Accepting request 648975 from network:utilities

OBS-URL: https://build.opensuse.org/request/show/648975
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/netcat-openbsd?expand=0&rev=24
This commit is contained in:
Dominique Leuenberger 2018-11-26 09:16:01 +00:00 committed by Git OBS Bridge
commit afd0012796
19 changed files with 1029 additions and 695 deletions

89
broadcast-support.patch Normal file
View File

@ -0,0 +1,89 @@
From: Aron Xu <aron@debian.org>
Date: Mon, 13 Feb 2012 19:06:52 +0800
Subject: broadcast support
---
nc.1 | 4 +++-
netcat.c | 22 ++++++++++++++++++++--
2 files changed, 23 insertions(+), 3 deletions(-)
--- a/nc.1
+++ b/nc.1
@@ -33,7 +33,7 @@
.Nd arbitrary TCP and UDP connections and listens
.Sh SYNOPSIS
.Nm nc
-.Op Fl 46CDdFhklNnrStUuvZz
+.Op Fl 46bCDdFhklNnrStUuvZz
.Op Fl I Ar length
.Op Fl i Ar interval
.Op Fl M Ar ttl
@@ -93,6 +93,8 @@ The options are as follows:
Use IPv4 addresses only.
.It Fl 6
Use IPv6 addresses only.
+.It Fl b
+Allow broadcast.
.It Fl C
Send CRLF as line-ending. Each line feed (LF) character from the input
data is translated into CR+LF before being written to the socket. Line
--- a/netcat.c
+++ b/netcat.c
@@ -133,6 +133,7 @@
#define UDP_SCAN_TIMEOUT 3 /* Seconds */
/* Command Line Options */
+int bflag; /* Allow Broadcast */
int dflag; /* detached, no stdin */
int Fflag; /* fdpass sock to stdout */
unsigned int iflag; /* Interval Flag */
@@ -261,9 +262,9 @@ main(int argc, char *argv[])
while ((ch = getopt(argc, argv,
# if defined(TLS)
- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
+ "46bC:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
# else
- "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:Zz"))
+ "46bCDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:Zz"))
# endif
!= -1) {
switch (ch) {
@@ -273,6 +274,13 @@ main(int argc, char *argv[])
case '6':
family = AF_INET6;
break;
+ case 'b':
+# if defined(SO_BROADCAST)
+ bflag = 1;
+# else
+ errx(1, "no broadcast frame support available");
+# endif
+ break;
case 'U':
family = AF_UNIX;
break;
@@ -1843,6 +1851,15 @@ set_common_sockopts(int s, int af)
{
int x = 1;
+# if defined(SO_BROADCAST)
+ if (bflag) {
+ /* allow datagram sockets to send packets to a broadcast address
+ * (this option has no effect on stream-oriented sockets) */
+ if (setsockopt(s, SOL_SOCKET, SO_BROADCAST,
+ &x, sizeof(x)) == -1)
+ err(1, NULL);
+ }
+# endif
# if defined(TCP_MD5SIG)
if (Sflag) {
if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG,
@@ -2122,6 +2139,7 @@ help(void)
fprintf(stderr, "\tCommand Summary:\n\
\t-4 Use IPv4\n\
\t-6 Use IPv6\n\
+ \t-b Allow broadcast\n\
\t-C Send CRLF as line-ending\n\
\t-D Enable the debug socket option\n\
\t-d Detach from stdin\n\

