Accepting request 648975 from network:utilities

OBS-URL: https://build.opensuse.org/request/show/648975
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/netcat-openbsd?expand=0&rev=24
This commit is contained in:
Dominique Leuenberger 2018-11-26 09:16:01 +00:00 committed by Git OBS Bridge
commit afd0012796
19 changed files with 1029 additions and 695 deletions

89
broadcast-support.patch Normal file
View File

@ -0,0 +1,89 @@
From: Aron Xu <aron@debian.org>
Date: Mon, 13 Feb 2012 19:06:52 +0800
Subject: broadcast support
---
nc.1 | 4 +++-
netcat.c | 22 ++++++++++++++++++++--
2 files changed, 23 insertions(+), 3 deletions(-)
--- a/nc.1
+++ b/nc.1
@@ -33,7 +33,7 @@
.Nd arbitrary TCP and UDP connections and listens
.Sh SYNOPSIS
.Nm nc
-.Op Fl 46CDdFhklNnrStUuvZz
+.Op Fl 46bCDdFhklNnrStUuvZz
.Op Fl I Ar length
.Op Fl i Ar interval
.Op Fl M Ar ttl
@@ -93,6 +93,8 @@ The options are as follows:
Use IPv4 addresses only.
.It Fl 6
Use IPv6 addresses only.
+.It Fl b
+Allow broadcast.
.It Fl C
Send CRLF as line-ending. Each line feed (LF) character from the input
data is translated into CR+LF before being written to the socket. Line
--- a/netcat.c
+++ b/netcat.c
@@ -133,6 +133,7 @@
#define UDP_SCAN_TIMEOUT 3 /* Seconds */
/* Command Line Options */
+int bflag; /* Allow Broadcast */
int dflag; /* detached, no stdin */
int Fflag; /* fdpass sock to stdout */
unsigned int iflag; /* Interval Flag */
@@ -261,9 +262,9 @@ main(int argc, char *argv[])
while ((ch = getopt(argc, argv,
# if defined(TLS)
- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
+ "46bC:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
# else
- "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:Zz"))
+ "46bCDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:Zz"))
# endif
!= -1) {
switch (ch) {
@@ -273,6 +274,13 @@ main(int argc, char *argv[])
case '6':
family = AF_INET6;
break;
+ case 'b':
+# if defined(SO_BROADCAST)
+ bflag = 1;
+# else
+ errx(1, "no broadcast frame support available");
+# endif
+ break;
case 'U':
family = AF_UNIX;
break;
@@ -1843,6 +1851,15 @@ set_common_sockopts(int s, int af)
{
int x = 1;
+# if defined(SO_BROADCAST)
+ if (bflag) {
+ /* allow datagram sockets to send packets to a broadcast address
+ * (this option has no effect on stream-oriented sockets) */
+ if (setsockopt(s, SOL_SOCKET, SO_BROADCAST,
+ &x, sizeof(x)) == -1)
+ err(1, NULL);
+ }
+# endif
# if defined(TCP_MD5SIG)
if (Sflag) {
if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG,
@@ -2122,6 +2139,7 @@ help(void)
fprintf(stderr, "\tCommand Summary:\n\
\t-4 Use IPv4\n\
\t-6 Use IPv6\n\
+ \t-b Allow broadcast\n\
\t-C Send CRLF as line-ending\n\
\t-D Enable the debug socket option\n\
\t-d Detach from stdin\n\

