From 3302f9bcc3967059e43ceb7fce6b42276339a114 Mon Sep 17 00:00:00 2001 From: delphij Date: Sun, 6 Feb 2005 14:44:27 +0000 Subject: Finish the import of nc(1) from OpenBSD. This includes: - Bring IPsec support from the ports collection [1]. - Bring -o ("once only") option from the ports collection [2]. - Adopt the Makefile framework into usr.bin/nc/Makefile. - Add a knob to control whether to build nc(1), NO_NETCAT. - Bump __FreeBSD_version so ports collection can detect this change. Original patchset are contributed to the ports collection by: [1] nectar, [2] joerg. Note: WARNS?=6 patchset spined off in this commit, in order not to take too many files off the vendor branch. --- contrib/netcat/nc.1 | 35 +++++++++++++++--- contrib/netcat/netcat.c | 94 +++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 119 insertions(+), 10 deletions(-) (limited to 'contrib/netcat') diff --git a/contrib/netcat/nc.1 b/contrib/netcat/nc.1 index 472fa76..8ae7465 100644 --- a/contrib/netcat/nc.1 +++ b/contrib/netcat/nc.1 @@ -1,5 +1,3 @@ -.\" $OpenBSD: nc.1,v 1.36 2005/01/07 10:11:31 jmc Exp $ -.\" .\" Copyright (c) 1996 David Sacerdote .\" All rights reserved. .\" @@ -25,7 +23,10 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd June 25, 2001 +.\" $OpenBSD: nc.1,v 1.36 2005/01/07 10:11:31 jmc Exp $ +.\" $FreeBSD$ +.\" +.Dd January 30, 2005 .Dt NC 1 .Os .Sh NAME @@ -34,7 +35,8 @@ .Sh SYNOPSIS .Nm nc .Bk -words -.Op Fl 46DdhklnrStUuvz +.Op Fl 46DEdhklnorStUuvz +.Op Fl e Ar IPsec policy .Op Fl i Ar interval .Op Fl p Ar source_port .Op Fl s Ar source_ip_address @@ -99,6 +101,16 @@ Do not attempt to read from stdin. Prints out .Nm help. +.It Fl E +Shortcut for "-e 'in ipsec esp/transport//require' -e 'out ipsec +esp/transport//require'", which enables IPsec ESP transport mode in both +directions. +.It Fl e +If IPsec support is available, then one can specify the IPsec policies +to be used using the syntax described in +.Xr ipsec_set_policy 3 . +This flag can be specified up to two times, as typically one policy for +each direction is needed. .It Fl i Ar interval Specifies a delay time interval between lines of text sent and received. Also causes a delay time between connections to multiple ports. @@ -127,6 +139,15 @@ option are ignored. .It Fl n Do not do any DNS or service lookups on any specified addresses, hostnames or ports. +.It Fl o +.Dq Once-only mode . +By default, +.Nm +does not terminate on EOF condition on input, +but continues until the network side has been closed down. +Specifying +.Fl o +will make it terminate on EOF as well. .It Fl p Ar source_port Specifies the source port .Nm @@ -362,6 +383,12 @@ Open a UDP connection to port 53 of hostname: .Pp Open a TCP connection to port 42 of example.host using 10.1.2.3 as the IP for the local end of the connection: +.It Li "nc -E example.host 42" +Open a TCP connection to port 42 of example.host using IPsec ESP for +incoming and outgoing traffic. +.It Li "nc -e 'out ipsec esp/transport//require' example.host 42" +Open a TCP connection to port 42 of example.host using IPsec ESP for +outgoing traffic only. .Pp .Dl $ nc -s 10.1.2.3 example.host 42 .Pp diff --git a/contrib/netcat/netcat.c b/contrib/netcat/netcat.c index 3c610b9..f9e3678 100644 --- a/contrib/netcat/netcat.c +++ b/contrib/netcat/netcat.c @@ -1,4 +1,3 @@ -/* $OpenBSD: netcat.c,v 1.76 2004/12/10 16:51:31 hshoexer Exp $ */ /* * Copyright (c) 2001 Eric Jackson * @@ -24,6 +23,9 @@ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * From: $OpenBSD: netcat.c,v 1.76 2004/12/10 16:51:31 hshoexer Exp $ + * $FreeBSD$ */ /* @@ -31,12 +33,16 @@ * *Hobbit* . */ +#include #include #include #include #include #include +#ifdef IPSEC +#include +#endif #include #include @@ -60,11 +66,13 @@ #define PORT_MAX_LEN 6 /* Command Line Options */ +int Eflag; /* Use IPsec ESP */ int dflag; /* detached, no stdin */ int iflag; /* Interval Flag */ int kflag; /* More than one connect */ int lflag; /* Bind to local port */ int nflag; /* Don't do name look up */ +int oflag; /* Once only: stop on EOF */ char *pflag; /* Localport flag */ int