View File

@ -1,15 +1,15 @@
From: Guilhem Moulin <guilhem@debian.org> From: Guilhem Moulin <guilhem@debian.org>
Date: Fri, 09 Jun 2017 13:21:23 +0200 Date: Fri, 09 Jun 2017 13:21:23 +0200
Subject: compile without TLS support Subject: build without TLS support
tls.h isn't available in libsd-dev, and -C is already taken for tls.h isn't available in libsd-dev, and TLS supports adds options (-C, -Z)
CRLF line-ending in the Debian-specific patches. that are already used by our Debian-specific patches.
--- ---
Makefile | 2 Makefile | 2
nc.1 | 63 ----------------------- nc.1 | 114 ++---------------------------------------
netcat.c | 166 +++++++++++++++++++++++++++++++++++++++++++++++++++++---------- netcat.c | 172 +++++++++++++++++++++++++++++++++++++++++++++++++++++----------
3 files changed, 144 insertions(+), 87 deletions(-) 3 files changed, 152 insertions(+), 136 deletions(-)
--- a/Makefile --- a/Makefile
+++ b/Makefile +++ b/Makefile
@ -46,145 +46,219 @@ CRLF line-ending in the Debian-specific patches.
.Op Fl s Ar source .Op Fl s Ar source
.Op Fl T Ar keyword .Op Fl T Ar keyword
.Op Fl V Ar rtable .Op Fl V Ar rtable
@@ -101,20 +95,10 @@ to use IPv4 addresses only. @@ -54,7 +48,6 @@
Forces .Op Fl w Ar timeout
.Nm .Op Fl X Ar proxy_protocol
to use IPv6 addresses only. .Op Fl x Ar proxy_address Ns Op : Ns Ar port
-.Op Fl Z Ar peercertfile
.Op Ar destination
.Op Ar port
.Sh DESCRIPTION
@@ -99,28 +92,10 @@ The options are as follows:
Use IPv4 addresses only.
.It Fl 6
Use IPv6 addresses only.
-.It Fl C Ar certfile -.It Fl C Ar certfile
-Specifies the filename from which the public key part of the TLS -Load the public key part of the TLS peer certificate from
-certificate is loaded, in PEM format. -.Ar certfile ,
-May only be used with TLS. -in PEM format.
-Requires
-.Fl c .
-.It Fl c -.It Fl c
-If using a TCP socket to connect or listen, use TLS. -Use TLS to connect or listen.
-Illegal if not using TCP sockets. -Cannot be used together with any of the options
-.Fl FuU .
.It Fl D .It Fl D
Enable debugging on the socket. Enable debugging on the socket.
.It Fl d .It Fl d
Do not attempt to read from stdin. Do not attempt to read from stdin.
-.It Fl e Ar name -.It Fl e Ar name
-Specify the name that must be present in the peer certificate when using TLS. -Only accept the TLS peer certificate if it contains the
-Illegal if not using TLS. -.Ar name .
-Requires
-.Fl c .
-If not specified,
-.Ar destination
-is used.
.It Fl F .It Fl F
Pass the first connected socket using Pass the first connected socket using
.Xr sendmsg 2 .Xr sendmsg 2
@@ -130,11 +114,6 @@ using the @@ -137,18 +112,7 @@ using the
.Xr ssh_config 5
.Cm ProxyUseFdpass .Cm ProxyUseFdpass
option). option).
Cannot be used with
-.Fl c
-or
.Fl U .
-.It Fl H Ar hash -.It Fl H Ar hash
-Specifies the required hash string of the peer certificate when using TLS. -Only accept the TLS peer certificate if its hash returned from
-The string format required is that used by -.Xr tls_peer_cert_hash 3
-.Xr tls_peer_cert_hash 3 . -matches
-Illegal if not using TLS, and may not be used with -T noverify. -.Ar hash .
-Requires
-.Fl c
-and cannot be used with
-.Fl T Cm noverify .
.It Fl h .It Fl h
Prints out Print out the
.Nm .Nm
@@ -144,10 +123,6 @@ Specifies the size of the TCP receive bu @@ -160,12 +124,6 @@ Sleep for
.It Fl i Ar interval .Ar interval
Specifies a delay time interval between lines of text sent and received. seconds between lines of text sent and received.
Also causes a delay time between connections to multiple ports. Also causes a delay time between connections to multiple ports.
-.It Fl K Ar keyfile -.It Fl K Ar keyfile
-Specifies the filename from which the private key -Load the TLS private key from
-is loaded in PEM format. -.Ar keyfile ,
-May only be used with TLS. -in PEM format.
-Requires
-.Fl c .
.It Fl k .It Fl k
Forces When a connection is completed, listen for another one.
.Nm Requires
@@ -188,12 +163,6 @@ Do not do any DNS or service lookups on @@ -196,15 +154,6 @@ Do not do any DNS or service lookups on
hostnames or ports. hostnames or ports.
.It Fl O Ar length .It Fl O Ar length
Specifies the size of the TCP send buffer. Specify the size of the TCP send buffer.
-.It Fl o Ar staplefile -.It Fl o Ar staplefile
-Specifies the filename from which to load data to be stapled -During the TLS handshake, load data to be stapled from
-during the TLS handshake. -.Ar staplefile ,
-The file is expected to contain an OCSP response from an OCSP server in -which is expected to contain an OCSP response from an OCSP server in
-DER format. -DER format.
-May only be used with TLS and when a certificate is being used. -Requires
-.Fl c
-and
-.Fl C .
.It Fl P Ar proxy_username .It Fl P Ar proxy_username
Specifies a username to present to a proxy server that requires authentication. Specifies a username to present to a proxy server that requires authentication.
If no username is specified then authentication will not be attempted. If no username is specified then authentication will not be attempted.
@@ -202,12 +171,6 @@ Proxy authentication is only supported f @@ -213,13 +162,6 @@ Proxy authentication is only supported f
Specifies the source port Specify the source port
.Nm .Nm
should use, subject to privilege restrictions and availability. should use, subject to privilege restrictions and availability.
-.It Fl R Ar CAfile -.It Fl R Ar CAfile
-Specifies the filename from which the root CA bundle for certificate -Load the root CA bundle for TLS certificate verification from
-verification is loaded, in PEM format. -.Ar CAfile ,
-Illegal if not using TLS. -in PEM format, instead of
-The default is
-.Pa /etc/ssl/cert.pem . -.Pa /etc/ssl/cert.pem .
-Requires
-.Fl c .
.It Fl r .It Fl r
Specifies that source and/or destination ports should be chosen randomly Choose source and/or destination ports randomly
instead of sequentially within a range or in the order that the system instead of sequentially within a range or in the order that the system
@@ -224,24 +187,7 @@ It is an error to use this option in con @@ -239,35 +181,7 @@ Cannot be used together with
.Fl l or
option. .Fl x .
.It Fl T Ar keyword .It Fl T Ar keyword
-Change IPv4 TOS value or TLS options. -Change the IPv4 TOS/IPv6 traffic class value or the TLS options.
-For TLS options -.Pp
-For TLS options,
-.Ar keyword -.Ar keyword
-may be one of -may be one of:
-.Ar tlsall ; -.Cm noverify ,
-which allows the use of all supported TLS protocols and ciphers,
-.Ar noverify ;
-which disables certificate verification; -which disables certificate verification;
-.Ar noname , -.Cm noname ,
-which disables certificate name checking; -which disables certificate name checking;
-.Ar clientcert , -.Cm clientcert ,
-which requires a client certificate on incoming connections; or -which requires a client certificate on incoming connections; or
-.Ar muststaple , -.Cm muststaple ,
-which requires the peer to provide a valid stapled OCSP response -which requires the peer to provide a valid stapled OCSP response
-with the handshake. -with the handshake.
-It is illegal to specify TLS options if not using TLS. -The following TLS options specify a value in the form of a
-.Ar key Ns = Ns Ar value
-pair:
-.Cm ciphers ,
-which allows the supported TLS ciphers to be specified (see
-.Xr tls_config_set_ciphers 3
-for further details);
-.Cm protocols ,
-which allows the supported TLS protocols to be specified (see
-.Xr tls_config_parse_protocols 3
-for further details).
-Specifying TLS options requires
-.Fl c .
-.Pp -.Pp
-For IPv4 TOS value -For the IPv4 TOS/IPv6 traffic class value,
+Change IPv4 TOS value. +Change the IPv4 TOS/IPv6 traffic class value.
.Ar keyword .Ar keyword
may be one of may be one of
.Ar critical , .Cm critical ,
@@ -483,11 +429,6 @@ the source port, with a timeout of 5 sec @@ -291,13 +205,13 @@ to script telnet sessions.
Use
.Ux Ns -domain
sockets.
-Cannot be used together with any of the options
-.Fl cFx .
+Cannot be used together with
+.Fl F
+or
+.Fl x .
.It Fl u
Use UDP instead of TCP.
Cannot be used together with
-.Fl c
-or
.Fl x .
For
.Ux Ns -domain
@@ -360,12 +274,6 @@ An IPv6 address can be specified unambig
in square brackets.
A proxy cannot be used with any of the options
.Fl lsuU .
-.It Fl Z Ar peercertfile
-Save the peer certificates to
-.Ar peercertfile ,
-in PEM format.
-Requires
-.Fl c .
.It Fl z
Only scan for listening daemons, without sending any data to them.
Cannot be used together with
@@ -519,16 +427,6 @@ the source port, with a timeout of 5 sec
.Pp .Pp
.Dl $ nc -p 31337 -w 5 host.example.com 42 .Dl $ nc -p 31337 -w 5 host.example.com 42
.Pp .Pp
-Open a TCP connection to port 443 of www.google.ca, and negotiate TLS. -Open a TCP connection to port 443 of www.example.com, and negotiate TLS with
-Check for a different name in the certificate for validation. -any supported TLS protocol version and "compat" ciphers:
-.Pp -.Pp
-.Dl $ nc -v -c -e adsf.au.doubleclick.net www.google.ca 443 -.Dl $ nc -cv -T protocols=all -T ciphers=compat www.example.com 443
-.Pp
-Open a TCP connection to port 443 of www.google.ca, and negotiate TLS.
-Check for a different name in the certificate for validation:
-.Pp
-.Dl $ nc -cv -e adsf.au.doubleclick.net www.google.ca 443
-.Pp -.Pp
Open a UDP connection to port 53 of host.example.com: Open a UDP connection to port 53 of host.example.com:
.Pp .Pp
.Dl $ nc -u host.example.com 53 .Dl $ nc -u host.example.com 53
--- a/netcat.c --- a/netcat.c
+++ b/netcat.c +++ b/netcat.c
@@ -99,7 +99,9 @@ @@ -98,7 +98,9 @@
#include <stdlib.h>
#include <string.h> #include <string.h>
#include <time.h> #include <time.h>
#include <unistd.h>
-#include <tls.h> -#include <tls.h>
+#ifdef TLS +#ifdef TLS
+# include <tls.h> +# include <tls.h>
+#endif +#endif
#include <unistd.h>
#include <bsd/stdlib.h> #include <bsd/stdlib.h>
#include <bsd/string.h> #include <bsd/string.h>
#include "atomicio.h" @@ -113,12 +115,14 @@
@@ -112,13 +114,15 @@ #define POLL_NETIN 2
#define POLL_NETIN 2 #define POLL_STDOUT 3
#define POLL_STDOUT 3 #define BUFSIZE 16384
#define BUFSIZE 16384 -#define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
-#define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
+#ifdef TLS +#ifdef TLS
+# define DEFAULT_CA_FILE "/etc/ssl/cert.pem" +# define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
-#define TLS_ALL (1 << 1) -#define TLS_NOVERIFY (1 << 1)
-#define TLS_NOVERIFY (1 << 2) -#define TLS_NONAME (1 << 2)
-#define TLS_NONAME (1 << 3) -#define TLS_CCERT (1 << 3)
-#define TLS_CCERT (1 << 4) -#define TLS_MUSTSTAPLE (1 << 4)
-#define TLS_MUSTSTAPLE (1 << 5) +# define TLS_NOVERIFY (1 << 1)
+# define TLS_ALL (1 << 1) +# define TLS_NONAME (1 << 2)
+# define TLS_NOVERIFY (1 << 2) +# define TLS_CCERT (1 << 3)
+# define TLS_NONAME (1 << 3) +# define TLS_MUSTSTAPLE (1 << 4)
+# define TLS_CCERT (1 << 4)
+# define TLS_MUSTSTAPLE (1 << 5)
+#endif +#endif
/* Command Line Options */ /* Command Line Options */
@ -197,18 +271,18 @@ CRLF line-ending in the Debian-specific patches.
int usetls; /* use TLS */ int usetls; /* use TLS */
char *Cflag; /* Public cert file */ char *Cflag; /* Public cert file */
char *Kflag; /* Private key file */ char *Kflag; /* Private key file */
@@ -153,6 +158,7 @@ int tls_cachanged; /* Using non-defau @@ -156,6 +161,7 @@ char *tls_expecthash; /* required hash
int TLSopt; /* TLS options */ char *tls_ciphers; /* TLS ciphers */
char *tls_expectname; /* required name in peer cert */ char *tls_protocols; /* TLS protocols */
char *tls_expecthash; /* required hash of peer cert */ FILE *Zflag; /* file to save peer cert */
+# endif +# endif
int recvcount, recvlimit;
int timeout = -1; int timeout = -1;
int family = AF_UNSPEC; @@ -170,10 +176,16 @@ int strtoport(char *portstr, int udp);
@@ -165,10 +171,16 @@ void atelnet(int, unsigned char *, unsig
void build_ports(char *); void build_ports(char *);
void help(void); void help(void) __attribute__((noreturn));
int local_listen(char *, char *, struct addrinfo); int local_listen(const char *, const char *, struct addrinfo);
+# if defined(TLS) +# if defined(TLS)
void readwrite(int, struct tls *); void readwrite(int, struct tls *);
+# else +# else
@ -222,16 +296,17 @@ CRLF line-ending in the Debian-specific patches.
int timeout_connect(int, const struct sockaddr *, socklen_t); int timeout_connect(int, const struct sockaddr *, socklen_t);
int socks_connect(const char *, const char *, struct addrinfo, int socks_connect(const char *, const char *, struct addrinfo,
const char *, const char *, struct addrinfo, int, const char *); const char *, const char *, struct addrinfo, int, const char *);
@@ -178,14 +190,23 @@ int unix_connect(char *); @@ -183,15 +195,24 @@ int unix_connect(char *);
int unix_listen(char *); int unix_listen(char *);
void set_common_sockopts(int, int); void set_common_sockopts(int, int);
int map_tos(char *, int *); int process_tos_opt(char *, int *);
+# if defined(TLS) +# if defined(TLS)
int map_tls(char *, int *); int process_tls_opt(char *, int *);
void save_peer_cert(struct tls *_tls_ctx, FILE *_fp);
+# endif +# endif
void report_connect(const struct sockaddr *, socklen_t, char *); void report_connect(const struct sockaddr *, socklen_t, char *);
+# if defined(TLS) +# if defined(TLS)
void report_tls(struct tls *tls_ctx, char * host, char *tls_expectname); void report_tls(struct tls *tls_ctx, char * host);
+# endif +# endif
void usage(int); void usage(int);
+# if defined(TLS) +# if defined(TLS)
@ -246,7 +321,7 @@ CRLF line-ending in the Debian-specific patches.
int int
main(int argc, char *argv[]) main(int argc, char *argv[])
@@ -200,8 +221,10 @@ main(int argc, char *argv[]) @@ -206,8 +227,10 @@ main(int argc, char *argv[])
const char *errstr; const char *errstr;
struct addrinfo proxyhints; struct addrinfo proxyhints;
char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE]; char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
@ -254,22 +329,22 @@ CRLF line-ending in the Debian-specific patches.
struct tls_config *tls_cfg = NULL; struct tls_config *tls_cfg = NULL;
struct tls *tls_ctx = NULL; struct tls *tls_ctx = NULL;
+# endif +# endif
uint32_t protocols;
ret = 1; ret = 1;
socksv = 5; @@ -219,7 +242,11 @@ main(int argc, char *argv[])
@@ -212,7 +235,11 @@ main(int argc, char *argv[])
signal(SIGPIPE, SIG_IGN); signal(SIGPIPE, SIG_IGN);
while ((ch = getopt(argc, argv, while ((ch = getopt(argc, argv,
+# if defined(TLS) +# if defined(TLS)
"46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vw:X:x:z")) != -1) { "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
+# else +# else
+ "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vw:X:x:z")) != -1) { + "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z"))
+# endif +# endif
!= -1) {
switch (ch) { switch (ch) {
case '4': case '4':
family = AF_INET; @@ -241,24 +268,30 @@ main(int argc, char *argv[])
@@ -233,24 +260,30 @@ main(int argc, char *argv[])
else else
errx(1, "unsupported proxy protocol"); errx(1, "unsupported proxy protocol");
break; break;
@ -300,7 +375,7 @@ CRLF line-ending in the Debian-specific patches.
case 'h': case 'h':
help(); help();
break; break;
@@ -259,9 +292,11 @@ main(int argc, char *argv[]) @@ -267,9 +300,11 @@ main(int argc, char *argv[])
if (errstr) if (errstr)
errx(1, "interval %s: %s", errstr, optarg); errx(1, "interval %s: %s", errstr, optarg);
break; break;
@ -312,7 +387,7 @@ CRLF line-ending in the Debian-specific patches.
case 'k': case 'k':
kflag = 1; kflag = 1;
break; break;
@@ -290,10 +325,12 @@ main(int argc, char *argv[]) @@ -298,10 +333,12 @@ main(int argc, char *argv[])
case 'p': case 'p':
pflag = optarg; pflag = optarg;
break; break;
@ -325,7 +400,22 @@ CRLF line-ending in the Debian-specific patches.
case 'r': case 'r':
rflag = 1; rflag = 1;
break; break;
@@ -348,9 +385,11 @@ main(int argc, char *argv[]) @@ -343,12 +380,14 @@ main(int argc, char *argv[])
if ((proxy = strdup(optarg)) == NULL)
err(1, NULL);
break;
+# if defined(TLS)
case 'Z':
if (strcmp(optarg, "-") == 0)
Zflag = stderr;
else if ((Zflag = fopen(optarg, "w")) == NULL)
err(1, "can't open %s", optarg);
break;
+# endif
case 'z':
zflag = 1;
break;
@@ -367,9 +406,11 @@ main(int argc, char *argv[])
errx(1, "TCP send window %s: %s", errx(1, "TCP send window %s: %s",
errstr, optarg); errstr, optarg);
break; break;
@ -337,18 +427,18 @@ CRLF line-ending in the Debian-specific patches.
case 'S': case 'S':
# if defined(TCP_MD5SIG) # if defined(TCP_MD5SIG)
Sflag = 1; Sflag = 1;
@@ -363,8 +402,10 @@ main(int argc, char *argv[]) @@ -380,8 +421,10 @@ main(int argc, char *argv[])
case 'T':
errstr = NULL;
errno = 0; errno = 0;
if (map_tos(optarg, &Tflag))
break;
+# if defined(TLS) +# if defined(TLS)
if (map_tls(optarg, &TLSopt)) if (process_tls_opt(optarg, &TLSopt))
break; break;
+# endif +# endif
if (process_tos_opt(optarg, &Tflag))
break;
if (strlen(optarg) > 1 && optarg[0] == '0' && if (strlen(optarg) > 1 && optarg[0] == '0' &&
optarg[1] == 'x') @@ -391,7 +434,11 @@ main(int argc, char *argv[])
Tflag = (int)strtol(optarg, NULL, 16);
@@ -372,7 +413,11 @@ main(int argc, char *argv[])
Tflag = (int)strtonum(optarg, 0, 255, Tflag = (int)strtonum(optarg, 0, 255,
&errstr); &errstr);
if (Tflag < 0 || Tflag > 255 || errstr || errno) if (Tflag < 0 || Tflag > 255 || errstr || errno)
@ -360,7 +450,19 @@ CRLF line-ending in the Debian-specific patches.
break; break;
default: default:
usage(1); usage(1);
@@ -411,12 +456,15 @@ main(int argc, char *argv[]) @@ -428,6 +475,7 @@ main(int argc, char *argv[])
} else
usage(1);
+# if defined(TLS)
if (usetls) {
if (Cflag && unveil(Cflag, "r") == -1)
err(1, "unveil");
@@ -450,15 +498,19 @@ main(int argc, char *argv[])
err(1, "unveil");
}
}
+# endif
if (!lflag && kflag) if (!lflag && kflag)
errx(1, "must use -l with -k"); errx(1, "must use -l with -k");
@ -376,7 +478,7 @@ CRLF line-ending in the Debian-specific patches.
if (Fflag && usetls) if (Fflag && usetls)
errx(1, "cannot use -c and -F"); errx(1, "cannot use -c and -F");
if (TLSopt && !usetls) if (TLSopt && !usetls)
@@ -433,6 +481,7 @@ main(int argc, char *argv[]) @@ -477,6 +529,7 @@ main(int argc, char *argv[])
errx(1, "you must specify -c to use -H"); errx(1, "you must specify -c to use -H");
if (tls_expectname && !usetls) if (tls_expectname && !usetls)
errx(1, "you must specify -c to use -e"); errx(1, "you must specify -c to use -e");
@ -384,27 +486,25 @@ CRLF line-ending in the Debian-specific patches.
/* Get name of temporary socket for unix datagram client */ /* Get name of temporary socket for unix datagram client */
if ((family == AF_UNIX) && uflag && !lflag) { if ((family == AF_UNIX) && uflag && !lflag) {
@@ -499,6 +548,7 @@ main(int argc, char *argv[]) @@ -543,6 +596,7 @@ main(int argc, char *argv[])
proxyhints.ai_flags |= AI_NUMERICHOST; proxyhints.ai_flags |= AI_NUMERICHOST;
} }
+# if defined(TLS) +# if defined(TLS)
if (usetls) { if (usetls) {
if (Pflag) { if ((tls_cfg = tls_config_new()) == NULL)
if (pledge("stdio inet dns tty rpath", NULL) == -1) errx(1, "unable to allocate TLS config");
@@ -544,8 +594,11 @@ main(int argc, char *argv[]) @@ -578,7 +632,8 @@ main(int argc, char *argv[])
err(1, "pledge");
} else if (pledge("stdio inet dns", NULL) == -1) } else if (pledge("stdio inet dns", NULL) == -1)
err(1, "pledge"); err(1, "pledge");
} - }
+ }
+# endif +# endif
if (lflag) { if (lflag) {
+# if defined(TLS)
struct tls *tls_cctx = NULL;
+# endif
int connfd;
ret = 0; ret = 0;
@@ -556,6 +609,7 @@ main(int argc, char *argv[]) @@ -589,6 +644,7 @@ main(int argc, char *argv[])
s = unix_listen(host); s = unix_listen(host);
} }
@ -412,39 +512,42 @@ CRLF line-ending in the Debian-specific patches.
if (usetls) { if (usetls) {
tls_config_verify_client_optional(tls_cfg); tls_config_verify_client_optional(tls_cfg);
if ((tls_ctx = tls_server()) == NULL) if ((tls_ctx = tls_server()) == NULL)
@@ -564,6 +618,7 @@ main(int argc, char *argv[]) @@ -597,6 +653,7 @@ main(int argc, char *argv[])
errx(1, "tls configuration failed (%s)", errx(1, "tls configuration failed (%s)",
tls_error(tls_ctx)); tls_error(tls_ctx));
} }
+# endif +# endif
/* Allow only one connection at a time, but stay alive. */ /* Allow only one connection at a time, but stay alive. */
for (;;) { for (;;) {
if (family != AF_UNIX) if (family != AF_UNIX) {
@@ -575,7 +630,11 @@ main(int argc, char *argv[]) @@ -612,7 +669,11 @@ main(int argc, char *argv[])
* receive datagrams from multiple socket pairs. * let it receive datagrams from multiple
*/ * socket pairs.
if (uflag && kflag) */
+# if defined(TLS) +# if defined(TLS)
readwrite(s, NULL); readwrite(s, NULL);
+# else +# else
+ readwrite(s); + readwrite(s);
+# endif +# endif
/* } else if (uflag && !kflag) {
* For UDP and not -k, we will use recvfrom() initially /*
* to wait for a caller, then use the regular functions * For UDP and not -k, we will use recvfrom()
@@ -600,7 +659,11 @@ main(int argc, char *argv[]) @@ -636,9 +697,14 @@ main(int argc, char *argv[])
if (vflag) if (vflag)
report_connect((struct sockaddr *)&z, len, NULL); report_connect((struct sockaddr *)&z, len, NULL);
+# if defined(TLS) +# if defined(TLS)
readwrite(s, NULL); readwrite(s, NULL);
} else {
struct tls *tls_cctx = NULL;
+# else +# else
+ readwrite(s); + readwrite(s);
+ } else {
+# endif +# endif
} else { int connfd;
len = sizeof(cliaddr); len = sizeof(cliaddr);
connfd = accept4(s, (struct sockaddr *)&cliaddr, @@ -651,6 +717,7 @@ main(int argc, char *argv[])
@@ -612,6 +675,7 @@ main(int argc, char *argv[])
if (vflag) if (vflag)
report_connect((struct sockaddr *)&cliaddr, len, report_connect((struct sockaddr *)&cliaddr, len,
family == AF_UNIX ? host : NULL); family == AF_UNIX ? host : NULL);
@ -452,17 +555,18 @@ CRLF line-ending in the Debian-specific patches.
if ((usetls) && if ((usetls) &&
(tls_cctx = tls_setup_server(tls_ctx, connfd, host))) (tls_cctx = tls_setup_server(tls_ctx, connfd, host)))
readwrite(connfd, tls_cctx); readwrite(connfd, tls_cctx);
@@ -622,6 +686,9 @@ main(int argc, char *argv[]) @@ -660,6 +727,10 @@ main(int argc, char *argv[])
tls_free(tls_cctx); timeout_tls(s, tls_cctx, tls_close);
tls_cctx = NULL; close(connfd);
} tls_free(tls_cctx);
+# else +# else
+ readwrite(connfd); + readwrite(connfd);
+ close(connfd);
+# endif +# endif
close(connfd);
} }
if (family != AF_UNIX) if (family == AF_UNIX && uflag) {
@@ -639,7 +706,11 @@ main(int argc, char *argv[]) if (connect(s, NULL, 0) < 0)
@@ -674,7 +745,11 @@ main(int argc, char *argv[])
if ((s = unix_connect(host)) > 0) { if ((s = unix_connect(host)) > 0) {
if (!zflag) if (!zflag)
@ -474,15 +578,15 @@ CRLF line-ending in the Debian-specific patches.
close(s); close(s);
} else } else
ret = 1; ret = 1;
@@ -659,6 +730,7 @@ main(int argc, char *argv[]) @@ -693,6 +768,7 @@ main(int argc, char *argv[])
for (s = -1, i = 0; portlist[i] != NULL; i++) {
if (s != -1) if (s != -1)
close(s); close(s);
+# if defined(TLS) +# if defined(TLS)
if (usetls) { tls_free(tls_ctx);
if ((tls_ctx = tls_client()) == NULL) tls_ctx = NULL;
errx(1, "tls client creation failed");
@@ -666,6 +738,7 @@ main(int argc, char *argv[]) @@ -703,6 +779,7 @@ main(int argc, char *argv[])
errx(1, "tls configuration failed (%s)", errx(1, "tls configuration failed (%s)",
tls_error(tls_ctx)); tls_error(tls_ctx));
} }
@ -490,7 +594,7 @@ CRLF line-ending in the Debian-specific patches.
if (xflag) if (xflag)
s = socks_connect(host, portlist[i], hints, s = socks_connect(host, portlist[i], hints,
proxy, proxyport, proxyhints, socksv, proxy, proxyport, proxyhints, socksv,
@@ -703,6 +776,7 @@ main(int argc, char *argv[]) @@ -740,6 +817,7 @@ main(int argc, char *argv[])
} }
if (Fflag) if (Fflag)
fdpass(s); fdpass(s);
@ -498,9 +602,9 @@ CRLF line-ending in the Debian-specific patches.
else { else {
if (usetls) if (usetls)
tls_setup_client(tls_ctx, s, host); tls_setup_client(tls_ctx, s, host);
@@ -714,13 +788,19 @@ main(int argc, char *argv[]) @@ -748,13 +826,19 @@ main(int argc, char *argv[])
tls_ctx = NULL; if (tls_ctx)
} timeout_tls(s, tls_ctx, tls_close);
} }
+# else +# else
+ else if (!zflag) + else if (!zflag)
@ -511,22 +615,22 @@ CRLF line-ending in the Debian-specific patches.
if (s != -1) if (s != -1)
close(s); close(s);
+# if defined(TLS) +# if defined(TLS)
tls_free(tls_ctx);
tls_config_free(tls_cfg); tls_config_free(tls_cfg);
+# endif +# endif
exit(ret); return ret;
} }
@@ -759,6 +839,7 @@ unix_bind(char *path, int flags) @@ -794,6 +878,7 @@ unix_bind(char *path, int flags)
return (s); return s;
} }
+# if defined(TLS) +# if defined(TLS)
int int
timeout_tls(int s, struct tls *tls_ctx, int (*func)(struct tls *)) timeout_tls(int s, struct tls *tls_ctx, int (*func)(struct tls *))
{ {
@@ -840,6 +921,7 @@ tls_setup_server(struct tls *tls_ctx, in @@ -880,6 +965,7 @@ tls_setup_server(struct tls *tls_ctx, in
} }
return NULL; return NULL;
} }
@ -534,7 +638,7 @@ CRLF line-ending in the Debian-specific patches.
/* /*
* unix_connect() * unix_connect()
@@ -1052,7 +1134,11 @@ local_listen(char *host, char *port, str @@ -1092,7 +1178,11 @@ local_listen(const char *host, const cha
* Loop that polls on the network file descriptor and stdin. * Loop that polls on the network file descriptor and stdin.
*/ */
void void
@ -546,7 +650,7 @@ CRLF line-ending in the Debian-specific patches.
{ {
struct pollfd pfd[4]; struct pollfd pfd[4];
int stdin_fd = STDIN_FILENO; int stdin_fd = STDIN_FILENO;
@@ -1152,12 +1238,17 @@ readwrite(int net_fd, struct tls *tls_ct @@ -1192,12 +1282,17 @@ readwrite(int net_fd, struct tls *tls_ct
/* try to read from stdin */ /* try to read from stdin */
if (pfd[POLL_STDIN].revents & POLLIN && stdinbufpos < BUFSIZE) { if (pfd[POLL_STDIN].revents & POLLIN && stdinbufpos < BUFSIZE) {
ret = fillbuf(pfd[POLL_STDIN].fd, stdinbuf, ret = fillbuf(pfd[POLL_STDIN].fd, stdinbuf,
@ -565,7 +669,7 @@ CRLF line-ending in the Debian-specific patches.
pfd[POLL_STDIN].fd = -1; pfd[POLL_STDIN].fd = -1;
/* read something - poll net out */ /* read something - poll net out */
if (stdinbufpos > 0) if (stdinbufpos > 0)
@@ -1169,12 +1260,17 @@ readwrite(int net_fd, struct tls *tls_ct @@ -1209,12 +1304,17 @@ readwrite(int net_fd, struct tls *tls_ct
/* try to write to network */ /* try to write to network */
if (pfd[POLL_NETOUT].revents & POLLOUT && stdinbufpos > 0) { if (pfd[POLL_NETOUT].revents & POLLOUT && stdinbufpos > 0) {
ret = drainbuf(pfd[POLL_NETOUT].fd, stdinbuf, ret = drainbuf(pfd[POLL_NETOUT].fd, stdinbuf,
@ -584,7 +688,7 @@ CRLF line-ending in the Debian-specific patches.
pfd[POLL_NETOUT].fd = -1; pfd[POLL_NETOUT].fd = -1;
/* buffer empty - remove self from polling */ /* buffer empty - remove self from polling */
if (stdinbufpos == 0) if (stdinbufpos == 0)
@@ -1186,12 +1282,17 @@ readwrite(int net_fd, struct tls *tls_ct @@ -1226,12 +1326,17 @@ readwrite(int net_fd, struct tls *tls_ct
/* try to read from network */ /* try to read from network */
if (pfd[POLL_NETIN].revents & POLLIN && netinbufpos < BUFSIZE) { if (pfd[POLL_NETIN].revents & POLLIN && netinbufpos < BUFSIZE) {
ret = fillbuf(pfd[POLL_NETIN].fd, netinbuf, ret = fillbuf(pfd[POLL_NETIN].fd, netinbuf,
@ -603,7 +707,7 @@ CRLF line-ending in the Debian-specific patches.
pfd[POLL_NETIN].fd = -1; pfd[POLL_NETIN].fd = -1;
/* eof on net in - remove from pfd */ /* eof on net in - remove from pfd */
if (ret == 0) { if (ret == 0) {
@@ -1212,12 +1313,17 @@ readwrite(int net_fd, struct tls *tls_ct @@ -1258,12 +1363,17 @@ readwrite(int net_fd, struct tls *tls_ct
/* try to write to stdout */ /* try to write to stdout */
if (pfd[POLL_STDOUT].revents & POLLOUT && netinbufpos > 0) { if (pfd[POLL_STDOUT].revents & POLLOUT && netinbufpos > 0) {
ret = drainbuf(pfd[POLL_STDOUT].fd, netinbuf, ret = drainbuf(pfd[POLL_STDOUT].fd, netinbuf,
@ -622,7 +726,7 @@ CRLF line-ending in the Debian-specific patches.
pfd[POLL_STDOUT].fd = -1; pfd[POLL_STDOUT].fd = -1;
/* buffer empty - remove self from polling */ /* buffer empty - remove self from polling */
if (netinbufpos == 0) if (netinbufpos == 0)
@@ -1241,19 +1347,29 @@ readwrite(int net_fd, struct tls *tls_ct @@ -1287,19 +1397,29 @@ readwrite(int net_fd, struct tls *tls_ct
} }
ssize_t ssize_t
@ -652,7 +756,7 @@ CRLF line-ending in the Debian-specific patches.
if (n <= 0) if (n <= 0)
return n; return n;
/* adjust buffer */ /* adjust buffer */
@@ -1265,19 +1381,29 @@ drainbuf(int fd, unsigned char *buf, siz @@ -1311,19 +1431,29 @@ drainbuf(int fd, unsigned char *buf, siz
} }
ssize_t ssize_t
@ -682,15 +786,15 @@ CRLF line-ending in the Debian-specific patches.
if (n <= 0) if (n <= 0)
return n; return n;
*bufpos += n; *bufpos += n;
@@ -1581,6 +1707,7 @@ map_tos(char *s, int *val) @@ -1641,6 +1771,7 @@ process_tos_opt(char *s, int *val)
return (0); return 0;
} }
+# if defined(TLS) +# if defined(TLS)
int int
map_tls(char *s, int *val) process_tls_opt(char *s, int *flags)
{ {
@@ -1662,6 +1789,7 @@ report_tls(struct tls * tls_ctx, char * @@ -1754,6 +1885,7 @@ report_tls(struct tls * tls_ctx, char *
} }
} }
@ -698,7 +802,7 @@ CRLF line-ending in the Debian-specific patches.
void void
report_connect(const struct sockaddr *sa, socklen_t salen, char *path) report_connect(const struct sockaddr *sa, socklen_t salen, char *path)
@@ -1704,17 +1832,12 @@ help(void) @@ -1796,17 +1928,12 @@ help(void)
fprintf(stderr, "\tCommand Summary:\n\ fprintf(stderr, "\tCommand Summary:\n\
\t-4 Use IPv4\n\ \t-4 Use IPv4\n\
\t-6 Use IPv6\n\ \t-6 Use IPv6\n\
@ -716,7 +820,7 @@ CRLF line-ending in the Debian-specific patches.
\t-k Keep inbound sockets open for multiple connects\n\ \t-k Keep inbound sockets open for multiple connects\n\
\t-l Listen mode, for inbound connects\n\ \t-l Listen mode, for inbound connects\n\
\t-M ttl Outgoing TTL / Hop Limit\n\ \t-M ttl Outgoing TTL / Hop Limit\n\
@@ -1722,14 +1845,12 @@ help(void) @@ -1814,14 +1941,12 @@ help(void)
\t-N Shutdown the network socket after EOF on stdin\n\ \t-N Shutdown the network socket after EOF on stdin\n\
\t-n Suppress name/port resolutions\n\ \t-n Suppress name/port resolutions\n\
\t-O length TCP send buffer length\n\ \t-O length TCP send buffer length\n\
@ -732,7 +836,15 @@ CRLF line-ending in the Debian-specific patches.
\t-t Answer TELNET negotiation\n\ \t-t Answer TELNET negotiation\n\
\t-U Use UNIX domain socket\n\ \t-U Use UNIX domain socket\n\
\t-u UDP mode\n\ \t-u UDP mode\n\
@@ -1747,11 +1868,8 @@ void @@ -1831,7 +1956,6 @@ help(void)
\t-w timeout Timeout for connects and final net reads\n\
\t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\
\t-x addr[:port]\tSpecify proxy address and port\n\
- \t-Z Peer certificate file\n\
\t-z Zero-I/O mode [used for scanning]\n\
Port numbers can be individual or ranges: lo-hi [inclusive]\n");
exit(0);
@@ -1841,15 +1965,11 @@ void
usage(int ret) usage(int ret)
{ {
fprintf(stderr, fprintf(stderr,
@ -743,6 +855,10 @@ CRLF line-ending in the Debian-specific patches.
- "[-R CAfile]\n" - "[-R CAfile]\n"
+ "usage: nc [-46DdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" + "usage: nc [-46DdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
+ "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n" + "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
"\t [-s source] [-T keyword] [-V rtable] [-w timeout] " "\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
"[-X proxy_protocol]\n" "[-w timeout]\n"
"\t [-x proxy_address[:port]] [destination] [port]\n"); "\t [-X proxy_protocol] [-x proxy_address[:port]] "
- "[-Z peercertfile]\n"
"\t [destination] [port]\n");
if (ret)
exit(1);