View File

@ -1,15 +1,15 @@
From: Guilhem Moulin <guilhem@debian.org>
Date: Fri, 09 Jun 2017 13:21:23 +0200
Subject: compile without TLS support
Subject: build without TLS support
tls.h isn't available in libsd-dev, and -C is already taken for
CRLF line-ending in the Debian-specific patches.
tls.h isn't available in libsd-dev, and TLS supports adds options (-C, -Z)
that are already used by our Debian-specific patches.
---
Makefile | 2
nc.1 | 63 -----------------------
netcat.c | 166 +++++++++++++++++++++++++++++++++++++++++++++++++++++----------
3 files changed, 144 insertions(+), 87 deletions(-)
nc.1 | 114 ++---------------------------------------
netcat.c | 172 +++++++++++++++++++++++++++++++++++++++++++++++++++++----------
3 files changed, 152 insertions(+), 136 deletions(-)
--- a/Makefile
+++ b/Makefile
@ -46,128 +46,204 @@ CRLF line-ending in the Debian-specific patches.
.Op Fl s Ar source
.Op Fl T Ar keyword
.Op Fl V Ar rtable
@@ -101,20 +95,10 @@ to use IPv4 addresses only.
Forces
.Nm
to use IPv6 addresses only.
@@ -54,7 +48,6 @@
.Op Fl w Ar timeout
.Op Fl X Ar proxy_protocol
.Op Fl x Ar proxy_address Ns Op : Ns Ar port
-.Op Fl Z Ar peercertfile
.Op Ar destination
.Op Ar port
.Sh DESCRIPTION
@@ -99,28 +92,10 @@ The options are as follows:
Use IPv4 addresses only.
.It Fl 6
Use IPv6 addresses only.
-.It Fl C Ar certfile
-Specifies the filename from which the public key part of the TLS
-certificate is loaded, in PEM format.
-May only be used with TLS.
-Load the public key part of the TLS peer certificate from
-.Ar certfile ,
-in PEM format.
-Requires
-.Fl c .
-.It Fl c
-If using a TCP socket to connect or listen, use TLS.
-Illegal if not using TCP sockets.
-Use TLS to connect or listen.
-Cannot be used together with any of the options
-.Fl FuU .
.It Fl D
Enable debugging on the socket.
.It Fl d
Do not attempt to read from stdin.
-.It Fl e Ar name
-Specify the name that must be present in the peer certificate when using TLS.
-Illegal if not using TLS.
-Only accept the TLS peer certificate if it contains the
-.Ar name .
-Requires
-.Fl c .
-If not specified,
-.Ar destination
-is used.
.It Fl F
Pass the first connected socket using
.Xr sendmsg 2
@@ -130,11 +114,6 @@ using the
.Xr ssh_config 5
@@ -137,18 +112,7 @@ using the
.Cm ProxyUseFdpass
option).
Cannot be used with
-.Fl c
-or
.Fl U .
-.It Fl H Ar hash
-Specifies the required hash string of the peer certificate when using TLS.
-The string format required is that used by
-.Xr tls_peer_cert_hash 3 .
-Illegal if not using TLS, and may not be used with -T noverify.
-Only accept the TLS peer certificate if its hash returned from
-.Xr tls_peer_cert_hash 3
-matches
-.Ar hash .
-Requires
-.Fl c
-and cannot be used with
-.Fl T Cm noverify .
.It Fl h
Prints out
Print out the
.Nm
@@ -144,10 +123,6 @@ Specifies the size of the TCP receive bu
.It Fl i Ar interval
Specifies a delay time interval between lines of text sent and received.
@@ -160,12 +124,6 @@ Sleep for
.Ar interval
seconds between lines of text sent and received.
Also causes a delay time between connections to multiple ports.
-.It Fl K Ar keyfile
-Specifies the filename from which the private key
-is loaded in PEM format.
-May only be used with TLS.
-Load the TLS private key from
-.Ar keyfile ,
-in PEM format.
-Requires
-.Fl c .
.It Fl k
Forces
.Nm
@@ -188,12 +163,6 @@ Do not do any DNS or service lookups on
When a connection is completed, listen for another one.
Requires
@@ -196,15 +154,6 @@ Do not do any DNS or service lookups on
hostnames or ports.
.It Fl O Ar length
Specifies the size of the TCP send buffer.
Specify the size of the TCP send buffer.
-.It Fl o Ar staplefile
-Specifies the filename from which to load data to be stapled
-during the TLS handshake.
-The file is expected to contain an OCSP response from an OCSP server in
-During the TLS handshake, load data to be stapled from
-.Ar staplefile ,
-which is expected to contain an OCSP response from an OCSP server in
-DER format.
-May only be used with TLS and when a certificate is being used.
-Requires
-.Fl c
-and
-.Fl C .
.It Fl P Ar proxy_username
Specifies a username to present to a proxy server that requires authentication.
If no username is specified then authentication will not be attempted.
@@ -202,12 +171,6 @@ Proxy authentication is only supported f
Specifies the source port
@@ -213,13 +162,6 @@ Proxy authentication is only supported f
Specify the source port
.Nm
should use, subject to privilege restrictions and availability.
-.It Fl R Ar CAfile
-Specifies the filename from which the root CA bundle for certificate
-verification is loaded, in PEM format.
-Illegal if not using TLS.
-The default is
-Load the root CA bundle for TLS certificate verification from
-.Ar CAfile ,
-in PEM format, instead of
-.Pa /etc/ssl/cert.pem .
-Requires
-.Fl c .
.It Fl r
Specifies that source and/or destination ports should be chosen randomly
Choose source and/or destination ports randomly
instead of sequentially within a range or in the order that the system
@@ -224,24 +187,7 @@ It is an error to use this option in con
.Fl l
option.
@@ -239,35 +181,7 @@ Cannot be used together with
or
.Fl x .
.It Fl T Ar keyword
-Change IPv4 TOS value or TLS options.
-For TLS options
-Change the IPv4 TOS/IPv6 traffic class value or the TLS options.
-.Pp
-For TLS options,
-.Ar keyword
-may be one of
-.Ar tlsall ;
-which allows the use of all supported TLS protocols and ciphers,
-.Ar noverify ;
-may be one of:
-.Cm noverify ,
-which disables certificate verification;
-.Ar noname ,
-.Cm noname ,
-which disables certificate name checking;
-.Ar clientcert ,
-.Cm clientcert ,
-which requires a client certificate on incoming connections; or
-.Ar muststaple ,
-.Cm muststaple ,
-which requires the peer to provide a valid stapled OCSP response
-with the handshake.
-It is illegal to specify TLS options if not using TLS.
-The following TLS options specify a value in the form of a
-.Ar key Ns = Ns Ar value
-pair:
-.Cm ciphers ,
-which allows the supported TLS ciphers to be specified (see
-.Xr tls_config_set_ciphers 3
-for further details);
-.Cm protocols ,
-which allows the supported TLS protocols to be specified (see
-.Xr tls_config_parse_protocols 3
-for further details).
-Specifying TLS options requires
-.Fl c .
-.Pp
-For IPv4 TOS value
+Change IPv4 TOS value.
-For the IPv4 TOS/IPv6 traffic class value,
+Change the IPv4 TOS/IPv6 traffic class value.
.Ar keyword
may be one of
.Ar critical ,
@@ -483,11 +429,6 @@ the source port, with a timeout of 5 sec
.Cm critical ,
@@ -291,13 +205,13 @@ to script telnet sessions.
Use
.Ux Ns -domain
sockets.
-Cannot be used together with any of the options
-.Fl cFx .
+Cannot be used together with
+.Fl F
+or
+.Fl x .
.It Fl u
Use UDP instead of TCP.
Cannot be used together with
-.Fl c
-or
.Fl x .
For
.Ux Ns -domain
@@ -360,12 +274,6 @@ An IPv6 address can be specified unambig
in square brackets.
A proxy cannot be used with any of the options
.Fl lsuU .
-.It Fl Z Ar peercertfile
-Save the peer certificates to
-.Ar peercertfile ,
-in PEM format.
-Requires
-.Fl c .
.It Fl z
Only scan for listening daemons, without sending any data to them.
Cannot be used together with
@@ -519,16 +427,6 @@ the source port, with a timeout of 5 sec
.Pp
.Dl $ nc -p 31337 -w 5 host.example.com 42
.Pp
-Open a TCP connection to port 443 of www.google.ca, and negotiate TLS.
-Check for a different name in the certificate for validation.
-Open a TCP connection to port 443 of www.example.com, and negotiate TLS with
-any supported TLS protocol version and "compat" ciphers:
-.Pp
-.Dl $ nc -v -c -e adsf.au.doubleclick.net www.google.ca 443
-.Dl $ nc -cv -T protocols=all -T ciphers=compat www.example.com 443
-.Pp
-Open a TCP connection to port 443 of www.google.ca, and negotiate TLS.
-Check for a different name in the certificate for validation:
-.Pp
-.Dl $ nc -cv -e adsf.au.doubleclick.net www.google.ca 443
-.Pp
Open a UDP connection to port 53 of host.example.com:
.Pp
.Dl $ nc -u host.example.com 53
--- a/netcat.c
+++ b/netcat.c
@@ -99,7 +99,9 @@
@@ -98,7 +98,9 @@
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <unistd.h>
-#include <tls.h>
+#ifdef TLS
+# include <tls.h>
+#endif
#include <unistd.h>
#include <bsd/stdlib.h>
#include <bsd/string.h>
#include "atomicio.h"
@@ -112,13 +114,15 @@
@@ -113,12 +115,14 @@
#define POLL_NETIN 2
#define POLL_STDOUT 3
#define BUFSIZE 16384
@ -175,16 +251,14 @@ CRLF line-ending in the Debian-specific patches.
+#ifdef TLS
+# define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
-#define TLS_ALL (1 << 1)
-#define TLS_NOVERIFY (1 << 2)
-#define TLS_NONAME (1 << 3)
-#define TLS_CCERT (1 << 4)
-#define TLS_MUSTSTAPLE (1 << 5)
+# define TLS_ALL (1 << 1)
+# define TLS_NOVERIFY (1 << 2)
+# define TLS_NONAME (1 << 3)
+# define TLS_CCERT (1 << 4)
+# define TLS_MUSTSTAPLE (1 << 5)
-#define TLS_NOVERIFY (1 << 1)
-#define TLS_NONAME (1 << 2)
-#define TLS_CCERT (1 << 3)
-#define TLS_MUSTSTAPLE (1 << 4)
+# define TLS_NOVERIFY (1 << 1)
+# define TLS_NONAME (1 << 2)
+# define TLS_CCERT (1 << 3)
+# define TLS_MUSTSTAPLE (1 << 4)
+#endif
/* Command Line Options */
@ -197,18 +271,18 @@ CRLF line-ending in the Debian-specific patches.
int usetls; /* use TLS */
char *Cflag; /* Public cert file */
char *Kflag; /* Private key file */
@@ -153,6 +158,7 @@ int tls_cachanged; /* Using non-defau
int TLSopt; /* TLS options */
char *tls_expectname; /* required name in peer cert */
char *tls_expecthash; /* required hash of peer cert */
@@ -156,6 +161,7 @@ char *tls_expecthash; /* required hash
char *tls_ciphers; /* TLS ciphers */
char *tls_protocols; /* TLS protocols */
FILE *Zflag; /* file to save peer cert */
+# endif
int recvcount, recvlimit;
int timeout = -1;
int family = AF_UNSPEC;
@@ -165,10 +171,16 @@ void atelnet(int, unsigned char *, unsig
@@ -170,10 +176,16 @@ int strtoport(char *portstr, int udp);
void build_ports(char *);
void help(void);
int local_listen(char *, char *, struct addrinfo);
void help(void) __attribute__((noreturn));
int local_listen(const char *, const char *, struct addrinfo);
+# if defined(TLS)
void readwrite(int, struct tls *);
+# else
@ -222,16 +296,17 @@ CRLF line-ending in the Debian-specific patches.
int timeout_connect(int, const struct sockaddr *, socklen_t);
int socks_connect(const char *, const char *, struct addrinfo,
const char *, const char *, struct addrinfo, int, const char *);
@@ -178,14 +190,23 @@ int unix_connect(char *);
@@ -183,15 +195,24 @@ int unix_connect(char *);
int unix_listen(char *);
void set_common_sockopts(int, int);
int map_tos(char *, int *);
int process_tos_opt(char *, int *);
+# if defined(TLS)
int map_tls(char *, int *);
int process_tls_opt(char *, int *);
void save_peer_cert(struct tls *_tls_ctx, FILE *_fp);
+# endif
void report_connect(const struct sockaddr *, socklen_t, char *);
+# if defined(TLS)
void report_tls(struct tls *tls_ctx, char * host, char *tls_expectname);
void report_tls(struct tls *tls_ctx, char * host);
+# endif
void usage(int);
+# if defined(TLS)
@ -246,7 +321,7 @@ CRLF line-ending in the Debian-specific patches.
int
main(int argc, char *argv[])
@@ -200,8 +221,10 @@ main(int argc, char *argv[])
@@ -206,8 +227,10 @@ main(int argc, char *argv[])
const char *errstr;
struct addrinfo proxyhints;
char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
@ -254,22 +329,22 @@ CRLF line-ending in the Debian-specific patches.
struct tls_config *tls_cfg = NULL;
struct tls *tls_ctx = NULL;
+# endif
uint32_t protocols;
ret = 1;
socksv = 5;
@@ -212,7 +235,11 @@ main(int argc, char *argv[])
@@ -219,7 +242,11 @@ main(int argc, char *argv[])
signal(SIGPIPE, SIG_IGN);
while ((ch = getopt(argc, argv,
+# if defined(TLS)
"46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vw:X:x:z")) != -1) {
"46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
+# else
+ "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vw:X:x:z")) != -1) {
+ "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z"))
+# endif
!= -1) {
switch (ch) {
case '4':
family = AF_INET;
@@ -233,24 +260,30 @@ main(int argc, char *argv[])
@@ -241,24 +268,30 @@ main(int argc, char *argv[])
else
errx(1, "unsupported proxy protocol");
break;
@ -300,7 +375,7 @@ CRLF line-ending in the Debian-specific patches.
case 'h':
help();
break;
@@ -259,9 +292,11 @@ main(int argc, char *argv[])
@@ -267,9 +300,11 @@ main(int argc, char *argv[])
if (errstr)
errx(1, "interval %s: %s", errstr, optarg);
break;
@ -312,7 +387,7 @@ CRLF line-ending in the Debian-specific patches.
case 'k':
kflag = 1;
break;
@@ -290,10 +325,12 @@ main(int argc, char *argv[])
@@ -298,10 +333,12 @@ main(int argc, char *argv[])
case 'p':
pflag = optarg;
break;
@ -325,7 +400,22 @@ CRLF line-ending in the Debian-specific patches.
case 'r':
rflag = 1;
break;
@@ -348,9 +385,11 @@ main(int argc, char *argv[])
@@ -343,12 +380,14 @@ main(int argc, char *argv[])
if ((proxy = strdup(optarg)) == NULL)
err(1, NULL);
break;
+# if defined(TLS)
case 'Z':
if (strcmp(optarg, "-") == 0)
Zflag = stderr;
else if ((Zflag = fopen(optarg, "w")) == NULL)
err(1, "can't open %s", optarg);
break;
+# endif
case 'z':
zflag = 1;
break;
@@ -367,9 +406,11 @@ main(int argc, char *argv[])
errx(1, "TCP send window %s: %s",
errstr, optarg);
break;
@ -337,18 +427,18 @@ CRLF line-ending in the Debian-specific patches.
case 'S':
# if defined(TCP_MD5SIG)
Sflag = 1;
@@ -363,8 +402,10 @@ main(int argc, char *argv[])
@@ -380,8 +421,10 @@ main(int argc, char *argv[])
case 'T':
errstr = NULL;
errno = 0;
if (map_tos(optarg, &Tflag))
break;
+# if defined(TLS)
if (map_tls(optarg, &TLSopt))
if (process_tls_opt(optarg, &TLSopt))
break;
+# endif
if (process_tos_opt(optarg, &Tflag))
break;
if (strlen(optarg) > 1 && optarg[0] == '0' &&
optarg[1] == 'x')
Tflag = (int)strtol(optarg, NULL, 16);
@@ -372,7 +413,11 @@ main(int argc, char *argv[])
@@ -391,7 +434,11 @@ main(int argc, char *argv[])
Tflag = (int)strtonum(optarg, 0, 255,
&errstr);
if (Tflag < 0 || Tflag > 255 || errstr || errno)
@ -360,7 +450,19 @@ CRLF line-ending in the Debian-specific patches.
break;
default:
usage(1);
@@ -411,12 +456,15 @@ main(int argc, char *argv[])
@@ -428,6 +475,7 @@ main(int argc, char *argv[])
} else
usage(1);
+# if defined(TLS)
if (usetls) {
if (Cflag && unveil(Cflag, "r") == -1)
err(1, "unveil");
@@ -450,15 +498,19 @@ main(int argc, char *argv[])
err(1, "unveil");
}
}
+# endif
if (!lflag && kflag)
errx(1, "must use -l with -k");
@ -376,7 +478,7 @@ CRLF line-ending in the Debian-specific patches.
if (Fflag && usetls)
errx(1, "cannot use -c and -F");
if (TLSopt && !usetls)
@@ -433,6 +481,7 @@ main(int argc, char *argv[])
@@ -477,6 +529,7 @@ main(int argc, char *argv[])
errx(1, "you must specify -c to use -H");
if (tls_expectname && !usetls)
errx(1, "you must specify -c to use -e");
@ -384,27 +486,25 @@ CRLF line-ending in the Debian-specific patches.
/* Get name of temporary socket for unix datagram client */
if ((family == AF_UNIX) && uflag && !lflag) {
@@ -499,6 +548,7 @@ main(int argc, char *argv[])
@@ -543,6 +596,7 @@ main(int argc, char *argv[])
proxyhints.ai_flags |= AI_NUMERICHOST;
}
+# if defined(TLS)
if (usetls) {
if (Pflag) {
if (pledge("stdio inet dns tty rpath", NULL) == -1)
@@ -544,8 +594,11 @@ main(int argc, char *argv[])
if ((tls_cfg = tls_config_new()) == NULL)
errx(1, "unable to allocate TLS config");
@@ -578,7 +632,8 @@ main(int argc, char *argv[])
err(1, "pledge");
} else if (pledge("stdio inet dns", NULL) == -1)
err(1, "pledge");
}
- }
+ }
+# endif
if (lflag) {
+# if defined(TLS)
struct tls *tls_cctx = NULL;
+# endif
int connfd;
ret = 0;
@@ -556,6 +609,7 @@ main(int argc, char *argv[])
@@ -589,6 +644,7 @@ main(int argc, char *argv[])
s = unix_listen(host);
}
@ -412,39 +512,42 @@ CRLF line-ending in the Debian-specific patches.
if (usetls) {
tls_config_verify_client_optional(tls_cfg);
if ((tls_ctx = tls_server()) == NULL)
@@ -564,6 +618,7 @@ main(int argc, char *argv[])
@@ -597,6 +653,7 @@ main(int argc, char *argv[])
errx(1, "tls configuration failed (%s)",
tls_error(tls_ctx));
}
+# endif
/* Allow only one connection at a time, but stay alive. */
for (;;) {
if (family != AF_UNIX)
@@ -575,7 +630,11 @@ main(int argc, char *argv[])
* receive datagrams from multiple socket pairs.
if (family != AF_UNIX) {
@@ -612,7 +669,11 @@ main(int argc, char *argv[])
* let it receive datagrams from multiple
* socket pairs.
*/
if (uflag && kflag)
+# if defined(TLS)
readwrite(s, NULL);
+# else
+ readwrite(s);
+# endif
} else if (uflag && !kflag) {
/*
* For UDP and not -k, we will use recvfrom() initially
* to wait for a caller, then use the regular functions
@@ -600,7 +659,11 @@ main(int argc, char *argv[])
* For UDP and not -k, we will use recvfrom()
@@ -636,9 +697,14 @@ main(int argc, char *argv[])
if (vflag)
report_connect((struct sockaddr *)&z, len, NULL);
+# if defined(TLS)
readwrite(s, NULL);
} else {
struct tls *tls_cctx = NULL;
+# else
+ readwrite(s);
+ } else {
+# endif
} else {
int connfd;
len = sizeof(cliaddr);
connfd = accept4(s, (struct sockaddr *)&cliaddr,
@@ -612,6 +675,7 @@ main(int argc, char *argv[])
@@ -651,6 +717,7 @@ main(int argc, char *argv[])
if (vflag)
report_connect((struct sockaddr *)&cliaddr, len,
family == AF_UNIX ? host : NULL);
@ -452,17 +555,18 @@ CRLF line-ending in the Debian-specific patches.
if ((usetls) &&
(tls_cctx = tls_setup_server(tls_ctx, connfd, host)))
readwrite(connfd, tls_cctx);
@@ -622,6 +686,9 @@ main(int argc, char *argv[])
@@ -660,6 +727,10 @@ main(int argc, char *argv[])
timeout_tls(s, tls_cctx, tls_close);
close(connfd);
tls_free(tls_cctx);
tls_cctx = NULL;
}
+# else
+ readwrite(connfd);
+ close(connfd);
+# endif
close(connfd);
}
if (family != AF_UNIX)
@@ -639,7 +706,11 @@ main(int argc, char *argv[])
if (family == AF_UNIX && uflag) {
if (connect(s, NULL, 0) < 0)
@@ -674,7 +745,11 @@ main(int argc, char *argv[])
if ((s = unix_connect(host)) > 0) {
if (!zflag)
@ -474,15 +578,15 @@ CRLF line-ending in the Debian-specific patches.
close(s);
} else
ret = 1;
@@ -659,6 +730,7 @@ main(int argc, char *argv[])
@@ -693,6 +768,7 @@ main(int argc, char *argv[])
for (s = -1, i = 0; portlist[i] != NULL; i++) {
if (s != -1)
close(s);
+# if defined(TLS)
if (usetls) {
if ((tls_ctx = tls_client()) == NULL)
errx(1, "tls client creation failed");
@@ -666,6 +738,7 @@ main(int argc, char *argv[])
tls_free(tls_ctx);
tls_ctx = NULL;
@@ -703,6 +779,7 @@ main(int argc, char *argv[])
errx(1, "tls configuration failed (%s)",
tls_error(tls_ctx));
}
@ -490,7 +594,7 @@ CRLF line-ending in the Debian-specific patches.
if (xflag)
s = socks_connect(host, portlist[i], hints,
proxy, proxyport, proxyhints, socksv,
@@ -703,6 +776,7 @@ main(int argc, char *argv[])
@@ -740,6 +817,7 @@ main(int argc, char *argv[])
}
if (Fflag)
fdpass(s);
@ -498,9 +602,9 @@ CRLF line-ending in the Debian-specific patches.
else {
if (usetls)
tls_setup_client(tls_ctx, s, host);
@@ -714,13 +788,19 @@ main(int argc, char *argv[])
tls_ctx = NULL;
}
@@ -748,13 +826,19 @@ main(int argc, char *argv[])
if (tls_ctx)
timeout_tls(s, tls_ctx, tls_close);
}
+# else
+ else if (!zflag)
@ -511,22 +615,22 @@ CRLF line-ending in the Debian-specific patches.
if (s != -1)
close(s);
+# if defined(TLS)
tls_free(tls_ctx);
tls_config_free(tls_cfg);
+# endif
exit(ret);
return ret;
}
@@ -759,6 +839,7 @@ unix_bind(char *path, int flags)
return (s);
@@ -794,6 +878,7 @@ unix_bind(char *path, int flags)
return s;
}
+# if defined(TLS)
int
timeout_tls(int s, struct tls *tls_ctx, int (*func)(struct tls *))
{
@@ -840,6 +921,7 @@ tls_setup_server(struct tls *tls_ctx, in
@@ -880,6 +965,7 @@ tls_setup_server(struct tls *tls_ctx, in
}
return NULL;
}
@ -534,7 +638,7 @@ CRLF line-ending in the Debian-specific patches.
/*
* unix_connect()
@@ -1052,7 +1134,11 @@ local_listen(char *host, char *port, str
@@ -1092,7 +1178,11 @@ local_listen(const char *host, const cha
* Loop that polls on the network file descriptor and stdin.
*/
void
@ -546,7 +650,7 @@ CRLF line-ending in the Debian-specific patches.
{
struct pollfd pfd[4];
int stdin_fd = STDIN_FILENO;
@@ -1152,12 +1238,17 @@ readwrite(int net_fd, struct tls *tls_ct
@@ -1192,12 +1282,17 @@ readwrite(int net_fd, struct tls *tls_ct
/* try to read from stdin */
if (pfd[POLL_STDIN].revents & POLLIN && stdinbufpos < BUFSIZE) {
ret = fillbuf(pfd[POLL_STDIN].fd, stdinbuf,
@ -565,7 +669,7 @@ CRLF line-ending in the Debian-specific patches.
pfd[POLL_STDIN].fd = -1;
/* read something - poll net out */
if (stdinbufpos > 0)
@@ -1169,12 +1260,17 @@ readwrite(int net_fd, struct tls *tls_ct
@@ -1209,12 +1304,17 @@ readwrite(int net_fd, struct tls *tls_ct
/* try to write to network */
if (pfd[POLL_NETOUT].revents & POLLOUT && stdinbufpos > 0) {
ret = drainbuf(pfd[POLL_NETOUT].fd, stdinbuf,
@ -584,7 +688,7 @@ CRLF line-ending in the Debian-specific patches.
pfd[POLL_NETOUT].fd = -1;
/* buffer empty - remove self from polling */
if (stdinbufpos == 0)
@@ -1186,12 +1282,17 @@ readwrite(int net_fd, struct tls *tls_ct
@@ -1226,12 +1326,17 @@ readwrite(int net_fd, struct tls *tls_ct
/* try to read from network */
if (pfd[POLL_NETIN].revents & POLLIN && netinbufpos < BUFSIZE) {
ret = fillbuf(pfd[POLL_NETIN].fd, netinbuf,
@ -603,7 +707,7 @@ CRLF line-ending in the Debian-specific patches.
pfd[POLL_NETIN].fd = -1;
/* eof on net in - remove from pfd */
if (ret == 0) {
@@ -1212,12 +1313,17 @@ readwrite(int net_fd, struct tls *tls_ct
@@ -1258,12 +1363,17 @@ readwrite(int net_fd, struct tls *tls_ct
/* try to write to stdout */
if (pfd[POLL_STDOUT].revents & POLLOUT && netinbufpos > 0) {
ret = drainbuf(pfd[POLL_STDOUT].fd, netinbuf,
@ -622,7 +726,7 @@ CRLF line-ending in the Debian-specific patches.
pfd[POLL_STDOUT].fd = -1;
/* buffer empty - remove self from polling */
if (netinbufpos == 0)
@@ -1241,19 +1347,29 @@ readwrite(int net_fd, struct tls *tls_ct
@@ -1287,19 +1397,29 @@ readwrite(int net_fd, struct tls *tls_ct
}
ssize_t
@ -652,7 +756,7 @@ CRLF line-ending in the Debian-specific patches.
if (n <= 0)
return n;
/* adjust buffer */
@@ -1265,19 +1381,29 @@ drainbuf(int fd, unsigned char *buf, siz
@@ -1311,19 +1431,29 @@ drainbuf(int fd, unsigned char *buf, siz
}
ssize_t
@ -682,15 +786,15 @@ CRLF line-ending in the Debian-specific patches.
if (n <= 0)
return n;
*bufpos += n;
@@ -1581,6 +1707,7 @@ map_tos(char *s, int *val)
return (0);
@@ -1641,6 +1771,7 @@ process_tos_opt(char *s, int *val)
return 0;
}
+# if defined(TLS)
int
map_tls(char *s, int *val)
process_tls_opt(char *s, int *flags)
{
@@ -1662,6 +1789,7 @@ report_tls(struct tls * tls_ctx, char *
@@ -1754,6 +1885,7 @@ report_tls(struct tls * tls_ctx, char *
}
}
@ -698,7 +802,7 @@ CRLF line-ending in the Debian-specific patches.
void
report_connect(const struct sockaddr *sa, socklen_t salen, char *path)
@@ -1704,17 +1832,12 @@ help(void)
@@ -1796,17 +1928,12 @@ help(void)
fprintf(stderr, "\tCommand Summary:\n\
\t-4 Use IPv4\n\
\t-6 Use IPv6\n\
@ -716,7 +820,7 @@ CRLF line-ending in the Debian-specific patches.
\t-k Keep inbound sockets open for multiple connects\n\
\t-l Listen mode, for inbound connects\n\
\t-M ttl Outgoing TTL / Hop Limit\n\
@@ -1722,14 +1845,12 @@ help(void)
@@ -1814,14 +1941,12 @@ help(void)
\t-N Shutdown the network socket after EOF on stdin\n\
\t-n Suppress name/port resolutions\n\
\t-O length TCP send buffer length\n\
@ -732,7 +836,15 @@ CRLF line-ending in the Debian-specific patches.
\t-t Answer TELNET negotiation\n\
\t-U Use UNIX domain socket\n\
\t-u UDP mode\n\
@@ -1747,11 +1868,8 @@ void
@@ -1831,7 +1956,6 @@ help(void)
\t-w timeout Timeout for connects and final net reads\n\
\t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\
\t-x addr[:port]\tSpecify proxy address and port\n\
- \t-Z Peer certificate file\n\
\t-z Zero-I/O mode [used for scanning]\n\
Port numbers can be individual or ranges: lo-hi [inclusive]\n");
exit(0);
@@ -1841,15 +1965,11 @@ void
usage(int ret)
{
fprintf(stderr,
@ -743,6 +855,10 @@ CRLF line-ending in the Debian-specific patches.
- "[-R CAfile]\n"
+ "usage: nc [-46DdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
+ "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
"\t [-s source] [-T keyword] [-V rtable] [-w timeout] "
"[-X proxy_protocol]\n"
"\t [-x proxy_address[:port]] [destination] [port]\n");
"\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
"[-w timeout]\n"
"\t [-X proxy_protocol] [-x proxy_address[:port]] "
- "[-Z peercertfile]\n"
"\t [destination] [port]\n");
if (ret)
exit(1);