rflag; /* Random ports flag */ char *sflag; /* Source Address */ @@ -94,10 +102,16 @@ int unix_connect(char *); int unix_listen(char *); void usage(int); +#ifdef IPSEC +void add_ipsec_policy(int, char *); + +char *ipsec_policy[2]; +#endif + int main(int argc, char *argv[]) { - int ch, s, ret, socksv; + int ch, s, ret, socksv, ipsec_count; char *host, *uport, *endp; struct addrinfo hints; struct servent *sv; @@ -108,6 +122,7 @@ main(int argc, char *argv[]) struct addrinfo proxyhints; ret = 1; + ipsec_count = 0; s = 0; socksv = 5; host = NULL; @@ -115,7 +130,7 @@ main(int argc, char *argv[]) endp = NULL; sv = NULL; - while ((ch = getopt(argc, argv, "46Ddhi:klnp:rSs:tUuvw:X:x:z")) != -1) { + while ((ch = getopt(argc, argv, "46e:DEdhi:klnop:rSs:tUuvw:X:x:z")) != -1) { switch (ch) { case '4': family = AF_INET; @@ -139,6 +154,21 @@ main(int argc, char *argv[]) case 'd': dflag = 1; break; + case 'e': +#ifdef IPSEC + ipsec_policy[ipsec_count++ % 2] = optarg; +#else + errx(1, "IPsec support unavailable."); +#endif + break; + case 'E': +#ifdef IPSEC + ipsec_policy[0] = "in ipsec esp/transport//require"; + ipsec_policy[1] = "out ipsec esp/transport//require"; +#else + errx(1, "IPsec support unavailable."); +#endif + break; case 'h': help(); break; @@ -156,6 +186,9 @@ main(int argc, char *argv[]) case 'n': nflag = 1; break; + case 'o': + oflag = 1; + break; case 'p': pflag = optarg; break; @@ -465,6 +498,12 @@ remote_connect(char *host, char *port, struct addrinfo hints) if ((s = socket(res0->ai_family, res0->ai_socktype, res0->ai_protocol)) < 0) continue; +#ifdef IPSEC + if (ipsec_policy[0] != NULL) + add_ipsec_policy(s, ipsec_policy[0]); + if (ipsec_policy[1] != NULL) + add_ipsec_policy(s, ipsec_policy[1]); +#endif /* Bind to a local port or source address if specified. */ if (sflag || pflag) { @@ -550,6 +589,12 @@ local_listen(char *host, char *port, struct addrinfo hints) ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x)); if (ret == -1) err(1, NULL); +#ifdef IPSEC + if (ipsec_policy[0] != NULL) + add_ipsec_policy(s, ipsec_policy[0]); + if (ipsec_policy[1] != NULL) + add_ipsec_policy(s, ipsec_policy[1]); +#endif if (Sflag) { ret = setsockopt(s, IPPROTO_TCP, TCP_MD5SIG, &x, sizeof(x)); @@ -629,9 +674,10 @@ readwrite(int nfd) } if (!dflag && pfd[1].revents & POLLIN) { - if ((n = read(wfd, buf, sizeof(buf))) < 0) + if ((n = read(wfd, buf, sizeof(buf))) < 0 || + (oflag && n == 0)) { return; - else if (n == 0) { + } else if (n == 0) { shutdown(nfd, SHUT_WR); pfd[1].fd = -1; pfd[1].events = 0; @@ -767,7 +813,13 @@ help(void) usage(0); fprintf(stderr, "\tCommand Summary:\n\ \t-4 Use IPv4\n\ - \t-6 Use IPv6\n\ + \t-6 Use IPv6\n"); +#ifdef IPSEC + fprintf(stderr, "\ + \t-e policy Use specified IPsec policy\n\ + \t-E Use IPsec ESP\n"); +#endif + fprintf(stderr, "\ \t-D Enable the debug socket option\n\ \t-d Detach from stdin\n\ \t-h This help text\n\ @@ -788,13 +840,43 @@ help(void) \t-x addr[:port]\tSpecify proxy address and port\n\ \t-z Zero-I/O mode [used for scanning]\n\ Port numbers can be individual or ranges: lo-hi [inclusive]\n"); +#ifdef IPSEC + fprintf(stderr, "See ipsec_set_policy(3) for -e argument format\n"); +#endif exit(1); } +#ifdef IPSEC +void +add_ipsec_policy(int s, char *policy) +{ + char *raw; + int e; + + raw = ipsec_set_policy(policy, strlen(policy)); + if (raw == NULL) + errx(1, "ipsec_set_policy `%s': %s", policy, + ipsec_strerror()); + e = setsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY, raw, + ipsec_get_policylen(raw)); + if (e < 0) + err(1, "ipsec policy cannot be configured"); + free(raw); + if (vflag) + fprintf(stderr, "ipsec policy configured: `%s'\n", policy); + return; +} +#endif /* IPSEC */ + void usage(int ret) { + +#ifdef IPSEC + fprintf(stderr, "usage: nc [-46DEdhklnrStUuvz] [-e policy] [-i interval] [-p source_port]\n"); +#else fprintf(stderr, "usage: nc [-46DdhklnrStUuvz] [-i interval] [-p source_port]\n"); +#endif fprintf(stderr, "\t [-s source_ip_address] [-w timeout] [-X proxy_version]\n"); fprintf(stderr, "\t [-x proxy_address[:port]] [hostname] [port[s]]\n"); if (ret) -- cgit v1.1