diff options
author | delphij <delphij@FreeBSD.org> | 2006-05-21 15:52:24 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2006-05-21 15:52:24 +0000 |
commit | 11228d528e7b15f9b04696b0ddacbaf4ed4e232e (patch) | |
tree | ac889166edba558d7c99838d601a531beeca8f97 /contrib | |
parent | 71f517bebd05bbdbdef6865ca1a096fa38b0b0a8 (diff) | |
download | FreeBSD-src-11228d528e7b15f9b04696b0ddacbaf4ed4e232e.zip FreeBSD-src-11228d528e7b15f9b04696b0ddacbaf4ed4e232e.tar.gz |
Resolve conflicts.
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/netcat/nc.1 | 87 | ||||
-rw-r--r-- | contrib/netcat/netcat.c | 153 |
2 files changed, 156 insertions, 84 deletions
diff --git a/contrib/netcat/nc.1 b/contrib/netcat/nc.1 index c3fcb50..d7b2f4e 100644 --- a/contrib/netcat/nc.1 +++ b/contrib/netcat/nc.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: nc.1,v 1.36 2005/01/07 10:11:31 jmc Exp $ +.\" $OpenBSD: nc.1,v 1.43 2006/01/31 09:34:12 jmc Exp $ .\" .\" Copyright (c) 1996 David Sacerdote .\" All rights reserved. @@ -27,7 +27,7 @@ .\" .\" $FreeBSD$ .\" -.Dd January 30, 2005 +.Dd May 21, 2006 .Dt NC 1 .Os .Sh NAME @@ -39,8 +39,10 @@ .Op Fl 46DEdhklnorStUuvz .Op Fl e Ar IPsec_policy .Op Fl i Ar interval +.Op Fl P Ar proxy_username .Op Fl p Ar source_port .Op Fl s Ar source_ip_address +.Op Fl T Ar ToS .Op Fl w Ar timeout .Op Fl X Ar proxy_protocol .Oo Xo @@ -153,6 +155,10 @@ but continues until the network side has been closed down. Specifying .Fl o will make it terminate on EOF as well. +.It Fl P Ar proxy_username +Specifies a username to present to a proxy server that requires authentication. +If no username is specified then authentication will not be attempted. +Proxy authentication is only supported for HTTP CONNECT proxies at present. .It Fl p Ar source_port Specifies the source port .Nm @@ -171,6 +177,14 @@ Specifies the IP of the interface which is used to send the packets. It is an error to use this option in conjunction with the .Fl l option. +.It Fl T Ar ToS +Specifies IP Type of Service (ToS) for the connection. +Valid values are the tokens +.Dq lowdelay , +.Dq throughput , +.Dq reliability , +or an 8-bit hexadecimal value preceded by +.Dq 0x . .It Fl t Causes .Nm @@ -200,7 +214,7 @@ will listen forever for a connection, with or without the .Fl w flag. The default is no timeout. -.It Fl X Ar proxy_version +.It Fl X Ar proxy_protocol Requests that .Nm should use the specified protocol when talking to the proxy server. @@ -316,8 +330,9 @@ It can aid in troubleshooting, when it might be necessary to verify what data a server is sending in response to commands issued by the client. For example, to retrieve the home page of a web site: -.Pp -.Dl $ echo \&"GET\&" | nc host.example.com 80 +.Bd -literal -offset indent +$ echo -n "GET / HTTP/1.0\er\en\er\en" | nc host.example.com 80 +.Ed .Pp Note that this also displays the headers sent by the web server. They can be filtered, using a tool such as @@ -345,15 +360,11 @@ The .Fl z flag can be used to tell .Nm -not to initiate a connection, -together with the -.Fl v -.Pq verbose -flag, -to report open ports. +to report open ports, +rather than initiate a connection. For example: .Bd -literal -offset indent -$ nc -vz host.example.com 20-30 +$ nc -z host.example.com 20-30 Connection to host.example.com 22 port [tcp/ssh] succeeded! Connection to host.example.com 25 port [tcp/smtp] succeeded! .Ed @@ -377,47 +388,63 @@ Protocol mismatch. 