View File

@ -17,7 +17,7 @@ Subject: connect timeout
#include <netdb.h> #include <netdb.h>
#include <poll.h> #include <poll.h>
@@ -124,6 +125,10 @@ @@ -124,6 +125,10 @@
# define TLS_MUSTSTAPLE (1 << 5) # define TLS_MUSTSTAPLE (1 << 4)
#endif #endif
+#define CONNECTION_SUCCESS 0 +#define CONNECTION_SUCCESS 0
@ -27,7 +27,7 @@ Subject: connect timeout
/* Command Line Options */ /* Command Line Options */
int dflag; /* detached, no stdin */ int dflag; /* detached, no stdin */
int Fflag; /* fdpass sock to stdout */ int Fflag; /* fdpass sock to stdout */
@@ -208,6 +213,9 @@ ssize_t drainbuf(int, unsigned char *, s @@ -214,6 +219,9 @@ ssize_t drainbuf(int, unsigned char *, s
ssize_t fillbuf(int, unsigned char *, size_t *); ssize_t fillbuf(int, unsigned char *, size_t *);
# endif # endif
@ -37,7 +37,7 @@ Subject: connect timeout
int int
main(int argc, char *argv[]) main(int argc, char *argv[])
{ {
@@ -1022,11 +1030,14 @@ remote_connect(const char *host, const c @@ -1066,11 +1074,14 @@ remote_connect(const char *host, const c
set_common_sockopts(s, res->ai_family); set_common_sockopts(s, res->ai_family);
@ -54,8 +54,8 @@ Subject: connect timeout
save_errno = errno; save_errno = errno;
close(s); close(s);
@@ -1067,6 +1078,69 @@ timeout_connect(int s, const struct sock @@ -1111,6 +1122,69 @@ timeout_connect(int s, const struct sock
return (ret); return ret;
} }
+static int connect_with_timeout(int fd, const struct sockaddr *sa, +static int connect_with_timeout(int fd, const struct sockaddr *sa,

