Hello community, here is the log from the commit of package netcat-openbsd for openSUSE:Factory checked in at 2017-07-30 11:25:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/netcat-openbsd (Old) and /work/SRC/openSUSE:Factory/.netcat-openbsd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "netcat-openbsd" Sun Jul 30 11:25:12 2017 rev:23 rq:510984 version:1.178 Changes: -------- --- /work/SRC/openSUSE:Factory/netcat-openbsd/netcat-openbsd.changes 2014-01-23 15:49:58.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.netcat-openbsd.new/netcat-openbsd.changes 2017-07-30 11:25:14.311525614 +0200 @@ -1,0 +2,43 @@ +Mon Jul 17 13:11:34 UTC 2017 - tchva...@suse.com + +- Drop all patches that were never upstreamed: + * connect-timeout.patch + * dccp.patch + * gcc-warnings.patch + * getservbyname.patch + * glib-strlcpy.patch + * help-version-exit.patch + * nc-1.84-udp_stop.patch + * netcat-info.patch + * netcat-openbsd-debian.patch + * netcat-openbsd-examples.patch + * netcat-openbsd-openbsd-compat.patch + * no-strtonum.patch + * pollhup.patch + * quit-timer.patch + * reuseaddr.patch + * send-crlf.patch + * silence-z.patch + * socks-b64-prototype.patch + * udp-scan-timeout.patch + * verbose-message-to-stderr.patch + * verbose-numeric-port.patch +- Switch to debian package to not waste resources on doing exactly + the same. +- Switches URL for debian package +- Apply patches already prepared for debian package + * port-to-linux-with-libsd.patch + * compile-without-TLS-support.patch + * connect-timeout.patch + * get-sev-by-name.patch + * send-crlf.patch + * quit-timer.patch + * udp-scan-timeout.patch + * verbose-numeric-port.patch + * dccp-support.patch + * serialized-handling-multiple-clients.patch + * set-TCP-MD5SIG-correctly-for-client-connections.patch + * misc-failures-and-features.patch +- Do not use hand provided CMakeLists.txt but rely on upstream makefile + +------------------------------------------------------------------- Old: ---- CMakeLists.txt dccp.patch gcc-warnings.patch getservbyname.patch glib-strlcpy.patch help-version-exit.patch nc-1.84-udp_stop.patch netcat-info.patch netcat-openbsd-1.89.tar.bz2 netcat-openbsd-debian.patch netcat-openbsd-examples.patch netcat-openbsd-openbsd-compat.patch no-strtonum.patch pollhup.patch reuseaddr.patch silence-z.patch socks-b64-prototype.patch verbose-message-to-stderr.patch New: ---- compile-without-TLS-support.patch dccp-support.patch get-sev-by-name.patch misc-failures-and-features.patch netcat-openbsd_1.178.orig.tar.gz port-to-linux-with-libsd.patch serialized-handling-multiple-clients.patch set-TCP-MD5SIG-correctly-for-client-connections.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ netcat-openbsd.spec ++++++ --- /var/tmp/diff_new_pack.GhUzhQ/_old 2017-07-30 11:25:15.583346151 +0200 +++ /var/tmp/diff_new_pack.GhUzhQ/_new 2017-07-30 11:25:15.587345586 +0200 @@ -1,7 +1,7 @@ # # spec file for package netcat-openbsd # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,42 +16,29 @@ # -Url: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/nc/ - Name: netcat-openbsd -Version: 1.89 +Version: 1.178 Release: 0 -BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: cmake -PreReq: update-alternatives Summary: TCP/IP swiss army knife License: BSD-3-Clause Group: Productivity/Networking/Other -Source: %{name}-%{version}.tar.bz2 -Source1: CMakeLists.txt -Patch0: netcat-openbsd-openbsd-compat.patch -Patch1: socks-b64-prototype.patch -Patch2: silence-z.patch -Patch3: glib-strlcpy.patch -Patch4: no-strtonum.patch -Patch5: pollhup.patch -Patch6: reuseaddr.patch -Patch7: connect-timeout.patch -Patch8: udp-scan-timeout.patch -Patch9: verbose-numeric-port.patch -Patch10: send-crlf.patch -Patch11: help-version-exit.patch -Patch12: quit-timer.patch -Patch13: getservbyname.patch -Patch14: gcc-warnings.patch -Patch15: verbose-message-to-stderr.patch -Patch16: netcat-info.patch -Patch17: dccp.patch -#These are patches, but as they aren't applied list them as source -Source2: nc-1.84-udp_stop.patch -Source3: netcat-openbsd-debian.patch -Source4: netcat-openbsd-examples.patch - +Url: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/nc/ +Source0: http://http.debian.net/debian/pool/main/n/netcat-openbsd/netcat-openbsd_%{version}.orig.tar.gz +#Patches from: http://http.debian.net/debian/pool/main/n/netcat-openbsd/netcat-openbsd_%{version}-2.debian.tar.xz +Patch0: port-to-linux-with-libsd.patch +Patch1: compile-without-TLS-support.patch +Patch2: connect-timeout.patch +Patch3: get-sev-by-name.patch +Patch4: send-crlf.patch +Patch5: quit-timer.patch +Patch6: udp-scan-timeout.patch +Patch7: verbose-numeric-port.patch +Patch8: dccp-support.patch +Patch9: serialized-handling-multiple-clients.patch +Patch10: set-TCP-MD5SIG-correctly-for-client-connections.patch +Patch11: misc-failures-and-features.patch +BuildRequires: pkgconfig +BuildRequires: pkgconfig(libbsd) Provides: nc6 = %{version} Provides: netcat = %{version} Obsoletes: nc6 <= 1.0 @@ -71,59 +58,22 @@ %prep %setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 -%patch17 -p1 -cp %{S:1} . +%autopatch -p1 %build -export CFLAGS="%{optflags}" -cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} . -make %{?jobs:-j%{jobs}} +make %{?_smp_mflags} \ + CFLAGS="%{optflags}" %install -make DESTDIR=%{buildroot} install -mkdir -p %{buildroot}/etc/alternatives -touch %{buildroot}/etc/alternatives/netcat \ - %{buildroot}/etc/alternatives/netcat.1.gz +install -D -m0755 nc %{buildroot}%{_bindir}/nc +install -D -m0644 nc.1 %{buildroot}/%{_mandir}/man1/nc.1 ln -s -f %{_bindir}/nc %{buildroot}/%{_bindir}/netcat -ln -s -f nc.1.gz %{buildroot}/%{_mandir}/man1/netcat.1.gz - -%clean +ln -s -f nc.1%{ext_man} %{buildroot}/%{_mandir}/man1/netcat.1%{ext_man} %files -%defattr(-,root,root) %{_bindir}/nc -%ghost %{_bindir}/netcat -%{_mandir}/man1/nc.1.gz -%ghost %{_mandir}/man1/netcat.1.gz -%ghost /etc/alternatives/netcat -%ghost /etc/alternatives/netcat.1.gz - -%post -/usr/sbin/update-alternatives --install \ - %{_bindir}/netcat netcat %{_bindir}/nc 10 \ - --slave %{_mandir}/man1/netcat.1.gz netcat.1.gz %{_mandir}/man1/nc.1.gz - -%preun -if [ "$1" = 0 ] ; then - /usr/sbin/update-alternatives --remove \ - netcat %{_bindir}/nc -fi +%{_bindir}/netcat +%{_mandir}/man1/nc.1%{ext_man} +%{_mandir}/man1/netcat.1%{ext_man} %changelog ++++++ compile-without-TLS-support.patch ++++++ ++++ 748 lines (skipped) ++++++ connect-timeout.patch ++++++ --- /var/tmp/diff_new_pack.GhUzhQ/_old 2017-07-30 11:25:15.667334298 +0200 +++ /var/tmp/diff_new_pack.GhUzhQ/_new 2017-07-30 11:25:15.671333735 +0200 @@ -1,10 +1,24 @@ -Index: netcat-openbsd-1.89/netcat.c -=================================================================== ---- netcat-openbsd-1.89.orig/netcat.c 2008-01-22 16:17:27.000000000 -0500 -+++ netcat-openbsd-1.89/netcat.c 2008-01-22 16:17:30.000000000 -0500 -@@ -65,6 +65,10 @@ - #define PORT_MAX 65535 - #define PORT_MAX_LEN 6 +From: Aron Xu <a...@debian.org> +Date: Mon, 13 Feb 2012 14:43:56 +0800 +Subject: connect timeout + +--- + netcat.