debian/0000755000000000000000000000000012057251724007173 5ustar debian/changelog0000644000000000000000000001736412057251723011057 0ustar netcat-openbsd (1.105-7ubuntu1) raring; urgency=low * Resynchronise with Debian. Remaining changes: - Add info about netcat-traditional if you are looking for an option when it is not available. - Set correct compiler and pkg-config when cross-building. -- Colin Watson Tue, 04 Dec 2012 01:37:22 +0000 netcat-openbsd (1.105-7) unstable; urgency=low * Make UNIX dgram sockets work (Closes: #676997). -- Aron Xu Wed, 13 Jun 2012 09:01:43 +0800 netcat-openbsd (1.105-6ubuntu2) raring; urgency=low * Set correct compiler and pkg-config when cross-building. -- Colin Watson Sat, 01 Dec 2012 02:45:03 +0000 netcat-openbsd (1.105-6ubuntu1) quantal; urgency=low * Merge from Debian unstable (LP: #1006631). * debian/patches/verbose-message-to-stderr.patch: Dropped, applied upstream. * debian/patches/dccp.patch: Dropped, applied in Debian. * debian/control: Update XSBC-Original-Maintainer. * debian/patches/netcat-info.patch: Refresh. * Remaining changes: - debian/patches/netcat-info.patch: Add info about netcat-traditional if you are looking for an option when it is not available. (LP: #590925) -- Adam Gandelman Wed, 30 May 2012 14:38:36 -0700 netcat-openbsd (1.105-6) unstable; urgency=low * Fix segfaults when using -Ulv (Closes: #668558). * Do not continue to listen on port after accepting connection. -- Aron Xu Thu, 03 May 2012 07:38:59 +0800 netcat-openbsd (1.105-5) unstable; urgency=low * Add $LDFLAGS from environment (Closes: #665321). -- Aron Xu Mon, 26 Mar 2012 01:37:16 +0800 netcat-openbsd (1.105-4) unstable; urgency=high * High urgency for fixing RC bug. * Fix readwrite() behaviour (Closes: #662741). -- Aron Xu Tue, 06 Mar 2012 15:18:26 +0800 netcat-openbsd (1.105-3) unstable; urgency=low * Clear up symlink of man page. * Use Breaks instead of Conflicts. * Fix minor warnings from man. -- Aron Xu Sun, 19 Feb 2012 14:28:46 +0800 netcat-openbsd (1.105-2) unstable; urgency=low * Add missing Build-Depends: pkg-config. -- Aron Xu Sun, 19 Feb 2012 03:59:37 +0800 netcat-openbsd (1.105-1) unstable; urgency=low * New upstream CVS snapshot, new maintainer. - Verbose message to strerr (Closes: #570765). - Can use packet's content > 1024 (Closes: #607003). - Replace non-portable echo with printf (Closes: #510372). * debian/patches: - Rearrange existing patches, fix new porting issues. - Option -l and -p are now compatible (Closes: #540073). - Use libbsd instead of glib for strlcpy (Closes: #550611). - Fix build with -Wl,--as-needed (Closes: #604781). - Handling multiple clients subsquently when -k (Closes: #514792). - Replace inet_ntoa with inet_ntop to support IPv6 (Closes: #512992). - Modify -q behavior to be compatible with nc.traditional (Closes: #508722, #594614, #606925, #611964). - DCCP and broadcast support. - Arbitrary port list to scan. - Fix misc connection failures (Closes: #579485, #579486, #579487, #579488, #633948). - Improve verbose information and documentations. * debian/rules: - Link nc.openbsd.1 from nc.1 (Closes: #535951). - Enable optional hardening build flags. * debian/control: - Replace glib with libbsd. - Update to use debhelper 8, std-ver 3.9.2. - Priority: important, to make it into base system. - Add Vcs-*. * debian/compat: - Update to 8 from 4. -- Aron Xu Wed, 15 Feb 2012 01:39:04 +0800 netcat-openbsd (1.89-4ubuntu1) oneiric; urgency=low * Merge from Debian unstable (LP: #803856). Remaining changes: - debian/patches/dccp.patch: Added support for dccp - debian/patches/netcat-info.patch: Add info about netcat-traditional if you are looking for an option when it is not available. (LP: #590925) - debian/patches/verbose-message-to-stderr.patch: Log "Connection to ..." messages to stderr (LP: #519210) - Modify Maintainer value to match the DebianMaintainerField specification. - Fix build failure with --as-needed. -- Adam Gandelman Fri, 01 Jul 2011 23:34:38 +0200 netcat-openbsd (1.89-4) unstable; urgency=low * Quit immediately after EOF if -q is not given (i.e. make the default equivalent to -q 0). This is the standard upstream behavior and what other Linux distributions use. It is different from netcat-traditional, but compatibility with other versions of OpenBSD netcat is more important. (Closes: #502188) -- Decklin Foster Sun, 18 Apr 2010 20:05:08 -0400 netcat-openbsd (1.89-3ubuntu6) oneiric; urgency=low * debian/patches/dccp.patch: Added support for dccp -- Michael Gendelman Sat, 11 Jun 2011 01:09:57 +0300 netcat-openbsd (1.89-3ubuntu5) natty; urgency=low * debian/patches/quit-timer.patch: Re-enabled, but set default to 0 to match current behavior. * debian/patches/netcat-info.patch: Add info about netcat-traditional if you are looking for an option when it is not available. (LP: #590925) -- Chuck Short Tue, 04 Jan 2011 14:31:12 -0500 netcat-openbsd (1.89-3ubuntu4) natty; urgency=low * debian/patches/quit-timer.patch: Drop quit-time.patch as per disccussion on ubuntu-server. (LP: #590925) -- Chuck Short Mon, 03 Jan 2011 10:08:24 -0500 netcat-openbsd (1.89-3ubuntu3) natty; urgency=low * Fix build failure with --as-needed. -- Matthias Klose Fri, 19 Nov 2010 14:40:32 +0100 netcat-openbsd (1.89-3ubuntu2) lucid; urgency=low * Log "Connection to ..." messages to stderr (LP: #519210) -- Stefan Haller Tue, 09 Feb 2010 10:42:03 +0100 netcat-openbsd (1.89-3ubuntu1) intrepid; urgency=low * Merge from debian unstable. * Reinsert quit-timer, but set default to 0 to match current behaviour. (LP: #242350) -- Soren Hansen Wed, 25 Jun 2008 18:47:47 +0200 netcat-openbsd (1.89-3) unstable; urgency=low * Silence -z flag, for compatibility with netcat-traditional (Closes: #464564) * Move stray line in socks.c to quilt patch series (Closes: #485160) * Add missing documentation for -q option to man