View File

@ -17,7 +17,7 @@ Subject: connect timeout
#include <netdb.h>
#include <poll.h>
@@ -124,6 +125,10 @@
# define TLS_MUSTSTAPLE (1 << 5)
# define TLS_MUSTSTAPLE (1 << 4)
#endif
+#define CONNECTION_SUCCESS 0
@ -27,7 +27,7 @@ Subject: connect timeout
/* Command Line Options */
int dflag; /* detached, no stdin */
int Fflag; /* fdpass sock to stdout */
@@ -208,6 +213,9 @@ ssize_t drainbuf(int, unsigned char *, s
@@ -214,6 +219,9 @@ ssize_t drainbuf(int, unsigned char *, s
ssize_t fillbuf(int, unsigned char *, size_t *);
# endif
@ -37,7 +37,7 @@ Subject: connect timeout
int
main(int argc, char *argv[])
{
@@ -1022,11 +1030,14 @@ remote_connect(const char *host, const c
@@ -1066,11 +1074,14 @@ remote_connect(const char *host, const c
set_common_sockopts(s, res->ai_family);
@ -54,8 +54,8 @@ Subject: connect timeout
save_errno = errno;
close(s);
@@ -1067,6 +1078,69 @@ timeout_connect(int s, const struct sock
return (ret);
@@ -1111,6 +1122,69 @@ timeout_connect(int s, const struct sock
return ret;
}
+static int connect_with_timeout(int fd, const struct sockaddr *sa,

