, const ch
/* Try to be sane about numeric IPv6 addresses */
if (strchr(host, ':') != NULL) {
@ -400,12 +426,15 @@ Subject: port to linux with libsd
+ err(1, "write failed (%zu/%d)", (size_t)cnt, (int)r);
if (authretry > 1) {
char resp[1024];
char proxypass[256];
@@ -348,20 +348,20 @@ socks_connect(const char *host, const ch
proxypass = getproxypass(proxyuser, proxyhost);
getproxypass(proxyuser, proxyhost,
proxypass, sizeof proxypass);
- r = snprintf(buf, sizeof(buf), "%s:%s",
+ r = snprintf((char*)buf, sizeof(buf), "%s:%s",
proxyuser, proxypass);
explicit_bzero(proxypass, sizeof proxypass);
if (r == -1 || (size_t)r >= sizeof(buf) ||
- b64_ntop(buf, strlen(buf), resp,
+ b64_ntop(buf, strlen((char*)buf), resp,
@ -421,10 +450,10 @@ Subject: port to linux with libsd
if ((cnt = atomicio(vwrite, proxyfd, buf, r)) != r)
- err(1, "write failed (%zu/%d)", cnt, r);
+ err(1, "write failed (%zu/%d)", (size_t)cnt, r);
explicit_bzero(proxypass, sizeof proxypass);
explicit_bzero(buf, sizeof buf);
}
/* Terminate headers */
@@ -368,22 +368,22 @@ socks_connect(const char *host, const ch
@@ -371,22 +371,22 @@ socks_connect(const char *host, const ch
err(1, "write failed (%zu/2)", cnt);
/* Read status reply */

45
quit-timer.patch
View File

@ -17,8 +17,8 @@ Subject: quit timer
.Op Fl s Ar source
.Op Fl T Ar keyword
.Op Fl V Ar rtable
@@ -173,6 +174,15 @@ Proxy authentication is only supported f
Specifies the source port
@@ -167,6 +168,15 @@ Proxy authentication is only supported f
Specify the source port
.Nm
should use, subject to privilege restrictions and availability.
+.It Fl q Ar seconds
@ -31,7 +31,7 @@ Subject: quit timer
+implies
+.Fl N .
.It Fl r
Specifies that source and/or destination ports should be chosen randomly
Choose source and/or destination ports randomly
instead of sequentially within a range or in the order that the system
--- a/netcat.c
+++ b/netcat.c
@ -43,7 +43,7 @@ Subject: quit timer
int rflag; /* Random ports flag */
char *sflag; /* Source Address */
int tflag; /* Telnet Emulation */
@@ -218,6 +219,8 @@ ssize_t fillbuf(int, unsigned char *, si
@@ -224,6 +225,8 @@ ssize_t fillbuf(int, unsigned char *, si
static int connect_with_timeout(int fd, const struct sockaddr *sa,
socklen_t salen, int ctimeout);
@ -52,23 +52,23 @@ Subject: quit timer
int
main(int argc, char *argv[])
{
@@ -246,9 +249,9 @@ main(int argc, char *argv[])
@@ -253,9 +256,9 @@ main(int argc, char *argv[])
while ((ch = getopt(argc, argv,
# if defined(TLS)
- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vw:X:x:z")) != -1) {
+ "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:z")) != -1) {
- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
+ "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
# else
- "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vw:X:x:z")) != -1) {
+ "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:z")) != -1) {
- "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z"))
+ "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:z"))
# endif
!= -1) {
switch (ch) {
case '4':
@@ -339,6 +342,13 @@ main(int argc, char *argv[])
@@ -347,6 +350,13 @@ main(int argc, char *argv[])
case 'p':
pflag = optarg;
break;
+ case 'q':
+ case 'q':
+ qflag = strtonum(optarg, INT_MIN, INT_MAX, &errstr);
+ if (errstr)
+ errx(1, "quit timer %s: %s", errstr, optarg);
@ -78,13 +78,13 @@ Subject: quit timer
# if defined(TLS)
case 'R':
tls_cachanged = 1;
@@ -1253,15 +1263,27 @@ readwrite(int net_fd)
@@ -1297,15 +1307,27 @@ readwrite(int net_fd)
while (1) {
/* both inputs are gone, buffers are empty, we are done */
if (pfd[POLL_STDIN].fd == -1 && pfd[POLL_NETIN].fd == -1 &&
- stdinbufpos == 0 && netinbufpos == 0)
- return;
+ stdinbufpos == 0 && netinbufpos == 0) {
+ stdinbufpos == 0 && netinbufpos == 0) {
+ if (qflag <= 0)
+ return;
+ goto delay_exit;
@ -96,7 +96,7 @@ Subject: quit timer
+ if (qflag <= 0)
+ return;
+ goto delay_exit;
+ }
+ }
/* listen and net in gone, queues empty, done */
if (lflag && pfd[POLL_NETIN].fd == -1 &&
- stdinbufpos == 0 && netinbufpos == 0)
@ -108,11 +108,11 @@ Subject: quit timer
+ close(net_fd);
+ signal(SIGALRM, quit);
+ alarm(qflag);
+ }
+ }
/* poll */
num_fds = poll(pfd, 4, timeout);
@@ -1936,6 +1958,7 @@ help(void)
@@ -2032,6 +2054,7 @@ help(void)
\t-O length TCP send buffer length\n\
\t-P proxyuser\tUsername for proxy authentication\n\
\t-p port\t Specify local port for remote connects\n\
@ -120,14 +120,15 @@ Subject: quit timer
\t-r Randomize remote ports\n\
\t-S Enable the TCP MD5 signature option\n\
\t-s source Local source address\n\
@@ -1959,9 +1982,18 @@ usage(int ret)
@@ -2056,10 +2079,19 @@ usage(int ret)
fprintf(stderr,
"usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
"\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
- "\t [-s source] [-T keyword] [-V rtable] [-w timeout] "
+ "\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-w timeout] "
"[-X proxy_protocol]\n"
"\t [-x proxy_address[:port]] [destination] [port]\n");
- "\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
+ "\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
"[-w timeout]\n"
"\t [-X proxy_protocol] [-x proxy_address[:port]] "
"\t [destination] [port]\n");
if (ret)
exit(1);
}