220 host.example.com IMS SMTP Receiver Version 0.84 Ready .Ed .Sh EXAMPLES -Open a TCP connection to port 42 of hostname, using port 31337 as +Open a TCP connection to port 42 of host.example.com, using port 31337 as the source port, with a timeout of 5 seconds: .Pp -.Dl $ nc -p 31337 -w 5 hostname 42 +.Dl $ nc -p 31337 -w 5 host.example.com 42 .Pp -Open a UDP connection to port 53 of hostname: +Open a UDP connection to port 53 of host.example.com: .Pp -.Dl $ nc -u hostname 53 +.Dl $ nc -u host.example.com 53 .Pp -Open a TCP connection to port 42 of example.host using 10.1.2.3 as the +Open a TCP connection to port 42 of host.example.com using 10.1.2.3 as the IP for the local end of the connection: .Pp -.Dl $ nc -s 10.1.2.3 example.host 42 +.Dl $ nc -s 10.1.2.3 host.example.com 42 .Pp -Open a TCP connection to port 42 of example.host using IPsec ESP for +Open a TCP connection to port 42 of host.example.com using IPsec ESP for incoming and outgoing traffic. .Pp -.Dl $ nc -E example.host 42 +.Dl $ nc -E host.example.com 42 .Pp -Open a TCP connection to port 42 of example.host using IPsec ESP for +Open a TCP connection to port 42 of host.example.com using IPsec ESP for outgoing traffic only. .Pp -.Dl $ nc -e 'out ipsec esp/transport//require' example.host 42 -.Pp -Send UDP packets to ports 20-30 of example.host, and report which ones -responded with an ICMP packet after three seconds: -.Pp -.Dl $ nc -uvz -w 3 hostname 20-30 +.Dl $ nc -e 'out ipsec esp/transport//require' host.example.com 42 .Pp Create and listen on a Unix Domain Socket: .Pp .Dl $ nc -lU /var/tmp/dsocket .Pp -Connect to port 42 of hostname via an HTTP proxy at 10.2.3.4, port 8080: +Connect to port 42 of host.example.com via an HTTP proxy at 10.2.3.4, +port 8080. +This example could also be used by +.Xr ssh 1 ; +see the +.Cm ProxyCommand +directive in +.Xr ssh_config 5 +for more information. +.Pp +.Dl $ nc -x10.2.3.4:8080 -Xconnect host.example.com 42 .Pp -.Dl $ nc -x10.2.3.4:8080 -Xconnect hostname 42 +The same example again, this time enabling proxy authentication with username +.Dq ruser +if the proxy requires it: +.Pp +.Dl $ nc -x10.2.3.4:8080 -Xconnect -Pruser host.example.com 42 .Sh SEE ALSO -.Xr cat 1 +.Xr cat 1 , +.Xr ssh 1 .Sh AUTHORS Original implementation by *Hobbit* .Aq hobbit@avian.org . .br Rewritten with IPv6 support by .An Eric Jackson Aq ericj@monkey.org . +.Sh CAVEATS +UDP port scans will always succeed +(i.e. report the port as open), +rendering the +.Fl uz +combination of flags relatively useless. diff --git a/contrib/netcat/netcat.c b/contrib/netcat/netcat.c index 53e55ed..bf586ce 100644 --- a/contrib/netcat/netcat.c +++ b/contrib/netcat/netcat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: netcat.c,v 1.76 2004/12/10 16:51:31 hshoexer Exp $ */ +/* $OpenBSD: netcat.c,v 1.87 2006/02/01 21:33:14 otto Exp $ */ /* * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> * @@ -40,10 +40,12 @@ #include <sys/un.h> #include <netinet/in.h> +#include <netinet/in_systm.h> #ifdef IPSEC #include <netinet6/ipsec.h> #endif #include <netinet/tcp.h> +#include <netinet/ip.h> #include <arpa/telnet.h> #include <err.h> @@ -56,6 +58,8 @@ #include <string.h> #include <unistd.h> #include <fcntl.h> +#include <limits.h> +#include "atomicio.h" #ifndef SUN_LEN #define SUN_LEN(su) \ @@ -69,10 +73,12 @@ int Eflag; /* Use IPsec ESP */ int dflag; /* detached, no stdin */ int iflag; /* Interval Flag */ +int jflag; /* use jumbo frames if we can */ int kflag; /* More than one connect */ int lflag; /* Bind to local port */ int nflag; /* Don't do name look up */ int oflag; /* Once only: stop on EOF */ +char *Pflag; /* Proxy username */ char *pflag; /* Localport flag */ int rflag; /* Random ports flag */ char *sflag; /* Source Address */ @@ -83,23 +89,25 @@ int xflag; /* Socks proxy */ int zflag; /* Port Scan Flag */ int Dflag; /* sodebug */ int Sflag; /* TCP MD5 signature option */ +int Tflag = -1; /* IP Type of Service */ int timeout = -1; int family = AF_UNSPEC; char *portlist[PORT_MAX+1]; -ssize_t atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t); void atelnet(int, unsigned char *, unsigned int); void build_ports(char *); void help(void); int