View File

@ -4,8 +4,8 @@ Subject: dccp support
---
nc.1 | 4 ++
netcat.c | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++++----------
2 files changed, 82 insertions(+), 15 deletions(-)
netcat.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++++----------
2 files changed, 79 insertions(+), 14 deletions(-)
--- a/nc.1
+++ b/nc.1
@ -18,15 +18,15 @@ Subject: dccp support
.Op Fl I Ar length
.Op Fl i Ar interval
.Op Fl M Ar ttl
@@ -286,6 +286,8 @@ for SOCKS, 3128 for HTTPS).
An IPv6 address can be specified unambiguously by enclosing
.Ar proxy_address
@@ -289,6 +289,8 @@ An IPv6 address can be specified unambig
in square brackets.
A proxy cannot be used with any of the options
.Fl lsuU .
+.It Fl Z
+DCCP mode.
.It Fl z
Specifies that
.Nm
Only scan for listening daemons, without sending any data to them.
Cannot be used together with
--- a/netcat.c
+++ b/netcat.c
@@ -147,6 +147,7 @@ int rflag; /* Random ports flag */
@ -37,7 +37,7 @@ Subject: dccp support
int vflag; /* Verbosity */
int xflag; /* Socks proxy */
int zflag; /* Port Scan Flag */
@@ -219,6 +220,7 @@ ssize_t drainbuf(int, unsigned char *, s
@@ -225,6 +226,7 @@ ssize_t drainbuf(int, unsigned char *, s
ssize_t fillbuf(int, unsigned char *, size_t *);
# endif
@ -45,19 +45,16 @@ Subject: dccp support
static int connect_with_timeout(int fd, const struct sockaddr *sa,
socklen_t salen, int ctimeout);
@@ -252,9 +254,9 @@ main(int argc, char *argv[])
while ((ch = getopt(argc, argv,
@@ -261,7 +263,7 @@ main(int argc, char *argv[])
# if defined(TLS)
- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:z")) != -1) {
+ "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:Zz")) != -1) {
"46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
# else
- "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:z")) != -1) {
+ "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:Zz")) != -1) {
- "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:z"))
+ "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:Zz"))
# endif
!= -1) {
switch (ch) {
case '4':
@@ -370,6 +372,13 @@ main(int argc, char *argv[])
@@ -378,6 +380,13 @@ main(int argc, char *argv[])
case 'u':
uflag = 1;
break;
@ -71,12 +68,10 @@ Subject: dccp support
case 'V':
# if defined(RT_TABLEID_MAX)
rtableid = (int)strtonum(optarg, 0,
@@ -461,6 +470,12 @@ main(int argc, char *argv[])
@@ -482,6 +491,10 @@ main(int argc, char *argv[])
/* Cruft to make sure options are clean, and used properly. */
if (argv[0] && !argv[1] && family == AF_UNIX) {
+ if (uflag)
+ errx(1, "cannot use -u and -U");
+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
+ if (dccpflag)
+ errx(1, "cannot use -Z and -U");
@ -84,7 +79,7 @@ Subject: dccp support
host = argv[0];
uport = NULL;
} else if (!argv[0] && lflag) {
@@ -527,8 +542,20 @@ main(int argc, char *argv[])
@@ -575,8 +588,20 @@ main(int argc, char *argv[])
if (family != AF_UNIX) {
memset(&hints, 0, sizeof(struct addrinfo));
hints.ai_family = family;
@ -107,7 +102,7 @@ Subject: dccp support
if (nflag)
hints.ai_flags |= AI_NUMERICHOST;
}
@@ -536,7 +563,10 @@ main(int argc, char *argv[])
@@ -584,7 +609,10 @@ main(int argc, char *argv[])
if (xflag) {
if (uflag)
errx(1, "no proxy support for UDP mode");
@ -119,7 +114,7 @@ Subject: dccp support
if (lflag)
errx(1, "no proxy support for listen");
@@ -798,19 +828,20 @@ main(int argc, char *argv[])
@@ -841,19 +869,20 @@ main(int argc, char *argv[])
}
}
@ -142,8 +137,8 @@ Subject: dccp support
sv ? sv->s_name : "*");
}
if (Fflag)
@@ -1017,6 +1048,24 @@ unix_listen(char *path)
return (s);
@@ -1063,6 +1092,24 @@ unix_listen(char *path)
return s;
}
+char *proto_name(int uflag, int dccpflag) {
@ -167,7 +162,7 @@ Subject: dccp support
/*
* remote_connect()
* Returns a socket connected to a remote host. Properly binds to a local
@@ -1047,8 +1096,21 @@ remote_connect(const char *host, const c
@@ -1093,8 +1140,21 @@ remote_connect(const char *host, const c
# endif
memset(&ahints, 0, sizeof(struct addrinfo));
ahints.ai_family = res->ai_family;
@ -191,7 +186,7 @@ Subject: dccp support
ahints.ai_flags = AI_PASSIVE;
if ((error = getaddrinfo(sflag, pflag, &ahints, &ares)))
errx(1, "getaddrinfo: %s", gai_strerror(error));
@@ -1060,15 +1122,16 @@ remote_connect(const char *host, const c
@@ -1106,15 +1166,16 @@ remote_connect(const char *host, const c
}
set_common_sockopts(s, res->ai_family);
@ -211,7 +206,7 @@ Subject: dccp support
save_errno = errno;
close(s);
@@ -1654,7 +1717,8 @@ build_ports(char *p)
@@ -1706,7 +1767,8 @@ build_ports(char *p)
int hi, lo, cp;
int x = 0;
@ -221,7 +216,7 @@ Subject: dccp support
if (sv) {
if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0)
err(1, "asprintf");
@@ -1991,6 +2055,7 @@ help(void)
@@ -2090,6 +2152,7 @@ help(void)
\t-w timeout Timeout for connects and final net reads\n\
\t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\
\t-x addr[:port]\tSpecify proxy address and port\n\
@ -229,12 +224,12 @@ Subject: dccp support
\t-z Zero-I/O mode [used for scanning]\n\
Port numbers can be individual or ranges: lo-hi [inclusive]\n");
exit(0);
@@ -2000,7 +2065,7 @@ void
@@ -2099,7 +2162,7 @@ void
usage(int ret)
{
fprintf(stderr,
- "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
+ "usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]\n"
"\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
"\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-w timeout] "
"[-X proxy_protocol]\n"
"\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
"[-w timeout]\n"

191
destination-port-list.patch Normal file
View File

@ -0,0 +1,191 @@
From: Guilhem Moulin <guilhem@debian.org>
Date: Mon, 22 Oct 2018 04:15:52 +0200
Subject: destination port list
---
nc.1 | 26 ++++++++++++++++---
netcat.c | 86 ++++++++++++++++++++++++++++++++-------------------------------
2 files changed, 68 insertions(+), 44 deletions(-)
--- a/nc.1
+++ b/nc.1
@@ -414,15 +414,35 @@ The
flag can be used to tell
.Nm
to report open ports,
-rather than initiate a connection.
+rather than initiate a connection. Usually it's useful to turn on verbose
+output to stderr by use this option in conjunction with
+.Fl v
+option.
+.Pp
For example:
.Bd -literal -offset indent
-$ nc -z host.example.com 20-30
+$ nc \-zv host.example.com 20-30
Connection to host.example.com 22 port [tcp/ssh] succeeded!
Connection to host.example.com 25 port [tcp/smtp] succeeded!
.Ed
.Pp
-The port range was specified to limit the search to ports 20 \- 30.
+The port range was specified to limit the search to ports 20 \- 30, and is
+scanned by increasing order (unless the
+.Fl r
+flag is set).
+.Pp
+You can also specify a list of ports to scan, for example:
+.Bd -literal -offset indent
+$ nc \-zv host.example.com http 20 22-23
+nc: connect to host.example.com 80 (tcp) failed: Connection refused
+nc: connect to host.example.com 20 (tcp) failed: Connection refused
+Connection to host.example.com port [tcp/ssh] succeeded!
+nc: connect to host.example.com 23 (tcp) failed: Connection refused
+.Ed
+.Pp
+The ports are scanned by the order you given (unless the
+.Fl r
+flag is set).
.Pp
Alternatively, it might be useful to know which server software
is running, and which versions.
--- a/netcat.c
+++ b/netcat.c
@@ -192,7 +192,7 @@ int minttl = -1;
void atelnet(int, unsigned char *, unsigned int);
int strtoport(char *portstr, int udp);
-void build_ports(char *);
+void build_ports(char **);
void help(void) __attribute__((noreturn));
int local_listen(const char *, const char *, struct addrinfo);
# if defined(TLS)
@@ -243,7 +243,7 @@ int
main(int argc, char *argv[])
{
int ch, s = -1, ret, socksv;
- char *host, *uport;
+ char *host, **uport;
struct addrinfo hints;
struct servent *sv;
socklen_t len;
@@ -524,11 +524,11 @@ main(int argc, char *argv[])
} else if (argv[0] && !argv[1]) {
if (!lflag)
usage(1);
- uport = argv[0];
+ uport = &argv[0];
host = NULL;
} else if (argv[0] && argv[1]) {
host = argv[0];
- uport = argv[1];
+ uport = &argv[1];
} else
usage(1);
@@ -715,7 +715,7 @@ main(int argc, char *argv[])
else
s = unix_listen(host);
} else
- s = local_listen(host, uport, hints);
+ s = local_listen(host, *uport, hints);
if (s < 0)
err(1, NULL);
@@ -1775,57 +1775,61 @@ strtoport(char *portstr, int udp)
* that we should try to connect to.
*/
void
-build_ports(char *p)
+build_ports(char **p)
{
struct servent *sv;
char *n;
int hi, lo, cp;
int x = 0;
+ int i;
char *proto = proto_name(uflag, dccpflag);
- sv = getservbyname(p, proto);
- if (sv) {
- if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0)
- err(1, "asprintf");
- } else if ((n = strchr(p, '-')) != NULL) {
- *n = '\0';
- n++;
-
- /* Make sure the ports are in order: lowest->highest. */
- hi = strtoport(n, uflag);
- lo = strtoport(p, uflag);
- if (lo > hi) {
- cp = hi;
- hi = lo;
- lo = cp;
- }
-
- /*
- * Initialize portlist with a random permutation. Based on
- * Knuth, as in ip_randomid() in sys/netinet/ip_id.c.
- */
- if (rflag) {
- for (x = 0; x <= hi - lo; x++) {
- cp = arc4random_uniform(x + 1);
- portlist[x] = portlist[cp];
- if (asprintf(&portlist[cp], "%d", x + lo) < 0)
- err(1, "asprintf");
+ for (i = 0; p[i] != NULL; i++) {
+ sv = getservbyname(p[i], proto);
+ if (sv) {
+ if (asprintf(&portlist[x], "%d", ntohs(sv->s_port)) < 0)
+ err(1, "asprintf");
+ x++;
+ } else if ((n = strchr(p[i], '-')) != NULL) {
+ *n = '\0';
+ n++;
+
+ /* Make sure the ports are in order: lowest->highest. */
+ hi = strtoport(n, uflag);
+ lo = strtoport(p[i], uflag);
+ if (lo > hi) {
+ cp = hi;
+ hi = lo;
+ lo = cp;
}
- } else { /* Load ports sequentially. */
+
+ /* Load ports sequentially. */
for (cp = lo; cp <= hi; cp++) {
if (asprintf(&portlist[x], "%d", cp) < 0)
err(1, "asprintf");
x++;
}
+ } else {
+ hi = strtoport(p[i], uflag);
+ if (asprintf(&portlist[x], "%d", hi) < 0)
+ err(1, "asprintf");
+ x++;
}
- } else {
- char *tmp;
+ }
- hi = strtoport(p, uflag);
- if (asprintf(&tmp, "%d", hi) != -1)
- portlist[0] = tmp;
- else
- err(1, NULL);
+ /*
+ * Initialize portlist with a random permutation using
+ * FisherYates shuffle.
+ */
+ if (rflag) {
+ for (i = x-1; i > 0; i--) {
+ cp = arc4random_uniform(i+1);
+ if (cp != i) {
+ n = portlist[i];
+ portlist[i] = portlist[cp];
+ portlist[cp] = n;
+ }
+ }
}
}

View File

@ -8,7 +8,7 @@ Subject: get sev by name
--- a/netcat.c
+++ b/netcat.c
@@ -1603,11 +1603,16 @@ strtoport(char *portstr, int udp)
@@ -1653,11 +1653,16 @@ strtoport(char *portstr, int udp)
void
build_ports(char *p)
{