59
send-crlf.patch
View File

@ -3,9 +3,9 @@ Date: Mon, 13 Feb 2012 14:57:45 +0800
Subject: send crlf
---
nc.1 | 6 +++--
nc.1 | 9 ++++++-
netcat.c | 72 +++++++++++++++++++++++++++++++++++----------------------------
2 files changed, 45 insertions(+), 33 deletions(-)
2 files changed, 48 insertions(+), 33 deletions(-)
--- a/nc.1
+++ b/nc.1
@ -18,16 +18,19 @@ Subject: send crlf
.Op Fl I Ar length
.Op Fl i Ar interval
.Op Fl M Ar ttl
@@ -95,6 +95,8 @@ to use IPv4 addresses only.
Forces
.Nm
to use IPv6 addresses only.
@@ -92,6 +92,11 @@ The options are as follows:
Use IPv4 addresses only.
.It Fl 6
Use IPv6 addresses only.
+.It Fl C
+Send CRLF as line-ending.
+Send CRLF as line-ending. Each line feed (LF) character from the input
+data is translated into CR+LF before being written to the socket. Line
+feed characters that are already preceded with a carriage return (CR)
+are not translated. Received data is not affected.
.It Fl D
Enable debugging on the socket.
.It Fl d
@@ -379,7 +381,7 @@ More complicated examples can be built u
@@ -377,7 +382,7 @@ More complicated examples can be built u
of requests required by the server.
As another example, an email may be submitted to an SMTP server using:
.Bd -literal -offset indent
@ -38,16 +41,16 @@ Subject: send crlf
RCPT TO:\*(Ltuser2@host.example.com\*(Gt
--- a/netcat.c
+++ b/netcat.c
@@ -163,6 +163,8 @@ int tls_cachanged; /* Using non-defau
int TLSopt; /* TLS options */
char *tls_expectname; /* required name in peer cert */
char *tls_expecthash; /* required hash of peer cert */
@@ -166,6 +166,8 @@ char *tls_expecthash; /* required hash
char *tls_ciphers; /* TLS ciphers */
char *tls_protocols; /* TLS protocols */
FILE *Zflag; /* file to save peer cert */
+# else
+int Cflag = 0; /* CRLF line-ending */
# endif
int timeout = -1;
@@ -209,7 +211,7 @@ ssize_t fillbuf(int, unsigned char *, si
int recvcount, recvlimit;
@@ -215,7 +217,7 @@ ssize_t fillbuf(int, unsigned char *, si
void tls_setup_client(struct tls *, int, char *);
struct tls *tls_setup_server(struct tls *, int, char *);
# else
@ -56,16 +59,16 @@ Subject: send crlf
ssize_t fillbuf(int, unsigned char *, size_t *);
# endif
@@ -246,7 +248,7 @@ main(int argc, char *argv[])
@@ -253,7 +255,7 @@ main(int argc, char *argv[])
# if defined(TLS)
"46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vw:X:x:z")) != -1) {
"46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
# else
- "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vw:X:x:z")) != -1) {
+ "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vw:X:x:z")) != -1) {
- "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z"))
+ "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z"))
# endif
!= -1) {
switch (ch) {
case '4':
@@ -275,6 +277,10 @@ main(int argc, char *argv[])
@@ -283,6 +285,10 @@ main(int argc, char *argv[])
case 'c':
usetls = 1;
break;
@ -76,7 +79,7 @@ Subject: send crlf
# endif
case 'd':
dflag = 1;
@@ -1257,12 +1263,6 @@ readwrite(int net_fd)
@@ -1301,12 +1307,6 @@ readwrite(int net_fd)
stdinbufpos == 0 && netinbufpos == 0)
return;
@ -89,7 +92,7 @@ Subject: send crlf
/* poll */
num_fds = poll(pfd, 4, timeout);
@@ -1342,7 +1342,7 @@ readwrite(int net_fd)
@@ -1386,7 +1386,7 @@ readwrite(int net_fd)
pfd[POLL_NETOUT].events = POLLOUT;
else
# else
@ -98,7 +101,7 @@ Subject: send crlf
# endif
if (ret == -1)
pfd[POLL_NETOUT].fd = -1;
@@ -1395,7 +1395,7 @@ readwrite(int net_fd)
@@ -1445,7 +1445,7 @@ readwrite(int net_fd)
pfd[POLL_STDOUT].events = POLLOUT;
else
# else
@ -107,7 +110,7 @@ Subject: send crlf
# endif
if (ret == -1)
pfd[POLL_STDOUT].fd = -1;
@@ -1421,31 +1421,40 @@ readwrite(int net_fd)
@@ -1471,31 +1471,40 @@ readwrite(int net_fd)
}
ssize_t
@ -168,7 +171,7 @@ Subject: send crlf
/* adjust buffer */
adjust = *bufpos - n;
if (adjust > 0)
@@ -1911,6 +1920,7 @@ help(void)
@@ -2007,6 +2016,7 @@ help(void)
fprintf(stderr, "\tCommand Summary:\n\
\t-4 Use IPv4\n\
\t-6 Use IPv6\n\
@ -176,12 +179,12 @@ Subject: send crlf
\t-D Enable the debug socket option\n\
\t-d Detach from stdin\n\
\t-F Pass socket fd\n\
@@ -1947,7 +1957,7 @@ void
@@ -2044,7 +2054,7 @@ void
usage(int ret)
{
fprintf(stderr,
- "usage: nc [-46DdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
+ "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
"\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
"\t [-s source] [-T keyword] [-V rtable] [-w timeout] "
"[-X proxy_protocol]\n"
"\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
"[-w timeout]\n"

