diff options
author | delphij <delphij@FreeBSD.org> | 2005-02-06 14:44:27 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2005-02-06 14:44:27 +0000 |
commit | 3302f9bcc3967059e43ceb7fce6b42276339a114 (patch) | |
tree | 0205d7f40b32ed67ae0d36b08c13e6888ac4a3a9 | |
parent | de15cfcd1d928d995f6be111d0c21e4e56900cd3 (diff) | |
download | FreeBSD-src-3302f9bcc3967059e43ceb7fce6b42276339a114.zip FreeBSD-src-3302f9bcc3967059e43ceb7fce6b42276339a114.tar.gz |
Finish the import of nc(1) from OpenBSD. This includes:
- Bring IPsec support from the ports collection [1].
- Bring -o ("once only") option from the ports
collection [2].
- Adopt the Makefile framework into
usr.bin/nc/Makefile.
- Add a knob to control whether to build nc(1),
NO_NETCAT.
- Bump __FreeBSD_version so ports collection can
detect this change.
Original patchset are contributed to the ports collection by:
[1] nectar, [2] joerg.
Note: WARNS?=6 patchset spined off in this commit, in order not
to take too many files off the vendor branch.
-rw-r--r-- | contrib/netcat/nc.1 | 35 | ||||
-rw-r--r-- | contrib/netcat/netcat.c | 94 | ||||
-rw-r--r-- | sys/sys/param.h | 2 | ||||
-rw-r--r-- | usr.bin/nc/Makefile | 11 |
4 files changed, 131 insertions, 11 deletions
diff --git a/contrib/netcat/nc.1 b/contrib/netcat/nc.1 index 472fa76..8ae7465 100644 --- a/contrib/netcat/nc.1 +++ b/contrib/netcat/nc.1 @@ -1,5 +1,3 @@ -.\" $OpenBSD: nc.1,v 1.36 2005/01/07 10:11:31 jmc Exp $ -.\" .\" Copyright (c) 1996 David Sacerdote .\" All rights reserved. .\" @@ -25,7 +23,10 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd June 25, 2001 +.\" $OpenBSD: nc.1,v 1.36 2005/01/07 10:11:31 jmc Exp $ +.\" $FreeBSD$ +.\" +.Dd January 30, 2005 .Dt NC 1 .Os .Sh NAME @@ -34,7 +35,8 @@ .Sh SYNOPSIS .Nm nc .Bk -words -.Op Fl 46DdhklnrStUuvz +.Op Fl 46DEdhklnorStUuvz +.Op Fl e Ar IPsec policy .Op Fl i Ar interval .Op Fl p Ar source_port .Op Fl s Ar source_ip_address @@ -99,6 +101,16 @@ Do not attempt to read from stdin. Prints out .Nm help. +.It Fl E +Shortcut for "-e 'in ipsec esp/transport//require' -e 'out ipsec +esp/transport//require'", which enables IPsec ESP transport mode in both +directions. +.It Fl e +If IPsec support is available, then one can specify the IPsec policies +to be used using the syntax described in +.Xr ipsec_set_policy 3 . +This flag can be specified up to two times, as typically one policy for +each direction is needed. .It Fl i Ar interval Specifies a delay time interval between lines of text sent and received. Also causes a delay time between connections to multiple ports. @@ -127,6 +139,15 @@ option are ignored. .It Fl n Do not do any DNS or service lookups on any specified addresses, hostnames or ports. +.It Fl o +.Dq Once-only mode . +By default, +.Nm +does not terminate on EOF condition on input, +but continues until the network side has been closed down. +Specifying +.Fl o +will make it terminate on EOF as well. .It Fl p Ar source_port Specifies the source port .Nm @@ -362,6 +383,12 @@ Open a UDP connection to port 53 of hostname: .Pp Open a TCP connection to port 42 of example.host using 10.1.2.3 as the IP for the