page. -- Decklin Foster Thu, 19 Jun 2008 16:20:01 -0400 netcat-openbsd (1.89-2ubuntu1) hardy; urgency=low * Remove quit-timer.patch. It added a bad, bad default behaviour of keeping connections open even though the client had closed the connection. (LP: #201340) * Modify Maintainer value to match the DebianMaintainerField specification. -- Soren Hansen Wed, 12 Mar 2008 11:49:28 +0100 netcat-openbsd (1.89-2) unstable; urgency=low * Replace references to "netcat-base" with "netcat-traditional" (future name of the old netcat package). -- Decklin Foster Wed, 30 Jan 2008 18:24:46 -0500 netcat-openbsd (1.89-1) unstable; urgency=low * Initial release. (Closes: #145798) * Includes support for: - IPv6 (Closes: #461317) - Unix domain sockets (Closes: #348564) - SOCKS (Closes: #142898) * Conflict with netcat versions older than netcat-traditional, so that we can use alternatives. * Port some features over from netcat-traditional: - Exit successfully when printing help text (-h), and include the Debian revision. - Add the -q (quit on standard input EOF) flag. - Add support for specifying ports by name (/etc/services). Unlike the old hack for this, nc will first try to find a named service, then fall back to numeric parsing, so no escaping is needed. -- Decklin Foster Mon, 21 Jan 2008 18:41:37 -0500 debian/netcat-openbsd.prerm0000644000000000000000000000015711765763715013170 0ustar #!/bin/sh -e if [ "$1" = "remove" ]; then update-alternatives --remove nc /bin/nc.openbsd fi #DEBHELPER# debian/rules0000755000000000000000000000136712057251553010262 0ustar #!/usr/bin/make -f DPKG_EXPORT_BUILDFLAGS = 1 -include /usr/share/dpkg/buildflags.mk DEB_CFLAGS = $(CPPFLAGS) $(CFLAGS) DEB_LDFLAGS = $(LDFLAGS) -Wl,--no-add-needed,--as-needed DEB_VER = $(shell dpkg-parsechangelog | sed -n 's/^Version: //p') DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) CROSS := else CROSS := \ CC=$(DEB_HOST_GNU_TYPE)-gcc \ PKG_CONFIG=$(DEB_HOST_GNU_TYPE)-pkg-config endif %: dh $@ override_dh_auto_build: $(MAKE) CFLAGS='$(DEB_CFLAGS) -DDEBIAN_VERSION=\"$(DEB_VER)\"' LDFLAGS="$(DEB_LDFLAGS)" $(CROSS) override_dh_auto_install: mv nc nc.openbsd mv nc.1 nc_openbsd.1 dh_auto_install debian/netcat-openbsd.install0000644000000000000000000000006111765763715013503 0ustar nc.openbsd bin/ nc_openbsd.1 usr/share/man/man1/ debian/compat0000644000000000000000000000000211765763715010406 0ustar 8 debian/source/0000755000000000000000000000000011765763715010510 5ustar debian/source/format0000644000000000000000000000001411765763715011716 0ustar 3.0 (quilt) debian/control0000644000000000000000000000216612057251565010606 0ustar Source: netcat-openbsd Section: net Priority: important Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Aron Xu Standards-Version: 3.9.2 Build-Depends: debhelper (>= 8), quilt, libbsd-dev, pkg-config Vcs-Browser: http://git.debian.org/?p=collab-maint/netcat-openbsd.git Vcs-Git: git://anonscm.debian.org/collab-maint/netcat-openbsd.git Package: netcat-openbsd Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Provides: netcat Breaks: netcat (<< 1.10-35) Replaces: netcat (<< 1.10-35) Description: TCP/IP swiss army knife A simple Unix utility which reads and writes data across network connections using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities. . This package contains the OpenBSD rewrite of netcat, including support for IPv6, proxies, and Unix sockets. debian/patches/0000755000000000000000000000000012057251634010622 5ustar debian/patches/0009-dccp-support.patch0000644000000000000000000002203111765763715014667 0ustar From: Aron Xu Date: Mon, 13 Feb 2012 15:56:51 +0800 Subject: dccp support --- nc.1 | 4 ++- netcat.c | 111 ++++++++++++++++++++++++++++++++++++++++++++++++++------------ 2 files changed, 93 insertions(+), 22 deletions(-) diff --git a/nc.1 b/nc.1 index 0d92b74..60e3668 100644 --- a/nc.1 +++ b/nc.1 @@ -34,7 +34,7 @@ .Sh SYNOPSIS .Nm nc .Bk -words -.Op Fl 46CDdhklnrStUuvz +.Op Fl 46CDdhklnrStUuvZz .Op Fl I Ar length .Op Fl i Ar interval .Op Fl O Ar length @@ -257,6 +257,8 @@ If .Ar port is not specified, the well-known port for the proxy protocol is used (1080 for SOCKS, 3128 for HTTPS). +.It Fl Z +DCCP mode. .It Fl z Specifies that .Nm diff --git a/netcat.c b/netcat.c index eb3453e..56cc15e 100644 --- a/netcat.c +++ b/netcat.c @@ -129,6 +129,7 @@ int rflag; /* Random ports flag */ char *sflag; /* Source Address */ int tflag; /* Telnet Emulation */ int uflag; /* UDP - Default to TCP */ +int dccpflag; /* DCCP - Default to TCP */ int vflag; /* Verbosity */ int xflag; /* Socks proxy */ int zflag; /* Port Scan Flag */ @@ -160,6 +161,7 @@ int unix_listen(char *); void set_common_sockopts(int); int map_tos(char *, int *); void usage(int); +char *proto_name(int uflag, int dccpflag); static int connect_with_timeout(int fd, const struct sockaddr *sa, socklen_t salen, int ctimeout); @@ -187,7 +189,7 @@ main(int argc, char *argv[]) sv = NULL; while ((ch = getopt(argc, argv, - "46CDdhI:i:jklnO:P:p:q:rSs:tT:UuV:vw:X:x:z")) != -1) { + "46CDdhI:i:jklnO:P:p:q:rSs:tT:UuV:vw:X:x:Zz")) != -1) { switch (ch) { case '4': family = AF_INET; @@ -258,6 +260,13 @@ main(int argc, char *argv[]) case 'u': uflag = 1; break; + case 'Z': +# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) + dccpflag = 1; +# else + errx(1, "no DCCP support available"); +# endif + break; case 'V': # if defined(RT_TABLEID_MAX) rtableid = (unsigned int)strtonum(optarg, 0, @@ -333,6 +342,12 @@ main(int argc, char *argv[]) /* Cruft to make sure options are clean, and used properly. */ if (argv[0] && !argv[1] && family == AF_UNIX) { + if (uflag) + errx(1, "cannot use -u and -U"); +# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) + if (dccpflag) + errx(1, "cannot use -Z and -U"); +# endif host = argv[0]; uport = NULL; } else if (!argv[0] && lflag) { @@ -374,8 +389,20 @@ main(int argc, char *argv[]) if (family != AF_UNIX) { memset(&hints, 0, sizeof(struct addrinfo)); hints.ai_family = family; - hints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM; - hints.ai_protocol = uflag ? IPPROTO_UDP : IPPROTO_TCP; + if (uflag) { + hints.ai_socktype = SOCK_DGRAM; + hints.ai_protocol = IPPROTO_UDP; + } +# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) + else if (dccpflag) { + hints.ai_socktype = SOCK_DCCP; + hints.ai_protocol = IPPROTO_DCCP; + } +# endif + else { + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; + } if (nflag) hints.ai_flags |= AI_NUMERICHOST; } @@ -383,7 +410,10 @@ main(int argc, char *argv[]) if (xflag) { if (uflag) errx(1, "no proxy support for UDP mode"); - +# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) + if (dccpflag) + errx(1, "no proxy support for DCCP mode"); +# endif if (lflag) errx(1, "no proxy support for listen"); @@ -427,12 +457,12 @@ main(int argc, char *argv[]) err(1, NULL); char* local; - if (family == AF_INET6 + if (family == AF_INET6 ) local = "0.0.0.0"; else if (family == AF_INET) local = ":::"; else - local = "unknown" + local = "unknown"; fprintf(stderr, "Listening on [%s] (family %d, port %d)\n", host ?: local, family, @@ -463,12 +493,13 @@ main(int argc, char *argv[]) connfd = accept(s, (struct sockaddr *)&cliaddr, &len); if(vflag) { + char *proto = proto_name(uflag, dccpflag); /* Don't look up port if -n. */ if (nflag) sv = NULL; else sv = getservbyport(ntohs(atoi(uport)), - uflag ? "udp" : "tcp"); + proto); if (((struct sockaddr *)&cliaddr)->sa_family == AF_INET) { char dst[INET_ADDRSTRLEN]; @@ -476,7 +507,7 @@ main(int argc, char *argv[]) fprintf(stderr, "Connection from [%s] port %s [%s/%s] accepted (family %d, sport %d)\n", dst, uport, - uflag ? "udp" : "tcp", + proto, sv ? sv->s_name : "*", ((struct sockaddr *)(&cliaddr))->sa_family, ntohs(((struct sockaddr_in *)&cliaddr)->sin_port)); @@ -487,7 +518,7 @@ main(int argc, char *argv[]) fprintf(stderr, "Connection from [%s] port %s [%s/%s] accepted (family %d, sport %d)\n", dst, uport, - uflag ? "udp" : "tcp", + proto, sv ? sv->s_name : "*", ((struct sockaddr *)&cliaddr)->sa_family, ntohs(((struct sockaddr_in6 *)&cliaddr)->sin6_port)); @@ -495,7 +526,7 @@ main(int argc, char *argv[]) else { fprintf(stderr, "Connection from unknown port %s [%s/%s] accepted (family %d, sport %d)\n", uport, - uflag ? "udp" : "tcp", + proto, sv ? sv->s_name : "*", ((struct sockaddr *)(&cliaddr))->sa_family, ntohs(((struct sockaddr_in *)&cliaddr)->sin_port)); @@ -559,19 +590,20 @@ main(int argc, char *argv[]) } } + char *proto = proto_name(uflag, dccpflag); /* Don't look up port if -n. */ if (nflag) sv = NULL; else { sv = getservbyport( ntohs(atoi(portlist[i])), - uflag ? "udp" : "tcp"); + proto); } fprintf(stderr, "Connection to %s %s port [%s/%s] " "succeeded!\n", host, portlist[i], - uflag ? "udp" : "tcp", + proto, sv ? sv->s_name : "*"); } if (!zflag) @@ -671,6 +703,24 @@ unix_listen(char *path) return (s); } +char *proto_name(uflag, dccpflag) { + + char *proto = NULL; + if (uflag) { + proto = "udp"; + } +# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) + else if (dccpflag) { + proto = "dccp"; + } +# endif + else { + proto = "tcp"; + } + + return proto; +} + /* * remote_connect() * Returns a socket connected to a remote host. Properly binds to a local @@ -709,8 +759,21 @@ remote_connect(const char *host, const char *port, struct addrinfo hints) # endif memset(&ahints, 0, sizeof(struct addrinfo)); ahints.ai_family = res0->ai_family; - ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM; - ahints.ai_protocol = uflag ? IPPROTO_UDP : IPPROTO_TCP; + if (uflag) { + ahints.ai_socktype = SOCK_DGRAM; + ahints.ai_protocol = IPPROTO_UDP; + + } +# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) + else if (dccpflag) { + hints.ai_socktype = SOCK_DCCP; + hints.ai_protocol = IPPROTO_DCCP; + } +# endif + else { + ahints.ai_socktype = SOCK_STREAM; + ahints.ai_protocol = IPPROTO_TCP; + } ahints.ai_flags = AI_PASSIVE; if ((error = getaddrinfo(sflag, pflag, &ahints, &ares))) errx(1, "getaddrinfo: %s", gai_strerror(error)); @@ -722,15 +785,19 @@ remote_connect(const char *host, const char *port, struct addrinfo hints) } set_common_sockopts(s); + char *proto = proto_name(uflag, dccpflag); - if ((error = connect_with_timeout(s, res0->ai_addr, res0->ai_addrlen, timeout))== CONNECTION_SUCCESS) + if ((error = connect_with_timeout(s, res0->ai_addr, res0->ai_addrlen, timeout))== CONNECTION_SUCCESS) { break; - else if (vflag && error == CONNECTION_FAILED) + } + else if (vflag && error == CONNECTION_FAILED) { warn("connect to %s port %s (%s) failed", host, port, - uflag ? "udp" : "tcp"); - else if (vflag && error == CONNECTION_TIMEOUT) + proto); + } + else if (vflag && error == CONNECTION_TIMEOUT) { warn("connect to %s port %s (%s) timed out", host, port, - uflag ? "udp" : "tcp"); + proto); + } close(s); s = -1; @@ -1047,7 +1114,8 @@ build_ports(char *p) int hi, lo, cp; int x = 0; - sv = getservbyname(p, uflag ? "udp" : "tcp"); + char *proto = proto_name(uflag, dccpflag); + sv = getservbyname(p, proto); if (sv) { portlist[0] = calloc(1, PORT_MAX_LEN); if (portlist[0] == NULL) @@ -1252,6 +1320,7 @@ help(void) \t-w secs\t Timeout for connects and final net reads\n\ \t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\ \t-x addr[:port]\tSpecify proxy address and port\n\ + \t-Z DCCP mode\n\ \t-z Zero-I/O mode [used for scanning]\n\ Port numbers can be individual or ranges: lo-hi [inclusive]\n"); exit(0); @@ -1261,7 +1330,7 @@ void usage(int ret) { fprintf(stderr, - "usage: nc [-46CDdhjklnrStUuvz] [-I length] [-i interval] [-O length]\n" + "usage: nc [-46CDdhjklnrStUuvZz] [-I length] [-i interval] [-O length]\n" "\t [-P proxy_username] [-p source_port] [-q seconds] [-s source]\n" "\t [-T toskeyword] [-V