91
serialized-handling-multiple-clients.patch
View File

@ -3,75 +3,74 @@ Date: Tue, 14 Feb 2012 23:02:00 +0800
Subject: serialized handling multiple clients
---
netcat.c | 41 ++++++++++++++++++++---------------------
1 file changed, 20 insertions(+), 21 deletions(-)
netcat.c | 44 +++++++++++++++++++++-----------------------
1 file changed, 21 insertions(+), 23 deletions(-)
--- a/netcat.c
+++ b/netcat.c
@@ -664,7 +664,20 @@ main(int argc, char *argv[])
@@ -705,6 +705,23 @@ main(int argc, char *argv[])
s = unix_bind(host, 0);
else
s = unix_listen(host);
- }
+ } else
+ s = local_listen(host, uport, hints);
+ if (s < 0)
+ err(1, NULL);
+
+ char* local;
+ if (family == AF_INET6)
+ local = ":::";
+ else
+ local = "0.0.0.0";
+ fprintf(stderr, "Listening on [%s] (family %d, port %d)\n",
+ host ?: local,
+ family,
+ *uport);
+ if (vflag && (family != AF_UNIX)) {
+ char* local;
+ if (family == AF_INET)
+ local = "0.0.0.0";
+ else if (family == AF_INET6)
+ local = "::";
+ else
+ local = "unknown";
+ fprintf(stderr, "Listening on [%s] (family %d, port %d)\n",
+ host ?: local,
+ family,
+ *uport);
}
# if defined(TLS)
if (usetls) {
@@ -678,22 +691,7 @@ main(int argc, char *argv[])
@@ -719,28 +736,6 @@ main(int argc, char *argv[])
# endif
/* Allow only one connection at a time, but stay alive. */
for (;;) {
- if (family != AF_UNIX)
- if (family != AF_UNIX) {
- if (s != -1)
- close(s);
- s = local_listen(host, uport, hints);
- }
- if (s < 0)
- err(1, NULL);
-
- char* local;
- if (family == AF_INET6)
- local = "0.0.0.0";
- else if (family == AF_INET)
- local = ":::";
- else
- local = "unknown";
- fprintf(stderr, "Listening on [%s] (family %d, port %d)\n",
- host ?: local,
- family,
- *uport);
+
/*
* For UDP and -k, don't connect the socket, let it
* receive datagrams from multiple socket pairs.
@@ -760,15 +758,16 @@ main(int argc, char *argv[])
# endif
close(connfd);
}
- if (family != AF_UNIX)
+ if (kflag)
+ continue;
+ if (family != AF_UNIX) {
close(s);
+ }
else if (uflag) {
if (connect(s, NULL, 0) < 0)
- if (vflag && (family != AF_UNIX)) {
- char* local;
- if (family == AF_INET)
- local = "0.0.0.0";
- else if (family == AF_INET6)
- local = "::";
- else
- local = "unknown";
- fprintf(stderr, "Listening on [%s] (family %d, port %d)\n",
- host ?: local,
- family,
- *uport);
- }
-
if (uflag && kflag) {
/*
* For UDP and -k, don't connect the socket,
@@ -814,8 +809,11 @@ main(int argc, char *argv[])
err(1, "connect");
}
-
- if (!kflag)
- break;
+ break;
+ if (!kflag) {
+ if (s != -1)
+ close(s);
break;
+ }
}
} else if (family == AF_UNIX) {
ret = 0;