View File

@ -4,8 +4,8 @@ Subject: dccp support
--- ---
nc.1 | 4 ++ nc.1 | 4 ++
netcat.c | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++++---------- netcat.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++++----------
2 files changed, 82 insertions(+), 15 deletions(-) 2 files changed, 79 insertions(+), 14 deletions(-)
--- a/nc.1 --- a/nc.1
+++ b/nc.1 +++ b/nc.1
@ -18,15 +18,15 @@ Subject: dccp support
.Op Fl I Ar length .Op Fl I Ar length
.Op Fl i Ar interval .Op Fl i Ar interval
.Op Fl M Ar ttl .Op Fl M Ar ttl
@@ -286,6 +286,8 @@ for SOCKS, 3128 for HTTPS). @@ -289,6 +289,8 @@ An IPv6 address can be specified unambig
An IPv6 address can be specified unambiguously by enclosing
.Ar proxy_address
in square brackets. in square brackets.
A proxy cannot be used with any of the options
.Fl lsuU .
+.It Fl Z +.It Fl Z
+DCCP mode. +DCCP mode.
.It Fl z .It Fl z
Specifies that Only scan for listening daemons, without sending any data to them.
.Nm Cannot be used together with
--- a/netcat.c --- a/netcat.c
+++ b/netcat.c +++ b/netcat.c
@@ -147,6 +147,7 @@ int rflag; /* Random ports flag */ @@ -147,6 +147,7 @@ int rflag; /* Random ports flag */
@ -37,7 +37,7 @@ Subject: dccp support
int vflag; /* Verbosity */ int vflag; /* Verbosity */
int xflag; /* Socks proxy */ int xflag; /* Socks proxy */
int zflag; /* Port Scan Flag */ int zflag; /* Port Scan Flag */
@@ -219,6 +220,7 @@ ssize_t drainbuf(int, unsigned char *, s @@ -225,6 +226,7 @@ ssize_t drainbuf(int, unsigned char *, s
ssize_t fillbuf(int, unsigned char *, size_t *); ssize_t fillbuf(int, unsigned char *, size_t *);
# endif # endif
@ -45,19 +45,16 @@ Subject: dccp support
static int connect_with_timeout(int fd, const struct sockaddr *sa, static int connect_with_timeout(int fd, const struct sockaddr *sa,
socklen_t salen, int ctimeout); socklen_t salen, int ctimeout);
@@ -252,9 +254,9 @@ main(int argc, char *argv[]) @@ -261,7 +263,7 @@ main(int argc, char *argv[])
while ((ch = getopt(argc, argv,
# if defined(TLS) # if defined(TLS)
- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:z")) != -1) { "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
+ "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:Zz")) != -1) {
# else # else
- "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:z")) != -1) { - "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:z"))
+ "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:Zz")) != -1) { + "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:Zz"))
# endif # endif
!= -1) {
switch (ch) { switch (ch) {
case '4': @@ -378,6 +380,13 @@ main(int argc, char *argv[])
@@ -370,6 +372,13 @@ main(int argc, char *argv[])
case 'u': case 'u':
uflag = 1; uflag = 1;
break; break;
@ -71,12 +68,10 @@ Subject: dccp support
case 'V': case 'V':
# if defined(RT_TABLEID_MAX) # if defined(RT_TABLEID_MAX)
rtableid = (int)strtonum(optarg, 0, rtableid = (int)strtonum(optarg, 0,
@@ -461,6 +470,12 @@ main(int argc, char *argv[]) @@ -482,6 +491,10 @@ main(int argc, char *argv[])
/* Cruft to make sure options are clean, and used properly. */ /* Cruft to make sure options are clean, and used properly. */
if (argv[0] && !argv[1] && family == AF_UNIX) { if (argv[0] && !argv[1] && family == AF_UNIX) {
+ if (uflag)
+ errx(1, "cannot use -u and -U");
+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) +# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
+ if (dccpflag) + if (dccpflag)
+ errx(1, "cannot use -Z and -U"); + errx(1, "cannot use -Z and -U");
@ -84,7 +79,7 @@ Subject: dccp support
host = argv[0]; host = argv[0];
uport = NULL; uport = NULL;
} else if (!argv[0] && lflag) { } else if (!argv[0] && lflag) {
@@ -527,8 +542,20 @@ main(int argc, char *argv[]) @@ -575,8 +588,20 @@ main(int argc, char *argv[])
if (family != AF_UNIX) { if (family != AF_UNIX) {
memset(&hints, 0, sizeof(struct addrinfo)); memset(&hints, 0, sizeof(struct addrinfo));
hints.ai_family = family; hints.ai_family = family;
@ -107,7 +102,7 @@ Subject: dccp support
if (nflag) if (nflag)
hints.ai_flags |= AI_NUMERICHOST; hints.ai_flags |= AI_NUMERICHOST;
} }
@@ -536,7 +563,10 @@ main(int argc, char *argv[]) @@ -584,7 +609,10 @@ main(int argc, char *argv[])
if (xflag) { if (xflag) {
if (uflag) if (uflag)
errx(1, "no proxy support for UDP mode"); errx(1, "no proxy support for UDP mode");
@ -119,7 +114,7 @@ Subject: dccp support
if (lflag) if (lflag)
errx(1, "no proxy support for listen"); errx(1, "no proxy support for listen");
@@ -798,19 +828,20 @@ main(int argc, char *argv[]) @@ -841,19 +869,20 @@ main(int argc, char *argv[])
} }
} }
@ -142,8 +137,8 @@ Subject: dccp support
sv ? sv->s_name : "*"); sv ? sv->s_name : "*");
} }
if (Fflag) if (Fflag)
@@ -1017,6 +1048,24 @@ unix_listen(char *path) @@ -1063,6 +1092,24 @@ unix_listen(char *path)
return (s); return s;
} }
+char *proto_name(int uflag, int dccpflag) { +char *proto_name(int uflag, int dccpflag) {
@ -167,7 +162,7 @@ Subject: dccp support
/* /*
* remote_connect() * remote_connect()
* Returns a socket connected to a remote host. Properly binds to a local * Returns a socket connected to a remote host. Properly binds to a local
@@ -1047,8 +1096,21 @@ remote_connect(const char *host, const c @@ -1093,8 +1140,21 @@ remote_connect(const char *host, const c
# endif # endif
memset(&ahints, 0, sizeof(struct addrinfo)); memset(&ahints, 0, sizeof(struct addrinfo));
ahints.ai_family = res->ai_family; ahints.ai_family = res->ai_family;
@ -191,7 +186,7 @@ Subject: dccp support
ahints.ai_flags = AI_PASSIVE; ahints.ai_flags = AI_PASSIVE;
if ((error = getaddrinfo(sflag, pflag, &ahints, &ares))) if ((error = getaddrinfo(sflag, pflag, &ahints, &ares)))
errx(1, "getaddrinfo: %s", gai_strerror(error)); errx(1, "getaddrinfo: %s", gai_strerror(error));
@@ -1060,15 +1122,16 @@ remote_connect(const char *host, const c @@ -1106,15 +1166,16 @@ remote_connect(const char *host, const c
} }
set_common_sockopts(s, res->ai_family); set_common_sockopts(s, res->ai_family);
@ -211,7 +206,7 @@ Subject: dccp support
save_errno = errno; save_errno = errno;
close(s); close(s);
@@ -1654,7 +1717,8 @@ build_ports(char *p) @@ -1706,7 +1767,8 @@ build_ports(char *p)
int hi, lo, cp; int hi, lo, cp;
int x = 0; int x = 0;
@ -221,7 +216,7 @@ Subject: dccp support
if (sv) { if (sv) {
if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0) if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0)
err(1, "asprintf"); err(1, "asprintf");
@@ -1991,6 +2055,7 @@ help(void) @@ -2090,6 +2152,7 @@ help(void)
\t-w timeout Timeout for connects and final net reads\n\ \t-w timeout Timeout for connects and final net reads\n\
\t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\ \t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\
\t-x addr[:port]\tSpecify proxy address and port\n\ \t-x addr[:port]\tSpecify proxy address and port\n\
@ -229,12 +224,12 @@ Subject: dccp support
\t-z Zero-I/O mode [used for scanning]\n\ \t-z Zero-I/O mode [used for scanning]\n\
Port numbers can be individual or ranges: lo-hi [inclusive]\n"); Port numbers can be individual or ranges: lo-hi [inclusive]\n");
exit(0); exit(0);
@@ -2000,7 +2065,7 @@ void @@ -2099,7 +2162,7 @@ void
usage(int ret) usage(int ret)
{ {
fprintf(stderr, fprintf(stderr,
- "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" - "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
+ "usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]\n" + "usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]\n"
"\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n" "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
"\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-w timeout] " "\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
"[-X proxy_protocol]\n" "[-w timeout]\n"

191
destination-port-list.patch Normal file
View File

@ -0,0 +1,191 @@
From: Guilhem Moulin <guilhem@debian.org>
Date: Mon, 22 Oct 2018 04:15:52 +0200
Subject: destination port list
---
nc.1 | 26 ++++++++++++++++---
netcat.c | 86 ++++++++++++++++++++++++++++++++-------------------------------
2 files changed, 68 insertions(+), 44 deletions(-)
--- a/nc.1
+++ b/nc.1
@@ -414,15 +414,35 @@ The
flag can be used to tell
.Nm
to report open ports,
-rather than initiate a connection.
+rather than initiate a connection. Usually it's useful to turn on verbose
+output to stderr by use this option in conjunction with
+.Fl v
+option.
+.Pp
For example:
.Bd -literal -offset indent
-$ nc -z host.example.com 20-30
+$ nc \-zv host.example.com 20-30
Connection to host.example.com 22 port [tcp/ssh] succeeded!
Connection to host.example.com 25 port [tcp/smtp] succeeded!
.Ed
.Pp
-The port range was specified to limit the search to ports 20 \- 30.
+The port range was specified to limit the search to ports 20 \- 30, and is
+scanned by increasing order (unless the
+.Fl r
+flag is set).
+.Pp
+You can also specify a list of ports to scan, for example:
+.Bd -literal -offset indent
+$ nc \-zv host.example.com http 20 22-23
+nc: connect to host.example.com 80 (tcp) failed: Connection refused
+nc: connect to host.example.com 20 (tcp) failed: Connection refused
+Connection to host.example.com port [tcp/ssh] succeeded!
+nc: connect to host.example.com 23 (tcp) failed: Connection refused
+.Ed
+.Pp
+The ports are scanned by the order you given (unless the
+.Fl r
+flag is set).
.Pp
Alternatively, it might be useful to know which server software
is running, and which versions.
--- a/netcat.c
+++ b/netcat.c
@@ -192,7 +192,7 @@ int minttl = -1;
void atelnet(int, unsigned char *, unsigned int);
int strtoport(char *portstr, int udp);
-void build_ports(char *);
+void build_ports(char **);
void help(void) __attribute__((noreturn));
int local_listen(const char *, const char *, struct addrinfo);
# if defined(TLS)
@@ -243,7 +243,7 @@ int
main(int argc, char *argv[])
{
int ch, s = -1, ret, socksv;
- char *host, *uport;
+ char *host, **uport;
struct addrinfo hints;
struct servent *sv;
socklen_t len;
@@ -524,11 +524,11 @@ main(int argc, char *argv[])
} else if (argv[0] && !argv[1]) {
if (!lflag)
usage(1);
- uport = argv[0];
+ uport = &argv[0];
host = NULL;
} else if (argv[0] && argv[1]) {
host = argv[0];
- uport = argv[1];
+ uport = &argv[1];
} else
usage(1);
@@ -715,7 +715,7 @@ main(int argc, char *argv[])
else
s = unix_listen(host);
} else
- s = local_listen(host, uport, hints);
+ s = local_listen(host, *uport, hints);
if (s < 0)
err(1, NULL);
@@ -1775,57 +1775,61 @@ strtoport(char *portstr, int udp)
* that we should try to connect to.
*/
void
-build_ports(char *p)
+build_ports(char **p)
{
struct servent *sv;
char *n;
int hi, lo, cp;
int x = 0;
+ int i;
char *proto = proto_name(uflag, dccpflag);
- sv = getservbyname(p, proto);
- if (sv) {
- if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0)
- err(1, "asprintf");
- } else if ((n = strchr(p, '-')) != NULL) {
- *n = '\0';
- n++;
-
- /* Make sure the ports are in order: lowest->highest. */
- hi = strtoport(n, uflag);
- lo = strtoport(p, uflag);
- if (lo > hi) {
- cp = hi;
- hi = lo;
- lo = cp;
- }
-
- /*
- * Initialize portlist with a random permutation. Based on
- * Knuth, as in ip_randomid() in sys/netinet/ip_id.c.
- */
- if (rflag) {
- for (x = 0; x <= hi - lo; x++) {
- cp = arc4random_uniform(x + 1);
- portlist[x] = portlist[cp];
- if (asprintf(&portlist[cp], "%d", x + lo) < 0)
- err(1, "asprintf");
+ for (i = 0; p[i] != NULL; i++) {
+ sv = getservbyname(p[i], proto);
+ if (sv) {
+ if (asprintf(&portlist[x], "%d", ntohs(sv->s_port)) < 0)
+ err(1, "asprintf");
+ x++;
+ } else if ((n = strchr(p[i], '-')) != NULL) {
+ *n = '\0';
+ n++;
+
+ /* Make sure the ports are in order: lowest->highest. */
+ hi = strtoport(n, uflag);
+ lo = strtoport(p[i], uflag);
+ if (lo > hi) {
+ cp = hi;
+ hi = lo;
+ lo = cp;
}
- } else { /* Load ports sequentially. */
+
+ /* Load ports sequentially. */
for (cp = lo; cp <= hi; cp++) {
if (asprintf(&portlist[x], "%d", cp) < 0)
err(1, "asprintf");
x++;
}
+ } else {
+ hi = strtoport(p[i], uflag);
+ if (asprintf(&portlist[x], "%d", hi) < 0)
+ err(1, "asprintf");
+ x++;
}
- } else {
- char *tmp;
+ }
- hi = strtoport(p, uflag);
- if (asprintf(&tmp, "%d", hi) != -1)
- portlist[0] = tmp;
- else
- err(1, NULL);
+ /*
+ * Initialize portlist with a random permutation using
+ * FisherYates shuffle.
+ */
+ if (rflag) {
+ for (i = x-1; i > 0; i--) {
+ cp = arc4random_uniform(i+1);
+ if (cp != i) {
+ n = portlist[i];
+ portlist[i] = portlist[cp];
+ portlist[cp] = n;
+ }
+ }
}
}

View File

@ -8,7 +8,7 @@ Subject: get sev by name
--- a/netcat.c --- a/netcat.c
+++ b/netcat.c +++ b/netcat.c
@@ -1603,11 +1603,16 @@ strtoport(char *portstr, int udp) @@ -1653,11 +1653,16 @@ strtoport(char *portstr, int udp)
void void
build_ports(char *p) build_ports(char *p)
{ {