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 76 insertions(+), 2 deletions(-) + +--- a/netcat.c ++++ b/netcat.c +@@ -89,6 +89,7 @@ + + #include <err.h> + #include <errno.h> ++#include <fcntl.h> + #include <limits.h> + #include <netdb.h> + #include <poll.h> +@@ -124,6 +125,10 @@ + # define TLS_MUSTSTAPLE (1 << 5) + #endif +#define CONNECTION_SUCCESS 0 +#define CONNECTION_FAILED 1 @@ -12,53 +26,50 @@ + /* Command Line Options */ int dflag; /* detached, no stdin */ - int iflag; /* Interval Flag */ -@@ -104,6 +108,9 @@ - int parse_iptos(char *); - void usage(int); + int Fflag; /* fdpass sock to stdout */ +@@ -208,6 +213,9 @@ ssize_t drainbuf(int, unsigned char *, s + ssize_t fillbuf(int, unsigned char *, size_t *); + # endif -+static int connect_with_timeout(int fd, const struct sockaddr *sa, -+ socklen_t salen, int ctimeout); ++static int connect_with_timeout(int fd, const struct sockaddr *sa, ++ socklen_t salen, int ctimeout); + int main(int argc, char *argv[]) { -@@ -508,13 +515,15 @@ - } +@@ -1022,11 +1030,14 @@ remote_connect(const char *host, const c + + set_common_sockopts(s, res->ai_family); - set_common_sockopts(s); -- -- if (connect(s, res0->ai_addr, res0->ai_addrlen) == 0) -+ if ((error = connect_with_timeout(s, res0->ai_addr, res0->ai_addrlen, timeout)) == CONNECTION_SUCCESS) +- if (timeout_connect(s, res->ai_addr, res->ai_addrlen) == 0) ++ if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS) break; -- else if (vflag) -+ else if (vflag && error == CONNECTION_FAILED) +- if (vflag) ++ if (vflag && error == CONNECTION_FAILED) warn("connect to %s port %s (%s) failed", host, port, uflag ? "udp" : "tcp"); -- -+ else if (vflag && error == CONNECTION_TIMEOUT) -+ warn("connect to %s port %s (%s) timed out", host, port, -+ uflag ? "udp" : "tcp"); -+ ++ else if (vflag && error == CONNECTION_TIMEOUT) ++ warn("connect to %s port %s (%s) timed out", host, port, ++ uflag ? "udp" : "tcp"); + + save_errno = errno; close(s); - s = -1; - } while ((res0 = res0->ai_next) != NULL); -@@ -524,6 +533,74 @@ - return (s); +@@ -1067,6 +1078,69 @@ timeout_connect(int s, const struct sock + return (ret); } -+static int connect_with_timeout(int fd, const struct sockaddr *sa, ++static int connect_with_timeout(int fd, const struct sockaddr *sa, + socklen_t salen, int ctimeout) +{ + int err; + struct timeval tv, *tvp = NULL; + fd_set connect_fdset; + socklen_t len; -+ int orig_flags; ++ int orig_flags; + + orig_flags = fcntl(fd, F_GETFL, 0); + if (fcntl(fd, F_SETFL, orig_flags | O_NONBLOCK) < 0 ) { -+ warn("can't set O_NONBLOCK - timeout not avaliable"); ++ warn("can't set O_NONBLOCK - timeout not available"); + if (connect(fd, sa, salen) == 0) + return CONNECTION_SUCCESS; + else @@ -74,7 +85,6 @@ + + /* attempt the connection */ + err = connect(fd, sa, salen); -+ + if (err != 0 && errno == EINPROGRESS) { + /* connection is proceeding + * it is complete (or failed) when select returns */ @@ -85,25 +95,22 @@ + + /* call select */ + do { -+ err = select(fd + 1, NULL, &connect_fdset, ++ err = select(fd + 1, NULL, &connect_fdset, + NULL, tvp); + } while (err < 0 && errno == EINTR); + + /* select error */ + if (err < 0) + errx(1,"select error: %s", strerror(errno)); -+ + /* we have reached a timeout */ -+ if (err == 0) ++ if (err == 0) + return CONNECTION_TIMEOUT; -+ -+ /* select returned successfully, but we must test socket ++ /* select returned successfully, but we must test socket + * error for result */ + len = sizeof(err); + if (getsockopt(fd, SOL_SOCKET, SO_ERROR, &err, &len) < 0) + errx(1, "getsockopt error: %s", strerror(errno)); -+ -+ /* setup errno according to the result returned by ++ /* setup errno according to the result returned by + * getsockopt */ + if (err != 0) + errno = err; @@ -113,7 +120,6 @@ + fcntl(fd, F_SETFL, orig_flags); + return (err != 0)? CONNECTION_FAILED : CONNECTION_SUCCESS; +} -+ + /* * local_listen() ++++++ dccp-support.patch ++++++ From: Aron Xu <a...@debian.org> Date: Mon, 13 Feb 2012 15:56:51 +0800 Subject: dccp support --- nc.1 | 4 ++ netcat.c | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++++---------- 2 files changed, 82 insertions(+), 15 deletions(-) --- a/nc.1 +++ b/nc.1 @@ -33,7 +33,7 @@ .Nd arbitrary TCP and UDP connections and listens .Sh SYNOPSIS .Nm nc -.Op Fl 46CDdFhklNnrStUuvz +.Op Fl 46CDdFhklNnrStUuvZz .Op Fl I Ar length .Op Fl i Ar interval .Op Fl M Ar ttl @@ -286,6 +286,8 @@ for SOCKS, 3128 for HTTPS). An IPv6 address can be specified unambiguously by enclosing .Ar proxy_address in square brackets. +.It Fl Z +DCCP mode. .It Fl z Specifies that .Nm --- a/netcat.c +++ b/netcat.c @@ -147,6 +147,7 @@ int rflag; /* Random ports flag */ char *sflag; /* Source Address */ int tflag; /* Telnet Emulation */ int uflag; /* UDP - Default to TCP */ +int dccpflag; /* DCCP - Default to TCP */ int vflag; /* Verbosity */ int xflag; /* Socks proxy */ int zflag; /* Port Scan Flag */ @@ -219,6 +220,7 @@ ssize_t drainbuf(int, unsigned char *, s ssize_t fillbuf(int, unsigned char *, size_t *); # endif +char *proto_name(int uflag, int dccpflag); static int connect_with_timeout(int fd, const struct sockaddr *sa, socklen_t salen, int ctimeout); @@ -252,9 +254,9 @@ main(int argc, char *argv[]) while ((ch = getopt(argc, argv, # if defined(TLS) - "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:z")) != -1) { + "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:Zz")) != -1) { # else - "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:z")) != -1) { + "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:Zz")) != -1) { # endif switch (ch) { case '4': @@ -370,6 +372,13 @@ main(int argc, char *argv[]) case 'u': uflag = 1; break; + case 'Z': +# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) + dccpflag = 1; +# else + errx(1, "no DCCP support available"); +# endif + break; case 'V': # if defined(RT_TABLEID_MAX) rtableid = (int)strtonum(optarg, 0, @@ -461,6 +470,12 @@ main(int argc, char *argv[]) /* Cruft to make sure options are clean, and used properly. */ if (argv[0] && !argv[1] && family == AF_UNIX) { + if (uflag) + errx(1, "cannot use -u and -U"); +# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) + if (dccpflag) + errx(1, "cannot use -Z and -U"); +# endif host = argv[0]; uport = NULL; } else if (!argv[0] && lflag) { @@ -527,8 +542,20 @@ main(int argc, char *argv[]) if (family != AF_UNIX) { memset(&hints, 0, sizeof(struct addrinfo)); hints.ai_family = family; - hints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM; - hints.ai_protocol = uflag ? IPPROTO_UDP : IPPROTO_TCP; + if (uflag) { + hints.ai_socktype = SOCK_DGRAM; + hints.ai_protocol = IPPROTO_UDP; + } +# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) + else if (dccpflag) { + hints.ai_socktype = SOCK_DCCP; + hints.ai_protocol = IPPROTO_DCCP; + } +# endif + else { + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; + } if (nflag) hints.ai_flags |= AI_NUMERICHOST; } @@ -536,7 +563,10 @@ main(int argc, char *argv[]) if (xflag) { if (uflag) errx(1, "no proxy support for UDP mode"); - +# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) + if (dccpflag) + errx(1, "no proxy support for DCCP mode"); +# endif if (lflag) errx(1, "no proxy support for listen"); @@ -798,19 +828,20 @@ main(int argc, char *argv[]) } } + char *proto = proto_name(uflag, dccpflag); /* Don't look up port if -n. */ if (nflag) sv = NULL; else { sv = getservbyport( ntohs(atoi(portlist[i])), - uflag ? "udp" : "tcp"); + proto); } fprintf(stderr, "Connection to %s %s port [%s/%s] " "succeeded!