View File

@ -3,10 +3,10 @@ Date: Mon, 13 Feb 2012 19:06:52 +0800
Subject: misc failures and features
---
Makefile | 3 +-
nc.1 | 76 +++++++++++++++++++++++++++++++++++++++++++++++++---
netcat.c | 91 ++++++++++++++++++++++++++++++++++++++++++++-------------------
3 files changed, 138 insertions(+), 32 deletions(-)
Makefile | 3 ++-
nc.1 | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
netcat.c | 14 ++++++++++++--
3 files changed, 65 insertions(+), 3 deletions(-)
--- a/Makefile
+++ b/Makefile
@ -22,25 +22,7 @@ Subject: misc failures and features
LDFLAGS= -Wl,--no-add-needed
--- a/nc.1
+++ b/nc.1
@@ -33,7 +33,7 @@
.Nd arbitrary TCP and UDP connections and listens
.Sh SYNOPSIS
.Nm nc
-.Op Fl 46CDdFhklNnrStUuvZz
+.Op Fl 46bCDdFhklNnrStUuvZz
.Op Fl I Ar length
.Op Fl i Ar interval
.Op Fl M Ar ttl
@@ -96,6 +96,8 @@ to use IPv4 addresses only.
Forces
.Nm
to use IPv6 addresses only.
+.It Fl b
+Allow broadcast.
.It Fl C
Send CRLF as line-ending.
.It Fl D
@@ -352,6 +354,54 @@ and which side is being used as a
@@ -365,6 +365,54 @@ and which side is being used as a
The connection may be terminated using an
.Dv EOF
.Pq Sq ^D .
@ -95,41 +77,7 @@ Subject: misc failures and features
.Sh DATA TRANSFER
The example in the previous section can be expanded to build a
basic data transfer model.
@@ -411,15 +461,30 @@ The
flag can be used to tell
.Nm
to report open ports,
-rather than initiate a connection.
+rather than initiate a connection. Usually it's useful to turn on verbose
+output to stderr by use this option in conjunction with
+.Fl v
+option.
+.Pp
For example:
.Bd -literal -offset indent
-$ nc -z host.example.com 20-30
+$ nc \-zv host.example.com 20-30
Connection to host.example.com 22 port [tcp/ssh] succeeded!
Connection to host.example.com 25 port [tcp/smtp] succeeded!
.Ed
.Pp
-The port range was specified to limit the search to ports 20 \- 30.
+The port range was specified to limit the search to ports 20 \- 30, and is
+scanned by increasing order.
+.Pp
+You can also specify a list of ports to scan, for example:
+.Bd -literal -offset indent
+$ nc \-zv host.example.com 80 20 22
+nc: connect to host.example.com 80 (tcp) failed: Connection refused
+nc: connect to host.example.com 20 (tcp) failed: Connection refused
+Connection to host.example.com port [tcp/ssh] succeeded!
+.Ed
+.Pp
+The ports are scanned by the order you given.
.Pp
Alternatively, it might be useful to know which server software
is running, and which versions.
@@ -484,6 +549,9 @@ Original implementation by *Hobbit*
@@ -517,6 +565,9 @@ Original implementation by
.br
Rewritten with IPv6 support by
.An Eric Jackson Aq Mt ericj@monkey.org .
@ -149,29 +97,7 @@ Subject: misc failures and features
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
@@ -136,6 +137,7 @@
#define UDP_SCAN_TIMEOUT 3 /* Seconds */
/* Command Line Options */
+int bflag; /* Allow Broadcast */
int dflag; /* detached, no stdin */
int Fflag; /* fdpass sock to stdout */
unsigned int iflag; /* Interval Flag */
@@ -186,7 +188,7 @@ int ttl = -1;
int minttl = -1;
void atelnet(int, unsigned char *, unsigned int);
-void build_ports(char *);
+void build_ports(char **);
void help(void);
int local_listen(char *, char *, struct addrinfo);
# if defined(TLS)
@@ -236,11 +238,14 @@ int
main(int argc, char *argv[])
{
int ch, s = -1, ret, socksv;
- char *host, *uport;
+ char *host, **uport;
@@ -247,7 +248,10 @@ main(int argc, char *argv[])
struct addrinfo hints;
struct servent *sv;
socklen_t len;
@ -180,203 +106,40 @@ Subject: misc failures and features
+ struct sockaddr_storage storage;
+ struct sockaddr_un forunix;
+ } cliaddr;
char *proxy, *proxyport = NULL;
char *proxy = NULL, *proxyport = NULL;
const char *errstr;
struct addrinfo proxyhints;
@@ -260,9 +265,9 @@ main(int argc, char *argv[])
while ((ch = getopt(argc, argv,
# if defined(TLS)
- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:Zz")) != -1) {
+ "46bC:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:Zz")) != -1) {
# else
- "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:Zz")) != -1) {
+ "46bCDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:Zz")) != -1) {
# endif
switch (ch) {
case '4':
@@ -271,6 +276,13 @@ main(int argc, char *argv[])
case '6':
family = AF_INET6;
break;
+ case 'b':
+# if defined(SO_BROADCAST)
+ bflag = 1;
+# else
+ errx(1, "no broadcast frame support available");
+# endif
+ break;
case 'U':
family = AF_UNIX;
break;
@@ -479,32 +491,39 @@ main(int argc, char *argv[])
/* Cruft to make sure options are clean, and used properly. */
if (argv[0] && !argv[1] && family == AF_UNIX) {
- if (uflag)
- errx(1, "cannot use -u and -U");
# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
if (dccpflag)
errx(1, "cannot use -Z and -U");
# endif
host = argv[0];
uport = NULL;
- } else if (!argv[0] && lflag) {
- if (sflag)
- errx(1, "cannot use -s and -l");
- if (zflag)
- errx(1, "cannot use -z and -l");
- if (pflag)
- uport=pflag;
- } else if (argv[0] && !argv[1]) {
- if (!lflag)
- usage(1);
- uport = argv[0];
+ } else if (argv[0] && !argv[1] && lflag) {
+ if (pflag) {
+ uport = &pflag;
+ host = argv[0];
+ } else {
+ uport = argv;
+ host = NULL;
+ }
+ } else if (!argv[0] && lflag && pflag) {
+ uport = &pflag;
host = NULL;
} else if (argv[0] && argv[1]) {
host = argv[0];
- uport = argv[1];
+ uport = &argv[1];
} else
usage(1);
+ if (lflag) {
+ if (sflag)
+ errx(1, "cannot use -s and -l");
+ if (zflag)
+ errx(1, "cannot use -z and -l");
+ if (pflag)
+ /* This still does not work well because of getopt mess
+ errx(1, "cannot use -p and -l"); */
+ uport = &pflag;
+ }
if (!lflag && kflag)
errx(1, "must use -l with -k");
# if defined(TLS)
@@ -674,7 +693,7 @@ main(int argc, char *argv[])
else
s = unix_listen(host);
} else
- s = local_listen(host, uport, hints);
+ s = local_listen(host, *uport, hints);
if (s < 0)
err(1, NULL);
@@ -683,7 +702,8 @@ main(int argc, char *argv[])
local = ":::";
else
local = "0.0.0.0";
- fprintf(stderr, "Listening on [%s] (family %d, port %d)\n",
+ if (vflag && (family != AF_UNIX))
+ fprintf(stderr, "Listening on [%s] (family %d, port %s)\n",
host ?: local,
family,
*uport);
@@ -898,6 +918,8 @@ unix_bind(char *path, int flags)
@@ -952,6 +956,8 @@ unix_bind(char *path, int flags)
0)) < 0)
return (-1);
return -1;
+ unlink(path);
+
memset(&s_un, 0, sizeof(struct sockaddr_un));
s_un.sun_family = AF_UNIX;
@@ -1015,8 +1037,10 @@ unix_connect(char *path)
@@ -1075,8 +1081,10 @@ unix_connect(char *path)
if ((s = unix_bind(unix_dg_tmp_socket, SOCK_CLOEXEC)) < 0)
return (-1);
return -1;
} else {
- if ((s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) < 0)
+ if ((s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) < 0) {
+ errx(1,"create unix socket failed");
return (-1);
+ errx(1, "create unix socket failed");
return -1;
+ }
}
memset(&s_un, 0, sizeof(struct sockaddr_un));
@@ -1026,10 +1050,12 @@ unix_connect(char *path)
@@ -1086,10 +1094,12 @@ unix_connect(char *path)
sizeof(s_un.sun_path)) {
close(s);
errno = ENAMETOOLONG;
+ warn("unix connect abandoned");
return (-1);
return -1;
}
if (connect(s, (struct sockaddr *)&s_un, sizeof(s_un)) < 0) {
save_errno = errno;
+ warn("unix connect failed");
close(s);
errno = save_errno;
return (-1);
@@ -1718,25 +1744,26 @@ strtoport(char *portstr, int udp)
* that we should try to connect to.
*/
void
-build_ports(char *p)
+build_ports(char **p)
{
struct servent *sv;
char *n;
int hi, lo, cp;
int x = 0;
+ int i;
char *proto = proto_name(uflag, dccpflag);
- sv = getservbyname(p, proto);
+ sv = getservbyname(*p, proto);
if (sv) {
if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0)
err(1, "asprintf");
- } else if ((n = strchr(p, '-')) != NULL) {
+ } else if ((n = strchr(*p, '-')) != NULL) {
*n = '\0';
n++;
/* Make sure the ports are in order: lowest->highest. */
hi = strtoport(n, uflag);
- lo = strtoport(p, uflag);
+ lo = strtoport(*p, uflag);
if (lo > hi) {
cp = hi;
hi = lo;
@@ -1764,7 +1791,7 @@ build_ports(char *p)
} else {
char *tmp;
- hi = strtoport(p, uflag);
+ hi = strtoport(*p, uflag);
if (asprintf(&tmp, "%d", hi) != -1)
portlist[0] = tmp;
else
@@ -1802,6 +1829,15 @@ set_common_sockopts(int s, const struct
int x = 1;
int af = sa->sa_family;
+# if defined(SO_BROADCAST)
+ if (bflag) {
+ /* allow datagram sockets to send packets to a broadcast address
+ * (this option has no effect on stream-oriented sockets) */
+ if (setsockopt(s, SOL_SOCKET, SO_BROADCAST,
+ &x, sizeof(x)) == -1)
+ err(1, NULL);
+ }
+# endif
# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN)
if (Sflag) {
struct tcp_md5sig sig;
@@ -2042,6 +2078,7 @@ help(void)
fprintf(stderr, "\tCommand Summary:\n\
\t-4 Use IPv4\n\
\t-6 Use IPv6\n\
+ \t-b Allow broadcast\n\
\t-C Send CRLF as line-ending\n\
\t-D Enable the debug socket option\n\
\t-d Detach from stdin\n\
return -1;

View File

@ -1,3 +1,26 @@
-------------------------------------------------------------------
Wed Nov 14 13:12:29 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
- Update to 1.195 release matching with debian
- Added new patches:
* broadcast-support.patch
* build-without-TLS-support.patch
* destination-port-list.patch
* use-flags-to-specify-listen-address.patch
- Refreshed patches:
* connect-timeout.patch
* dccp-support.patch
* get-sev-by-name.patch
* misc-failures-and-features.patch
* port-to-linux-with-libsd.patch
* quit-timer.patch
* send-crlf.patch
* serialized-handling-multiple-clients.patch
* set-TCP-MD5SIG-correctly-for-client-connections.patch
* udp-scan-timeout.patch
* verbose-numeric-port.patch
- Drop patch compile-without-TLS-support.patch, renamed
-------------------------------------------------------------------
Mon Jul 17 13:11:34 UTC 2017 - tchvatal@suse.com

View File

@ -1,7 +1,7 @@
#
# spec file for package netcat-openbsd
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -12,21 +12,21 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: netcat-openbsd
Version: 1.178
Version: 1.195
Release: 0
Summary: TCP/IP swiss army knife
License: BSD-3-Clause
Group: Productivity/Networking/Other
Url: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/nc/
URL: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/nc/
Source0: http://http.debian.net/debian/pool/main/n/netcat-openbsd/netcat-openbsd_%{version}.orig.tar.gz
#Patches from: http://http.debian.net/debian/pool/main/n/netcat-openbsd/netcat-openbsd_%{version}-2.debian.tar.xz
#Patches from: http://http.debian.net/debian/pool/main/n/netcat-openbsd/netcat-openbsd_%{version}-1.debian.tar.xz
Patch0: port-to-linux-with-libsd.patch
Patch1: compile-without-TLS-support.patch
Patch1: build-without-TLS-support.patch
Patch2: connect-timeout.patch
Patch3: get-sev-by-name.patch
Patch4: send-crlf.patch
@ -34,9 +34,12 @@ Patch5: quit-timer.patch
Patch6: udp-scan-timeout.patch
Patch7: verbose-numeric-port.patch
Patch8: dccp-support.patch
Patch9: serialized-handling-multiple-clients.patch
Patch10: set-TCP-MD5SIG-correctly-for-client-connections.patch
Patch11: misc-failures-and-features.patch
Patch9: broadcast-support.patch
Patch10: serialized-handling-multiple-clients.patch
Patch11: set-TCP-MD5SIG-correctly-for-client-connections.patch
Patch12: destination-port-list.patch
Patch13: use-flags-to-specify-listen-address.patch
Patch14: misc-failures-and-features.patch
BuildRequires: pkgconfig
BuildRequires: pkgconfig(libbsd)
Provides: nc6 = %{version}
@ -73,7 +76,7 @@ ln -s -f nc.1%{ext_man} %{buildroot}/%{_mandir}/man1/netcat.1%{ext_man}
%files
%{_bindir}/nc
%{_bindir}/netcat
%{_mandir}/man1/nc.1%{ext_man}
%{_mandir}/man1/netcat.1%{ext_man}
%{_mandir}/man1/nc.1%{?ext_man}
%{_mandir}/man1/netcat.1%{?ext_man}
%changelog