View File

@ -3,10 +3,10 @@ Date: Mon, 13 Feb 2012 19:06:52 +0800
Subject: misc failures and features Subject: misc failures and features
--- ---
Makefile | 3 +- Makefile | 3 ++-
nc.1 | 76 +++++++++++++++++++++++++++++++++++++++++++++++++--- nc.1 | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
netcat.c | 91 ++++++++++++++++++++++++++++++++++++++++++++------------------- netcat.c | 14 ++++++++++++--
3 files changed, 138 insertions(+), 32 deletions(-) 3 files changed, 65 insertions(+), 3 deletions(-)
--- a/Makefile --- a/Makefile
+++ b/Makefile +++ b/Makefile
@ -22,25 +22,7 @@ Subject: misc failures and features
LDFLAGS= -Wl,--no-add-needed LDFLAGS= -Wl,--no-add-needed
--- a/nc.1 --- a/nc.1
+++ b/nc.1 +++ b/nc.1
@@ -33,7 +33,7 @@ @@ -365,6 +365,54 @@ and which side is being used as a
.Nd arbitrary TCP and UDP connections and listens
.Sh SYNOPSIS
.Nm nc
-.Op Fl 46CDdFhklNnrStUuvZz
+.Op Fl 46bCDdFhklNnrStUuvZz
.Op Fl I Ar length
.Op Fl i Ar interval
.Op Fl M Ar ttl
@@ -96,6 +96,8 @@ to use IPv4 addresses only.
Forces
.Nm
to use IPv6 addresses only.
+.It Fl b
+Allow broadcast.
.It Fl C
Send CRLF as line-ending.
.It Fl D
@@ -352,6 +354,54 @@ and which side is being used as a
The connection may be terminated using an The connection may be terminated using an
.Dv EOF .Dv EOF
.Pq Sq ^D . .Pq Sq ^D .
@ -95,41 +77,7 @@ Subject: misc failures and features
.Sh DATA TRANSFER .Sh DATA TRANSFER
The example in the previous section can be expanded to build a The example in the previous section can be expanded to build a
basic data transfer model. basic data transfer model.
@@ -411,15 +461,30 @@ The @@ -517,6 +565,9 @@ Original implementation by
flag can be used to tell
.Nm
to report open ports,
-rather than initiate a connection.
+rather than initiate a connection. Usually it's useful to turn on verbose
+output to stderr by use this option in conjunction with
+.Fl v
+option.
+.Pp
For example:
.Bd -literal -offset indent
-$ nc -z host.example.com 20-30
+$ nc \-zv host.example.com 20-30
Connection to host.example.com 22 port [tcp/ssh] succeeded!
Connection to host.example.com 25 port [tcp/smtp] succeeded!
.Ed
.Pp
-The port range was specified to limit the search to ports 20 \- 30.
+The port range was specified to limit the search to ports 20 \- 30, and is
+scanned by increasing order.
+.Pp
+You can also specify a list of ports to scan, for example:
+.Bd -literal -offset indent
+$ nc \-zv host.example.com 80 20 22
+nc: connect to host.example.com 80 (tcp) failed: Connection refused
+nc: connect to host.example.com 20 (tcp) failed: Connection refused
+Connection to host.example.com port [tcp/ssh] succeeded!
+.Ed
+.Pp
+The ports are scanned by the order you given.
.Pp
Alternatively, it might be useful to know which server software
is running, and which versions.
@@ -484,6 +549,9 @@ Original implementation by *Hobbit*
.br .br
Rewritten with IPv6 support by Rewritten with IPv6 support by
.An Eric Jackson Aq Mt ericj@monkey.org . .An Eric Jackson Aq Mt ericj@monkey.org .
@ -149,29 +97,7 @@ Subject: misc failures and features
#include <stdarg.h> #include <stdarg.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
@@ -136,6 +137,7 @@ @@ -247,7 +248,10 @@ main(int argc, char *argv[])
#define UDP_SCAN_TIMEOUT 3 /* Seconds */
/* Command Line Options */
+int bflag; /* Allow Broadcast */
int dflag; /* detached, no stdin */
int Fflag; /* fdpass sock to stdout */
unsigned int iflag; /* Interval Flag */
@@ -186,7 +188,7 @@ int ttl = -1;
int minttl = -1;
void atelnet(int, unsigned char *, unsigned int);
-void build_ports(char *);
+void build_ports(char **);
void help(void);
int local_listen(char *, char *, struct addrinfo);
# if defined(TLS)
@@ -236,11 +238,14 @@ int
main(int argc, char *argv[])
{
int ch, s = -1, ret, socksv;
- char *host, *uport;
+ char *host, **uport;
struct addrinfo hints; struct addrinfo hints;
struct servent *sv; struct servent *sv;
socklen_t len; socklen_t len;
@ -180,203 +106,40 @@ Subject: misc failures and features
+ struct sockaddr_storage storage; + struct sockaddr_storage storage;
+ struct sockaddr_un forunix; + struct sockaddr_un forunix;
+ } cliaddr; + } cliaddr;
char *proxy, *proxyport = NULL; char *proxy = NULL, *proxyport = NULL;
const char *errstr; const char *errstr;
struct addrinfo proxyhints; struct addrinfo proxyhints;
@@ -260,9 +265,9 @@ main(int argc, char *argv[]) @@ -952,6 +956,8 @@ unix_bind(char *path, int flags)
while ((ch = getopt(argc, argv,
# if defined(TLS)
- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:Zz")) != -1) {
+ "46bC:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:Zz")) != -1) {
# else
- "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:Zz")) != -1) {
+ "46bCDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:Zz")) != -1) {
# endif
switch (ch) {
case '4':
@@ -271,6 +276,13 @@ main(int argc, char *argv[])
case '6':
family = AF_INET6;
break;
+ case 'b':
+# if defined(SO_BROADCAST)
+ bflag = 1;
+# else
+ errx(1, "no broadcast frame support available");
+# endif
+ break;
case 'U':
family = AF_UNIX;
break;
@@ -479,32 +491,39 @@ main(int argc, char *argv[])
/* Cruft to make sure options are clean, and used properly. */
if (argv[0] && !argv[1] && family == AF_UNIX) {
- if (uflag)
- errx(1, "cannot use -u and -U");
# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
if (dccpflag)
errx(1, "cannot use -Z and -U");
# endif
host = argv[0];
uport = NULL;
- } else if (!argv[0] && lflag) {
- if (sflag)
- errx(1, "cannot use -s and -l");
- if (zflag)
- errx(1, "cannot use -z and -l");
- if (pflag)
- uport=pflag;
- } else if (argv[0] && !argv[1]) {
- if (!lflag)
- usage(1);
- uport = argv[0];
+ } else if (argv[0] && !argv[1] && lflag) {
+ if (pflag) {
+ uport = &pflag;
+ host = argv[0];
+ } else {
+ uport = argv;
+ host = NULL;
+ }
+ } else if (!argv[0] && lflag && pflag) {
+ uport = &pflag;
host = NULL;
} else if (argv[0] && argv[1]) {
host = argv[0];
- uport = argv[1];
+ uport = &argv[1];
} else
usage(1);
+ if (lflag) {
+ if (sflag)
+ errx(1, "cannot use -s and -l");
+ if (zflag)
+ errx(1, "cannot use -z and -l");
+ if (pflag)
+ /* This still does not work well because of getopt mess
+ errx(1, "cannot use -p and -l"); */
+ uport = &pflag;
+ }
if (!lflag && kflag)
errx(1, "must use -l with -k");
# if defined(TLS)
@@ -674,7 +693,7 @@ main(int argc, char *argv[])
else
s = unix_listen(host);
} else
- s = local_listen(host, uport, hints);
+ s = local_listen(host, *uport, hints);
if (s < 0)
err(1, NULL);
@@ -683,7 +702,8 @@ main(int argc, char *argv[])
local = ":::";
else
local = "0.0.0.0";
- fprintf(stderr, "Listening on [%s] (family %d, port %d)\n",
+ if (vflag && (family != AF_UNIX))
+ fprintf(stderr, "Listening on [%s] (family %d, port %s)\n",
host ?: local,
family,
*uport);
@@ -898,6 +918,8 @@ unix_bind(char *path, int flags)
0)) < 0) 0)) < 0)
return (-1); return -1;
+ unlink(path); + unlink(path);
+ +
memset(&s_un, 0, sizeof(struct sockaddr_un)); memset(&s_un, 0, sizeof(struct sockaddr_un));
s_un.sun_family = AF_UNIX; s_un.sun_family = AF_UNIX;
@@ -1015,8 +1037,10 @@ unix_connect(char *path) @@ -1075,8 +1081,10 @@ unix_connect(char *path)
if ((s = unix_bind(unix_dg_tmp_socket, SOCK_CLOEXEC)) < 0) if ((s = unix_bind(unix_dg_tmp_socket, SOCK_CLOEXEC)) < 0)
return (-1); return -1;
} else { } else {
- if ((s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) < 0) - if ((s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) < 0)
+ if ((s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) < 0) { + if ((s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) < 0) {
+ errx(1,"create unix socket failed"); + errx(1, "create unix socket failed");
return (-1); return -1;
+ } + }
} }
memset(&s_un, 0, sizeof(struct sockaddr_un)); memset(&s_un, 0, sizeof(struct sockaddr_un));
@@ -1026,10 +1050,12 @@ unix_connect(char *path) @@ -1086,10 +1094,12 @@ unix_connect(char *path)
sizeof(s_un.sun_path)) { sizeof(s_un.sun_path)) {
close(s); close(s);
errno = ENAMETOOLONG; errno = ENAMETOOLONG;
+ warn("unix connect abandoned"); + warn("unix connect abandoned");
return (-1); return -1;
} }
if (connect(s, (struct sockaddr *)&s_un, sizeof(s_un)) < 0) { if (connect(s, (struct sockaddr *)&s_un, sizeof(s_un)) < 0) {
save_errno = errno; save_errno = errno;
+ warn("unix connect failed"); + warn("unix connect failed");
close(s); close(s);
errno = save_errno; errno = save_errno;
return (-1); return -1;
@@ -1718,25 +1744,26 @@ strtoport(char *portstr, int udp)
* that we should try to connect to.
*/
void
-build_ports(char *p)
+build_ports(char **p)
{
struct servent *sv;
char *n;
int hi, lo, cp;
int x = 0;
+ int i;
char *proto = proto_name(uflag, dccpflag);
- sv = getservbyname(p, proto);
+ sv = getservbyname(*p, proto);
if (sv) {
if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0)
err(1, "asprintf");
- } else if ((n = strchr(p, '-')) != NULL) {
+ } else if ((n = strchr(*p, '-')) != NULL) {
*n = '\0';
n++;
/* Make sure the ports are in order: lowest->highest. */
hi = strtoport(n, uflag);
- lo = strtoport(p, uflag);
+ lo = strtoport(*p, uflag);
if (lo > hi) {
cp = hi;
hi = lo;
@@ -1764,7 +1791,7 @@ build_ports(char *p)
} else {
char *tmp;
- hi = strtoport(p, uflag);
+ hi = strtoport(*p, uflag);
if (asprintf(&tmp, "%d", hi) != -1)
portlist[0] = tmp;
else
@@ -1802,6 +1829,15 @@ set_common_sockopts(int s, const struct
int x = 1;
int af = sa->sa_family;
+# if defined(SO_BROADCAST)
+ if (bflag) {
+ /* allow datagram sockets to send packets to a broadcast address
+ * (this option has no effect on stream-oriented sockets) */
+ if (setsockopt(s, SOL_SOCKET, SO_BROADCAST,
+ &x, sizeof(x)) == -1)
+ err(1, NULL);
+ }
+# endif
# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN)
if (Sflag) {
struct tcp_md5sig sig;
@@ -2042,6 +2078,7 @@ help(void)
fprintf(stderr, "\tCommand Summary:\n\
\t-4 Use IPv4\n\
\t-6 Use IPv6\n\
+ \t-b Allow broadcast\n\
\t-C Send CRLF as line-ending\n\
\t-D Enable the debug socket option\n\
\t-d Detach from stdin\n\

View File

@ -1,3 +1,26 @@
-------------------------------------------------------------------
Wed Nov 14 13:12:29 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
- Update to 1.195 release matching with debian
- Added new patches:
* broadcast-support.patch
* build-without-TLS-support.patch
* destination-port-list.patch
* use-flags-to-specify-listen-address.patch
- Refreshed patches:
* connect-timeout.patch
* dccp-support.patch
* get-sev-by-name.patch
* misc-failures-and-features.patch
* port-to-linux-with-libsd.patch
* quit-timer.patch
* send-crlf.patch
* serialized-handling-multiple-clients.patch
* set-TCP-MD5SIG-correctly-for-client-connections.patch
* udp-scan-timeout.patch
* verbose-numeric-port.patch
- Drop patch compile-without-TLS-support.patch, renamed
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jul 17 13:11:34 UTC 2017 - tchvatal@suse.com Mon Jul 17 13:11:34 UTC 2017 - tchvatal@suse.com

View File

@ -1,7 +1,7 @@
# #
# spec file for package netcat-openbsd # spec file for package netcat-openbsd
# #
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -12,21 +12,21 @@
# license that conforms to the Open Source Definition (Version 1.9) # license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative. # published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/ # Please submit bugfixes or comments via https://bugs.opensuse.org/
# #
Name: netcat-openbsd Name: netcat-openbsd
Version: 1.178 Version: 1.195
Release: 0 Release: 0
Summary: TCP/IP swiss army knife Summary: TCP/IP swiss army knife
License: BSD-3-Clause License: BSD-3-Clause
Group: Productivity/Networking/Other Group: Productivity/Networking/Other
Url: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/nc/ URL: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/nc/
Source0: http://http.debian.net/debian/pool/main/n/netcat-openbsd/netcat-openbsd_%{version}.orig.tar.gz Source0: http://http.debian.net/debian/pool/main/n/netcat-openbsd/netcat-openbsd_%{version}.orig.tar.gz
#Patches from: http://http.debian.net/debian/pool/main/n/netcat-openbsd/netcat-openbsd_%{version}-2.debian.tar.xz #Patches from: http://http.debian.net/debian/pool/main/n/netcat-openbsd/netcat-openbsd_%{version}-1.debian.tar.xz
Patch0: port-to-linux-with-libsd.patch Patch0: port-to-linux-with-libsd.patch
Patch1: compile-without-TLS-support.patch Patch1: build-without-TLS-support.patch
Patch2: connect-timeout.patch Patch2: connect-timeout.patch
Patch3: get-sev-by-name.patch Patch3: get-sev-by-name.patch
Patch4: send-crlf.patch Patch4: send-crlf.patch
@ -34,9 +34,12 @@ Patch5: quit-timer.patch
Patch6: udp-scan-timeout.patch Patch6: udp-scan-timeout.patch
Patch7: verbose-numeric-port.patch Patch7: verbose-numeric-port.patch
Patch8: dccp-support.patch Patch8: dccp-support.patch
Patch9: serialized-handling-multiple-clients.patch Patch9: broadcast-support.patch
Patch10: set-TCP-MD5SIG-correctly-for-client-connections.patch Patch10: serialized-handling-multiple-clients.patch
Patch11: misc-failures-and-features.patch Patch11: set-TCP-MD5SIG-correctly-for-client-connections.patch
Patch12: destination-port-list.patch
Patch13: use-flags-to-specify-listen-address.patch
Patch14: misc-failures-and-features.patch
BuildRequires: pkgconfig BuildRequires: pkgconfig
BuildRequires: pkgconfig(libbsd) BuildRequires: pkgconfig(libbsd)
Provides: nc6 = %{version} Provides: nc6 = %{version}
@ -73,7 +76,7 @@ ln -s -f nc.1%{ext_man} %{buildroot}/%{_mandir}/man1/netcat.1%{ext_man}
%files %files
%{_bindir}/nc %{_bindir}/nc
%{_bindir}/netcat %{_bindir}/netcat
%{_mandir}/man1/nc.1%{ext_man} %{_mandir}/man1/nc.1%{?ext_man}
%{_mandir}/man1/netcat.1%{ext_man} %{_mandir}/man1/netcat.1%{?ext_man}
%changelog %changelog

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:918330a41ee8ea938144ab1c59fa27533654ebff983bfb5255f730a3d9b06239
size 21630

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0e283b2a214313c69447cd962c528ac19afb3ddfe606b25de6d179f187cde4c3
size 22480