local end of the connection: +.It Li "nc -E example.host 42" +Open a TCP connection to port 42 of example.host using IPsec ESP for +incoming and outgoing traffic. +.It Li "nc -e 'out ipsec esp/transport//require' example.host 42" +Open a TCP connection to port 42 of example.host using IPsec ESP for +outgoing traffic only. .Pp .Dl $ nc -s 10.1.2.3 example.host 42 .Pp diff --git a/contrib/netcat/netcat.c b/contrib/netcat/netcat.c index 3c610b9..f9e3678 100644 --- a/contrib/netcat/netcat.c +++ b/contrib/netcat/netcat.c @@ -1,4 +1,3 @@ -/* $OpenBSD: netcat.c,v 1.76 2004/12/10 16:51:31 hshoexer Exp $ */ /* * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> * @@ -24,6 +23,9 @@ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * From: $OpenBSD: netcat.c,v 1.76 2004/12/10 16:51:31 hshoexer Exp $ + * $FreeBSD$ */ /* @@ -31,12 +33,16 @@ * *Hobbit* <hobbit@avian.org>. */ +#include <sys/limits.h> #include <sys/types.h> #include <sys/socket.h> #include <sys/time.h> #include <sys/un.h> #include <netinet/in.h> +#ifdef IPSEC +#include <netinet6/ipsec.h> +#endif #include <netinet/tcp.h> #include <arpa/telnet.h> @@ -60,11 +66,13 @@ #define PORT_MAX_LEN 6 /* Command Line Options */ +int Eflag; /* Use IPsec ESP */ int dflag; /* detached, no stdin */ int iflag; /* Interval Flag */ int kflag; /* More than one connect */ int lflag; /* Bind to local port */ int nflag; /* Don't do name look up */ +int oflag; /* Once only: stop on EOF */ char *pflag; /* Localport flag */ int rflag; /* Random ports flag */ char *sflag; /* Source Address */ @@ -94,10 +102,16 @@ int unix_connect(char *); int unix_listen(char *); void usage(int); +#ifdef IPSEC +void add_ipsec_policy(int, char *); + +char *ipsec_policy[2]; +#endif + int main(int argc, char *argv[]) { - int ch, s, ret, socksv; + int ch, s, ret, socksv, ipsec_count; char *host, *uport, *endp; struct addrinfo hints; struct servent *sv; @@ -108,6 +122,7 @@ main(int argc, char *argv[]) struct addrinfo proxyhints; ret = 1; + ipsec_count = 0; s = 0; socksv = 5; host = NULL; @@ -115,7 +130,7 @@ main(int argc, char *argv[]) endp = NULL; sv = NULL; - while ((ch = getopt(argc, argv, "46Ddhi:klnp:rSs:tUuvw:X:x:z")) != -1) { + while ((ch = getopt(argc, argv, "46e:DEdhi:klnop:rSs:tUuvw:X:x:z")) != -1) { switch (ch) { case '4': family = AF_INET; @@ -139,6 +154,21 @@ main(int argc, char *argv[]) case 'd': dflag = 1; break; + case 'e': +#ifdef IPSEC + ipsec_policy[ipsec_count++ % 2] = optarg; +#else + errx(1, "IPsec support unavailable."); +#endif + break; + case 'E': +#ifdef IPSEC + ipsec_policy[0] = "in ipsec esp/transport//require"; + ipsec_policy[1] = "out ipsec esp/transport//require"; +#else + errx(1, "IPsec support unavailable."); +#endif + break; case 'h': help(); break; @@ -156,6 +186,9 @@ main(int argc, char *argv[]) case 'n': nflag = 1; break; + case 'o': + oflag = 1; + break; case 'p': pflag = optarg; break; @@ -465,6 +498,12 @@ remote_connect(char *host, char *port, struct addrinfo hints) if ((s = socket(res0->ai_family, res0->ai_socktype, res0->ai_protocol)) < 0) continue; +#ifdef IPSEC + if (ipsec_policy[0] != NULL) + add_ipsec_policy(s, ipsec_policy[0]); + if (ipsec_policy[1] != NULL) + add_ipsec_policy(s, ipsec_policy[1]); +#endif /* Bind to a local port or source address if specified. */ if (sflag || pflag) { @@ -550,6 +589,12 @@ local_listen(char *host, char *port, struct addrinfo hints) ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x)); if (ret == -1) err(1, NULL); +#ifdef IPSEC + if (ipsec_policy[0] != NULL) + add_ipsec_policy(s, ipsec_policy[0]); + if (ipsec_policy[1] != NULL) + add_ipsec_policy(s, ipsec_policy[1]); +#endif if (Sflag) { ret = setsockopt(s, IPPROTO_TCP, TCP_MD5SIG, &x, sizeof(x)); @@ -629,9 +674,10 @@ readwrite(int nfd) } if (!dflag && pfd[1].revents & POLLIN) { - if ((n = read(wfd, buf, sizeof(buf))) < 0) + if ((n = read(wfd, buf, sizeof(buf))) < 0 || + (oflag && n == 0)) { return; - else if (n == 0) { + } else if (n == 0) { shutdown(nfd, SHUT_WR); pfd[1].fd = -1; pfd[1].events = 0; @@ -767,7 +813,13 @@ help(void) usage(0); fprintf(stderr, "\tCommand Summary:\n\ \t-4 Use IPv4\n\ - \t-6 Use IPv6\n\ + \t-6 Use IPv6\n"); +#ifdef IPSEC + fprintf(stderr, "\ + \t-e policy Use specified IPsec policy\n\ + \t-E Use IPsec ESP\n"); +#endif + fprintf(stderr, "\ \t-D Enable the debug socket option\n\ \t-d Detach from stdin\n\ \t-h This help text\n\ @@ -788,13 +840,43 @@ help(void) \t-x addr[:port]\tSpecify proxy address and port\n\ \t-z Zero-I/O mode [used for scanning]\n\ Port numbers can be individual or ranges: lo-hi [inclusive]\n"); +#ifdef IPSEC + fprintf(stderr, "See ipsec_set_policy(3) for -e argument format\n"); +#endif exit(1); } +#ifdef IPSEC +void +add_ipsec_policy(int s, char *policy) +{ + char *raw; + int e; + + raw = ipsec_set_policy(policy, strlen(policy)); + if (raw == NULL) + errx(1, "ipsec_set_policy `%s': %s", policy, + ipsec_strerror()); + e = setsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY, raw, + ipsec_get_policylen(raw)); + if (e < 0) + err(1, "ipsec policy cannot be configured"); + free(raw); + if (vflag) + fprintf(stderr, "ipsec policy configured: `%s'\n", policy); + return; +} +#endif /* IPSEC */ + void usage(int ret) { + +#ifdef IPSEC + fprintf(stderr, "usage: nc [-46DEdhklnrStUuvz] [-e policy] [-i interval] [-p source_port]\n"); +#else fprintf(stderr, "usage: nc [-46DdhklnrStUuvz] [-i interval] [-p source_port]\n"); +#endif fprintf(stderr, "\t [-s source_ip_address] [-w timeout] [-X proxy_version]\n"); fprintf(stderr, "\t [-x proxy_address[:port]] [hostname] [port[s]]\n"); if (ret) diff --git a/sys/sys/param.h b/sys/sys/param.h index ed9c7c2..8c39ecb 100644 --- a/sys/sys/param.h +++ b/sys/sys/param.h @@ -57,7 +57,7 @@ * is created, otherwise 1. */ #undef __FreeBSD_version -#define __FreeBSD_version 600009 /* Master, propagated to newvers */ +#define __FreeBSD_version 600010 /* Master, propagated to newvers */ #ifndef LOCORE #include <sys/types.h> diff --git a/usr.bin/nc/Makefile b/usr.bin/nc/Makefile new file mode 100644 index 0000000..6ff368d --- /dev/null +++ b/usr.bin/nc/Makefile @@ -0,0 +1,11 @@ +# $FreeBSD$ + +.PATH: ${.CURDIR}/../../contrib/netcat + +PROG= nc +SRCS= netcat.c atomicio.c socks.c + +CFLAGS+=-DIPSEC +LDADD+= -lipsec + +.include <bsd.prog.mk> |