rtable] [-w timeout] [-X proxy_protocol]\n" "\t [-x proxy_address[:port]] [destination] [port]\n"); -- debian/patches/0005-send-crlf.patch0000644000000000000000000000605111765763715014121 0ustar From: Aron Xu Date: Mon, 13 Feb 2012 14:57:45 +0800 Subject: send crlf --- nc.1 | 6 ++++-- netcat.c | 21 +++++++++++++++++---- 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/nc.1 b/nc.1 index b7014a2..af44976 100644 --- a/nc.1 +++ b/nc.1 @@ -34,7 +34,7 @@ .Sh SYNOPSIS .Nm nc .Bk -words -.Op Fl 46DdhklnrStUuvz +.Op Fl 46CDdhklnrStUuvz .Op Fl I Ar length .Op Fl i Ar interval .Op Fl O Ar length @@ -98,6 +98,8 @@ to use IPv4 addresses only. Forces .Nm to use IPv6 addresses only. +.It Fl C +Send CRLF as line-ending. .It Fl D Enable debugging on the socket. .It Fl d @@ -355,7 +357,7 @@ More complicated examples can be built up when the user knows the format of requests required by the server. As another example, an email may be submitted to an SMTP server using: .Bd -literal -offset indent -$ nc localhost 25 \*(Lt\*(Lt EOF +$ nc [\-C] localhost 25 \*(Lt\*(Lt EOF HELO host.example.com MAIL FROM:\*(Ltuser@host.example.com\*(Gt RCPT TO:\*(Ltuser2@host.example.com\*(Gt diff --git a/netcat.c b/netcat.c index fdaca44..4f4d2bf 100644 --- a/netcat.c +++ b/netcat.c @@ -111,6 +111,7 @@ #define CONNECTION_TIMEOUT 2 /* Command Line Options */ +int Cflag = 0; /* CRLF line-ending */ int dflag; /* detached, no stdin */ unsigned int iflag; /* Interval Flag */ int jflag; /* use jumbo frames if we can */ @@ -180,7 +181,7 @@ main(int argc, char *argv[]) sv = NULL; while ((ch = getopt(argc, argv, - "46DdhI:i:jklnO:P:p:rSs:tT:UuV:vw:X:x:z")) != -1) { + "46CDdhI:i:jklnO:P:p:rSs:tT:UuV:vw:X:x:z")) != -1) { switch (ch) { case '4': family = AF_INET; @@ -309,6 +310,9 @@ main(int argc, char *argv[]) if (Tflag < 0 || Tflag > 255 || errstr || errno) errx(1, "illegal tos value %s", optarg); break; + case 'C': + Cflag = 1; + break; default: usage(1); } @@ -906,8 +910,16 @@ readwrite(int nfd) else if (n == 0) { goto shutdown_wr; } else { - if (atomicio(vwrite, nfd, buf, n) != n) - return; + if ((Cflag) && (buf[n-1]=='\n')) { + if (atomicio(vwrite, nfd, buf, n-1) != (n-1)) + return; + if (atomicio(vwrite, nfd, "\r\n", 2) != 2) + return; + } + else { + if (atomicio(vwrite, nfd, buf, n) != n) + return; + } } } else if (pfd[1].revents & POLLHUP) { @@ -1139,6 +1151,7 @@ help(void) fprintf(stderr, "\tCommand Summary:\n\ \t-4 Use IPv4\n\ \t-6 Use IPv6\n\ + \t-C Send CRLF as line-ending\n\ \t-D Enable the debug socket option\n\ \t-d Detach from stdin\n\ \t-h This help text\n\ @@ -1172,7 +1185,7 @@ void usage(int ret) { fprintf(stderr, - "usage: nc [-46DdhjklnrStUuvz] [-I length] [-i interval] [-O length]\n" + "usage: nc [-46CDdhjklnrStUuvz] [-I length] [-i interval] [-O length]\n" "\t [-P proxy_username] [-p source_port] [-s source] [-T toskeyword]\n" "\t [-V rtable] [-w timeout] [-X proxy_protocol]\n" "\t [-x proxy_address[:port]] [destination] [port]\n"); -- debian/patches/0006-quit-timer.patch0000644000000000000000000000747311765763715014356 0ustar From: Aron Xu Date: Mon, 13 Feb 2012 15:16:04 +0800 Subject: quit timer --- nc.1 | 5 +++++ netcat.c | 38 +++++++++++++++++++++++++++++++++----- 2 files changed, 38 insertions(+), 5 deletions(-) diff --git a/nc.1 b/nc.1 index af44976..0d92b74 100644 --- a/nc.1 +++ b/nc.1 @@ -40,6 +40,7 @@ .Op Fl O Ar length .Op Fl P Ar proxy_username .Op Fl p Ar source_port +.Op Fl q Ar seconds .Op Fl s Ar source .Op Fl T Ar toskeyword .Op Fl V Ar rtable @@ -148,6 +149,10 @@ Proxy authentication is only supported for HTTP CONNECT proxies at present. Specifies the source port .Nm should use, subject to privilege restrictions and availability. +.It Fl q Ar seconds +after EOF on stdin, wait the specified number of seconds and then quit. If +.Ar seconds +is negative, wait forever. .It Fl r Specifies that source and/or destination ports should be chosen randomly instead of sequentially within a range or in the order that the system diff --git a/netcat.c b/netcat.c index 4f4d2bf..29ecf1a 100644 --- a/netcat.c +++ b/netcat.c @@ -86,6 +86,7 @@ #include #include #include +#include #include #include #include @@ -120,6 +121,7 @@ int lflag; /* Bind to local port */ int nflag; /* Don't do name look up */ char *Pflag; /* Proxy username */ char *pflag; /* Localport flag */ +int qflag = 0; /* Quit after some secs */ int rflag; /* Random ports flag */ char *sflag; /* Source Address */ int tflag; /* Telnet Emulation */ @@ -158,6 +160,7 @@ void usage(int); static int connect_with_timeout(int fd, const struct sockaddr *sa, socklen_t salen, int ctimeout); +static void quit(); int main(int argc, char *argv[]) @@ -181,7 +184,7 @@ main(int argc, char *argv[]) sv = NULL; while ((ch = getopt(argc, argv, - "46CDdhI:i:jklnO:P:p:rSs:tT:UuV:vw:X:x:z")) != -1) { + "46CDdhI:i:jklnO:P:p:q:rSs:tT:UuV:vw:X:x:z")) != -1) { switch (ch) { case '4': family = AF_INET; @@ -235,6 +238,11 @@ main(int argc, char *argv[]) case 'p': pflag = optarg; break; + case 'q': + qflag = strtonum(optarg, INT_MIN, INT_MAX, &errstr); + if (errstr) + errx(1, "quit timer %s: %s", errstr, optarg); + break; case 'r': rflag = 1; break; @@ -924,9 +932,18 @@ readwrite(int nfd) } else if (pfd[1].revents & POLLHUP) { shutdown_wr: + /* if the user asked to exit on EOF, do it */ + if (qflag == 0) { shutdown(nfd, SHUT_WR); - pfd[1].fd = -1; - pfd[1].events = 0; + close(wfd); + } + /* if user asked to die after a while, arrange for it */ + if (qflag > 0) { + signal(SIGALRM, quit); + alarm(qflag); + } + pfd[1].fd = -1; + pfd[1].events = 0; } } } @@ -1164,6 +1181,7 @@ help(void) \t-O length TCP send buffer length\n\ \t-P proxyuser\tUsername for proxy authentication\n\ \t-p port\t Specify local port for remote connects\n\ + \t-q secs\t quit after EOF on stdin and delay of secs\n\ \t-r Randomize remote