View File

@ -3,11 +3,11 @@ Date: Mon, 13 Feb 2012 15:59:31 +0800
Subject: port to linux with libsd Subject: port to linux with libsd
--- ---
Makefile | 15 +++++++- Makefile | 15 ++++++-
nc.1 | 4 -- nc.1 | 3 -
netcat.c | 118 +++++++++++++++++++++++++++++++++++++++++++++++---------------- netcat.c | 131 ++++++++++++++++++++++++++++++++++++++++++++++++---------------
socks.c | 46 ++++++++++++------------ socks.c | 46 +++++++++++-----------
4 files changed, 127 insertions(+), 56 deletions(-) 4 files changed, 139 insertions(+), 56 deletions(-)
--- a/Makefile --- a/Makefile
+++ b/Makefile +++ b/Makefile
@ -32,24 +32,23 @@ Subject: port to linux with libsd
+ rm -f $(OBJS) nc + rm -f $(OBJS) nc
--- a/nc.1 --- a/nc.1
+++ b/nc.1 +++ b/nc.1
@@ -202,9 +202,6 @@ Proxy authentication is only supported f @@ -213,8 +213,6 @@ Proxy authentication is only supported f
Specifies the source port Specify the source port
.Nm .Nm
should use, subject to privilege restrictions and availability. should use, subject to privilege restrictions and availability.
-It is an error to use this option in conjunction with the -Cannot be used together with
-.Fl l -.Fl l .
-option.
.It Fl R Ar CAfile .It Fl R Ar CAfile
Specifies the filename from which the root CA bundle for certificate Load the root CA bundle for TLS certificate verification from
verification is loaded, in PEM format. .Ar CAfile ,
@@ -249,6 +246,7 @@ For IPv4 TOS value @@ -274,6 +272,7 @@ For the IPv4 TOS/IPv6 traffic class valu
may be one of may be one of
.Ar critical , .Cm critical ,
.Ar inetcontrol , .Cm inetcontrol ,
+.Ar lowcost , +.Cm lowcost ,
.Ar lowdelay , .Cm lowdelay ,
.Ar netcontrol , .Cm netcontrol ,
.Ar throughput , .Cm throughput ,
--- a/netcat.c --- a/netcat.c
+++ b/netcat.c +++ b/netcat.c
@@ -32,6 +32,8 @@ @@ -32,6 +32,8 @@
@ -113,14 +112,14 @@ Subject: port to linux with libsd
#include <errno.h> #include <errno.h>
@@ -55,6 +100,8 @@ @@ -55,6 +100,8 @@
#include <time.h> #include <time.h>
#include <unistd.h>
#include <tls.h> #include <tls.h>
#include <unistd.h>
+#include <bsd/stdlib.h> +#include <bsd/stdlib.h>
+#include <bsd/string.h> +#include <bsd/string.h>
#include "atomicio.h" #include "atomicio.h"
#define PORT_MAX 65535 @@ -268,10 +315,14 @@ main(int argc, char *argv[])
@@ -260,10 +307,14 @@ main(int argc, char *argv[])
uflag = 1; uflag = 1;
break; break;
case 'V': case 'V':
@ -135,7 +134,7 @@ Subject: port to linux with libsd
break; break;
case 'v': case 'v':
vflag = 1; vflag = 1;
@@ -301,7 +352,11 @@ main(int argc, char *argv[]) @@ -320,7 +371,11 @@ main(int argc, char *argv[])
oflag = optarg; oflag = optarg;
break; break;
case 'S': case 'S':
@ -147,7 +146,7 @@ Subject: port to linux with libsd
break; break;
case 'T': case 'T':
errstr = NULL; errstr = NULL;
@@ -326,32 +381,23 @@ main(int argc, char *argv[]) @@ -345,14 +400,23 @@ main(int argc, char *argv[])
argc -= optind; argc -= optind;
argv += optind; argv += optind;
@ -155,24 +154,6 @@ Subject: port to linux with libsd
if (rtableid >= 0) if (rtableid >= 0)
if (setrtable(rtableid) == -1) if (setrtable(rtableid) == -1)
err(1, "setrtable"); err(1, "setrtable");
-
- if (family == AF_UNIX) {
- if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
- err(1, "pledge");
- } else if (Fflag) {
- if (Pflag) {
- if (pledge("stdio inet dns sendfd tty", NULL) == -1)
- err(1, "pledge");
- } else if (pledge("stdio inet dns sendfd", NULL) == -1)
- err(1, "pledge");
- } else if (Pflag) {
- if (pledge("stdio inet dns tty", NULL) == -1)
- err(1, "pledge");
- } else if (usetls) {
- if (pledge("stdio rpath inet dns", NULL) == -1)
- err(1, "pledge");
- } else if (pledge("stdio inet dns", NULL) == -1)
- err(1, "pledge");
+# endif +# endif
/* Cruft to make sure options are clean, and used properly. */ /* Cruft to make sure options are clean, and used properly. */
@ -182,17 +163,38 @@ Subject: port to linux with libsd
+ } else if (!argv[0] && lflag) { + } else if (!argv[0] && lflag) {
+ if (sflag) + if (sflag)
+ errx(1, "cannot use -s and -l"); + errx(1, "cannot use -s and -l");
+ if (pflag)
+ errx(1, "cannot use -p and -l");
+ if (zflag) + if (zflag)
+ errx(1, "cannot use -z and -l"); + errx(1, "cannot use -z and -l");
+ if (pflag)
+ uport=pflag;
} else if (argv[0] && !argv[1]) { } else if (argv[0] && !argv[1]) {
if (!lflag) if (!lflag)
usage(1); usage(1);
@@ -363,12 +409,6 @@ main(int argc, char *argv[]) @@ -387,33 +451,6 @@ main(int argc, char *argv[])
} else }
usage(1); }
- if (family == AF_UNIX) {
- if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
- err(1, "pledge");
- } else if (Fflag && Pflag) {
- if (pledge("stdio inet dns sendfd tty", NULL) == -1)
- err(1, "pledge");
- } else if (Fflag) {
- if (pledge("stdio inet dns sendfd", NULL) == -1)
- err(1, "pledge");
- } else if (Pflag && usetls) {
- if (pledge("stdio rpath inet dns tty", NULL) == -1)
- err(1, "pledge");
- } else if (Pflag) {
- if (pledge("stdio inet dns tty", NULL) == -1)
- err(1, "pledge");
- } else if (usetls) {
- if (pledge("stdio rpath inet dns", NULL) == -1)
- err(1, "pledge");
- } else if (pledge("stdio inet dns", NULL) == -1)
- err(1, "pledge");
-
- if (lflag && sflag) - if (lflag && sflag)
- errx(1, "cannot use -s and -l"); - errx(1, "cannot use -s and -l");
- if (lflag && pflag) - if (lflag && pflag)
@ -202,7 +204,7 @@ Subject: port to linux with libsd
if (!lflag && kflag) if (!lflag && kflag)
errx(1, "must use -l with -k"); errx(1, "must use -l with -k");
if (uflag && usetls) if (uflag && usetls)
@@ -401,8 +441,8 @@ main(int argc, char *argv[]) @@ -448,8 +485,8 @@ main(int argc, char *argv[])
} else { } else {
strlcpy(unix_dg_tmp_socket_buf, "/tmp/nc.XXXXXXXXXX", strlcpy(unix_dg_tmp_socket_buf, "/tmp/nc.XXXXXXXXXX",
UNIX_DG_TMP_SOCKET_SIZE); UNIX_DG_TMP_SOCKET_SIZE);
@ -213,7 +215,7 @@ Subject: port to linux with libsd
unix_dg_tmp_socket = unix_dg_tmp_socket_buf; unix_dg_tmp_socket = unix_dg_tmp_socket_buf;
} }
} }
@@ -880,8 +920,10 @@ remote_connect(const char *host, const c @@ -923,8 +960,10 @@ remote_connect(const char *host, const c
if (sflag || pflag) { if (sflag || pflag) {
struct addrinfo ahints, *ares; struct addrinfo ahints, *ares;
@ -224,7 +226,7 @@ Subject: port to linux with libsd
memset(&ahints, 0, sizeof(struct addrinfo)); memset(&ahints, 0, sizeof(struct addrinfo));
ahints.ai_family = res->ai_family; ahints.ai_family = res->ai_family;
ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM; ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
@@ -973,9 +1015,15 @@ local_listen(char *host, char *port, str @@ -1016,9 +1055,15 @@ local_listen(const char *host, const cha
res->ai_protocol)) < 0) res->ai_protocol)) < 0)
continue; continue;
@ -240,7 +242,7 @@ Subject: port to linux with libsd
set_common_sockopts(s, res->ai_family); set_common_sockopts(s, res->ai_family);
@@ -1425,11 +1473,13 @@ set_common_sockopts(int s, int af) @@ -1474,11 +1519,13 @@ set_common_sockopts(int s, int af)
{ {
int x = 1; int x = 1;
@ -254,33 +256,57 @@ Subject: port to linux with libsd
if (Dflag) { if (Dflag) {
if (setsockopt(s, SOL_SOCKET, SO_DEBUG, if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
&x, sizeof(x)) == -1) &x, sizeof(x)) == -1)
@@ -1460,8 +1510,11 @@ set_common_sockopts(int s, int af) @@ -1489,9 +1536,14 @@ set_common_sockopts(int s, int af)
IP_TOS, &Tflag, sizeof(Tflag)) == -1)
err(1, "set IP ToS");
+#if defined(IPV6_TCLASS)
else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
IPV6_TCLASS, &Tflag, sizeof(Tflag)) == -1)
err(1, "set IPv6 traffic class");
+#else
+ else if (af == AF_INET6)
+ errx(1, "can't set IPv6 traffic class (unavailable)");
+#endif
}
if (Iflag) {
if (setsockopt(s, SOL_SOCKET, SO_RCVBUF,
@@ -1509,19 +1561,34 @@ set_common_sockopts(int s, int af)
IP_TTL, &ttl, sizeof(ttl))) IP_TTL, &ttl, sizeof(ttl)))
err(1, "set IP TTL"); err(1, "set IP TTL");
- else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
+ else
+#if defined(IPV6_UNICAST_HOPS) +#if defined(IPV6_UNICAST_HOPS)
+ if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6, else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
IPV6_UNICAST_HOPS, &ttl, sizeof(ttl))) IPV6_UNICAST_HOPS, &ttl, sizeof(ttl)))
+#endif
err(1, "set IPv6 unicast hops"); err(1, "set IPv6 unicast hops");
+#else
+ else if (af == AF_INET6)
+ errx(1, "can't set IPv6 unicast hops (unavailable)");
+#endif
} }
@@ -1470,8 +1523,11 @@ set_common_sockopts(int s, int af) if (minttl != -1) {
+#if defined(IP_MINTTL)
if (af == AF_INET && setsockopt(s, IPPROTO_IP,
IP_MINTTL, &minttl, sizeof(minttl))) IP_MINTTL, &minttl, sizeof(minttl)))
err(1, "set IP min TTL"); err(1, "set IP min TTL");
+#else
- else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6, + if (af == AF_INET)
+ else + errx(1, "can't set IP min TTL (unavailable)");
+#if defined(IPV6_MINHOPCOUNT)
+ if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
IPV6_MINHOPCOUNT, &minttl, sizeof(minttl)))
+#endif +#endif
+#if defined(IPV6_MINHOPCOUNT)
else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
IPV6_MINHOPCOUNT, &minttl, sizeof(minttl)))
err(1, "set IPv6 min hop count"); err(1, "set IPv6 min hop count");
+#else
+ else if (af == AF_INET6)
+ errx(1, "can't set IPv6 min hop count (unavailable)");
+#endif
} }
} }
@@ -1507,6 +1563,7 @@ map_tos(char *s, int *val)
@@ -1556,6 +1623,7 @@ process_tos_opt(char *s, int *val)
{ "cs7", IPTOS_DSCP_CS7 }, { "cs7", IPTOS_DSCP_CS7 },
{ "ef", IPTOS_DSCP_EF }, { "ef", IPTOS_DSCP_EF },
{ "inetcontrol", IPTOS_PREC_INTERNETCONTROL }, { "inetcontrol", IPTOS_PREC_INTERNETCONTROL },
@ -288,7 +314,7 @@ Subject: port to linux with libsd
{ "lowdelay", IPTOS_LOWDELAY }, { "lowdelay", IPTOS_LOWDELAY },
{ "netcontrol", IPTOS_PREC_NETCONTROL }, { "netcontrol", IPTOS_PREC_NETCONTROL },
{ "reliability", IPTOS_RELIABILITY }, { "reliability", IPTOS_RELIABILITY },
@@ -1640,6 +1697,9 @@ report_connect(const struct sockaddr *sa @@ -1721,6 +1789,9 @@ report_connect(const struct sockaddr *sa
void void
help(void) help(void)
{ {
@ -298,8 +324,8 @@ Subject: port to linux with libsd
usage(0); usage(0);
fprintf(stderr, "\tCommand Summary:\n\ fprintf(stderr, "\tCommand Summary:\n\
\t-4 Use IPv4\n\ \t-4 Use IPv4\n\
@@ -1680,7 +1740,7 @@ help(void) @@ -1763,7 +1834,7 @@ help(void)
\t-x addr[:port]\tSpecify proxy address and port\n\ \t-Z Peer certificate file\n\
\t-z Zero-I/O mode [used for scanning]\n\ \t-z Zero-I/O mode [used for scanning]\n\
Port numbers can be individual or ranges: lo-hi [inclusive]\n"); Port numbers can be individual or ranges: lo-hi [inclusive]\n");
- exit(1); - exit(1);
@ -318,7 +344,7 @@ Subject: port to linux with libsd
#include "atomicio.h" #include "atomicio.h"
#define SOCKS_PORT "1080" #define SOCKS_PORT "1080"
@@ -219,11 +219,11 @@ socks_connect(const char *host, const ch @@ -217,11 +217,11 @@ socks_connect(const char *host, const ch
buf[2] = SOCKS_NOAUTH; buf[2] = SOCKS_NOAUTH;
cnt = atomicio(vwrite, proxyfd, buf, 3); cnt = atomicio(vwrite, proxyfd, buf, 3);
if (cnt != 3) if (cnt != 3)
@ -332,7 +358,7 @@ Subject: port to linux with libsd
if (buf[1] == SOCKS_NOMETHOD) if (buf[1] == SOCKS_NOMETHOD)
errx(1, "authentication method negotiation failed"); errx(1, "authentication method negotiation failed");
@@ -272,11 +272,11 @@ socks_connect(const char *host, const ch @@ -270,11 +270,11 @@ socks_connect(const char *host, const ch
cnt = atomicio(vwrite, proxyfd, buf, wlen); cnt = atomicio(vwrite, proxyfd, buf, wlen);
if (cnt != wlen) if (cnt != wlen)
@ -346,7 +372,7 @@ Subject: port to linux with libsd
if (buf[1] != 0) { if (buf[1] != 0) {
errx(1, "connection failed, SOCKSv5 error: %s", errx(1, "connection failed, SOCKSv5 error: %s",
socks5_strerror(buf[1])); socks5_strerror(buf[1]));
@@ -285,12 +285,12 @@ socks_connect(const char *host, const ch @@ -283,12 +283,12 @@ socks_connect(const char *host, const ch
case SOCKS_IPV4: case SOCKS_IPV4:
cnt = atomicio(read, proxyfd, buf + 4, 6); cnt = atomicio(read, proxyfd, buf + 4, 6);
if (cnt != 6) if (cnt != 6)
@ -361,7 +387,7 @@ Subject: port to linux with libsd
break; break;
default: default:
errx(1, "connection failed, unsupported address type"); errx(1, "connection failed, unsupported address type");
@@ -310,11 +310,11 @@ socks_connect(const char *host, const ch @@ -308,11 +308,11 @@ socks_connect(const char *host, const ch
cnt = atomicio(vwrite, proxyfd, buf, wlen); cnt = atomicio(vwrite, proxyfd, buf, wlen);
if (cnt != wlen) if (cnt != wlen)
@ -375,7 +401,7 @@ Subject: port to linux with libsd
if (buf[1] != 90) { if (buf[1] != 90) {
errx(1, "connection failed, SOCKSv4 error: %s", errx(1, "connection failed, SOCKSv4 error: %s",
socks4_strerror(buf[1])); socks4_strerror(buf[1]));
@@ -328,39 +328,39 @@ socks_connect(const char *host, const ch @@ -326,21 +326,21 @@ socks_connect(const char *host, const ch
/* Try to be sane about numeric IPv6 addresses */ /* Try to be sane about numeric IPv6 addresses */
if (strchr(host, ':') != NULL) { if (strchr(host, ':') != NULL) {
@ -400,12 +426,15 @@ Subject: port to linux with libsd
+ err(1, "write failed (%zu/%d)", (size_t)cnt, (int)r); + err(1, "write failed (%zu/%d)", (size_t)cnt, (int)r);
if (authretry > 1) { if (authretry > 1) {
char resp[1024]; char proxypass[256];
@@ -348,20 +348,20 @@ socks_connect(const char *host, const ch
proxypass = getproxypass(proxyuser, proxyhost); getproxypass(proxyuser, proxyhost,
proxypass, sizeof proxypass);
- r = snprintf(buf, sizeof(buf), "%s:%s", - r = snprintf(buf, sizeof(buf), "%s:%s",
+ r = snprintf((char*)buf, sizeof(buf), "%s:%s", + r = snprintf((char*)buf, sizeof(buf), "%s:%s",
proxyuser, proxypass); proxyuser, proxypass);
explicit_bzero(proxypass, sizeof proxypass);
if (r == -1 || (size_t)r >= sizeof(buf) || if (r == -1 || (size_t)r >= sizeof(buf) ||
- b64_ntop(buf, strlen(buf), resp, - b64_ntop(buf, strlen(buf), resp,
+ b64_ntop(buf, strlen((char*)buf), resp, + b64_ntop(buf, strlen((char*)buf), resp,
@ -421,10 +450,10 @@ Subject: port to linux with libsd
if ((cnt = atomicio(vwrite, proxyfd, buf, r)) != r) if ((cnt = atomicio(vwrite, proxyfd, buf, r)) != r)
- err(1, "write failed (%zu/%d)", cnt, r); - err(1, "write failed (%zu/%d)", cnt, r);
+ err(1, "write failed (%zu/%d)", (size_t)cnt, r); + err(1, "write failed (%zu/%d)", (size_t)cnt, r);
explicit_bzero(proxypass, sizeof proxypass);
explicit_bzero(buf, sizeof buf);
} }
@@ -371,22 +371,22 @@ socks_connect(const char *host, const ch
/* Terminate headers */
@@ -368,22 +368,22 @@ socks_connect(const char *host, const ch
err(1, "write failed (%zu/2)", cnt); err(1, "write failed (%zu/2)", cnt);
/* Read status reply */ /* Read status reply */