24
set-TCP-MD5SIG-correctly-for-client-connections.patch
View File

@ -18,26 +18,26 @@ Subject: Set TCP MD5SIG correctly for client connections
#ifndef IPTOS_LOWDELAY
# define IPTOS_LOWDELAY 0x10
@@ -172,6 +175,9 @@ char *tls_expecthash; /* required hash
@@ -176,6 +179,9 @@ FILE *Zflag; /* file to save peer ce
int Cflag = 0; /* CRLF line-ending */
# endif
+# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN)
+char Sflag_password[TCP_MD5SIG_MAXKEYLEN];
+# endif
int recvcount, recvlimit;
int timeout = -1;
int family = AF_UNSPEC;
char *portlist[PORT_MAX+1];
@@ -200,7 +206,7 @@ int udptest(int);
@@ -206,7 +212,7 @@ int udptest(int);
int unix_bind(char *, int);
int unix_connect(char *);
int unix_listen(char *);
-void set_common_sockopts(int, int);
+void set_common_sockopts(int, const struct sockaddr *);
int map_tos(char *, int *);
int process_tos_opt(char *, int *);
# if defined(TLS)
int map_tls(char *, int *);
@@ -427,7 +433,10 @@ main(int argc, char *argv[])
int process_tls_opt(char *, int *);
@@ -456,7 +462,10 @@ main(int argc, char *argv[])
break;
# endif
case 'S':
@ -49,7 +49,7 @@ Subject: Set TCP MD5SIG correctly for client connections
Sflag = 1;
# else
errx(1, "no TCP MD5 signature support available");
@@ -1120,7 +1129,7 @@ remote_connect(const char *host, const c
@@ -1171,7 +1180,7 @@ remote_connect(const char *host, const c
freeaddrinfo(ares);
}
@ -58,7 +58,7 @@ Subject: Set TCP MD5SIG correctly for client connections
char *proto = proto_name(uflag, dccpflag);
if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS)
@@ -1274,7 +1283,7 @@ local_listen(char *host, char *port, str
@@ -1325,7 +1334,7 @@ local_listen(const char *host, const cha
err(1, NULL);
# endif
@ -67,7 +67,7 @@ Subject: Set TCP MD5SIG correctly for client connections
if (bind(s, (struct sockaddr *)res->ai_addr,
res->ai_addrlen) == 0)
@@ -1788,14 +1797,22 @@ udptest(int s)
@@ -1845,9 +1854,10 @@ udptest(int s)
}
void
@ -77,6 +77,12 @@ Subject: Set TCP MD5SIG correctly for client connections
int x = 1;
+ int af = sa->sa_family;
# if defined(SO_BROADCAST)
if (bflag) {
@@ -1858,10 +1868,17 @@ set_common_sockopts(int s, int af)
err(1, NULL);
}
# endif
-# if defined(TCP_MD5SIG)
+# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN)
if (Sflag) {

6
udp-scan-timeout.patch
View File

@ -17,7 +17,7 @@ Subject: udp scan timeout
/* Command Line Options */
int dflag; /* detached, no stdin */
int Fflag; /* fdpass sock to stdout */
@@ -774,7 +776,7 @@ main(int argc, char *argv[])
@@ -815,7 +817,7 @@ main(int argc, char *argv[])
continue;
ret = 0;
@ -26,7 +26,7 @@ Subject: udp scan timeout
/* For UDP, make sure we are connected. */
if (uflag) {
if (udptest(s) == -1) {
@@ -1693,15 +1695,20 @@ build_ports(char *p)
@@ -1743,15 +1745,20 @@ build_ports(char *p)
int