ports\n\ \t-S Enable the TCP MD5 signature option\n\ \t-s addr\t Local source address\n\ @@ -1186,9 +1204,19 @@ usage(int ret) { fprintf(stderr, "usage: nc [-46CDdhjklnrStUuvz] [-I length] [-i interval] [-O length]\n" - "\t [-P proxy_username] [-p source_port] [-s source] [-T toskeyword]\n" - "\t [-V rtable] [-w timeout] [-X proxy_protocol]\n" + "\t [-P proxy_username] [-p source_port] [-q seconds] [-s source]\n" + "\t [-T toskeyword] [-V rtable] [-w timeout] [-X proxy_protocol]\n" "\t [-x proxy_address[:port]] [destination] [port]\n"); if (ret) exit(1); } + +/* + * quit() + * handler for a "-q" timeout (exit 0 instead of 1) + */ +static void quit() +{ + /* XXX: should explicitly close fds here */ + exit(0); +} -- debian/patches/0001-port-to-linux-with-libsd.patch0000644000000000000000000003323512057251553017034 0ustar From: Aron Xu Date: Mon, 13 Feb 2012 15:59:31 +0800 Subject: port to linux with libsd --- Makefile | 17 ++++++++-- nc.1 | 4 +-- netcat.c | 105 +++++++++++++++++++++++++++++++++++++++++++++++++++++--------- socks.c | 46 +++++++++++++-------------- 4 files changed, 130 insertions(+), 42 deletions(-) diff --git a/Makefile b/Makefile index 150f829..96a6587 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,20 @@ -# $OpenBSD: Makefile,v 1.6 2001/09/02 18:45:41 jakob Exp $ +# $OpenBSD: Makefile,v 1.6 2001/09/02 18:45:41 jakob Exp $ PROG= nc SRCS= netcat.c atomicio.c socks.c -.include +PKG_CONFIG?= pkg-config +LIBS= `$(PKG_CONFIG) --libs libbsd` -lresolv +OBJS= $(SRCS:.c=.o) +CFLAGS= -g -O2 +LDFLAGS= -Wl,--no-add-needed + +all: nc +nc: $(OBJS) + $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) $(LIBS) -o nc + +$(OBJS): %.o: %.c + $(CC) $(CFLAGS) -c $< -o $@ + +clean: + rm -f $(OBJS) nc diff --git a/nc.1 b/nc.1 index 75d1437..b7014a2 100644 --- a/nc.1 +++ b/nc.1 @@ -146,9 +146,6 @@ Proxy authentication is only supported for HTTP CONNECT proxies at present. Specifies the source port .Nm should use, subject to privilege restrictions and availability. -It is an error to use this option in conjunction with the -.Fl l -option. .It Fl r Specifies that source and/or destination ports should be chosen randomly instead of sequentially within a range or in the order that the system @@ -170,6 +167,7 @@ Change IPv4 TOS value. may be one of .Ar critical , .Ar inetcontrol , +.Ar lowcost , .Ar lowdelay , .Ar netcontrol , .Ar throughput , diff --git a/netcat.c b/netcat.c index cc4683a..9b2def2 100644 --- a/netcat.c +++ b/netcat.c @@ -42,6 +42,46 @@ #include #include +#ifndef IPTOS_LOWDELAY +# define IPTOS_LOWDELAY 0x10 +# define IPTOS_THROUGHPUT 0x08 +# define IPTOS_RELIABILITY 0x04 +# define IPTOS_LOWCOST 0x02 +# define IPTOS_MINCOST IPTOS_LOWCOST +#endif /* IPTOS_LOWDELAY */ + +# ifndef IPTOS_DSCP_AF11 +# define IPTOS_DSCP_AF11 0x28 +# define IPTOS_DSCP_AF12 0x30 +# define IPTOS_DSCP_AF13 0x38 +# define IPTOS_DSCP_AF21 0x48 +# define IPTOS_DSCP_AF22 0x50 +# define IPTOS_DSCP_AF23 0x58 +# define IPTOS_DSCP_AF31 0x68 +# define IPTOS_DSCP_AF32 0x70 +# define IPTOS_DSCP_AF33 0x78 +# define IPTOS_DSCP_AF41 0x88 +# define IPTOS_DSCP_AF42 0x90 +# define IPTOS_DSCP_AF43 0x98 +# define IPTOS_DSCP_EF 0xb8 +#endif /* IPTOS_DSCP_AF11 */ + +#ifndef IPTOS_DSCP_CS0 +# define IPTOS_DSCP_CS0 0x00 +# define IPTOS_DSCP_CS1 0x20 +# define IPTOS_DSCP_CS2 0x40 +# define IPTOS_DSCP_CS3 0x60 +# define IPTOS_DSCP_CS4 0x80 +# define IPTOS_DSCP_CS5 0xa0 +# define IPTOS_DSCP_CS6 0xc0 +# define IPTOS_DSCP_CS7 0xe0 +#endif /* IPTOS_DSCP_CS0 */ + +#ifndef IPTOS_DSCP_EF +# define IPTOS_DSCP_EF 0xb8 +#endif /* IPTOS_DSCP_EF */ + + #include #include #include @@ -53,6 +93,8 @@ #include #include #include +#include +#include #include "atomicio.h" #ifndef SUN_LEN @@ -118,7 +160,7 @@ main(int argc, char *argv[]) struct servent *sv; socklen_t len; struct sockaddr_storage cliaddr; - char *proxy; + char *proxy = NULL; const char *errstr, *proxyhost = "", *proxyport = NULL; struct addrinfo proxyhints; char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE]; @@ -164,7 +206,11 @@ main(int argc, char *argv[]) errx(1, "interval %s: %s", errstr, optarg); break; case 'j': +# if defined(SO_JUMBO) jflag = 1; +# else + errx(1, "no jumbo frame support available"); +# endif break; case 'k': kflag = 1; @@ -194,10 +240,14 @@ main(int argc, char *argv[]) uflag = 1; break; case 'V': +# if defined(RT_TABLEID_MAX) rtableid = (unsigned int)strtonum(optarg, 0, RT_TABLEID_MAX, &errstr); if (errstr) errx(1, "rtable %s: %s", errstr, optarg); +# else + errx(1, "no alternate routing table support available"); +# endif break; case 'v': vflag = 1; @@ -232,7 +282,11 @@ main(int argc, char *argv[]) errstr, optarg); break; case 'S': +# if defined(TCP_MD5SIG) Sflag = 1; +# else + errx(1, "no TCP MD5 signature support available"); +# endif break; case 'T': errstr = NULL; @@ -259,6 +313,15 @@ main(int argc, char *argv[]) if (argv[0] && !argv[1] && family == AF_UNIX) { host = argv[0]; uport = NULL; + } else if (!argv[0] && lflag) { + if (sflag) + errx(1, "cannot use -s and -l"); + if (zflag) + errx(1, "cannot use -z and -l"); + if (pflag) + uport=pflag; + } else if (!lflag && kflag) { + errx(1, "cannot use -k without -l"); } else if (argv[0] && !argv[1]) { if (!lflag) usage(1); @@ -270,14 +333,7 @@ main(int argc, char *argv[]) } else usage(1); - if (lflag && sflag) - errx(1, "cannot use -s and -l"); - if (lflag && pflag) - errx(1, "cannot use -p and -l"); - if (lflag && zflag) - errx(1, "cannot use -z and -l"); - if (!lflag && kflag) - errx(1, "must use -l with -k"); + /* Get name of temporary socket for unix datagram client */ if ((family == AF_UNIX) && uflag && !lflag) { @@ -286,8 +342,8 @@ main(int argc, char *argv[]) } else { strlcpy(unix_dg_tmp_socket_buf, "/tmp/nc.XXXXXXXXXX", UNIX_DG_TMP_SOCKET_SIZE); - if (mktemp(unix_dg_tmp_socket_buf) == NULL) - err(1, "mktemp"); + if (mkstemp(unix_dg_tmp_socket_buf) == -1) + err(1, "mkstemp"); unix_dg_tmp_socket = unix_dg_tmp_socket_buf; } } @@ -563,18 +619,22 @@ remote_connect(const char *host, const char *port, struct addrinfo hints) res0->ai_protocol)) < 0) continue; +# if defined(RT_TABLEID_MAX) if (rtableid) { if (setsockopt(s, SOL_SOCKET, SO_RTABLE, &rtableid, sizeof(rtableid)) == -1) err(1, "setsockopt SO_RTABLE"); } +# endif /* Bind to a local port or source address if specified. */ if (sflag || pflag) { struct addrinfo ahints, *ares; +# if defined (SO_BINDANY) /* try SO_BINDANY, but don't insist */ setsockopt(s, SOL_SOCKET, SO_BINDANY, &on, sizeof(on)); +# endif memset(&ahints, 0, sizeof(struct addrinfo)); ahints.ai_family = res0->ai_family; ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM; @@ -674,15 +734,23 @@ local_listen(char *host, char *port, struct addrinfo hints) res0->ai_protocol)) < 0) continue; +# if defined(RT_TABLEID_MAX) if (rtableid) { if (setsockopt(s, IPPROTO_IP, SO_RTABLE, &rtableid, sizeof(rtableid)) == -1) err(1, "setsockopt SO_RTABLE"); } +# endif + + ret = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x)); + if (ret == -1) + err(1, NULL); +# if defined(SO_REUSEPORT) ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x)); if (ret == -1) err(1, NULL); +# endif set_common_sockopts(s); @@ -886,21 +954,25 @@ set_common_sockopts(int s) { int x = 1; +# if defined(TCP_MD5SIG) if (Sflag) { if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG, &x, sizeof(x)) == -1) err(1, NULL); } +# endif if (Dflag) { if (setsockopt(s, SOL_SOCKET, SO_DEBUG, &x, sizeof(x)) == -1) err(1, NULL); } +# if defined(SO_JUMBO) if (jflag) { if (setsockopt(s, SOL_SOCKET, SO_JUMBO, &x, sizeof(x)) == -1) err(1, NULL); } +# endif if (Tflag != -1) { if (setsockopt(s, IPPROTO_IP, IP_TOS, &Tflag, sizeof(Tflag)) == -1) @@ -949,6 +1021,7 @@ map_tos(char *s, int *val) { "cs7", IPTOS_DSCP_CS7 }, { "ef", IPTOS_DSCP_EF }, { "inetcontrol", IPTOS_PREC_INTERNETCONTROL }, + { "lowcost", IPTOS_LOWCOST }, { "lowdelay", IPTOS_LOWDELAY }, { "netcontrol", IPTOS_PREC_NETCONTROL }, { "reliability", IPTOS_RELIABILITY }, @@ -969,6 +1042,9 @@ map_tos(char *s, int *val) void help(void) { +# if defined(DEBIAN_VERSION) + fprintf(stderr, "OpenBSD netcat (Debian patchlevel " DEBIAN_VERSION ")\n"); +# endif usage(0); fprintf(stderr, "\tCommand Summary:\n\ \t-4 Use IPv4\n\ @@ -978,6 +1054,7 @@ help(void) \t-h This help text\n\ \t-I length TCP receive buffer length\n\ \t-i secs\t Delay interval for lines sent, ports scanned\n\ + \t-j Use jumbo frame\n\ \t-k Keep inbound sockets open for multiple connects\n\ \t-l Listen mode, for inbound connects\n\ \t-n Suppress name/port resolutions\n\ @@ -998,15 +1075,15 @@ help(void) \t-x addr[:port]\tSpecify proxy address and port\n\ \t-z Zero-I/O mode [used for scanning]\n\ Port numbers can be individual or ranges: lo-hi [inclusive]\n"); - exit(1); + exit(0); } void usage(int ret) { fprintf(stderr, - "usage: nc [-46DdhklnrStUuvz] [-I length] [-i interval] [-O length]\n" - "\t [-P proxy_username] [-p source_port] [-s source] [-T ToS]\n" + "usage: nc [-46DdhjklnrStUuvz] [-I length] [-i interval] [-O length]\n" + "\t [-P proxy_username] [-p source_port] [-s source] [-T toskeyword]\n" "\t [-V rtable] [-w timeout] [-X proxy_protocol]\n" "\t [-x proxy_address[:port]] [destination] [port]\n"); if (ret) diff --git a/socks.c b/socks.c index 71108d5..befd0a9 100644 --- a/socks.c +++ b/socks.c @@ -38,7 +38,7 @@ #include #include #include -#include +#include #include "atomicio.h" #define SOCKS_PORT "1080" @@ -167,11 +167,11 @@ socks_connect(const char *host, const char *port, buf[2] = SOCKS_NOAUTH; cnt = atomicio(vwrite, proxyfd, buf, 3); if (cnt != 3) - err(1, "write failed (%zu/3)", cnt); + err(1, "write failed (%zu/3)", (size_t)cnt); cnt = atomicio(read, proxyfd, buf, 2); if (cnt != 2) - err(1, "read failed (%zu/3)", cnt); + err(1, "read failed (%zu/3)", (size_t)cnt); if (buf[1] == SOCKS_NOMETHOD) errx(1, "authentication method negotiation failed"); @@ -220,23 +220,23 @@ socks_connect(const char *host, const char *port, cnt = atomicio(vwrite, proxyfd, buf, wlen); if (cnt != wlen) - err(1, "write failed (%zu/%zu)", cnt, wlen); + err(1, "write failed (%zu/%zu)", (size_t)cnt, (size_t)wlen); cnt = atomicio(read, proxyfd, buf, 4); if (cnt != 4) - err(1, "read failed (%zu/4)", cnt); + err(1, "read failed (%zu/4)", (size_t)cnt); if (buf[1] != 0) errx(1, "connection failed, SOCKS error %d", buf[1]); switch (buf[3]) { case SOCKS_IPV4: cnt = atomicio(read, proxyfd, buf + 4, 6); if (cnt != 6) - err(1, "read failed (%d/6)", cnt); + err(1, "read failed (%lu/6)", (unsigned long)cnt); break; case SOCKS_IPV6: cnt = atomicio(read, proxyfd, buf + 4, 18); if (cnt != 18) - err(1, "read failed (%d/18)", cnt); + err(1, "read failed (%lu/18)", (unsigned long)cnt); break; default: errx(1, "connection failed, unsupported address type"); @@ -256,11 +256,11 @@ socks_connect(const char *host, const char *port, cnt = atomicio(vwrite, proxyfd, buf, wlen); if (cnt != wlen) - err(1, "write failed (%zu/%zu)", cnt, wlen); + err(1, "write failed (%zu/%zu)", (size_t)cnt, (size_t)wlen); cnt = atomicio(read, proxyfd, buf, 8); if (cnt != 8) - err(1, "read failed (%zu/8)", cnt); + err(1, "read failed (%zu/8)", (size_t)cnt); if (buf[1] != 90) errx(1, "connection failed, SOCKS error %d", buf[1]); } else if (socksv == -1) { @@ -272,39 +272,39 @@ socks_connect(const char *host, const char *port, /* Try to be sane about numeric IPv6 addresses */ if (strchr(host, ':') != NULL) { - r = snprintf(buf, sizeof(buf), + r = snprintf((char*)buf, sizeof(buf), "CONNECT [%s]:%d HTTP/1.0\r\n", host, ntohs(serverport)); } else { - r = snprintf(buf, sizeof(buf), + r = snprintf((char*)buf, sizeof(buf), "CONNECT %s:%d HTTP/1.0\r\n", host, ntohs(serverport)); } if (r == -1 || (size_t)r >= sizeof(buf)) errx(1, "hostname too long"); - r = strlen(buf); + r = strlen((char*)buf); cnt = atomicio(vwrite, proxyfd, buf, r); if (cnt != r) - err(1, "write failed (%zu/%d)", cnt, r); + err(1, "write failed (%zu/%d)", (size_t)cnt, (int)r); if (authretry > 1) { char resp[1024]; proxypass = getproxypass(proxyuser, proxyhost); - r = snprintf(buf, sizeof(buf), "%s:%s", + r = snprintf((char*)buf, sizeof(buf), "%s:%s", proxyuser, proxypass); if (r == -1 || (size_t)r >= sizeof(buf) || - b64_ntop(buf, strlen(buf), resp, + b64_ntop(buf, strlen((char*)buf), resp, sizeof(resp)) == -1) errx(1, "Proxy username/password too long"); - r = snprintf(buf, sizeof(buf), "Proxy-Authorization: " + r = snprintf((char*)buf, sizeof((char*)buf), "Proxy-Authorization: " "Basic %s\r\n", resp); if (r == -1 || (size_t)r >= sizeof(buf)) errx(1, "Proxy auth response too long"); - r = strlen(buf); + r = strlen((char*)buf); if ((cnt = atomicio(vwrite, proxyfd, buf, r)) != r) - err(1, "write failed (%zu/%d)", cnt, r); + err(1, "write failed (%zu/%d)", (size_t)cnt, r); } /* Terminate headers */ @@ -312,22 +312,22 @@ socks_connect(const char *host, const char *port, err(1, "write failed (2/%d)", r); /* Read status reply */ - proxy_read_line(proxyfd, buf, sizeof(buf)); + proxy_read_line(proxyfd, (char*)buf, sizeof(buf)); if (proxyuser != NULL && - strncmp(buf, "HTTP/1.0 407 ", 12) == 0) { + strncmp((char*)buf, "HTTP/1.0 407 ", 12) == 0) { if (authretry > 1) { fprintf(stderr, "Proxy authentication " "failed\n"); } close(proxyfd); goto again; - } else if (strncmp(buf, "HTTP/1.0 200 ", 12) != 0 && - strncmp(buf, "HTTP/1.1 200 ", 12) != 0) + } else if (strncmp((char*)buf, "HTTP/1.0 200 ", 12) != 0 && + strncmp((char*)buf, "HTTP/1.1 200 ", 12) != 0) errx(1, "Proxy error: \"%s\"", buf); /* Headers continue until we hit an empty line */ for (r = 0; r < HTTP_MAXHDRS; r++) { - proxy_read_line(proxyfd, buf, sizeof(buf)); + proxy_read_line(proxyfd, (char*)buf, sizeof(buf)); if (*buf == '\0') break; } -- debian/patches/0011-misc-failures-and-features.patch0000644000000000000000000003122411765763715017360 0ustar From: Aron Xu Date: Mon, 13 Feb 2012 19:06:52 +0800 Subject: misc connection failures --- nc.1 | 76 ++++++++++++++++++++++++++++++++++++--- netcat.c | 119 ++++++++++++++++++++++++++++++++++++++++++-------------------- 2 files changed, 153 insertions(+), 42 deletions(-) diff --git a/nc.1 b/nc.1 index 60e3668..477cb1b 100644 --- a/nc.1 +++ b/nc.1 @@ -34,7 +34,7 @@ .Sh SYNOPSIS .Nm nc .Bk -words -.Op Fl 46CDdhklnrStUuvZz +.Op Fl 46bCDdhklnrStUuvZz .Op Fl I Ar length .Op Fl i Ar interval .Op Fl O Ar length @@ -99,6 +99,8 @@ to use IPv4 addresses only. Forces .Nm to use IPv6 addresses only. +.It Fl b +Allow broadcast. .It Fl C Send CRLF as line-ending. .It Fl D @@ -323,6 +325,54 @@ and which side is being used as a The connection may be terminated using an .Dv EOF .Pq Sq ^D . +.Pp +There is no +.Fl c +or +.Fl e +option in this netcat, but you still can execute a command after connection +being established by redirecting file descriptors. Be cautious here because +opening a port and let anyone connected execute arbitrary command on your +site is DANGEROUS. If you really need to do this, here is an example: +.Pp +On +.Sq server +side: +.Pp +.Dl $ rm -f /tmp/f; mkfifo /tmp/f +.Dl $ cat /tmp/f | /bin/sh -i 2>&1 | nc -l 127.0.0.1 1234 > /tmp/f +.Pp +On +.Sq client +side: +.Pp +.Dl $ nc host.example.com 1234 +.Dl $ (shell prompt from host.example.com) +.Pp +By doing this, you create a fifo at /tmp/f and make nc listen at port 1234 +of address 127.0.0.1 on +.Sq server +side, when a +.Sq client +establishes a connection successfully to that port, /bin/sh gets executed +on +.Sq server +side and the shell prompt is given to +.Sq client +side. +.Pp +When connection is terminated, +.Nm +quits as well. Use +.Fl k +if you want it keep listening, but if the command quits this option won't +restart it or keep +.Nm +running. Also don't forget to remove the file descriptor once you don't need +it anymore: +.Pp +.Dl $ rm -f /tmp/f +.Pp .Sh DATA TRANSFER The example in the previous section can be expanded to build a basic data transfer model. @@ -382,15 +432,30 @@ The flag can be used to tell .Nm to report open ports, -rather than initiate a connection. +rather than initiate a connection. Usually it's useful to turn on verbose +output to stderr by use this option in conjunction with +.Fl v +option. +.Pp For example: .Bd -literal -offset indent -$ nc -z host.example.com 20-30 +$ nc \-zv host.example.com 20-30 Connection to host.example.com 22 port [tcp/ssh] succeeded! Connection to host.example.com 25 port [tcp/smtp] succeeded! .Ed .Pp -The port range was specified to limit the search to ports 20 \- 30. +The port range was specified to limit the search to ports 20 \- 30, and is +scanned by increasing order. +.Pp +You can also specify a list of ports to scan, for example: +.Bd -literal -offset indent +$ nc \-zv host.example.com 80 20 22 +nc: connect to host.example.com 80 (tcp) failed: Connection refused +nc: connect to host.example.com 20 (tcp) failed: Connection refused +Connection to host.example.com port [tcp/ssh] succeeded! +.Ed +.Pp +The ports are scanned by the order you given. .Pp Alternatively, it might be useful to know which server software is running, and which versions. @@ -455,6 +520,9 @@ Original implementation by *Hobbit* .br Rewritten with IPv6 support by .An Eric Jackson Aq ericj@monkey.org . +.br +Modified for Debian port by Aron Xu +.Aq aron@debian.org . .Sh CAVEATS UDP port scans using the .Fl uz diff --git a/netcat.c b/netcat.c index bf9940f..c938d11 100644 --- a/netcat.c +++ b/netcat.c @@ -88,6 +88,7 @@ #include #include #include +#include #include #include #include @@ -115,6 +116,7 @@ #define UDP_SCAN_TIMEOUT 3 /* Seconds */ /* Command Line Options */ +int bflag; /* Allow