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:918330a41ee8ea938144ab1c59fa27533654ebff983bfb5255f730a3d9b06239
size 21630

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0e283b2a214313c69447cd962c528ac19afb3ddfe606b25de6d179f187cde4c3
size 22480

View File

@ -3,11 +3,11 @@ Date: Mon, 13 Feb 2012 15:59:31 +0800
Subject: port to linux with libsd
---
Makefile | 15 +++++++-
nc.1 | 4 --
netcat.c | 118 +++++++++++++++++++++++++++++++++++++++++++++++----------------
socks.c | 46 ++++++++++++------------
4 files changed, 127 insertions(+), 56 deletions(-)
Makefile | 15 ++++++-
nc.1 | 3 -
netcat.c | 131 ++++++++++++++++++++++++++++++++++++++++++++++++---------------
socks.c | 46 +++++++++++-----------
4 files changed, 139 insertions(+), 56 deletions(-)
--- a/Makefile
+++ b/Makefile
@ -32,24 +32,23 @@ Subject: port to linux with libsd
+ rm -f $(OBJS) nc
--- a/nc.1
+++ b/nc.1
@@ -202,9 +202,6 @@ Proxy authentication is only supported f
Specifies the source port
@@ -213,8 +213,6 @@ Proxy authentication is only supported f
Specify the source port
.Nm
should use, subject to privilege restrictions and availability.
-It is an error to use this option in conjunction with the
-.Fl l
-option.
-Cannot be used together with
-.Fl l .
.It Fl R Ar CAfile
Specifies the filename from which the root CA bundle for certificate
verification is loaded, in PEM format.
@@ -249,6 +246,7 @@ For IPv4 TOS value
Load the root CA bundle for TLS certificate verification from
.Ar CAfile ,
@@ -274,6 +272,7 @@ For the IPv4 TOS/IPv6 traffic class valu
may be one of
.Ar critical ,
.Ar inetcontrol ,
+.Ar lowcost ,
.Ar lowdelay ,
.Ar netcontrol ,
.Ar throughput ,
.Cm critical ,
.Cm inetcontrol ,
+.Cm lowcost ,
.Cm lowdelay ,
.Cm netcontrol ,
.Cm throughput ,
--- a/netcat.c
+++ b/netcat.c
@@ -32,6 +32,8 @@
@ -113,14 +112,14 @@ Subject: port to linux with libsd
#include <errno.h>
@@ -55,6 +100,8 @@
#include <time.h>
#include <unistd.h>
#include <tls.h>
#include <unistd.h>
+#include <bsd/stdlib.h>
+#include <bsd/string.h>
#include "atomicio.h"
#define PORT_MAX 65535
@@ -260,10 +307,14 @@ main(int argc, char *argv[])
@@ -268,10 +315,14 @@ main(int argc, char *argv[])
uflag = 1;
break;
case 'V':
@ -135,7 +134,7 @@ Subject: port to linux with libsd
break;
case 'v':
vflag = 1;
@@ -301,7 +352,11 @@ main(int argc, char *argv[])
@@ -320,7 +371,11 @@ main(int argc, char *argv[])
oflag = optarg;
break;
case 'S':
@ -147,7 +146,7 @@ Subject: port to linux with libsd
break;
case 'T':
errstr = NULL;
@@ -326,32 +381,23 @@ main(int argc, char *argv[])
@@ -345,14 +400,23 @@ main(int argc, char *argv[])
argc -= optind;
argv += optind;
@ -155,24 +154,6 @@ Subject: port to linux with libsd
if (rtableid >= 0)
if (setrtable(rtableid) == -1)
err(1, "setrtable");
-
- if (family == AF_UNIX) {
- if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
- err(1, "pledge");
- } else if (Fflag) {
- if (Pflag) {
- if (pledge("stdio inet dns sendfd tty", NULL) == -1)
- err(1, "pledge");
- } else if (pledge("stdio inet dns sendfd", NULL) == -1)
- err(1, "pledge");
- } else if (Pflag) {
- if (pledge("stdio inet dns tty", NULL) == -1)
- err(1, "pledge");
- } else if (usetls) {
- if (pledge("stdio rpath inet dns", NULL) == -1)
- err(1, "pledge");
- } else if (pledge("stdio inet dns", NULL) == -1)
- err(1, "pledge");
+# endif
/* Cruft to make sure options are clean, and used properly. */
@ -182,17 +163,38 @@ Subject: port to linux with libsd
+ } else if (!argv[0] && lflag) {
+ if (sflag)
+ errx(1, "cannot use -s and -l");
+ if (pflag)
+ errx(1, "cannot use -p and -l");
+ if (zflag)
+ errx(1, "cannot use -z and -l");
+ if (pflag)
+ uport=pflag;
} else if (argv[0] && !argv[1]) {
if (!lflag)
usage(1);
@@ -363,12 +409,6 @@ main(int argc, char *argv[])
} else
usage(1);
@@ -387,33 +451,6 @@ main(int argc, char *argv[])
}
}
- if (family == AF_UNIX) {
- if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
- err(1, "pledge");
- } else if (Fflag && Pflag) {
- if (pledge("stdio inet dns sendfd tty", NULL) == -1)
- err(1, "pledge");
- } else if (Fflag) {
- if (pledge("stdio inet dns sendfd", NULL) == -1)
- err(1, "pledge");
- } else if (Pflag && usetls) {
- if (pledge("stdio rpath inet dns tty", NULL) == -1)
- err(1, "pledge");
- } else if (Pflag) {
- if (pledge("stdio inet dns tty", NULL) == -1)
- err(1, "pledge");
- } else if (usetls) {
- if (pledge("stdio rpath inet dns", NULL) == -1)
- err(1, "pledge");
- } else if (pledge("stdio inet dns", NULL) == -1)
- err(1, "pledge");
-
- if (lflag && sflag)
- errx(1, "cannot use -s and -l");
- if (lflag && pflag)
@ -202,7 +204,7 @@ Subject: port to linux with libsd
if (!lflag && kflag)
errx(1, "must use -l with -k");
if (uflag && usetls)
@@ -401,8 +441,8 @@ main(int argc, char *argv[])
@@ -448,8 +485,8 @@ main(int argc, char *argv[])
} else {
strlcpy(unix_dg_tmp_socket_buf, "/tmp/nc.XXXXXXXXXX",
UNIX_DG_TMP_SOCKET_SIZE);
@ -213,7 +215,7 @@ Subject: port to linux with libsd
unix_dg_tmp_socket = unix_dg_tmp_socket_buf;
}
}
@@ -880,8 +920,10 @@ remote_connect(const char *host, const c
@@ -923,8 +960,10 @@ remote_connect(const char *host, const c
if (sflag || pflag) {
struct addrinfo ahints, *ares;
@ -224,7 +226,7 @@ Subject: port to linux with libsd
memset(&ahints, 0, sizeof(struct addrinfo));
ahints.ai_family = res->ai_family;
ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
@@ -973,9 +1015,15 @@ local_listen(char *host, char *port, str
@@ -1016,9 +1055,15 @@ local_listen(const char *host, const cha
res->ai_protocol)) < 0)
continue;
@ -240,7 +242,7 @@ Subject: port to linux with libsd
set_common_sockopts(s, res->ai_family);
@@ -1425,11 +1473,13 @@ set_common_sockopts(int s, int af)
@@ -1474,11 +1519,13 @@ set_common_sockopts(int s, int af)
{
int x = 1;
@ -254,33 +256,57 @@ Subject: port to linux with libsd
if (Dflag) {
if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
&x, sizeof(x)) == -1)
@@ -1460,8 +1510,11 @@ set_common_sockopts(int s, int af)
@@ -1489,9 +1536,14 @@ set_common_sockopts(int s, int af)
IP_TOS, &Tflag, sizeof(Tflag)) == -1)
err(1, "set IP ToS");
+#if defined(IPV6_TCLASS)
else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
IPV6_TCLASS, &Tflag, sizeof(Tflag)) == -1)
err(1, "set IPv6 traffic class");
+#else
+ else if (af == AF_INET6)
+ errx(1, "can't set IPv6 traffic class (unavailable)");
+#endif
}
if (Iflag) {
if (setsockopt(s, SOL_SOCKET, SO_RCVBUF,
@@ -1509,19 +1561,34 @@ set_common_sockopts(int s, int af)
IP_TTL, &ttl, sizeof(ttl)))
err(1, "set IP TTL");
- else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
+ else
+#if defined(IPV6_UNICAST_HOPS)
+ if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
IPV6_UNICAST_HOPS, &ttl, sizeof(ttl)))
+#endif
err(1, "set IPv6 unicast hops");
+#else
+ else if (af == AF_INET6)
+ errx(1, "can't set IPv6 unicast hops (unavailable)");
+#endif
}
@@ -1470,8 +1523,11 @@ set_common_sockopts(int s, int af)
if (minttl != -1) {
+#if defined(IP_MINTTL)
if (af == AF_INET && setsockopt(s, IPPROTO_IP,
IP_MINTTL, &minttl, sizeof(minttl)))
err(1, "set IP min TTL");
- else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
+ else
+#if defined(IPV6_MINHOPCOUNT)
+ if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
IPV6_MINHOPCOUNT, &minttl, sizeof(minttl)))
+#else
+ if (af == AF_INET)
+ errx(1, "can't set IP min TTL (unavailable)");
+#endif
+#if defined(IPV6_MINHOPCOUNT)
else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
IPV6_MINHOPCOUNT, &minttl, sizeof(minttl)))
err(1, "set IPv6 min hop count");
+#else
+ else if (af == AF_INET6)
+ errx(1, "can't set IPv6 min hop count (unavailable)");
+#endif
}
}
@@ -1507,6 +1563,7 @@ map_tos(char *s, int *val)
@@ -1556,6 +1623,7 @@ process_tos_opt(char *s, int *val)
{ "cs7", IPTOS_DSCP_CS7 },
{ "ef", IPTOS_DSCP_EF },
{ "inetcontrol", IPTOS_PREC_INTERNETCONTROL },
@ -288,7 +314,7 @@ Subject: port to linux with libsd
{ "lowdelay", IPTOS_LOWDELAY },
{ "netcontrol", IPTOS_PREC_NETCONTROL },
{ "reliability", IPTOS_RELIABILITY },
@@ -1640,6 +1697,9 @@ report_connect(const struct sockaddr *sa
@@ -1721,6 +1789,9 @@ report_connect(const struct sockaddr *sa
void
help(void)
{
@ -298,8 +324,8 @@ Subject: port to linux with libsd
usage(0);
fprintf(stderr, "\tCommand Summary:\n\
\t-4 Use IPv4\n\
@@ -1680,7 +1740,7 @@ help(void)
\t-x addr[:port]\tSpecify proxy address and port\n\
@@ -1763,7 +1834,7 @@ help(void)
\t-Z Peer certificate file\n\
\t-z Zero-I/O mode [used for scanning]\n\
Port numbers can be individual or ranges: lo-hi [inclusive]\n");
- exit(1);
@ -318,7 +344,7 @@ Subject: port to linux with libsd
#include "atomicio.h"
#define SOCKS_PORT "1080"
@@ -219,11 +219,11 @@ socks_connect(const char *host, const ch
@@ -217,11 +217,11 @@ socks_connect(const char *host, const ch
buf[2] = SOCKS_NOAUTH;
cnt = atomicio(vwrite, proxyfd, buf, 3);
if (cnt != 3)
@ -332,7 +358,7 @@ Subject: port to linux with libsd
if (buf[1] == SOCKS_NOMETHOD)
errx(1, "authentication method negotiation failed");
@@ -272,11 +272,11 @@ socks_connect(const char *host, const ch
@@ -270,11 +270,11 @@ socks_connect(const char *host, const ch
cnt = atomicio(vwrite, proxyfd, buf, wlen);
if (cnt != wlen)
@ -346,7 +372,7 @@ Subject: port to linux with libsd
if (buf[1] != 0) {
errx(1, "connection failed, SOCKSv5 error: %s",
socks5_strerror(buf[1]));
@@ -285,12 +285,12 @@ socks_connect(const char *host, const ch
@@ -283,12 +283,12 @@ socks_connect(const char *host, const ch
case SOCKS_IPV4:
cnt = atomicio(read, proxyfd, buf + 4, 6);
if (cnt != 6)
@ -361,7 +387,7 @@ Subject: port to linux with libsd
break;
default:
errx(1, "connection failed, unsupported address type");
@@ -310,11 +310,11 @@ socks_connect(const char *host, const ch
@@ -308,11 +308,11 @@ socks_connect(const char *host, const ch
cnt = atomicio(vwrite, proxyfd, buf, wlen);
if (cnt != wlen)
@ -375,7 +401,7 @@ Subject: port to linux with libsd
if (buf[1] != 90) {
errx(1, "connection failed, SOCKSv4 error: %s",
socks4_strerror(buf[1]));
@@ -328,39 +328,39 @@ socks_connect(const char *host, const ch
@@ -326,21 +326,21 @@ socks_connect(const char *host, const ch
/* Try to be sane about numeric IPv6 addresses */
if (strchr(host, ':') != NULL) {
@ -400,12 +426,15 @@ Subject: port to linux with libsd
+ err(1, "write failed (%zu/%d)", (size_t)cnt, (int)r);
if (authretry > 1) {
char resp[1024];
char proxypass[256];
@@ -348,20 +348,20 @@ socks_connect(const char *host, const ch
proxypass = getproxypass(proxyuser, proxyhost);
getproxypass(proxyuser, proxyhost,
proxypass, sizeof proxypass);
- r = snprintf(buf, sizeof(buf), "%s:%s",
+ r = snprintf((char*)buf, sizeof(buf), "%s:%s",
proxyuser, proxypass);
explicit_bzero(proxypass, sizeof proxypass);
if (r == -1 || (size_t)r >= sizeof(buf) ||
- b64_ntop(buf, strlen(buf), resp,
+ b64_ntop(buf, strlen((char*)buf), resp,
@ -421,10 +450,10 @@ Subject: port to linux with libsd
if ((cnt = atomicio(vwrite, proxyfd, buf, r)) != r)
- err(1, "write failed (%zu/%d)", cnt, r);
+ err(1, "write failed (%zu/%d)", (size_t)cnt, r);
explicit_bzero(proxypass, sizeof proxypass);
explicit_bzero(buf, sizeof buf);
}
/* Terminate headers */
@@ -368,22 +368,22 @@ socks_connect(const char *host, const ch
@@ -371,22 +371,22 @@ socks_connect(const char *host, const ch
err(1, "write failed (%zu/2)", cnt);
/* Read status reply */