View File

@ -17,8 +17,8 @@ Subject: quit timer
.Op Fl s Ar source .Op Fl s Ar source
.Op Fl T Ar keyword .Op Fl T Ar keyword
.Op Fl V Ar rtable .Op Fl V Ar rtable
@@ -173,6 +174,15 @@ Proxy authentication is only supported f @@ -167,6 +168,15 @@ Proxy authentication is only supported f
Specifies the source port Specify the source port
.Nm .Nm
should use, subject to privilege restrictions and availability. should use, subject to privilege restrictions and availability.
+.It Fl q Ar seconds +.It Fl q Ar seconds
@ -31,7 +31,7 @@ Subject: quit timer
+implies +implies
+.Fl N . +.Fl N .
.It Fl r .It Fl r
Specifies that source and/or destination ports should be chosen randomly Choose source and/or destination ports randomly
instead of sequentially within a range or in the order that the system instead of sequentially within a range or in the order that the system
--- a/netcat.c --- a/netcat.c
+++ b/netcat.c +++ b/netcat.c
@ -43,7 +43,7 @@ Subject: quit timer
int rflag; /* Random ports flag */ int rflag; /* Random ports flag */
char *sflag; /* Source Address */ char *sflag; /* Source Address */
int tflag; /* Telnet Emulation */ int tflag; /* Telnet Emulation */
@@ -218,6 +219,8 @@ ssize_t fillbuf(int, unsigned char *, si @@ -224,6 +225,8 @@ ssize_t fillbuf(int, unsigned char *, si
static int connect_with_timeout(int fd, const struct sockaddr *sa, static int connect_with_timeout(int fd, const struct sockaddr *sa,
socklen_t salen, int ctimeout); socklen_t salen, int ctimeout);
@ -52,23 +52,23 @@ Subject: quit timer
int int
main(int argc, char *argv[]) main(int argc, char *argv[])
{ {
@@ -246,9 +249,9 @@ main(int argc, char *argv[]) @@ -253,9 +256,9 @@ main(int argc, char *argv[])
while ((ch = getopt(argc, argv, while ((ch = getopt(argc, argv,
# if defined(TLS) # if defined(TLS)
- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vw:X:x:z")) != -1) { - "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
+ "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:z")) != -1) { + "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
# else # else
- "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vw:X:x:z")) != -1) { - "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z"))
+ "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:z")) != -1) { + "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:z"))
# endif # endif
!= -1) {
switch (ch) { switch (ch) {
case '4': @@ -347,6 +350,13 @@ main(int argc, char *argv[])
@@ -339,6 +342,13 @@ main(int argc, char *argv[])
case 'p': case 'p':
pflag = optarg; pflag = optarg;
break; break;
+ case 'q': + case 'q':
+ qflag = strtonum(optarg, INT_MIN, INT_MAX, &errstr); + qflag = strtonum(optarg, INT_MIN, INT_MAX, &errstr);
+ if (errstr) + if (errstr)
+ errx(1, "quit timer %s: %s", errstr, optarg); + errx(1, "quit timer %s: %s", errstr, optarg);
@ -78,13 +78,13 @@ Subject: quit timer
# if defined(TLS) # if defined(TLS)
case 'R': case 'R':
tls_cachanged = 1; tls_cachanged = 1;
@@ -1253,15 +1263,27 @@ readwrite(int net_fd) @@ -1297,15 +1307,27 @@ readwrite(int net_fd)
while (1) { while (1) {
/* both inputs are gone, buffers are empty, we are done */ /* both inputs are gone, buffers are empty, we are done */
if (pfd[POLL_STDIN].fd == -1 && pfd[POLL_NETIN].fd == -1 && if (pfd[POLL_STDIN].fd == -1 && pfd[POLL_NETIN].fd == -1 &&
- stdinbufpos == 0 && netinbufpos == 0) - stdinbufpos == 0 && netinbufpos == 0)
- return; - return;
+ stdinbufpos == 0 && netinbufpos == 0) { + stdinbufpos == 0 && netinbufpos == 0) {
+ if (qflag <= 0) + if (qflag <= 0)
+ return; + return;
+ goto delay_exit; + goto delay_exit;
@ -96,7 +96,7 @@ Subject: quit timer
+ if (qflag <= 0) + if (qflag <= 0)
+ return; + return;
+ goto delay_exit; + goto delay_exit;
+ } + }
/* listen and net in gone, queues empty, done */ /* listen and net in gone, queues empty, done */
if (lflag && pfd[POLL_NETIN].fd == -1 && if (lflag && pfd[POLL_NETIN].fd == -1 &&
- stdinbufpos == 0 && netinbufpos == 0) - stdinbufpos == 0 && netinbufpos == 0)
@ -108,11 +108,11 @@ Subject: quit timer
+ close(net_fd); + close(net_fd);
+ signal(SIGALRM, quit); + signal(SIGALRM, quit);
+ alarm(qflag); + alarm(qflag);
+ } + }
/* poll */ /* poll */
num_fds = poll(pfd, 4, timeout); num_fds = poll(pfd, 4, timeout);
@@ -1936,6 +1958,7 @@ help(void) @@ -2032,6 +2054,7 @@ help(void)
\t-O length TCP send buffer length\n\ \t-O length TCP send buffer length\n\
\t-P proxyuser\tUsername for proxy authentication\n\ \t-P proxyuser\tUsername for proxy authentication\n\
\t-p port\t Specify local port for remote connects\n\ \t-p port\t Specify local port for remote connects\n\
@ -120,14 +120,15 @@ Subject: quit timer
\t-r Randomize remote ports\n\ \t-r Randomize remote ports\n\
\t-S Enable the TCP MD5 signature option\n\ \t-S Enable the TCP MD5 signature option\n\
\t-s source Local source address\n\ \t-s source Local source address\n\
@@ -1959,9 +1982,18 @@ usage(int ret) @@ -2056,10 +2079,19 @@ usage(int ret)
fprintf(stderr, fprintf(stderr,
"usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
"\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n" "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
- "\t [-s source] [-T keyword] [-V rtable] [-w timeout] " - "\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
+ "\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-w timeout] " + "\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
"[-X proxy_protocol]\n" "[-w timeout]\n"
"\t [-x proxy_address[:port]] [destination] [port]\n"); "\t [-X proxy_protocol] [-x proxy_address[:port]] "
"\t [destination] [port]\n");
if (ret) if (ret)
exit(1); exit(1);
} }

View File

@ -3,9 +3,9 @@ Date: Mon, 13 Feb 2012 14:57:45 +0800
Subject: send crlf Subject: send crlf
--- ---
nc.1 | 6 +++-- nc.1 | 9 ++++++-
netcat.c | 72 +++++++++++++++++++++++++++++++++++---------------------------- netcat.c | 72 +++++++++++++++++++++++++++++++++++----------------------------
2 files changed, 45 insertions(+), 33 deletions(-) 2 files changed, 48 insertions(+), 33 deletions(-)
--- a/nc.1 --- a/nc.1
+++ b/nc.1 +++ b/nc.1
@ -18,16 +18,19 @@ Subject: send crlf
.Op Fl I Ar length .Op Fl I Ar length
.Op Fl i Ar interval .Op Fl i Ar interval
.Op Fl M Ar ttl .Op Fl M Ar ttl
@@ -95,6 +95,8 @@ to use IPv4 addresses only. @@ -92,6 +92,11 @@ The options are as follows:
Forces Use IPv4 addresses only.
.Nm .It Fl 6
to use IPv6 addresses only. Use IPv6 addresses only.
+.It Fl C +.It Fl C
+Send CRLF as line-ending. +Send CRLF as line-ending. Each line feed (LF) character from the input
+data is translated into CR+LF before being written to the socket. Line
+feed characters that are already preceded with a carriage return (CR)
+are not translated. Received data is not affected.
.It Fl D .It Fl D
Enable debugging on the socket. Enable debugging on the socket.
.It Fl d .It Fl d
@@ -379,7 +381,7 @@ More complicated examples can be built u @@ -377,7 +382,7 @@ More complicated examples can be built u
of requests required by the server. of requests required by the server.
As another example, an email may be submitted to an SMTP server using: As another example, an email may be submitted to an SMTP server using:
.Bd -literal -offset indent .Bd -literal -offset indent
@ -38,16 +41,16 @@ Subject: send crlf
RCPT TO:\*(Ltuser2@host.example.com\*(Gt RCPT TO:\*(Ltuser2@host.example.com\*(Gt
--- a/netcat.c --- a/netcat.c
+++ b/netcat.c +++ b/netcat.c
@@ -163,6 +163,8 @@ int tls_cachanged; /* Using non-defau @@ -166,6 +166,8 @@ char *tls_expecthash; /* required hash
int TLSopt; /* TLS options */ char *tls_ciphers; /* TLS ciphers */
char *tls_expectname; /* required name in peer cert */ char *tls_protocols; /* TLS protocols */
char *tls_expecthash; /* required hash of peer cert */ FILE *Zflag; /* file to save peer cert */
+# else +# else
+int Cflag = 0; /* CRLF line-ending */ +int Cflag = 0; /* CRLF line-ending */
# endif # endif
int timeout = -1; int recvcount, recvlimit;
@@ -209,7 +211,7 @@ ssize_t fillbuf(int, unsigned char *, si @@ -215,7 +217,7 @@ ssize_t fillbuf(int, unsigned char *, si
void tls_setup_client(struct tls *, int, char *); void tls_setup_client(struct tls *, int, char *);
struct tls *tls_setup_server(struct tls *, int, char *); struct tls *tls_setup_server(struct tls *, int, char *);
# else # else
@ -56,16 +59,16 @@ Subject: send crlf
ssize_t fillbuf(int, unsigned char *, size_t *); ssize_t fillbuf(int, unsigned char *, size_t *);
# endif # endif
@@ -246,7 +248,7 @@ main(int argc, char *argv[]) @@ -253,7 +255,7 @@ main(int argc, char *argv[])
# if defined(TLS) # if defined(TLS)
"46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vw:X:x:z")) != -1) { "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
# else # else
- "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vw:X:x:z")) != -1) { - "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z"))
+ "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vw:X:x:z")) != -1) { + "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z"))
# endif # endif
!= -1) {
switch (ch) { switch (ch) {
case '4': @@ -283,6 +285,10 @@ main(int argc, char *argv[])
@@ -275,6 +277,10 @@ main(int argc, char *argv[])
case 'c': case 'c':
usetls = 1; usetls = 1;
break; break;
@ -76,7 +79,7 @@ Subject: send crlf
# endif # endif
case 'd': case 'd':
dflag = 1; dflag = 1;
@@ -1257,12 +1263,6 @@ readwrite(int net_fd) @@ -1301,12 +1307,6 @@ readwrite(int net_fd)
stdinbufpos == 0 && netinbufpos == 0) stdinbufpos == 0 && netinbufpos == 0)
return; return;
@ -89,7 +92,7 @@ Subject: send crlf
/* poll */ /* poll */
num_fds = poll(pfd, 4, timeout); num_fds = poll(pfd, 4, timeout);
@@ -1342,7 +1342,7 @@ readwrite(int net_fd) @@ -1386,7 +1386,7 @@ readwrite(int net_fd)
pfd[POLL_NETOUT].events = POLLOUT; pfd[POLL_NETOUT].events = POLLOUT;
else else
# else # else
@ -98,7 +101,7 @@ Subject: send crlf
# endif # endif
if (ret == -1) if (ret == -1)
pfd[POLL_NETOUT].fd = -1; pfd[POLL_NETOUT].fd = -1;
@@ -1395,7 +1395,7 @@ readwrite(int net_fd) @@ -1445,7 +1445,7 @@ readwrite(int net_fd)
pfd[POLL_STDOUT].events = POLLOUT; pfd[POLL_STDOUT].events = POLLOUT;
else else
# else # else
@ -107,7 +110,7 @@ Subject: send crlf
# endif # endif
if (ret == -1) if (ret == -1)
pfd[POLL_STDOUT].fd = -1; pfd[POLL_STDOUT].fd = -1;
@@ -1421,31 +1421,40 @@ readwrite(int net_fd) @@ -1471,31 +1471,40 @@ readwrite(int net_fd)
} }
ssize_t ssize_t
@ -168,7 +171,7 @@ Subject: send crlf
/* adjust buffer */ /* adjust buffer */
adjust = *bufpos - n; adjust = *bufpos - n;
if (adjust > 0) if (adjust > 0)
@@ -1911,6 +1920,7 @@ help(void) @@ -2007,6 +2016,7 @@ help(void)
fprintf(stderr, "\tCommand Summary:\n\ fprintf(stderr, "\tCommand Summary:\n\
\t-4 Use IPv4\n\ \t-4 Use IPv4\n\
\t-6 Use IPv6\n\ \t-6 Use IPv6\n\
@ -176,12 +179,12 @@ Subject: send crlf
\t-D Enable the debug socket option\n\ \t-D Enable the debug socket option\n\
\t-d Detach from stdin\n\ \t-d Detach from stdin\n\
\t-F Pass socket fd\n\ \t-F Pass socket fd\n\
@@ -1947,7 +1957,7 @@ void @@ -2044,7 +2054,7 @@ void
usage(int ret) usage(int ret)
{ {
fprintf(stderr, fprintf(stderr,
- "usage: nc [-46DdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" - "usage: nc [-46DdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
+ "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" + "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
"\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n" "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
"\t [-s source] [-T keyword] [-V rtable] [-w timeout] " "\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
"[-X proxy_protocol]\n" "[-w timeout]\n"