\n", host, portlist[i], - uflag ? "udp" : "tcp", + proto, sv ? sv->s_name : "*"); } if (Fflag) @@ -1017,6 +1048,24 @@ unix_listen(char *path) return (s); } +char *proto_name(int uflag, int dccpflag) { + + char *proto = NULL; + if (uflag) { + proto = "udp"; + } +# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) + else if (dccpflag) { + proto = "dccp"; + } +# endif + else { + proto = "tcp"; + } + + return proto; +} + /* * remote_connect() * Returns a socket connected to a remote host. Properly binds to a local @@ -1047,8 +1096,21 @@ remote_connect(const char *host, const c # endif memset(&ahints, 0, sizeof(struct addrinfo)); ahints.ai_family = res->ai_family; - ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM; - ahints.ai_protocol = uflag ? IPPROTO_UDP : IPPROTO_TCP; + if (uflag) { + ahints.ai_socktype = SOCK_DGRAM; + ahints.ai_protocol = IPPROTO_UDP; + + } +# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) + else if (dccpflag) { + hints.ai_socktype = SOCK_DCCP; + hints.ai_protocol = IPPROTO_DCCP; + } +# endif + else { + ahints.ai_socktype = SOCK_STREAM; + ahints.ai_protocol = IPPROTO_TCP; + } ahints.ai_flags = AI_PASSIVE; if ((error = getaddrinfo(sflag, pflag, &ahints, &ares))) errx(1, "getaddrinfo: %s", gai_strerror(error)); @@ -1060,15 +1122,16 @@ remote_connect(const char *host, const c } set_common_sockopts(s, res->ai_family); + char *proto = proto_name(uflag, dccpflag); if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS) break; if (vflag && error == CONNECTION_FAILED) warn("connect to %s port %s (%s) failed", host, port, - uflag ? "udp" : "tcp"); - else if (vflag && error == CONNECTION_TIMEOUT) + proto); + else if (vflag && error == CONNECTION_TIMEOUT) warn("connect to %s port %s (%s) timed out", host, port, - uflag ? "udp" : "tcp"); + proto); save_errno = errno; close(s); @@ -1654,7 +1717,8 @@ build_ports(char *p) int hi, lo, cp; int x = 0; - sv = getservbyname(p, uflag ? "udp" : "tcp"); + char *proto = proto_name(uflag, dccpflag); + sv = getservbyname(p, proto); if (sv) { if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0) err(1, "asprintf"); @@ -1991,6 +2055,7 @@ help(void) \t-w timeout Timeout for connects and final net reads\n\ \t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\ \t-x addr[:port]\tSpecify proxy address and port\n\ + \t-Z DCCP mode\n\ \t-z Zero-I/O mode [used for scanning]\n\ Port numbers can be individual or ranges: lo-hi [inclusive]\n"); exit(0); @@ -2000,7 +2065,7 @@ void usage(int ret) { fprintf(stderr, - "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" + "usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]\n" "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n" "\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-w timeout] " "[-X proxy_protocol]\n" ++++++ get-sev-by-name.patch ++++++ From: Aron Xu <a...@debian.org> Date: Mon, 13 Feb 2012 14:45:08 +0800 Subject: get sev by name --- netcat.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/netcat.c +++ b/netcat.c @@ -1603,11 +1603,16 @@ strtoport(char *portstr, int udp) void build_ports(char *p) { + struct servent *sv; char *n; int hi, lo, cp; int x = 0; - if ((n = strchr(p, '-')) != NULL) { + sv = getservbyname(p, uflag ? "udp" : "tcp"); + if (sv) { + if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0) + err(1, "asprintf"); + } else if ((n = strchr(p, '-')) != NULL) { *n = '\0'; n++; ++++++ misc-failures-and-features.patch ++++++ From: Aron Xu <a...@debian.org> Date: Mon, 13 Feb 2012 19:06:52 +0800 Subject: misc failures and features --- Makefile | 3 +- nc.1 | 76 +++++++++++++++++++++++++++++++++++++++++++++++++--- netcat.c | 91 ++++++++++++++++++++++++++++++++++++++++++++------------------- 3 files changed, 138 insertions(+), 32 deletions(-) --- a/Makefile +++ b/Makefile @@ -3,7 +3,8 @@ PROG= nc SRCS= netcat.c atomicio.c socks.c -LIBS= `pkg-config --libs libbsd` -lresolv +PKG_CONFIG ?= pkg-config +LIBS= `$(PKG_CONFIG) --libs libbsd` -lresolv OBJS= $(SRCS:.c=.o) CFLAGS= -g -O2 LDFLAGS= -Wl,--no-add-needed --- a/nc.1 +++ b/nc.1 @@ -33,7 +33,7 @@ .Nd arbitrary TCP and UDP connections and listens .Sh SYNOPSIS .Nm nc -.Op Fl 46CDdFhklNnrStUuvZz +.Op Fl 46bCDdFhklNnrStUuvZz .Op Fl I Ar length .Op Fl i Ar interval .Op Fl M Ar ttl @@ -96,6 +96,8 @@ to use IPv4 addresses only. Forces .Nm to use IPv6 addresses only. +.It Fl b +Allow broadcast. .It Fl C Send CRLF as line-ending. .It Fl D @@ -352,6 +354,54 @@ and which side is being used as a The connection may be terminated using an .Dv EOF .Pq Sq ^D . +.Pp +There is no +.Fl c +or +.Fl e +option in this netcat, but you still can execute a command after connection +being established by redirecting file descriptors. Be cautious here because +opening a port and let anyone connected execute arbitrary command on your +site is DANGEROUS. If you really need to do this, here is an example: +.Pp +On +.Sq server +side: +.Pp +.Dl $ rm -f /tmp/f; mkfifo /tmp/f +.Dl $ cat /tmp/f | /bin/sh -i 2>&1 | nc -l 127.0.0.1 1234 > /tmp/f +.Pp +On +.Sq client +side: +.Pp +.Dl $ nc host.example.com 1234 +.Dl $ (shell prompt from host.example.com) +.Pp +By doing this, you create a fifo at /tmp/f and make nc listen at port 1234 +of address 127.0.0.1 on +.Sq server +side, when a +.Sq client +establishes a connection successfully to that port, /bin/sh gets executed +on +.Sq server +side and the shell prompt is given to +.Sq client +side. +.Pp +When connection is terminated, +.Nm +quits as well. Use +.Fl k +if you want it keep listening, but if the command quits this option won't +restart it or keep +.Nm +running. Also don't forget to remove the file descriptor once you don't need +it anymore: +.Pp +.Dl $ rm -f /tmp/f +.Pp .Sh DATA TRANSFER The example in the previous section can be expanded to build a basic data transfer model. @@ -411,15 +461,30 @@ The flag can be used to tell .Nm to report open ports, -rather than initiate a connection. +rather than initiate a connection. Usually it's useful to turn on verbose +output to stderr by use this option in conjunction with +.Fl v +option. +.Pp For example: .Bd -literal -offset indent -$ nc -z host.example.com 20-30 +$ nc \-zv host.example.com 20-30 Connection to host.example.com 22 port [tcp/ssh] succeeded! Connection to host.example.com 25 port [tcp/smtp] succeeded! .Ed .Pp -The port range was specified to limit the search to ports 20 \- 30. +The port range was specified to limit the search to ports 20 \- 30, and is +scanned by increasing order. +.Pp +You can also specify a list of ports to scan, for example: +.Bd -literal -offset indent +$ nc \-zv host.example.com 80 20 22 +nc: connect to host.example.com 80 (tcp) failed: Connection refused +nc: connect to host.example.com 20 (tcp) failed: Connection refused +Connection to host.example.com port [tcp/ssh] succeeded! +.Ed +.Pp +The ports are scanned by the order you given. .Pp Alternatively, it might be useful to know which server software is running, and which versions. @@ -484,6 +549,9 @@ Original implementation by *Hobbit* .br Rewritten with IPv6 support by .An Eric Jackson Aq Mt er...@monkey.org . +.br +Modified for Debian port by Aron Xu +.Aq a...@debian.org . .Sh CAVEATS UDP port scans using the .Fl uz --- a/netcat.c +++ b/netcat.c @@ -98,6 +98,7 @@ #include <netdb.h> #include <poll.h> #include <signal.h> +#include <stddef.h> #include <stdarg.h> #include <stdio.h> #include <stdlib.h> @@ -136,6 +137,7 @@ #define UDP_SCAN_TIMEOUT 3 /* Seconds */ /* Command Line Options */ +int bflag; /* Allow Broadcast */ int dflag; /* detached, no stdin */ int Fflag; /* fdpass sock to stdout */ unsigned int iflag; /* Interval Flag */ @@ -186,7 +188,7 @@ int ttl = -1; int minttl = -1; void atelnet(int, unsigned char *, unsigned int); -void build_ports(char *); +void build_ports(char **); void help(void); int local_listen(char *, char *, struct addrinfo); # if defined(TLS) @@ -236,11 +238,14 @@ int main(int argc, char *argv[]) { int ch, s = -1, ret, socksv; - char *host, *uport; + char *host, **uport; struct addrinfo hints; struct servent *sv; socklen_t len; - struct sockaddr_storage cliaddr; + union { + struct sockaddr_storage storage; + struct sockaddr_un forunix; + } cliaddr; char *proxy, *proxyport = NULL; const char *errstr; struct addrinfo proxyhints; @@ -260,9 +265,9 @@ main(int argc, char *argv[]) while ((ch = getopt(argc, argv, # if defined(TLS) - "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:Zz")) != -1) { + "46bC:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:Zz")) != -1) { # else - "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:Zz")) != -1) { + "46bCDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:Zz")) != -1) { # endif switch (ch) { case '4': @@ -271,6 +276,13 @@ main(int argc, char *argv[]) case '6': family = AF_INET6; break; + case 'b': +# if defined(SO_BROADCAST) + bflag = 1; +# else + errx(1, "no broadcast frame support available"); +# endif + break; case 'U': family = AF_UNIX; break; @@ -479,32 +491,39 @@ main(int argc, char *argv[]) /* Cruft to make sure options are clean, and used properly. */ if (argv[0] && !argv[1] && family == AF_UNIX) { - if (uflag) - errx(1, "cannot use -u and -U"); # if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) if (dccpflag) errx(1, "cannot use -Z and -U"); # endif host = argv[0]; uport = NULL; - } else if (!argv[0] && lflag) { - if (sflag) - errx(1, "cannot use -s and -l"); - if (zflag) - errx(1, "cannot use -z and -l"); - if (pflag) - uport=pflag; - } else if (argv[0] && !argv[1]) { - if (!lflag) - usage(1); - uport = argv[0]; + } else if (argv[0] && !argv[1] && lflag) { + if (pflag) { + uport = &pflag; + host = argv[0]; + } else { + uport = argv; + host = NULL; + } + } else if (!argv[0] && lflag && pflag) { + uport = &pflag; host = NULL; } else if (argv[0] && argv[1]) { host = argv[0]; - uport = argv[1]; + uport = &argv[1]; } else usage(1); + if (lflag) { + if (sflag) + errx(1, "cannot use -s and -l"); + if (zflag) + errx(1, "cannot use -z and -l"); + if (pflag) + /* This still does not work well because of getopt mess + errx(1, "cannot use -p and -l"); */ + uport = &pflag; + } if (!lflag && kflag) errx(1, "must use -l with -k"); # if defined(TLS) @@ -674,7 +693,7 @@ main(int argc, char *argv[]) else s = unix_listen(host); } else - s = local_listen(host, uport, hints); + s = local_listen(host, *uport, hints); if (s < 0) err(1, NULL); @@ -683,7 +702,8 @@ main(int argc, char *argv[]) local = ":::"; else local = "0.0.0.0"; - fprintf(stderr, "Listening on [%s] (family %d, port %d)\n", + if (vflag && (family != AF_UNIX)) + fprintf(stderr, "Listening on [%s] (family %d, port %s)\n", host ?: local, family, *uport); @@ -898,6 +918,8 @@ unix_bind(char *path, int flags) 0)) < 0) return (-1); + unlink(path); + memset(&s_un, 0, sizeof(struct sockaddr_un)); s_un.sun_family = AF_UNIX; @@ -1015,8 +1037,10 @@ unix_connect(char *path) if ((s = unix_bind(unix_dg_tmp_socket, SOCK_CLOEXEC)) < 0) return (-1); } else { - if ((s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) < 0) + if ((s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) < 0) { + errx(1,"create unix socket failed"); return (-1); + } } memset(&s_un, 0, sizeof(struct sockaddr_un)); @@ -1026,10 +1050,12 @@ unix_connect(char *path) sizeof(s_un.sun_path)) { close(s); errno = ENAMETOOLONG; + warn("unix connect abandoned"); return (-1); } if (connect(s, (struct sockaddr *)&s_un, sizeof(s_un)) < 0) { save_errno = errno; + warn("unix connect failed"); close(s); errno = save_errno; return (-1); @@ -1718,25 +1744,26 @@ strtoport(char *portstr, int udp) * that we should try to connect to. */ void -build_ports(char *p) +build_ports(char **p) { struct servent *sv; char *n; int hi, lo, cp; int x = 0; + int i; char *proto = proto_name(uflag, dccpflag); - sv = getservbyname(p, proto); + sv = getservbyname(*p, proto); if (sv) { if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0) err(1, "asprintf"); - } else if ((n = strchr(p, '-')) != NULL) { + } else if ((n = strchr(*p, '-')) != NULL) { *n = '\0'; n++; /* Make sure the ports are in order: lowest->highest. */ hi = strtoport(n, uflag); - lo = strtoport(p, uflag); + lo = strtoport(*p, uflag); if (lo > hi) { cp = hi; hi = lo; @@ -1764,7 +1791,7 @@ build_ports(char *p) } else { char *tmp; - hi = strtoport(p, uflag); + hi = strtoport(*p, uflag); if (asprintf(&tmp, "%d", hi) != -1) portlist[0] = tmp; else @@ -1802,6 +1829,15 @@ set_common_sockopts(int s, const struct int x = 1; int af = sa->sa_family; +# if defined(SO_BROADCAST) + if (bflag) { + /* allow datagram sockets to send packets to a broadcast address + * (this option has no effect on stream-oriented sockets) */ + if (setsockopt(s, SOL_SOCKET, SO_BROADCAST, + &x, sizeof(x)) == -1) + err(1, NULL); + } +# endif # if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN) if (Sflag) { struct tcp_md5sig sig; @@ -2042,6 +2078,7 @@ help(void) fprintf(stderr, "\tCommand Summary:\n\ \t-4 Use IPv4\n\ \t-6 Use IPv6\n\ + \t-b Allow broadcast\n\ \t-C Send CRLF as line-ending\n\ \t-D Enable the debug socket option\n\ \t-d Detach from stdin\n\ ++++++ port-to-linux-with-libsd.patch ++++++ From: Aron Xu <a...@debian.org> Date: Mon, 13 Feb 2012 15:59:31 +0800 Subject: port to linux with libsd --- Makefile | 15 +++++++- nc.1 | 4 -- netcat.c | 118 +++++++++++++++++++++++++++++++++++++++++++++++---------------- socks.c | 46 ++++++++++++------------ 4 files changed, 127 insertions(+), 56 deletions(-) --- a/Makefile +++ b/Makefile @@ -5,4 +5,17 @@ SRCS= netcat.c atomicio.c socks.c LDADD+= -ltls -lssl -lcrypto DPADD+= ${LIBTLS} ${LIBSSL} ${LIBCRYPTO} -.include <bsd.prog.mk> +LIBS= `pkg-config --libs libbsd` -lresolv +OBJS= $(SRCS:.c=.o) +CFLAGS= -g -O2 +LDFLAGS= -Wl,--no-add-needed + +all: nc +nc: $(OBJS) + $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) $(LIBS) -o nc + +$(OBJS): %.o: %.c + $(CC) $(CFLAGS) -c $< -o $@ + +clean: + rm -f $(OBJS) nc --- a/nc.1 +++ b/nc.1 @@ -202,9 +202,6 @@ Proxy authentication is only supported f Specifies the source port .Nm should use, subject to privilege restrictions and availability. -It is an error to use this option in conjunction with the -.Fl l -option. .It Fl R Ar CAfile Specifies the filename from which the root CA bundle for certificate verification is loaded, in PEM format. @@ -249,6 +246,7 @@ For IPv4 TOS value may be one of .Ar critical , .Ar inetcontrol , +.Ar lowcost , .Ar lowdelay , .Ar netcontrol , .Ar throughput , --- a/netcat.c +++ b/netcat.c @@ -32,6 +32,8 @@ * *Hobbit* <hob...@avian.org>. */ +#define _GNU_SOURCE + #include <sys/types.h> #include <sys/socket.h> #include <sys/uio.h> @@ -41,6 +43,49 @@ #include <netinet/tcp.h> #include <netinet/ip.h> #include <arpa/telnet.h> +#ifdef __linux__ +# include <linux/in6.h> +#endif + +#ifndef IPTOS_LOWDELAY +# define IPTOS_LOWDELAY 0x10 +# define IPTOS_THROUGHPUT 0x08 +# define IPTOS_RELIABILITY 0x04 +# define IPTOS_LOWCOST 0x02 +# define IPTOS_MINCOST IPTOS_LOWCOST +#endif /* IPTOS_LOWDELAY */ + +# ifndef IPTOS_DSCP_AF11 +# define IPTOS_DSCP_AF11 0x28 +# define IPTOS_DSCP_AF12 0x30 +# define IPTOS_DSCP_AF13 0x38 +# define IPTOS_DSCP_AF21 0x48 +# define IPTOS_DSCP_AF22 0x50 +# define IPTOS_DSCP_AF23 0x58 +# define IPTOS_DSCP_AF31 0x68 +# define IPTOS_DSCP_AF32 0x70 +# define IPTOS_DSCP_AF33 0x78 +# define IPTOS_DSCP_AF41 0x88 +# define IPTOS_DSCP_AF42 0x90 +# define IPTOS_DSCP_AF43 0x98 +# define IPTOS_DSCP_EF 0xb8 +#endif /* IPTOS_DSCP_AF11 */ + +#ifndef IPTOS_DSCP_CS0 +# define IPTOS_DSCP_CS0 0x00 +# define IPTOS_DSCP_CS1 0x20 +# define IPTOS_DSCP_CS2 0x40 +# define IPTOS_DSCP_CS3 0x60 +# define IPTOS_DSCP_CS4 0x80 +# define IPTOS_DSCP_CS5 0xa0 +# define IPTOS_DSCP_CS6 0xc0 +# define IPTOS_DSCP_CS7 0xe0 +#endif /* IPTOS_DSCP_CS0 */ + +#ifndef IPTOS_DSCP_EF +# define IPTOS_DSCP_EF 0xb8 +#endif /* IPTOS_DSCP_EF */ + #include <err.h> #include <errno.h> @@ -55,6 +100,8 @@ #include <time.h> #include <unistd.h> #include <tls.h> +#include <bsd/stdlib.h> +#include <bsd/string.h> #include "atomicio.h" #define PORT_MAX 65535 @@ -260,10 +307,14 @@ main(int argc, char *argv[]) uflag = 1; break; case 'V': +# if defined(RT_TABLEID_MAX) rtableid = (int)strtonum(optarg, 0, RT_TABLEID_MAX, &errstr); if (errstr) errx(1, "rtable %s: %s", errstr, optarg); +# else + errx(1, "no alternate routing table support available"); +# endif break; case 'v': vflag = 1; @@ -301,7 +352,11 @@ main(int argc, char *argv[]) oflag = optarg; break; case 'S': +# if defined(TCP_MD5SIG) Sflag = 1; +# else + errx(1, "no TCP MD5 signature support available"); +# endif break; case 'T': errstr = NULL; @@ -326,32 +381,23 @@ main(int argc, char *argv[]) argc -= optind; argv += optind; +# if defined(RT_TABLEID_MAX) if (rtableid >= 0) if (setrtable(rtableid) == -1) err(1, "setrtable"); - - if (family == AF_UNIX) { - if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1) - err(1, "pledge"); - } else if (Fflag) { - if (Pflag) { - if (pledge("stdio inet dns sendfd tty", NULL) == -1) - err(1, "pledge"); - } else if (pledge("stdio inet dns sendfd", NULL) == -1) - err(1, "pledge"); - } else if (Pflag) { - if (pledge("stdio inet dns tty", NULL) == -1) - err(1, "pledge"); - } else if (usetls) { - if (pledge("stdio rpath inet dns", NULL) == -1) - err(1, "pledge"); - } else if (pledge("stdio inet dns", NULL) == -1) - err(1, "pledge"); +# endif /* Cruft to make sure options are clean, and used properly. */ if (argv[0] && !argv[1] && family == AF_UNIX) { host = argv[0]; uport = NULL; + } else if (!argv[0] && lflag) { + if (sflag) + errx(1, "cannot use -s and -l"); + if (zflag) + errx(1, "cannot use -z and -l"); + if (pflag) + uport=pflag; } else if (argv[0] && !argv[1]) { if (!lflag) usage(1); @@ -363,12 +409,6 @@ main(int argc, char *argv[]) } else usage(1); - if (lflag && sflag) - errx(1, "cannot use -s and -l"); - if (lflag && pflag) - errx(1, "cannot use -p and -l"); - if (lflag && zflag) - errx(1, "cannot use -z and -l"); if (!lflag && kflag) errx(1, "must use -l with -k"); if (uflag && usetls) @@ -401,8 +441,8 @@ main(int argc, char *argv[]) } else { strlcpy(unix_dg_tmp_socket_buf, "/tmp/nc.XXXXXXXXXX", UNIX_DG_TMP_SOCKET_SIZE); - if (mktemp(unix_dg_tmp_socket_buf) == NULL) - err(1, "mktemp"); + if (mkstemp(unix_dg_tmp_socket_buf) == -1) + err(1, "mkstemp"); unix_dg_tmp_socket = unix_dg_tmp_socket_buf; } } @@ -880,8 +920,10 @@ remote_connect(const char *host, const c if (sflag || pflag) { struct addrinfo ahints, *ares; +# if defined (SO_BINDANY) /* try SO_BINDANY, but don't insist */ setsockopt(s, SOL_SOCKET, SO_BINDANY, &on, sizeof(on)); +# endif memset(&ahints, 0, sizeof(struct addrinfo)); ahints.ai_family = res->ai_family; ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM; @@ -973,9 +1015,15 @@ local_listen(char *host, char *port, str res->ai_protocol)) < 0) continue; + ret = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x)); + if (ret == -1) + err(1, NULL); + +# if defined(SO_REUSEPORT) ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x)); if (ret == -1) err(1, NULL); +# endif set_common_sockopts(s, res->ai_family); @@ -1425,11 +1473,13 @@ set_common_sockopts(int s, int af) { int x = 1; +# if defined(TCP_MD5SIG) if (Sflag) { if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG, &x, sizeof(x)) == -1) err(1, NULL); } +# endif if (Dflag) { if (setsockopt(s, SOL_SOCKET, SO_DEBUG, &x, sizeof(x)) == -1) @@ -1460,8 +1510,11 @@ set_common_sockopts(int s, int af) IP_TTL, &ttl, sizeof(ttl))) err(1, "set IP TTL"); - else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6, + else +#if defined(IPV6_UNICAST_HOPS) + if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &ttl, sizeof(ttl))) +#endif err(1, "set IPv6 unicast hops"); } @@ -1470,8 +1523,11 @@ set_common_sockopts(int s, int af) IP_MINTTL, &minttl, sizeof(minttl))) err(1, "set IP min TTL"); - else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6, + else +#if defined(IPV6_MINHOPCOUNT) + if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6, IPV6_MINHOPCOUNT, &minttl, sizeof(minttl))) +#endif err(1, "set IPv6 min hop count"); } } @@ -1507,6 +1563,7 @@ map_tos(char *s, int *val) { "cs7", IPTOS_DSCP_CS7 }, { "ef", IPTOS_DSCP_EF }, { "inetcontrol", IPTOS_PREC_INTERNETCONTROL }, + { "lowcost", IPTOS_LOWCOST }, { "lowdelay", IPTOS_LOWDELAY }, { "netcontrol", IPTOS_PREC_NETCONTROL }, { "reliability", IPTOS_RELIABILITY }, @@ -1640,6 +1697,9 @@ report_connect(const struct sockaddr *sa void help(void) { +# if defined(DEBIAN_VERSION) + fprintf(stderr, "OpenBSD netcat (Debian patchlevel " DEBIAN_VERSION ")\n"); +# endif usage(0); fprintf(stderr, "\tCommand Summary:\n\ \t-4 Use IPv4\n\ @@ -1680,7 +1740,7 @@ help(void) \t-x addr[:port]\tSpecify proxy address and port\n\ \t-z Zero-I/O mode [used for scanning]\n\ Port numbers can be individual or ranges: lo-hi [inclusive]\n"); - exit(1); + exit(0); } void --- a/socks.c +++ b/socks.c @@ -38,7 +38,7 @@ #include <string.h> #include <unistd.h> #include <resolv.h> -#include <readpassphrase.h> +#include <bsd/readpassphrase.h> #include "atomicio.h" #define SOCKS_PORT "1080" @@ -219,11 +219,11 @@ socks_connect(const char *host, const ch buf[2] = SOCKS_NOAUTH; cnt = atomicio(vwrite, proxyfd, buf, 3); if (cnt != 3) - err(1, "write failed (%zu/3)", cnt); + err(1, "write failed (%zu/3)", (size_t)cnt); cnt = atomicio(read, proxyfd, buf, 2); if (cnt != 2) - err(1, "read failed (%zu/3)", cnt); + err(1, "read failed (%zu/3)", (size_t)cnt); if (buf[1] == SOCKS_NOMETHOD) errx(1, "authentication method negotiation failed"); @@ -272,11 +272,11 @@ socks_connect(const char *host, const ch cnt = atomicio(vwrite, proxyfd, buf, wlen); if (cnt != wlen) - err(1, "write failed (%zu/%zu)", cnt, wlen); + err(1, "write failed (%zu/%zu)", (size_t)cnt, (size_t)wlen); cnt = atomicio(read, proxyfd, buf, 4); if (cnt != 4) - err(1, "read failed (%zu/4)", cnt); + err(1, "read failed (%zu/4)", (size_t)cnt); if (buf[1] != 0) { errx(1, "connection failed, SOCKSv5 error: %s", socks5_strerror(buf[1])); @@ -285,12 +285,12 @@ socks_connect(const char *host, const ch case SOCKS_IPV4: cnt = atomicio(read, proxyfd, buf + 4, 6); if (cnt != 6) - err(1, "read failed (%zu/6)", cnt); + err(1, "read failed (%zu/6)", (size_t)cnt); break; case SOCKS_IPV6: cnt = atomicio(read, proxyfd, buf + 4, 18); if (cnt != 18) - err(1, "read failed (%zu/18)", cnt); + err(1, "read failed (%zu/18)", (size_t)cnt); break; default: errx(1, "connection failed, unsupported address type"); @@ -310,11 +310,11 @@ socks_connect(const char *host, const ch cnt = atomicio(vwrite, proxyfd, buf, wlen); if (cnt != wlen) - err(1, "write failed (%zu/%zu)", cnt, wlen); + err(1, "write failed (%zu/%zu)", (size_t)cnt, (size_t)wlen); cnt = atomicio(read, proxyfd, buf, 8); if (cnt != 8) - err(1, "read failed (%zu/8)", cnt); + err(1, "read failed (%zu/8)", (size_t)cnt); if (buf[1] != 90) { errx(1, "connection failed, SOCKSv4 error: %s", socks4_strerror(buf[1])); @@ -328,39 +328,39 @@ socks_connect(const char *host, const ch /* Try to be sane about numeric IPv6 addresses */ if (strchr(host, ':') != NULL) { - r = snprintf(buf, sizeof(buf), + r = snprintf((char*)buf, sizeof(buf), "CONNECT [%s]:%d HTTP/1.0\r\n", host, ntohs(serverport)); } else { - r = snprintf(buf, sizeof(buf), + r = snprintf((char*)buf, sizeof(buf), "CONNECT %s:%d HTTP/1.0\r\n", host, ntohs(serverport)); } if (r == -1 || (size_t)r >= sizeof(buf)) errx(1, "hostname too long"); - r = strlen(buf); + r = strlen((char*)buf); cnt = atomicio(vwrite, proxyfd, buf, r); if (cnt != r) - err(1, "write failed (%zu/%d)", cnt, r); + err(1, "write failed (%zu/%d)", (size_t)cnt, (int)r); if (authretry > 1) { char resp[1024]; proxypass = getproxypass(proxyuser, proxyhost); - r = snprintf(buf, sizeof(buf), "%s:%s", + r = snprintf((char*)buf, sizeof(buf), "%s:%s", proxyuser, proxypass); if (r == -1 || (size_t)r >= sizeof(buf) || - b64_ntop(buf, strlen(buf), resp, + b64_ntop(buf, strlen((char*)buf), resp, sizeof(resp)) == -1) errx(1, "Proxy