local_listen(char *, char *, struct addrinfo); void readwrite(int); -int remote_connect(char *, char *, struct addrinfo); -int socks_connect(char *, char *, struct addrinfo, char *, char *, - struct addrinfo, int); +int remote_connect(const char *, const char *, struct addrinfo); +int socks_connect(const char *, const char *, struct addrinfo, + const char *, const char *, struct addrinfo, int, const char *); int udptest(int); int unix_connect(char *); int unix_listen(char *); +void set_common_sockopts(int); +int parse_iptos(char *); void usage(int); #ifdef IPSEC @@ -118,7 +126,7 @@ main(int argc, char *argv[]) socklen_t len; struct sockaddr_storage cliaddr; char *proxy; - char *proxyhost = "", *proxyport = NULL; + const char *proxyhost = "", *proxyport = NULL; struct addrinfo proxyhints; ret = 1; @@ -130,7 +138,8 @@ main(int argc, char *argv[]) endp = NULL; sv = NULL; - while ((ch = getopt(argc, argv, "46e:DEdhi:klnop:rSs:tUuvw:X:x:z")) != -1) { + while ((ch = getopt(argc, argv, + "46e:DEdhi:jklnoP:p:rSs:tT:Uuvw:X:x:z")) != -1) { switch (ch) { case '4': family = AF_INET; @@ -177,6 +186,11 @@ main(int argc, char *argv[]) if (iflag < 0 || *endp != '\0') errx(1, "interval cannot be negative"); break; +#ifdef SO_JUMBO + case 'j': + jflag = 1; + break; +#endif case 'k': kflag = 1; break; @@ -189,6 +203,9 @@ main(int argc, char *argv[]) case 'o': oflag = 1; break; + case 'P': + Pflag = optarg; + break; case 'p': pflag = optarg; break; @@ -229,6 +246,9 @@ main(int argc, char *argv[]) case 'S': Sflag = 1; break; + case 'T': + Tflag = parse_iptos(optarg); + break; default: usage(1); } @@ -319,12 +339,13 @@ main(int argc, char *argv[]) * functions to talk to the caller. */ if (uflag) { - int rv; - char buf[1024]; + int rv, plen; + char buf[8192]; struct sockaddr_storage z; len = sizeof(z); - rv = recvfrom(s, buf, sizeof(buf), MSG_PEEK, + plen = jflag ? 8192 : 1024; + rv = recvfrom(s, buf, plen, MSG_PEEK, (struct sockaddr *)&z, &len); if (rv < 0) err(1, "recvfrom"); @@ -335,6 +356,7 @@ main(int argc, char *argv[]) connfd = s; } else { + len = sizeof(cliaddr); connfd = accept(s, (struct sockaddr *)&cliaddr, &len); } @@ -371,7 +393,8 @@ main(int argc, char *argv[]) if (xflag) s = socks_connect(host, portlist[i], hints, - proxyhost, proxyport, proxyhints, socksv); + proxyhost, proxyport, proxyhints, socksv, + Pflag); else s = remote_connect(host, portlist[i], hints); @@ -485,10 +508,10 @@ unix_listen(char *path) * port or source address if needed. Returns -1 on failure. */ int -remote_connect(char *host, char *port, struct addrinfo hints) +remote_connect(const char *host, const char *port, struct addrinfo hints) { struct addrinfo *res, *res0; - int s, error, x = 1; + int s, error; if ((error = getaddrinfo(host, port, &hints, &res))) errx(1, "getaddrinfo: %s", gai_strerror(error)); @@ -509,13 +532,6 @@ remote_connect(char *host, char *port, struct addrinfo hints) if (sflag || pflag) { struct addrinfo ahints, *ares; - if (!(sflag && pflag)) { - if (!sflag) - sflag = NULL; - else - pflag = NULL; - } - memset(&ahints, 0, sizeof(struct addrinfo)); ahints.ai_family = res0->ai_family; ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM; @@ -529,16 +545,8 @@ remote_connect(char *host, char *port, struct addrinfo hints) errx(1, "bind failed: %s", strerror(errno)); freeaddrinfo(ares); } - if (Sflag) { - if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG, - &x, sizeof(x)) == -1) - err(1, NULL); - } - if (Dflag) { - if (setsockopt(s, SOL_SOCKET, SO_DEBUG, - &x, sizeof(x)) == -1) - err(1, NULL); - } + + set_common_sockopts(s); if (connect(s, res0->ai_addr, res0->ai_addrlen) == 0) break; @@ -583,7 +591,7 @@ local_listen(char *host, char *port, struct addrinfo hints) res0 = res; do { if ((s = socket(res0->ai_family, res0->ai_socktype, - res0->ai_protocol)) == 