udptest(int s)
{
@ -49,7 +49,7 @@ Subject: udp scan timeout
+ if ((write(s, "X", 1) != 1) && (errno == ECONNREFUSED))
+ return -1;
}
- return (ret);
- return ret;
+ return 1;
}

106
use-flags-to-specify-listen-address.patch Normal file
View File

@ -0,0 +1,106 @@
From: Guilhem Moulin <guilhem@debian.org>
Date: Mon, 22 Oct 2018 04:50:54 +0200
Subject: use -s/-p flags to specify listen address
---
nc.1 | 18 ++++++++++++++----
netcat.c | 49 +++++++++++++++++++++++++++++--------------------
2 files changed, 43 insertions(+), 24 deletions(-)
--- a/nc.1
+++ b/nc.1
@@ -143,8 +143,20 @@ multiple hosts.
.It Fl l
Listen for an incoming connection rather than initiating a
connection to a remote host.
-Cannot be used together with any of the options
-.Fl psxz .
+The
+.Ar destination
+and
+.Ar port
+to listen on can be specified either as non-optional arguments, or with
+options
+.Fl s
+and
+.Fl p
+respectively.
+Cannot be used together with
+.Fl x
+or
+.Fl z .
Additionally, any timeouts specified with the
.Fl w
option are ignored.
@@ -194,8 +206,6 @@ For
datagram sockets, specifies the local temporary socket file
to create and use so that datagrams can be received.
Cannot be used together with
-.Fl l
-or
.Fl x .
.It Fl T Ar keyword
Change the IPv4 TOS/IPv6 traffic class value.
--- a/netcat.c
+++ b/netcat.c
@@ -507,31 +507,40 @@ main(int argc, char *argv[])
# endif
/* Cruft to make sure options are clean, and used properly. */
- if (argv[0] && !argv[1] && family == AF_UNIX) {
-# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
- if (dccpflag)
- errx(1, "cannot use -Z and -U");
-# endif
- host = argv[0];
- uport = NULL;
- } else if (!argv[0] && lflag) {
- if (sflag)
- errx(1, "cannot use -s and -l");
- if (pflag)
- errx(1, "cannot use -p and -l");
- if (zflag)
- errx(1, "cannot use -z and -l");
- } else if (argv[0] && !argv[1]) {
- if (!lflag)
- usage(1);
- uport = &argv[0];
- host = NULL;
- } else if (argv[0] && argv[1]) {
+ if (argc == 0 && lflag) {
+ uport = &pflag;
+ host = sflag;
+ } else if (argc == 1 && !pflag && !sflag) {
+ if (family == AF_UNIX) {
+ host = argv[0];
+ uport = NULL;
+ } else if (lflag) {
+ host = NULL;
+ uport = argv;
+ }
+ } else if (argc >= 2) {
+ if (lflag && (pflag || sflag || argc > 2))
+ usage(1); /* conflict */
host = argv[0];
uport = &argv[1];
} else
usage(1);
+ if (family == AF_UNIX) {
+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
+ if (dccpflag)
+ errx(1, "cannot use -Z and -U");
+# endif
+ if (uport && *uport)
+ errx(1, "cannot use port with -U");
+ if (!host)
+ errx(1, "missing socket pathname");
+ } else if (!uport || !*uport)
+ errx(1, "missing port number");
+
+ if (lflag && zflag)
+ errx(1, "cannot use -z and -l");
+
# if defined(TLS)
if (usetls) {
if (Cflag && unveil(Cflag, "r") == -1)