username/password too long"); - r = snprintf(buf, sizeof(buf), "Proxy-Authorization: " + r = snprintf((char*)buf, sizeof(buf), "Proxy-Authorization: " "Basic %s\r\n", resp); if (r == -1 || (size_t)r >= sizeof(buf)) errx(1, "Proxy auth response too long"); - r = strlen(buf); + r = strlen((char*)buf); if ((cnt = atomicio(vwrite, proxyfd, buf, r)) != r) - err(1, "write failed (%zu/%d)", cnt, r); + err(1, "write failed (%zu/%d)", (size_t)cnt, r); } /* Terminate headers */ @@ -368,22 +368,22 @@ socks_connect(const char *host, const ch err(1, "write failed (%zu/2)", cnt); /* Read status reply */ - proxy_read_line(proxyfd, buf, sizeof(buf)); + proxy_read_line(proxyfd, (char*)buf, sizeof(buf)); if (proxyuser != NULL && - strncmp(buf, "HTTP/1.0 407 ", 12) == 0) { + strncmp((char*)buf, "HTTP/1.0 407 ", 12) == 0) { if (authretry > 1) { fprintf(stderr, "Proxy authentication " "failed\n"); } close(proxyfd); goto again; - } else if (strncmp(buf, "HTTP/1.0 200 ", 12) != 0 && - strncmp(buf, "HTTP/1.1 200 ", 12) != 0) + } else if (strncmp((char*)buf, "HTTP/1.0 200 ", 12) != 0 && + strncmp((char*)buf, "HTTP/1.1 200 ", 12) != 0) errx(1, "Proxy error: \"%s\"", buf); /* Headers continue until we hit an empty line */ for (r = 0; r < HTTP_MAXHDRS; r++) { - proxy_read_line(proxyfd, buf, sizeof(buf)); + proxy_read_line(proxyfd, (char*)buf, sizeof(buf)); if (*buf == '\0') break; } ++++++ quit-timer.patch ++++++ --- /var/tmp/diff_new_pack.GhUzhQ/_old 2017-07-30 11:25:15.747323012 +0200 +++ /var/tmp/diff_new_pack.GhUzhQ/_new 2017-07-30 11:25:15.747323012 +0200 @@ -1,74 +1,133 @@ -Index: netcat-openbsd-1.89/netcat.c -=================================================================== ---- netcat-openbsd-1.89.orig/netcat.c 2010-04-18 20:02:55.240980186 -0400 -+++ netcat-openbsd-1.89/netcat.c 2010-04-18 20:04:41.987984568 -0400 -@@ -47,6 +47,7 @@ - #include <errno.h> - #include <netdb.h> - #include <poll.h> -+#include <signal.h> - #include <stdarg.h> - #include <stdio.h> - #include <stdlib.h> -@@ -82,6 +83,7 @@ +From: Aron Xu <a...@debian.org> +Date: Mon, 13 Feb 2012 15:16:04 +0800 +Subject: quit timer + +--- + nc.1 | 10 ++++++++++ + netcat.c | 50 +++++++++++++++++++++++++++++++++++++++++--------- + 2 files changed, 51 insertions(+), 9 deletions(-) + +--- a/nc.1 ++++ b/nc.1 +@@ -41,6 +41,7 @@ + .Op Fl O Ar length + .Op Fl P Ar proxy_username + .Op Fl p Ar source_port ++.Op Fl q Ar seconds + .Op Fl s Ar source + .Op Fl T Ar keyword + .Op Fl V Ar rtable +@@ -173,6 +174,15 @@ Proxy authentication is only supported f + Specifies the source port + .Nm + should use, subject to privilege restrictions and availability. ++.It Fl q Ar seconds ++after EOF on stdin, wait the specified number of ++.Ar seconds ++and then quit. If ++.Ar seconds ++is negative, wait forever (default). Specifying a non-negative ++.Ar seconds ++implies ++.Fl N . + .It Fl r + Specifies that source and/or destination ports should be chosen randomly + instead of sequentially within a range or in the order that the system +--- a/netcat.c ++++ b/netcat.c +@@ -139,6 +139,7 @@ int Nflag; /* shutdown() network soc int nflag; /* Don't do name look up */ char *Pflag; /* Proxy username */ char *pflag; /* Localport flag */ -+int qflag = -1; /* Quit after some secs */ ++int qflag = -1; /* Quit after some secs */ int rflag; /* Random ports flag */ char *sflag; /* Source Address */ int tflag; /* Telnet Emulation */ -@@ -114,6 +116,7 @@ +@@ -218,6 +219,8 @@ ssize_t fillbuf(int, unsigned char *, si + static int connect_with_timeout(int fd, const struct sockaddr *sa, + socklen_t salen, int ctimeout); - static int connect_with_timeout(int fd, const struct sockaddr *sa, - socklen_t salen, int ctimeout); +static void quit(); - ++ int main(int argc, char *argv[]) -@@ -137,7 +140,7 @@ - sv = NULL; + { +@@ -246,9 +249,9 @@ main(int argc, char *argv[]) while ((ch = getopt(argc, argv, -- "46Ddhi:jklnP:p:rSs:tT:Uuvw:X:x:zC")) != -1) { -+ "46Ddhi:jklnP:p:q:rSs:tT:Uuvw:X:x:zC")) != -1) { + # if defined(TLS) +- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vw:X:x:z")) != -1) { ++ "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vw:X:x:z")) != -1) { + # else +- "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vw:X:x:z")) != -1) { ++ "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vw:X:x:z")) != -1) { + # endif switch (ch) { case '4': - family = AF_INET; -@@ -187,6 +190,9 @@ +@@ -339,6 +342,13 @@ main(int argc, char *argv[]) case 'p': pflag = optarg; break; -+ case 'q': -+ qflag = (int)strtoul(optarg, &endp, 10); ++ case 'q': ++ qflag = strtonum(optarg, INT_MIN, INT_MAX, &errstr); ++ if (errstr) ++ errx(1, "quit timer %s: %s", errstr, optarg); ++ if (qflag >= 0) ++ Nflag = 1; + break; - case 'r': - rflag = 1; - break; -@@ -756,7 +762,13 @@ - } - else if (pfd[1].revents & POLLHUP) { - shutdown_wr: -- shutdown(nfd, SHUT_WR); -+ /* if user asked to die after a while, arrange for it */ -+ if (qflag > 0) { -+ signal(SIGALRM, quit); -+ alarm(qflag); -+ } else { -+ shutdown(nfd, SHUT_WR); -+ } - pfd[1].fd = -1; - pfd[1].events = 0; - } -@@ -951,6 +963,7 @@ - \t-n Suppress name/port resolutions\n\ + # if defined(TLS) + case 'R': + tls_cachanged = 1; +@@ -1253,15 +1263,27 @@ readwrite(int net_fd) + while (1) { + /* both inputs are gone, buffers are empty, we are done */ + if (pfd[POLL_STDIN].fd == -1 && pfd[POLL_NETIN].fd == -1 && +- stdinbufpos == 0 && netinbufpos == 0) +- return; ++ stdinbufpos == 0 && netinbufpos == 0) { ++ if (qflag <= 0) ++ return; ++ goto delay_exit; ++ } + /* both outputs are gone, we can't continue */ +- if (pfd[POLL_NETOUT].fd == -1 && pfd[POLL_STDOUT].fd == -1) +- return; ++ if (pfd[POLL_NETOUT].fd == -1 && pfd[POLL_STDOUT].fd == -1) { ++ if (qflag <= 0) ++ return; ++ goto delay_exit; ++ } + /* listen and net in gone, queues empty, done */ + if (lflag && pfd[POLL_NETIN].fd == -1 && +- stdinbufpos == 0 && netinbufpos == 0) +- return; ++ stdinbufpos == 0 && netinbufpos == 0) { ++ if (qflag <= 0) ++ return; ++delay_exit: ++ close(net_fd); ++ signal(SIGALRM, quit); ++ alarm(qflag); ++ } + + /* poll */ + num_fds = poll(pfd, 4, timeout); +@@ -1936,6 +1958,7 @@ help(void) + \t-O length TCP send buffer length\n\ \t-P proxyuser\tUsername for proxy authentication\n\ \t-p port\t Specify local port for remote connects\n\ + \t-q secs\t quit after EOF on stdin and delay of secs\n\ - \t-r Randomize remote ports\n " - #ifdef TCP_MD5SIG - " \t-S Enable the TCP MD5 signature option\n" -@@ -979,3 +992,13 @@ + \t-r Randomize remote ports\n\ + \t-S Enable the TCP MD5 signature option\n\ + \t-s source Local source address\n\ +@@ -1959,9 +1982,18 @@ usage(int ret) + fprintf(stderr, + "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" + "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n" +- "\t [-s source] [-T keyword] [-V rtable] [-w timeout] " ++ "\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-w timeout] " + "[-X proxy_protocol]\n" + "\t [-x proxy_address[:port]] [destination] [port]\n"); if (ret) exit(1); } @@ -79,6 +138,5 @@ + */ +static void quit() +{ -+ /* XXX: should explicitly close fds here */ + exit(0); +} ++++++ send-crlf.patch ++++++ --- /var/tmp/diff_new_pack.GhUzhQ/_old 2017-07-30 11:25:15.771319626 +0200 +++ /var/tmp/diff_new_pack.GhUzhQ/_new 2017-07-30 11:25:15.771319626 +0200 @@ -1,109 +1,187 @@ -Index: netcat-openbsd-1.89/netcat.c -=================================================================== ---- netcat-openbsd-1.89.orig/netcat.c 2008-06-19 16:49:57.000000000 -0400 -+++ netcat-openbsd-1.89/netcat.c 2008-06-19 17:04:22.000000000 -0400 -@@ -73,6 +73,7 @@ - #define UDP_SCAN_TIMEOUT 3 /* Seconds */ - - /* Command Line Options */ -+int Cflag = 0; /* CRLF line-ending */ - int dflag; /* detached, no stdin */ - int iflag; /* Interval Flag */ - int jflag; /* use jumbo frames if we can */ -@@ -136,7 +137,7 @@ - sv = NULL; - - while ((ch = getopt(argc, argv, -- "46Ddhi:jklnP:p:rSs:tT:Uuvw:X:x:z")) != -1) { -+ "46Ddhi:jklnP:p:rSs:tT:Uuvw:X:x:zC")) != -1) { - switch (ch) { - case '4': - family = AF_INET; -@@ -226,6 +227,9 @@ - case 'T': - Tflag = parse_iptos(optarg); - break; -+ case 'C': -+ Cflag = 1; -+ break; - default: - usage(1); - } -@@ -738,8 +742,16 @@ - else if (n == 0) { - goto shutdown_wr; - } else { -- if (atomicio(vwrite, nfd, buf, n) != n) -- return; -+ if ((Cflag) && (buf[n-1]=='\n')) { -+ if (atomicio(vwrite, nfd, buf, n-1) != (n-1)) -+ return; -+ if (atomicio(vwrite, nfd, "\r\n", 2) != 2) -+ return; -+ } -+ else { -+ if (atomicio(vwrite, nfd, buf, n) != n) -+ return; -+ } - } - } - else if (pfd[1].revents & POLLHUP) { -@@ -944,6 +956,7 @@ - #endif - " \t-s addr\t Local source address\n\ - \t-T ToS\t Set IP Type of Service\n\ -+ \t-C Send CRLF as line-ending\n\ - \t-t Answer TELNET negotiation\n\ - \t-U Use UNIX domain socket\n\ - \t-u UDP mode\n\ -@@ -959,7 +972,7 @@ - void - usage(int ret) - { -- fprintf(stderr, "usage: nc [-46DdhklnrStUuvz] [-i interval] [-P proxy_username] [-p source_port]\n"); -+ fprintf(stderr, "usage: nc [-46DdhklnrStUuvzC] [-i interval] [-P proxy_username] [-p source_port]\n"); - fprintf(stderr, "\t [-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_protocol]\n"); - fprintf(stderr, "\t [-x proxy_address[:port]] [hostname] [port[s]]\n"); - if (ret) -Index: netcat-openbsd-1.89/nc.1 -=================================================================== ---- netcat-openbsd-1.89.orig/nc.1 2008-06-19 16:49:39.000000000 -0400 -+++ netcat-openbsd-1.89/nc.1 2008-06-19 16:54:36.000000000 -0400 -@@ -34,7 +34,7 @@ +From: Aron Xu <a...@debian.org> +Date: Mon, 13 Feb 2012 14:57:45 +0800 +Subject: send crlf + +--- + nc.1 | 6 +++-- + netcat.c | 72 +++++++++++++++++++++++++++++++++++---------------------------- + 2 files changed, 45 insertions(+), 33 deletions(-) + +--- a/nc.1 ++++ b/nc.1 +@@ -33,7 +33,7 @@ + .Nd arbitrary TCP and UDP connections and listens .Sh SYNOPSIS .Nm nc - .Bk -words --.Op Fl 46DdhklnrStUuvz -+.Op Fl 46DdhklnrStUuvzC +-.Op Fl 46DdFhklNnrStUuvz ++.Op Fl 46CDdFhklNnrStUuvz + .Op Fl I Ar length .Op Fl i Ar interval - .Op Fl P Ar proxy_username - .Op Fl p Ar source_port -@@ -140,6 +140,10 @@ - It is an error to use this option in conjunction with the - .Fl l - option. -+.It Fl q -+after EOF on stdin, wait the specified number of seconds and then quit. If -+.Ar seconds -+is negative, wait forever. - .It Fl r - Specifies that source and/or destination ports should be chosen randomly - instead of sequentially within a range or in the order that the system -@@ -159,6 +163,8 @@ - .Dq reliability , - or an 8-bit hexadecimal value preceded by - .Dq 0x . -+.It Fl C -+Send CRLF as line-ending - .It Fl t - Causes + .Op Fl M Ar ttl +@@ -95,6 +95,8 @@ to use IPv4 addresses only. + Forces .Nm -@@ -317,7 +323,7 @@ + to use IPv6 addresses only. ++.It Fl C ++Send CRLF as line-ending. + .It Fl D + Enable debugging on the socket. + .It Fl d +@@ -379,7 +381,7 @@ More complicated examples can be built u of requests required by the server. As another example, an email may be submitted to an SMTP server using: .Bd -literal -offset indent -$ nc localhost 25 \*(Lt\*(Lt EOF -+$ nc [-C] localhost 25 \*(Lt\*(Lt EOF ++$ nc [\-C] localhost 25 \*(Lt\*(Lt EOF HELO host.example.com MAIL FROM:\*(ltu...@host.example.com\*(Gt RCPT TO:\*(ltus...@host.example.com\*(Gt +--- a/netcat.c ++++ b/netcat.c +@@ -163,6 +163,8 @@ int tls_cachanged; /* Using non-defau + int TLSopt; /* TLS options */ + char *tls_expectname; /* required name in peer cert */ + char *tls_expecthash; /* required hash of peer cert */ ++# else ++int Cflag = 0; /* CRLF line-ending */ + # endif + + int timeout = -1; +@@ -209,7 +211,7 @@ ssize_t fillbuf(int, unsigned char *, si + void tls_setup_client(struct tls *, int, char *); + struct tls *tls_setup_server(struct tls *, int, char *); + # else +-ssize_t drainbuf(int, unsigned char *, size_t *); ++ssize_t drainbuf(int, unsigned char *, size_t *, int); + ssize_t fillbuf(int, unsigned char *, size_t *); + # endif + +@@ -246,7 +248,7 @@ main(int argc, char *argv[]) + # if defined(TLS) + "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vw:X:x:z")) != -1) { + # else +- "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vw:X:x:z")) != -1) { ++ "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vw:X:x:z")) != -1) { + # endif + switch (ch) { + case '4': +@@ -275,6 +277,10 @@ main(int argc, char *argv[]) + case 'c': + usetls = 1; + break; ++# else ++ case 'C': ++ Cflag = 1; ++ break; + # endif + case 'd': + dflag = 1; +@@ -1257,12 +1263,6 @@ readwrite(int net_fd) + stdinbufpos == 0 && netinbufpos == 0) + return; + +- /* help says -i is for "wait between lines sent". We read and +- * write arbitrary amounts of data, and we don't want to start +- * scanning for newlines, so this is as good as it gets */ +- if (iflag) +- sleep(iflag); +- + /* poll */ + num_fds = poll(pfd, 4, timeout); + +@@ -1342,7 +1342,7 @@ readwrite(int net_fd) + pfd[POLL_NETOUT].events = POLLOUT; + else + # else +- &stdinbufpos); ++ &stdinbufpos, (iflag || Cflag) ? 1 : 0); + # endif + if (ret == -1) + pfd[POLL_NETOUT].fd = -1; +@@ -1395,7 +1395,7 @@ readwrite(int net_fd) + pfd[POLL_STDOUT].events = POLLOUT; + else + # else +- &netinbufpos); ++ &netinbufpos, 0); + # endif + if (ret == -1) + pfd[POLL_STDOUT].fd = -1; +@@ -1421,31 +1421,40 @@ readwrite(int net_fd) + } + + ssize_t +-# if defined(TLS) +-drainbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls) +-# else +-drainbuf(int fd, unsigned char *buf, size_t *bufpos) +-# endif ++drainbuf(int fd, unsigned char *buf, size_t *bufpos, int oneline) + { +- ssize_t n; ++ ssize_t n, r; + ssize_t adjust; ++ unsigned char *lf = NULL; + +-# if defined(TLS) +- if (tls) +- n = tls_write(tls, buf, *bufpos); +- else { +-# endif +- n = write(fd, buf, *bufpos); +- /* don't treat EAGAIN, EINTR as error */ +- if (n == -1 && (errno == EAGAIN || errno == EINTR)) +-# if defined(TLS) +- n = TLS_WANT_POLLOUT; +- } +-# else +- n = -2; +-# endif ++ if (oneline) ++ lf = memchr(buf, '\n', *bufpos); ++ if (lf == NULL) { ++ n = *bufpos; ++ oneline = 0; ++ } ++ else if (Cflag && (lf == buf || buf[lf - buf - 1] != '\r')) { ++ n = lf - buf; ++ oneline = 2; ++ } ++ else ++ n = lf - buf + 1; ++ if (n > 0) ++ n = write(fd, buf, n); ++ ++ /* don't treat EAGAIN, EINTR as error */ ++ if (n == -1 && (errno == EAGAIN || errno == EINTR)) ++ n = -2; ++ if (oneline == 2 && n >= 0) ++ n++; + if (n <= 0) + return n; ++ ++ if (oneline == 2 && (r = atomicio(vwrite, fd, "\r\n", 2)) != 2) ++ err(1, "write failed (%zu/2)", r); ++ if (oneline > 0 && iflag) ++ sleep(iflag); ++ + /* adjust buffer */ + adjust = *bufpos - n; + if (adjust > 0) +@@ -1911,6 +1920,7 @@ help(void) + fprintf(stderr, "\tCommand Summary:\n\ + \t-4 Use IPv4\n\ + \t-6 Use IPv6\n\ ++ \t-C Send CRLF as line-ending\n\ + \t-D Enable the debug socket option\n\ + \t-d Detach from stdin\n\ + \t-F Pass socket fd\n\ +@@ -1947,7 +1957,7 @@ void + usage(int ret) + { + fprintf(stderr, +- "usage: nc [-46DdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" ++ "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" + "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n" + "\t [-s source] [-T keyword] [-V rtable] [-w timeout] " + "[-X proxy_protocol]\n" ++++++ serialized-handling-multiple-clients.patch ++++++ From: Aron Xu <a...