View File

@ -17,8 +17,8 @@ Subject: quit timer
.Op Fl s Ar source
.Op Fl T Ar keyword
.Op Fl V Ar rtable
@@ -173,6 +174,15 @@ Proxy authentication is only supported f
Specifies the source port
@@ -167,6 +168,15 @@ Proxy authentication is only supported f
Specify the source port
.Nm
should use, subject to privilege restrictions and availability.
+.It Fl q Ar seconds
@ -31,7 +31,7 @@ Subject: quit timer
+implies
+.Fl N .
.It Fl r
Specifies that source and/or destination ports should be chosen randomly
Choose source and/or destination ports randomly
instead of sequentially within a range or in the order that the system
--- a/netcat.c
+++ b/netcat.c
@ -43,7 +43,7 @@ Subject: quit timer
int rflag; /* Random ports flag */
char *sflag; /* Source Address */
int tflag; /* Telnet Emulation */
@@ -218,6 +219,8 @@ ssize_t fillbuf(int, unsigned char *, si
@@ -224,6 +225,8 @@ ssize_t fillbuf(int, unsigned char *, si
static int connect_with_timeout(int fd, const struct sockaddr *sa,
socklen_t salen, int ctimeout);
@ -52,19 +52,19 @@ Subject: quit timer
int
main(int argc, char *argv[])
{
@@ -246,9 +249,9 @@ main(int argc, char *argv[])
@@ -253,9 +256,9 @@ main(int argc, char *argv[])
while ((ch = getopt(argc, argv,
# if defined(TLS)
- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vw:X:x:z")) != -1) {
+ "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:z")) != -1) {
- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
+ "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
# else
- "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vw:X:x:z")) != -1) {
+ "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:z")) != -1) {
- "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z"))
+ "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:z"))
# endif
!= -1) {
switch (ch) {
case '4':
@@ -339,6 +342,13 @@ main(int argc, char *argv[])
@@ -347,6 +350,13 @@ main(int argc, char *argv[])
case 'p':
pflag = optarg;
break;
@ -78,7 +78,7 @@ Subject: quit timer
# if defined(TLS)
case 'R':
tls_cachanged = 1;
@@ -1253,15 +1263,27 @@ readwrite(int net_fd)
@@ -1297,15 +1307,27 @@ readwrite(int net_fd)
while (1) {
/* both inputs are gone, buffers are empty, we are done */
if (pfd[POLL_STDIN].fd == -1 && pfd[POLL_NETIN].fd == -1 &&
@ -112,7 +112,7 @@ Subject: quit timer
/* poll */
num_fds = poll(pfd, 4, timeout);
@@ -1936,6 +1958,7 @@ help(void)
@@ -2032,6 +2054,7 @@ help(void)
\t-O length TCP send buffer length\n\
\t-P proxyuser\tUsername for proxy authentication\n\
\t-p port\t Specify local port for remote connects\n\
@ -120,14 +120,15 @@ Subject: quit timer
\t-r Randomize remote ports\n\
\t-S Enable the TCP MD5 signature option\n\
\t-s source Local source address\n\
@@ -1959,9 +1982,18 @@ usage(int ret)
@@ -2056,10 +2079,19 @@ usage(int ret)
fprintf(stderr,
"usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
"\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
- "\t [-s source] [-T keyword] [-V rtable] [-w timeout] "
+ "\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-w timeout] "
"[-X proxy_protocol]\n"
"\t [-x proxy_address[:port]] [destination] [port]\n");
- "\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
+ "\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
"[-w timeout]\n"
"\t [-X proxy_protocol] [-x proxy_address[:port]] "
"\t [destination] [port]\n");
if (ret)
exit(1);
}

View File

@ -3,9 +3,9 @@ Date: Mon, 13 Feb 2012 14:57:45 +0800
Subject: send crlf
---
nc.1 | 6 +++--
nc.1 | 9 ++++++-
netcat.c | 72 +++++++++++++++++++++++++++++++++++----------------------------
2 files changed, 45 insertions(+), 33 deletions(-)
2 files changed, 48 insertions(+), 33 deletions(-)
--- a/nc.1
+++ b/nc.1
@ -18,16 +18,19 @@ Subject: send crlf
.Op Fl I Ar length
.Op Fl i Ar interval
.Op Fl M Ar ttl
@@ -95,6 +95,8 @@ to use IPv4 addresses only.
Forces
.Nm
to use IPv6 addresses only.
@@ -92,6 +92,11 @@ The options are as follows:
Use IPv4 addresses only.
.It Fl 6
Use IPv6 addresses only.
+.It Fl C
+Send CRLF as line-ending.
+Send CRLF as line-ending. Each line feed (LF) character from the input
+data is translated into CR+LF before being written to the socket. Line
+feed characters that are already preceded with a carriage return (CR)
+are not translated. Received data is not affected.
.It Fl D
Enable debugging on the socket.
.It Fl d
@@ -379,7 +381,7 @@ More complicated examples can be built u
@@ -377,7 +382,7 @@ More complicated examples can be built u
of requests required by the server.
As another example, an email may be submitted to an SMTP server using:
.Bd -literal -offset indent
@ -38,16 +41,16 @@ Subject: send crlf
RCPT TO:\*(Ltuser2@host.example.com\*(Gt
--- a/netcat.c
+++ b/netcat.c
@@ -163,6 +163,8 @@ int tls_cachanged; /* Using non-defau
int TLSopt; /* TLS options */
char *tls_expectname; /* required name in peer cert */
char *tls_expecthash; /* required hash of peer cert */
@@ -166,6 +166,8 @@ char *tls_expecthash; /* required hash
char *tls_ciphers; /* TLS ciphers */
char *tls_protocols; /* TLS protocols */
FILE *Zflag; /* file to save peer cert */
+# else
+int Cflag = 0; /* CRLF line-ending */
# endif
int timeout = -1;
@@ -209,7 +211,7 @@ ssize_t fillbuf(int, unsigned char *, si
int recvcount, recvlimit;
@@ -215,7 +217,7 @@ ssize_t fillbuf(int, unsigned char *, si
void tls_setup_client(struct tls *, int, char *);
struct tls *tls_setup_server(struct tls *, int, char *);
# else
@ -56,16 +59,16 @@ Subject: send crlf
ssize_t fillbuf(int, unsigned char *, size_t *);
# endif
@@ -246,7 +248,7 @@ main(int argc, char *argv[])
@@ -253,7 +255,7 @@ main(int argc, char *argv[])
# if defined(TLS)
"46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vw:X:x:z")) != -1) {
"46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
# else
- "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vw:X:x:z")) != -1) {
+ "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vw:X:x:z")) != -1) {
- "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z"))
+ "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z"))
# endif
!= -1) {
switch (ch) {
case '4':
@@ -275,6 +277,10 @@ main(int argc, char *argv[])
@@ -283,6 +285,10 @@ main(int argc, char *argv[])
case 'c':
usetls = 1;
break;
@ -76,7 +79,7 @@ Subject: send crlf
# endif
case 'd':
dflag = 1;
@@ -1257,12 +1263,6 @@ readwrite(int net_fd)
@@ -1301,12 +1307,6 @@ readwrite(int net_fd)
stdinbufpos == 0 && netinbufpos == 0)
return;
@ -89,7 +92,7 @@ Subject: send crlf
/* poll */
num_fds = poll(pfd, 4, timeout);
@@ -1342,7 +1342,7 @@ readwrite(int net_fd)
@@ -1386,7 +1386,7 @@ readwrite(int net_fd)
pfd[POLL_NETOUT].events = POLLOUT;
else
# else
@ -98,7 +101,7 @@ Subject: send crlf
# endif
if (ret == -1)
pfd[POLL_NETOUT].fd = -1;
@@ -1395,7 +1395,7 @@ readwrite(int net_fd)
@@ -1445,7 +1445,7 @@ readwrite(int net_fd)
pfd[POLL_STDOUT].events = POLLOUT;
else
# else
@ -107,7 +110,7 @@ Subject: send crlf
# endif
if (ret == -1)
pfd[POLL_STDOUT].fd = -1;
@@ -1421,31 +1421,40 @@ readwrite(int net_fd)
@@ -1471,31 +1471,40 @@ readwrite(int net_fd)
}
ssize_t
@ -168,7 +171,7 @@ Subject: send crlf
/* adjust buffer */
adjust = *bufpos - n;
if (adjust > 0)
@@ -1911,6 +1920,7 @@ help(void)
@@ -2007,6 +2016,7 @@ help(void)
fprintf(stderr, "\tCommand Summary:\n\
\t-4 Use IPv4\n\
\t-6 Use IPv6\n\
@ -176,12 +179,12 @@ Subject: send crlf
\t-D Enable the debug socket option\n\
\t-d Detach from stdin\n\
\t-F Pass socket fd\n\
@@ -1947,7 +1957,7 @@ void
@@ -2044,7 +2054,7 @@ void
usage(int ret)
{
fprintf(stderr,
- "usage: nc [-46DdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
+ "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
"\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
"\t [-s source] [-T keyword] [-V rtable] [-w timeout] "
"[-X proxy_protocol]\n"
"\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
"[-w timeout]\n"