View File

@ -3,75 +3,74 @@ Date: Tue, 14 Feb 2012 23:02:00 +0800
Subject: serialized handling multiple clients Subject: serialized handling multiple clients
--- ---
netcat.c | 41 ++++++++++++++++++++--------------------- netcat.c | 44 +++++++++++++++++++++-----------------------
1 file changed, 20 insertions(+), 21 deletions(-) 1 file changed, 21 insertions(+), 23 deletions(-)
--- a/netcat.c --- a/netcat.c
+++ b/netcat.c +++ b/netcat.c
@@ -664,7 +664,20 @@ main(int argc, char *argv[]) @@ -705,6 +705,23 @@ main(int argc, char *argv[])
s = unix_bind(host, 0); s = unix_bind(host, 0);
else else
s = unix_listen(host); s = unix_listen(host);
- }
+ } else + } else
+ s = local_listen(host, uport, hints); + s = local_listen(host, uport, hints);
+ if (s < 0) + if (s < 0)
+ err(1, NULL); + err(1, NULL);
+ +
+ char* local; + if (vflag && (family != AF_UNIX)) {
+ if (family == AF_INET6) + char* local;
+ local = ":::"; + if (family == AF_INET)
+ else + local = "0.0.0.0";
+ local = "0.0.0.0"; + else if (family == AF_INET6)
+ fprintf(stderr, "Listening on [%s] (family %d, port %d)\n", + local = "::";
+ host ?: local, + else
+ family, + local = "unknown";
+ *uport); + fprintf(stderr, "Listening on [%s] (family %d, port %d)\n",
+ host ?: local,
+ family,
+ *uport);
}
# if defined(TLS) # if defined(TLS)
if (usetls) { @@ -719,28 +736,6 @@ main(int argc, char *argv[])
@@ -678,22 +691,7 @@ main(int argc, char *argv[])
# endif # endif
/* Allow only one connection at a time, but stay alive. */ /* Allow only one connection at a time, but stay alive. */
for (;;) { for (;;) {
- if (family != AF_UNIX) - if (family != AF_UNIX) {
- if (s != -1)
- close(s);
- s = local_listen(host, uport, hints); - s = local_listen(host, uport, hints);
- }
- if (s < 0) - if (s < 0)
- err(1, NULL); - err(1, NULL);
- -
- char* local; - if (vflag && (family != AF_UNIX)) {
- if (family == AF_INET6) - char* local;
- local = "0.0.0.0"; - if (family == AF_INET)
- else if (family == AF_INET) - local = "0.0.0.0";
- local = ":::"; - else if (family == AF_INET6)
- else - local = "::";
- local = "unknown"; - else
- fprintf(stderr, "Listening on [%s] (family %d, port %d)\n", - local = "unknown";
- host ?: local, - fprintf(stderr, "Listening on [%s] (family %d, port %d)\n",
- family, - host ?: local,
- *uport); - family,
+ - *uport);
/* - }
* For UDP and -k, don't connect the socket, let it -
* receive datagrams from multiple socket pairs. if (uflag && kflag) {
@@ -760,15 +758,16 @@ main(int argc, char *argv[]) /*
# endif * For UDP and -k, don't connect the socket,
close(connfd); @@ -814,8 +809,11 @@ main(int argc, char *argv[])
}
- if (family != AF_UNIX)
+ if (kflag)
+ continue;
+ if (family != AF_UNIX) {
close(s);
+ }
else if (uflag) {
if (connect(s, NULL, 0) < 0)
err(1, "connect"); err(1, "connect");
} }
-
- if (!kflag) - if (!kflag)
- break; + if (!kflag) {
+ break; + if (s != -1)
+ close(s);
break;
+ }
} }
} else if (family == AF_UNIX) { } else if (family == AF_UNIX) {
ret = 0; ret = 0;

View File

@ -18,26 +18,26 @@ Subject: Set TCP MD5SIG correctly for client connections
#ifndef IPTOS_LOWDELAY #ifndef IPTOS_LOWDELAY
# define IPTOS_LOWDELAY 0x10 # define IPTOS_LOWDELAY 0x10
@@ -172,6 +175,9 @@ char *tls_expecthash; /* required hash @@ -176,6 +179,9 @@ FILE *Zflag; /* file to save peer ce
int Cflag = 0; /* CRLF line-ending */ int Cflag = 0; /* CRLF line-ending */
# endif # endif
+# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN) +# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN)
+char Sflag_password[TCP_MD5SIG_MAXKEYLEN]; +char Sflag_password[TCP_MD5SIG_MAXKEYLEN];
+# endif +# endif
int recvcount, recvlimit;
int timeout = -1; int timeout = -1;
int family = AF_UNSPEC; int family = AF_UNSPEC;
char *portlist[PORT_MAX+1]; @@ -206,7 +212,7 @@ int udptest(int);
@@ -200,7 +206,7 @@ int udptest(int);
int unix_bind(char *, int); int unix_bind(char *, int);
int unix_connect(char *); int unix_connect(char *);
int unix_listen(char *); int unix_listen(char *);
-void set_common_sockopts(int, int); -void set_common_sockopts(int, int);
+void set_common_sockopts(int, const struct sockaddr *); +void set_common_sockopts(int, const struct sockaddr *);
int map_tos(char *, int *); int process_tos_opt(char *, int *);
# if defined(TLS) # if defined(TLS)
int map_tls(char *, int *); int process_tls_opt(char *, int *);
@@ -427,7 +433,10 @@ main(int argc, char *argv[]) @@ -456,7 +462,10 @@ main(int argc, char *argv[])
break; break;
# endif # endif
case 'S': case 'S':
@ -49,7 +49,7 @@ Subject: Set TCP MD5SIG correctly for client connections
Sflag = 1; Sflag = 1;
# else # else
errx(1, "no TCP MD5 signature support available"); errx(1, "no TCP MD5 signature support available");
@@ -1120,7 +1129,7 @@ remote_connect(const char *host, const c @@ -1171,7 +1180,7 @@ remote_connect(const char *host, const c
freeaddrinfo(ares); freeaddrinfo(ares);
} }
@ -58,7 +58,7 @@ Subject: Set TCP MD5SIG correctly for client connections
char *proto = proto_name(uflag, dccpflag); char *proto = proto_name(uflag, dccpflag);
if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS) if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS)
@@ -1274,7 +1283,7 @@ local_listen(char *host, char *port, str @@ -1325,7 +1334,7 @@ local_listen(const char *host, const cha
err(1, NULL); err(1, NULL);
# endif # endif
@ -67,7 +67,7 @@ Subject: Set TCP MD5SIG correctly for client connections
if (bind(s, (struct sockaddr *)res->ai_addr, if (bind(s, (struct sockaddr *)res->ai_addr,
res->ai_addrlen) == 0) res->ai_addrlen) == 0)
@@ -1788,14 +1797,22 @@ udptest(int s) @@ -1845,9 +1854,10 @@ udptest(int s)
} }
void void
@ -77,6 +77,12 @@ Subject: Set TCP MD5SIG correctly for client connections
int x = 1; int x = 1;
+ int af = sa->sa_family; + int af = sa->sa_family;
# if defined(SO_BROADCAST)
if (bflag) {
@@ -1858,10 +1868,17 @@ set_common_sockopts(int s, int af)
err(1, NULL);
}
# endif
-# if defined(TCP_MD5SIG) -# if defined(TCP_MD5SIG)
+# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN) +# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN)
if (Sflag) { if (Sflag) {

View File

@ -17,7 +17,7 @@ Subject: udp scan timeout
/* Command Line Options */ /* Command Line Options */
int dflag; /* detached, no stdin */ int dflag; /* detached, no stdin */
int Fflag; /* fdpass sock to stdout */ int Fflag; /* fdpass sock to stdout */
@@ -774,7 +776,7 @@ main(int argc, char *argv[]) @@ -815,7 +817,7 @@ main(int argc, char *argv[])
continue; continue;
ret = 0; ret = 0;
@ -26,7 +26,7 @@ Subject: udp scan timeout
/* For UDP, make sure we are connected. */ /* For UDP, make sure we are connected. */
if (uflag) { if (uflag) {
if (udptest(s) == -1) { if (udptest(s) == -1) {
@@ -1693,15 +1695,20 @@ build_ports(char *p) @@ -1743,15 +1745,20 @@ build_ports(char *p)
int int
udptest(int s) udptest(int s)
{ {
@ -49,7 +49,7 @@ Subject: udp scan timeout
+ if ((write(s, "X", 1) != 1) && (errno == ECONNREFUSED)) + if ((write(s, "X", 1) != 1) && (errno == ECONNREFUSED))
+ return -1; + return -1;
} }
- return (ret); - return ret;
+ return 1; + return 1;
} }

View File

@ -0,0 +1,106 @@
From: Guilhem Moulin <guilhem@debian.org>
Date: Mon, 22 Oct 2018 04:50:54 +0200
Subject: use -s/-p flags to specify listen address
---
nc.1 | 18 ++++++++++++++----
netcat.c | 49 +++++++++++++++++++++++++++++--------------------
2 files changed, 43 insertions(+), 24 deletions(-)
--- a/nc.1
+++ b/nc.1
@@ -143,8 +143,20 @@ multiple hosts.
.It Fl l
Listen for an incoming connection rather than initiating a
connection to a remote host.
-Cannot be used together with any of the options
-.Fl psxz .
+The
+.Ar destination
+and
+.Ar port
+to listen on can be specified either as non-optional arguments, or with
+options
+.Fl s
+and
+.Fl p
+respectively.
+Cannot be used together with
+.Fl x
+or
+.Fl z .
Additionally, any timeouts specified with the
.Fl w
option are ignored.
@@ -194,8 +206,6 @@ For
datagram sockets, specifies the local temporary socket file
to create and use so that datagrams can be received.
Cannot be used together with
-.Fl l
-or
.Fl x .
.It Fl T Ar keyword
Change the IPv4 TOS/IPv6 traffic class value.
--- a/netcat.c
+++ b/netcat.c
@@ -507,31 +507,40 @@ main(int argc, char *argv[])
# endif
/* Cruft to make sure options are clean, and used properly. */
- if (argv[0] && !argv[1] && family == AF_UNIX) {
-# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
- if (dccpflag)
- errx(1, "cannot use -Z and -U");
-# endif
- host = argv[0];
- uport = NULL;
- } else if (!argv[0] && lflag) {
- if (sflag)
- errx(1, "cannot use -s and -l");
- if (pflag)
- errx(1, "cannot use -p and -l");
- if (zflag)
- errx(1, "cannot use -z and -l");
- } else if (argv[0] && !argv[1]) {
- if (!lflag)
- usage(1);
- uport = &argv[0];
- host = NULL;
- } else if (argv[0] && argv[1]) {
+ if (argc == 0 && lflag) {
+ uport = &pflag;
+ host = sflag;
+ } else if (argc == 1 && !pflag && !sflag) {
+ if (family == AF_UNIX) {
+ host = argv[0];
+ uport = NULL;
+ } else if (lflag) {
+ host = NULL;
+ uport = argv;
+ }
+ } else if (argc >= 2) {
+ if (lflag && (pflag || sflag || argc > 2))
+ usage(1); /* conflict */
host = argv[0];
uport = &argv[1];
} else
usage(1);
+ if (family == AF_UNIX) {
+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
+ if (dccpflag)
+ errx(1, "cannot use -Z and -U");
+# endif
+ if (uport && *uport)
+ errx(1, "cannot use port with -U");
+ if (!host)
+ errx(1, "missing socket pathname");
+ } else if (!uport || !*uport)
+ errx(1, "missing port number");
+
+ if (lflag && zflag)
+ errx(1, "cannot use -z and -l");
+
# if defined(TLS)
if (usetls) {
if (Cflag && unveil(Cflag, "r") == -1)

View File

@ -3,8 +3,8 @@ Date: Mon, 13 Feb 2012 15:38:15 +0800
Subject: verbose numeric port Subject: verbose numeric port
--- ---
netcat.c | 19 ++++++++++++++++--- netcat.c | 25 ++++++++++++++++++++-----
1 file changed, 16 insertions(+), 3 deletions(-) 1 file changed, 20 insertions(+), 5 deletions(-)
--- a/netcat.c --- a/netcat.c
+++ b/netcat.c +++ b/netcat.c
@ -16,33 +16,37 @@ Subject: verbose numeric port
#ifdef __linux__ #ifdef __linux__
# include <linux/in6.h> # include <linux/in6.h>
#endif #endif
@@ -651,6 +652,18 @@ main(int argc, char *argv[]) @@ -689,6 +690,21 @@ main(int argc, char *argv[])
s = local_listen(host, uport, hints); }
if (s < 0) if (s < 0)
err(1, NULL); err(1, NULL);
+ +
+ char* local; + if (vflag && (family != AF_UNIX)) {
+ if (family == AF_INET6) + char* local;
+ local = "0.0.0.0"; + if (family == AF_INET)
+ else if (family == AF_INET) + local = "0.0.0.0";
+ local = ":::"; + else if (family == AF_INET6)
+ else + local = "::";
+ local = "unknown"; + else
+ fprintf(stderr, "Listening on [%s] (family %d, port %d)\n", + local = "unknown";
+ host ?: local, + fprintf(stderr, "Listening on [%s] (family %d, port %d)\n",
+ family, + host ?: local,
+ *uport); + family,
/* + *uport);
* For UDP and -k, don't connect the socket, let it + }
* receive datagrams from multiple socket pairs. +
@@ -671,14 +684,14 @@ main(int argc, char *argv[]) if (uflag && kflag) {
char buf[16384]; /*
struct sockaddr_storage z; * For UDP and -k, don't connect the socket,
@@ -708,20 +724,19 @@ main(int argc, char *argv[])
*/
int rv;
char buf[2048];
- struct sockaddr_storage z;
- len = sizeof(z); - len = sizeof(z);
+ len = sizeof(cliaddr); + len = sizeof(cliaddr);
plen = 2048; rv = recvfrom(s, buf, sizeof(buf), MSG_PEEK,
rv = recvfrom(s, buf, plen, MSG_PEEK,
- (struct sockaddr *)&z, &len); - (struct sockaddr *)&z, &len);
+ (struct sockaddr *)&cliaddr, &len); + (struct sockaddr *)&cliaddr, &len);
if (rv < 0) if (rv < 0)
@ -53,3 +57,9 @@ Subject: verbose numeric port
if (rv < 0) if (rv < 0)
err(1, "connect"); err(1, "connect");
if (vflag)
- report_connect((struct sockaddr *)&z, len, NULL);
+ report_connect((struct sockaddr *)&cliaddr, len, NULL);
# if defined(TLS)
readwrite(s, NULL);