56
verbose-numeric-port.patch
View File

@ -3,8 +3,8 @@ Date: Mon, 13 Feb 2012 15:38:15 +0800
Subject: verbose numeric port
---
netcat.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
netcat.c | 25 ++++++++++++++++++++-----
1 file changed, 20 insertions(+), 5 deletions(-)
--- a/netcat.c
+++ b/netcat.c
@ -16,33 +16,37 @@ Subject: verbose numeric port
#ifdef __linux__
# include <linux/in6.h>
#endif
@@ -651,6 +652,18 @@ main(int argc, char *argv[])
s = local_listen(host, uport, hints);
@@ -689,6 +690,21 @@ main(int argc, char *argv[])
}
if (s < 0)
err(1, NULL);
+
+ char* local;
+ if (family == AF_INET6)
+ local = "0.0.0.0";
+ else if (family == AF_INET)
+ local = ":::";
+ else
+ local = "unknown";
+ fprintf(stderr, "Listening on [%s] (family %d, port %d)\n",
+ host ?: local,
+ family,
+ *uport);
/*
* For UDP and -k, don't connect the socket, let it
* receive datagrams from multiple socket pairs.
@@ -671,14 +684,14 @@ main(int argc, char *argv[])
char buf[16384];
struct sockaddr_storage z;
+ if (vflag && (family != AF_UNIX)) {
+ char* local;
+ if (family == AF_INET)
+ local = "0.0.0.0";
+ else if (family == AF_INET6)
+ local = "::";
+ else
+ local = "unknown";
+ fprintf(stderr, "Listening on [%s] (family %d, port %d)\n",
+ host ?: local,
+ family,
+ *uport);
+ }
+
if (uflag && kflag) {
/*
* For UDP and -k, don't connect the socket,
@@ -708,20 +724,19 @@ main(int argc, char *argv[])
*/
int rv;
char buf[2048];
- struct sockaddr_storage z;
- len = sizeof(z);
+ len = sizeof(cliaddr);
plen = 2048;
rv = recvfrom(s, buf, plen, MSG_PEEK,
rv = recvfrom(s, buf, sizeof(buf), MSG_PEEK,
- (struct sockaddr *)&z, &len);
+ (struct sockaddr *)&cliaddr, &len);
if (rv < 0)
@ -53,3 +57,9 @@ Subject: verbose numeric port
if (rv < 0)
err(1, "connect");
if (vflag)
- report_connect((struct sockaddr *)&z, len, NULL);
+ report_connect((struct sockaddr *)&cliaddr, len, NULL);
# if defined(TLS)
readwrite(s, NULL);