@debian.org> Date: Tue, 14 Feb 2012 23:02:00 +0800 Subject: serialized handling multiple clients --- netcat.c | 41 ++++++++++++++++++++--------------------- 1 file changed, 20 insertions(+), 21 deletions(-) --- a/netcat.c +++ b/netcat.c @@ -664,7 +664,20 @@ main(int argc, char *argv[]) s = unix_bind(host, 0); else s = unix_listen(host); - } + } else + s = local_listen(host, uport, hints); + if (s < 0) + err(1, NULL); + + char* local; + if (family == AF_INET6) + local = ":::"; + else + local = "0.0.0.0"; + fprintf(stderr, "Listening on [%s] (family %d, port %d)\n", + host ?: local, + family, + *uport); # if defined(TLS) if (usetls) { @@ -678,22 +691,7 @@ main(int argc, char *argv[]) # endif /* Allow only one connection at a time, but stay alive. */ for (;;) { - if (family != AF_UNIX) - s = local_listen(host, uport, hints); - if (s < 0) - err(1, NULL); - - char* local; - if (family == AF_INET6) - local = "0.0.0.0"; - else if (family == AF_INET) - local = ":::"; - else - local = "unknown"; - fprintf(stderr, "Listening on [%s] (family %d, port %d)\n", - host ?: local, - family, - *uport); + /* * For UDP and -k, don't connect the socket, let it * receive datagrams from multiple socket pairs. @@ -760,15 +758,16 @@ main(int argc, char *argv[]) # endif close(connfd); } - if (family != AF_UNIX) + if (kflag) + continue; + if (family != AF_UNIX) { close(s); + } else if (uflag) { if (connect(s, NULL, 0) < 0) err(1, "connect"); } - - if (!kflag) - break; + break; } } else if (family == AF_UNIX) { ret = 0; ++++++ set-TCP-MD5SIG-correctly-for-client-connections.patch ++++++ From: Thomas Habets <hab...@google.com> Date: Sat, 18 Feb 2017 21:07:22 +0000 Subject: Set TCP MD5SIG correctly for client connections --- netcat.c | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) --- a/netcat.c +++ b/netcat.c @@ -47,6 +47,9 @@ #ifdef __linux__ # include <linux/in6.h> #endif +#if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN) +# include <bsd/readpassphrase.h> +#endif #ifndef IPTOS_LOWDELAY # define IPTOS_LOWDELAY 0x10 @@ -172,6 +175,9 @@ char *tls_expecthash; /* required hash int Cflag = 0; /* CRLF line-ending */ # endif +# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN) +char Sflag_password[TCP_MD5SIG_MAXKEYLEN]; +# endif int timeout = -1; int family = AF_UNSPEC; char *portlist[PORT_MAX+1]; @@ -200,7 +206,7 @@ int udptest(int); int unix_bind(char *, int); int unix_connect(char *); int unix_listen(char *); -void set_common_sockopts(int, int); +void set_common_sockopts(int, const struct sockaddr *); int map_tos(char *, int *); # if defined(TLS) int map_tls(char *, int *); @@ -427,7 +433,10 @@ main(int argc, char *argv[]) break; # endif case 'S': -# if defined(TCP_MD5SIG) +# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN) + if (readpassphrase("TCP MD5SIG password: ", + Sflag_password, TCP_MD5SIG_MAXKEYLEN, RPP_REQUIRE_TTY) == NULL) + errx(1, "Unable to read TCP MD5SIG password"); Sflag = 1; # else errx(1, "no TCP MD5 signature support available"); @@ -1120,7 +1129,7 @@ remote_connect(const char *host, const c freeaddrinfo(ares); } - set_common_sockopts(s, res->ai_family); + set_common_sockopts(s, res->ai_addr); char *proto = proto_name(uflag, dccpflag); if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS) @@ -1274,7 +1283,7 @@ local_listen(char *host, char *port, str err(1, NULL); # endif - set_common_sockopts(s, res->ai_family); + set_common_sockopts(s, res->ai_addr); if (bind(s, (struct sockaddr *)res->ai_addr, res->ai_addrlen) == 0) @@ -1788,14 +1797,22 @@ udptest(int s) } void -set_common_sockopts(int s, int af) +set_common_sockopts(int s, const struct sockaddr* sa) { int x = 1; + int af = sa->sa_family; -# if defined(TCP_MD5SIG) +# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN) if (Sflag) { + struct tcp_md5sig sig; + memset(&sig, 0, sizeof(sig)); + memcpy(&sig.tcpm_addr, sa, sizeof(struct sockaddr_storage)); + sig.tcpm_keylen = TCP_MD5SIG_MAXKEYLEN < strlen(Sflag_password) + ? TCP_MD5SIG_MAXKEYLEN + : strlen(Sflag_password); + strlcpy(sig.tcpm_key, Sflag_password, sig.tcpm_keylen); if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG, - &x, sizeof(x)) == -1) + &sig, sizeof(sig)) == -1) err(1, NULL); } # endif ++++++ udp-scan-timeout.patch ++++++ --- /var/tmp/diff_new_pack.GhUzhQ/_old 2017-07-30 11:25:15.811313982 +0200 +++ /var/tmp/diff_new_pack.GhUzhQ/_new 2017-07-30 11:25:15.811313982 +0200 @@ -1,8 +1,14 @@ -Index: netcat-openbsd-1.89/netcat.c -=================================================================== ---- netcat-openbsd-1.89.orig/netcat.c 2008-01-22 16:17:30.000000000 -0500 -+++ netcat-openbsd-1.89/netcat.c 2008-01-22 16:17:34.000000000 -0500 -@@ -69,6 +69,8 @@ +From: Aron Xu <a...@debian.org> +Date: Mon, 13 Feb 2012 15:29:37 +0800 +Subject: udp scan timeout + +--- + netcat.c | 23 +++++++++++++++-------- + 1 file changed, 15 insertions(+), 8 deletions(-) + +--- a/netcat.c ++++ b/netcat.c +@@ -129,6 +129,8 @@ #define CONNECTION_FAILED 1 #define CONNECTION_TIMEOUT 2 @@ -10,17 +16,17 @@ + /* Command Line Options */ int dflag; /* detached, no stdin */ - int iflag; /* Interval Flag */ -@@ -376,7 +378,7 @@ + int Fflag; /* fdpass sock to stdout */ +@@ -774,7 +776,7 @@ main(int argc, char *argv[]) continue; ret = 0; -- if (vflag) { -+ if (vflag && !uflag) { +- if (vflag || zflag) { ++ if (vflag) { /* For UDP, make sure we are connected. */ if (uflag) { if (udptest(s) == -1) { -@@ -841,15 +843,20 @@ +@@ -1693,15 +1695,20 @@ build_ports(char *p) int udptest(int s) { ++++++ verbose-numeric-port.patch ++++++ --- /var/tmp/diff_new_pack.GhUzhQ/_old 2017-07-30 11:25:15.831311161 +0200 +++ /var/tmp/diff_new_pack.GhUzhQ/_new 2017-07-30 11:25:15.839310032 +0200 @@ -1,24 +1,47 @@ -Index: netcat-openbsd-1.89/netcat.c -=================================================================== ---- netcat-openbsd-1.89.orig/netcat.c 2008-01-22 16:17:34.000000000 -0500 -+++ netcat-openbsd-1.89/netcat.c 2008-01-22 16:17:44.000000000 -0500 -@@ -41,6 +41,7 @@ +From: Aron Xu <a...@debian.org> +Date: Mon, 13 Feb 2012 15:38:15 +0800 +Subject: verbose numeric port + +--- + netcat.c | 19 ++++++++++++++++--- + 1 file changed, 16 insertions(+), 3 deletions(-) + +--- a/netcat.c ++++ b/netcat.c +@@ -43,6 +43,7 @@ #include <netinet/tcp.h> #include <netinet/ip.h> #include <arpa/telnet.h> +#include <arpa/inet.h> - - #include <err.h> - #include <errno.h> -@@ -317,16 +318,15 @@ - if (uflag) { - int rv, plen; - char buf[8192]; -- struct sockaddr_storage z; + #ifdef __linux__ + # include <linux/in6.h> + #endif +@@ -651,6 +652,18 @@ main(int argc, char *argv[]) + s = local_listen(host, uport, hints); + if (s < 0) + err(1, NULL); ++ ++ char* local; ++ if (family == AF_INET6) ++ local = "0.0.0.0"; ++ else if (family == AF_INET) ++ local = ":::"; ++ else ++ local = "unknown"; ++ fprintf(stderr, "Listening on [%s] (family %d, port %d)\n", ++ host ?: local, ++ family, ++ *uport); + /* + * For UDP and -k, don't connect the socket, let it + * receive datagrams from multiple socket pairs. +@@ -671,14 +684,14 @@ main(int argc, char *argv[]) + char buf[16384]; + struct sockaddr_storage z; - len = sizeof(z); + len = sizeof(cliaddr); - plen = jflag ? 8192 : 1024; + plen = 2048; rv = recvfrom(s, buf, plen, MSG_PEEK, - (struct sockaddr *)&z, &len); + (struct sockaddr *)&cliaddr, &len); @@ -30,25 +53,3 @@ if (rv < 0) err(1, "connect"); -@@ -337,6 +337,21 @@ - &len); - } - -+ if(vflag) { -+ /* Don't look up port if -n. */ -+ if (nflag) -+ sv = NULL; -+ else -+ sv = getservbyport(ntohs(atoi(uport)), -+ uflag ? "udp" : "tcp"); -+ -+ fprintf(stderr, "Connection from %s port %s [%s/%s] accepted\n", -+ inet_ntoa(((struct sockaddr_in *)(&cliaddr))->sin_addr), -+ uport, -+ uflag ? "udp" : "tcp", -+ sv ? sv->s_name : "*"); -+ } -+ - readwrite(connfd); - close(connfd); - if (family != AF_UNIX)