0) + res0->ai_protocol)) < 0) continue; ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x)); @@ -595,17 +603,6 @@ local_listen(char *host, char *port, struct addrinfo hints) if (ipsec_policy[1] != NULL) add_ipsec_policy(s, ipsec_policy[1]); #endif - if (Sflag) { - ret = setsockopt(s, IPPROTO_TCP, TCP_MD5SIG, - &x, sizeof(x)); - if (ret == -1) - err(1, NULL); - } - if (Dflag) { - if (setsockopt(s, SOL_SOCKET, SO_DEBUG, - &x, sizeof(x)) == -1) - err(1, NULL); - } if (bind(s, (struct sockaddr *)res0->ai_addr, res0->ai_addrlen) == 0) @@ -633,9 +630,12 @@ void readwrite(int nfd) { struct pollfd pfd[2]; - unsigned char buf[BUFSIZ]; - int wfd = fileno(stdin), n; + unsigned char buf[8192]; + int n, wfd = fileno(stdin); int lfd = fileno(stdout); + int plen; + + plen = jflag ? 8192 : 1024; /* Setup Network FD */ pfd[0].fd = nfd; @@ -658,7 +658,7 @@ readwrite(int nfd) return; if (pfd[0].revents & POLLIN) { - if ((n = read(nfd, buf, sizeof(buf))) < 0) + if ((n = read(nfd, buf, plen)) < 0) return; else if (n == 0) { shutdown(nfd, SHUT_RD); @@ -667,14 +667,13 @@ readwrite(int nfd) } else { if (tflag) atelnet(nfd, buf, n); - if (atomicio((ssize_t (*)(int, void *, size_t))write, - lfd, buf, n) != n) + if (atomicio(vwrite, lfd, buf, n) != n) return; } } if (!dflag && pfd[1].revents & POLLIN) { - if ((n = read(wfd, buf, sizeof(buf))) < 0 || + if ((n = read(wfd, buf, plen)) < 0 || (oflag && n == 0)) { return; } else if (n == 0) { @@ -682,8 +681,7 @@ readwrite(int nfd) pfd[1].fd = -1; pfd[1].events = 0; } else { - if (atomicio((ssize_t (*)(int, void *, size_t))write, - nfd, buf, n) != n) + if (atomicio(vwrite, nfd, buf, n) != n) return; } } @@ -714,9 +712,8 @@ atelnet(int nfd, unsigned char *buf, unsigned int size) p++; obuf[2] = *p; obuf[3] = '\0'; - if (atomicio((ssize_t (*)(int, void *, size_t))write, - nfd, obuf, 3) != 3) - warnx("Write Error!"); + if (atomicio(vwrite, nfd, obuf, 3) != 3) + warn("Write Error!"); obuf[0] = '\0'; } } @@ -808,6 +805,52 @@ udptest(int s) } void +set_common_sockopts(int s) +{ + int x = 1; + + if (Sflag) { + if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG, + &x, sizeof(x)) == -1) + err(1, NULL); + } + if (Dflag) { + if (setsockopt(s, SOL_SOCKET, SO_DEBUG, + &x, sizeof(x)) == -1) + err(1, NULL); + } +#ifdef SO_JUMBO + if (jflag) { + if (setsockopt(s, SOL_SOCKET, SO_JUMBO, + &x, sizeof(x)) == -1) + err(1, NULL); + } +#endif + if (Tflag != -1) { + if (setsockopt(s, IPPROTO_IP, IP_TOS, + &Tflag, sizeof(Tflag)) == -1) + err(1, "set IP ToS"); + } +} + +int +parse_iptos(char *s) +{ + int tos = -1; + + if (strcmp(s, "lowdelay") == 0) + return (IPTOS_LOWDELAY); + if (strcmp(s, "throughput") == 0) + return (IPTOS_THROUGHPUT); + if (strcmp(s, "reliability") == 0) + return (IPTOS_RELIABILITY); + + if (sscanf(s, "0x%x", &tos) != 1 || tos < 0 || tos > 0xff) + errx(1, "invalid IP Type of Service"); + return (tos); +} + +void help(void) { usage(0); @@ -827,10 +870,12 @@ help(void) \t-k Keep inbound sockets open for multiple connects\n\ \t-l Listen mode, for inbound connects\n\ \t-n Suppress name/port resolutions\n\ + \t-P proxyuser\tUsername for proxy authentication\n\ \t-p port\t Specify local port for remote connects\n\ \t-r Randomize remote ports\n\ \t-S Enable the TCP MD5 signature option\n\ \t-s addr\t Local source address\n\ + \t-T ToS\t Set IP Type of Service\n\ \t-t Answer TELNET negotiation\n\ \t-U Use UNIX domain socket\n\ \t-u UDP mode\n\ @@ -877,7 +922,7 @@ usage(int ret) #else fprintf(stderr, "usage: nc [-46DdhklnrStUuvz] [-i interval] [-p source_port]\n"); #endif - fprintf(stderr, "\t [-s source_ip_address] [-w timeout] [-X proxy_version]\n"); + fprintf(stderr, "\t [-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_version]\n"); fprintf(stderr, "\t [-x proxy_address[:port]] [hostname] [port[s]]\n"); if (ret) exit(1); |