View File

@ -3,75 +3,74 @@ Date: Tue, 14 Feb 2012 23:02:00 +0800
Subject: serialized handling multiple clients
---
netcat.c | 41 ++++++++++++++++++++---------------------
1 file changed, 20 insertions(+), 21 deletions(-)
netcat.c | 44 +++++++++++++++++++++-----------------------
1 file changed, 21 insertions(+), 23 deletions(-)
--- a/netcat.c
+++ b/netcat.c
@@ -664,7 +664,20 @@ main(int argc, char *argv[])
@@ -705,6 +705,23 @@ main(int argc, char *argv[])
s = unix_bind(host, 0);
else
s = unix_listen(host);
- }
+ } else
+ s = local_listen(host, uport, hints);
+ if (s < 0)
+ err(1, NULL);
+
+ if (vflag && (family != AF_UNIX)) {
+ char* local;
+ if (family == AF_INET6)
+ local = ":::";
+ else
+ if (family == AF_INET)
+ local = "0.0.0.0";
+ else if (family == AF_INET6)
+ local = "::";
+ else
+ local = "unknown";
+ fprintf(stderr, "Listening on [%s] (family %d, port %d)\n",
+ host ?: local,
+ family,
+ *uport);
}
# if defined(TLS)
if (usetls) {
@@ -678,22 +691,7 @@ main(int argc, char *argv[])
@@ -719,28 +736,6 @@ main(int argc, char *argv[])
# endif
/* Allow only one connection at a time, but stay alive. */
for (;;) {
- if (family != AF_UNIX)
- if (family != AF_UNIX) {
- if (s != -1)
- close(s);
- s = local_listen(host, uport, hints);
- }
- if (s < 0)
- err(1, NULL);
-
- if (vflag && (family != AF_UNIX)) {
- char* local;
- if (family == AF_INET6)
- if (family == AF_INET)
- local = "0.0.0.0";
- else if (family == AF_INET)
- local = ":::";
- else if (family == AF_INET6)
- local = "::";
- else
- local = "unknown";
- fprintf(stderr, "Listening on [%s] (family %d, port %d)\n",
- host ?: local,
- family,
- *uport);
+
- }
-
if (uflag && kflag) {
/*
* For UDP and -k, don't connect the socket, let it
* receive datagrams from multiple socket pairs.
@@ -760,15 +758,16 @@ main(int argc, char *argv[])
# endif
close(connfd);
}
- if (family != AF_UNIX)
+ if (kflag)
+ continue;
+ if (family != AF_UNIX) {
close(s);
+ }
else if (uflag) {
if (connect(s, NULL, 0) < 0)
* For UDP and -k, don't connect the socket,
@@ -814,8 +809,11 @@ main(int argc, char *argv[])
err(1, "connect");
}
-
- if (!kflag)
- break;
+ break;
+ if (!kflag) {
+ if (s != -1)
+ close(s);
break;
+ }
}
} else if (family == AF_UNIX) {
ret = 0;

View File

@ -18,26 +18,26 @@ Subject: Set TCP MD5SIG correctly for client connections
#ifndef IPTOS_LOWDELAY
# define IPTOS_LOWDELAY 0x10
@@ -172,6 +175,9 @@ char *tls_expecthash; /* required hash
@@ -176,6 +179,9 @@ FILE *Zflag; /* file to save peer ce
int Cflag = 0; /* CRLF line-ending */
# endif
+# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN)
+char Sflag_password[TCP_MD5SIG_MAXKEYLEN];
+# endif
int recvcount, recvlimit;
int timeout = -1;
int family = AF_UNSPEC;
char *portlist[PORT_MAX+1];
@@ -200,7 +206,7 @@ int udptest(int);
@@ -206,7 +212,7 @@ int udptest(int);
int unix_bind(char *, int);
int unix_connect(char *);
int unix_listen(char *);
-void set_common_sockopts(int, int);
+void set_common_sockopts(int, const struct sockaddr *);
int map_tos(char *, int *);
int process_tos_opt(char *, int *);
# if defined(TLS)
int map_tls(char *, int *);
@@ -427,7 +433,10 @@ main(int argc, char *argv[])
int process_tls_opt(char *, int *);
@@ -456,7 +462,10 @@ main(int argc, char *argv[])
break;
# endif
case 'S':
@ -49,7 +49,7 @@ Subject: Set TCP MD5SIG correctly for client connections
Sflag = 1;
# else
errx(1, "no TCP MD5 signature support available");
@@ -1120,7 +1129,7 @@ remote_connect(const char *host, const c
@@ -1171,7 +1180,7 @@ remote_connect(const char *host, const c
freeaddrinfo(ares);
}
@ -58,7 +58,7 @@ Subject: Set TCP MD5SIG correctly for client connections
char *proto = proto_name(uflag, dccpflag);
if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS)
@@ -1274,7 +1283,7 @@ local_listen(char *host, char *port, str
@@ -1325,7 +1334,7 @@ local_listen(const char *host, const cha
err(1, NULL);
# endif
@ -67,7 +67,7 @@ Subject: Set TCP MD5SIG correctly for client connections
if (bind(s, (struct sockaddr *)res->ai_addr,
res->ai_addrlen) == 0)
@@ -1788,14 +1797,22 @@ udptest(int s)
@@ -1845,9 +1854,10 @@ udptest(int s)
}
void
@ -77,6 +77,12 @@ Subject: Set TCP MD5SIG correctly for client connections
int x = 1;
+ int af = sa->sa_family;
# if defined(SO_BROADCAST)
if (bflag) {
@@ -1858,10 +1868,17 @@ set_common_sockopts(int s, int af)
err(1, NULL);
}
# endif
-# if defined(TCP_MD5SIG)
+# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN)
if (Sflag) {

View File

@ -17,7 +17,7 @@ Subject: udp scan timeout
/* Command Line Options */
int dflag; /* detached, no stdin */
int Fflag; /* fdpass sock to stdout */
@@ -774,7 +776,7 @@ main(int argc, char *argv[])
@@ -815,7 +817,7 @@ main(int argc, char *argv[])
continue;
ret = 0;
@ -26,7 +26,7 @@ Subject: udp scan timeout
/* For UDP, make sure we are connected. */
if (uflag) {
if (udptest(s) == -1) {
@@ -1693,15 +1695,20 @@ build_ports(char *p)
@@ -1743,15 +1745,20 @@ build_ports(char *p)
int
udptest(int s)
{
@ -49,7 +49,7 @@ Subject: udp scan timeout
+ if ((write(s, "X", 1) != 1) && (errno == ECONNREFUSED))
+ return -1;
}
- return (ret);
- return ret;
+ return 1;
}

View File

@ -0,0 +1,106 @@
From: Guilhem Moulin <guilhem@debian.org>
Date: Mon, 22 Oct 2018 04:50:54 +0200
Subject: use -s/-p flags to specify listen address
---
nc.1 | 18 ++++++++++++++----
netcat.c | 49 +++++++++++++++++++++++++++++--------------------
2 files changed, 43 insertions(+), 24 deletions(-)
--- a/nc.1
+++ b/nc.1
@@ -143,8 +143,20 @@ multiple hosts.
.It Fl l
Listen for an incoming connection rather than initiating a
connection to a remote host.
-Cannot be used together with any of the options
-.Fl psxz .
+The
+.Ar destination
+and
+.Ar port
+to listen on can be specified either as non-optional arguments, or with
+options
+.Fl s
+and
+.Fl p
+respectively.
+Cannot be used together with
+.Fl x
+or
+.Fl z .
Additionally, any timeouts specified with the
.Fl w
option are ignored.
@@ -194,8 +206,6 @@ For
datagram sockets, specifies the local temporary socket file
to create and use so that datagrams can be received.
Cannot be used together with
-.Fl l
-or
.Fl x .
.It Fl T Ar keyword
Change the IPv4 TOS/IPv6 traffic class value.
--- a/netcat.c
+++ b/netcat.c
@@ -507,31 +507,40 @@ main(int argc, char *argv[])
# endif
/* Cruft to make sure options are clean, and used properly. */
- if (argv[0] && !argv[1] && family == AF_UNIX) {
-# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
- if (dccpflag)
- errx(1, "cannot use -Z and -U");
-# endif
- host = argv[0];
- uport = NULL;
- } else if (!argv[0] && lflag) {
- if (sflag)
- errx(1, "cannot use -s and -l");
- if (pflag)
- errx(1, "cannot use -p and -l");
- if (zflag)
- errx(1, "cannot use -z and -l");
- } else if (argv[0] && !argv[1]) {
- if (!lflag)
- usage(1);
- uport = &argv[0];
- host = NULL;
- } else if (argv[0] && argv[1]) {
+ if (argc == 0 && lflag) {
+ uport = &pflag;
+ host = sflag;
+ } else if (argc == 1 && !pflag && !sflag) {
+ if (family == AF_UNIX) {
+ host = argv[0];
+ uport = NULL;
+ } else if (lflag) {
+ host = NULL;
+ uport = argv;
+ }
+ } else if (argc >= 2) {
+ if (lflag && (pflag || sflag || argc > 2))
+ usage(1); /* conflict */
host = argv[0];
uport = &argv[1];
} else
usage(1);
+ if (family == AF_UNIX) {
+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
+ if (dccpflag)
+ errx(1, "cannot use -Z and -U");
+# endif
+ if (uport && *uport)
+ errx(1, "cannot use port with -U");
+ if (!host)
+ errx(1, "missing socket pathname");
+ } else if (!uport || !*uport)
+ errx(1, "missing port number");
+
+ if (lflag && zflag)
+ errx(1, "cannot use -z and -l");
+
# if defined(TLS)
if (usetls) {
if (Cflag && unveil(Cflag, "r") == -1)

View File

@ -3,8 +3,8 @@ Date: Mon, 13 Feb 2012 15:38:15 +0800
Subject: verbose numeric port
---
netcat.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
netcat.c | 25 ++++++++++++++++++++-----
1 file changed, 20 insertions(+), 5 deletions(-)
--- a/netcat.c
+++ b/netcat.c
@ -16,33 +16,37 @@ Subject: verbose numeric port
#ifdef __linux__
# include <linux/in6.h>
#endif
@@ -651,6 +652,18 @@ main(int argc, char *argv[])
s = local_listen(host, uport, hints);
@@ -689,6 +690,21 @@ main(int argc, char *argv[])
}
if (s < 0)
err(1, NULL);
+
+ if (vflag && (family != AF_UNIX)) {
+ char* local;
+ if (family == AF_INET6)
+ if (family == AF_INET)
+ local = "0.0.0.0";
+ else if (family == AF_INET)
+ local = ":::";
+ else if (family == AF_INET6)
+ local = "::";
+ else
+ local = "unknown";
+ fprintf(stderr, "Listening on [%s] (family %d, port %d)\n",
+ host ?: local,
+ family,
+ *uport);
+ }
+
if (uflag && kflag) {
/*
* For UDP and -k, don't connect the socket, let it
* receive datagrams from multiple socket pairs.
@@ -671,14 +684,14 @@ main(int argc, char *argv[])
char buf[16384];
struct sockaddr_storage z;
* For UDP and -k, don't connect the socket,
@@ -708,20 +724,19 @@ main(int argc, char *argv[])
*/
int rv;
char buf[2048];
- struct sockaddr_storage z;
- len = sizeof(z);
+ len = sizeof(cliaddr);
plen = 2048;
rv = recvfrom(s, buf, plen, MSG_PEEK,
rv = recvfrom(s, buf, sizeof(buf), MSG_PEEK,
- (struct sockaddr *)&z, &len);
+ (struct sockaddr *)&cliaddr, &len);
if (rv < 0)
@ -53,3 +57,9 @@ Subject: verbose numeric port
if (rv < 0)
err(1, "connect");
if (vflag)
- report_connect((struct sockaddr *)&z, len, NULL);
+ report_connect((struct sockaddr *)&cliaddr, len, NULL);
# if defined(TLS)
readwrite(s, NULL);