Broadcast */ int Cflag = 0; /* CRLF line-ending */ int dflag; /* detached, no stdin */ unsigned int iflag; /* Interval Flag */ @@ -146,7 +148,7 @@ char *portlist[PORT_MAX+1]; char *unix_dg_tmp_socket; void atelnet(int, unsigned char *, unsigned int); -void build_ports(char *); +void build_ports(char **); void help(void); int local_listen(char *, char *, struct addrinfo); void readwrite(int); @@ -171,11 +173,14 @@ int main(int argc, char *argv[]) { int ch, s, ret, socksv; - char *host, *uport; + char *host, **uport; struct addrinfo hints; struct servent *sv; socklen_t len; - struct sockaddr_storage cliaddr; + union { + struct sockaddr_storage storage; + struct sockaddr_un forunix; + } cliaddr; char *proxy = NULL; const char *errstr, *proxyhost = "", *proxyport = NULL; struct addrinfo proxyhints; @@ -189,7 +194,7 @@ main(int argc, char *argv[]) sv = NULL; while ((ch = getopt(argc, argv, - "46CDdhI:i:jklnO:P:p:q:rSs:tT:UuV:vw:X:x:Zz")) != -1) { + "46bCDdhI:i:jklnO:P:p:q:rSs:tT:UuV:vw:X:x:Zz")) != -1) { switch (ch) { case '4': family = AF_INET; @@ -197,6 +202,13 @@ main(int argc, char *argv[]) case '6': family = AF_INET6; break; + case 'b': +# if defined(SO_BROADCAST) + bflag = 1; +# else + errx(1, "no broadcast frame support available"); +# endif + break; case 'U': family = AF_UNIX; break; @@ -342,35 +354,40 @@ main(int argc, char *argv[]) /* Cruft to make sure options are clean, and used properly. */ if (argv[0] && !argv[1] && family == AF_UNIX) { - if (uflag) - errx(1, "cannot use -u and -U"); # if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) if (dccpflag) errx(1, "cannot use -Z and -U"); # endif host = argv[0]; uport = NULL; - } else if (!argv[0] && lflag) { - if (sflag) - errx(1, "cannot use -s and -l"); - if (zflag) - errx(1, "cannot use -z and -l"); - if (pflag) - uport=pflag; - } else if (!lflag && kflag) { - errx(1, "cannot use -k without -l"); - } else if (argv[0] && !argv[1]) { - if (!lflag) - usage(1); - uport = argv[0]; + } else if (argv[0] && !argv[1] && lflag) { + if (pflag) { + uport = &pflag; + host = argv[0]; + } else { + uport = argv; + host = NULL; + } + } else if (!argv[0] && lflag && pflag) { + uport = &pflag; host = NULL; } else if (argv[0] && argv[1]) { host = argv[0]; - uport = argv[1]; + uport = &argv[1]; } else usage(1); - + if (lflag) { + if (sflag) + errx(1, "cannot use -s and -l"); + if (zflag) + errx(1, "cannot use -z and -l"); + if (pflag) + /* This still does not work well because of getopt mess + errx(1, "cannot use -p and -l"); */ + uport = &pflag; + } else if (!lflag && kflag) + errx(1, "cannot use -k without -l"); /* Get name of temporary socket for unix datagram client */ if ((family == AF_UNIX) && uflag && !lflag) { @@ -448,7 +465,7 @@ main(int argc, char *argv[]) else s = unix_listen(host); } else - s = local_listen(host, uport, hints); + s = local_listen(host, *uport, hints); if (s < 0) err(1, NULL); @@ -457,7 +474,8 @@ main(int argc, char *argv[]) local = ":::"; else local = "0.0.0.0"; - fprintf(stderr, "Listening on [%s] (family %d, port %d)\n", + if (vflag && (family != AF_UNIX)) + fprintf(stderr, "Listening on [%s] (family %d, port %s)\n", host ?: local, family, *uport); @@ -490,13 +508,17 @@ main(int argc, char *argv[]) len = sizeof(cliaddr); connfd = accept(s, (struct sockaddr *)&cliaddr, &len); - if(vflag) { + if(vflag && family == AF_UNIX) { + fprintf(stderr, "Connection from \"%.*s\" accepted\n", + (len - (int)offsetof(struct sockaddr_un, sun_path)), + ((struct sockaddr_un*)&cliaddr)->sun_path); + } else if(vflag) { char *proto = proto_name(uflag, dccpflag); /* Don't look up port if -n. */ if (nflag) sv = NULL; else - sv = getservbyport(ntohs(atoi(uport)), + sv = getservbyport(ntohs(atoi(*uport)), proto); if (((struct sockaddr *)&cliaddr)->sa_family == AF_INET) { @@ -504,7 +526,7 @@ main(int argc, char *argv[]) inet_ntop(((struct sockaddr *)&cliaddr)->sa_family,&(((struct sockaddr_in *)&cliaddr)->sin_addr),dst,INET_ADDRSTRLEN); fprintf(stderr, "Connection from [%s] port %s [%s/%s] accepted (family %d, sport %d)\n", dst, - uport, + *uport, proto, sv ? sv->s_name : "*", ((struct sockaddr *)(&cliaddr))->sa_family, @@ -515,7 +537,7 @@ main(int argc, char *argv[]) inet_ntop(((struct sockaddr *)&cliaddr)->sa_family,&(((struct sockaddr_in6 *)&cliaddr)->sin6_addr),dst,INET6_ADDRSTRLEN); fprintf(stderr, "Connection from [%s] port %s [%s/%s] accepted (family %d, sport %d)\n", dst, - uport, + *uport, proto, sv ? sv->s_name : "*", ((struct sockaddr *)&cliaddr)->sa_family, @@ -523,17 +545,21 @@ main(int argc, char *argv[]) } else { fprintf(stderr, "Connection from unknown port %s [%s/%s] accepted (family %d, sport %d)\n", - uport, + *uport, proto, sv ? sv->s_name : "*", ((struct sockaddr *)(&cliaddr))->sa_family, ntohs(((struct sockaddr_in *)&cliaddr)->sin_port)); } } + if(!kflag) + close(s); readwrite(connfd); close(connfd); } + if (vflag && kflag) + fprintf(stderr, "Connection closed, listening again.\n"); if (kflag) continue; if (family != AF_UNIX) { @@ -641,6 +667,8 @@ unix_bind(char *path) return (-1); } + unlink(path); + if (bind(s, (struct sockaddr *)&sun, SUN_LEN(&sun)) < 0) { close(s); return (-1); @@ -662,8 +690,10 @@ unix_connect(char *path) if ((s = unix_bind(unix_dg_tmp_socket)) < 0) return (-1); } else { - if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) + if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) { + errx(1,"create unix socket failed"); return (-1); + } } (void)fcntl(s, F_SETFD, 1); @@ -674,9 +704,11 @@ unix_connect(char *path) sizeof(sun.sun_path)) { close(s); errno = ENAMETOOLONG; + warn("unix connect abandoned"); return (-1); } if (connect(s, (struct sockaddr *)&sun, SUN_LEN(&sun)) < 0) { + warn("unix connect failed"); close(s); return (-1); } @@ -1105,22 +1137,23 @@ atelnet(int nfd, unsigned char *buf, unsigned int size) * that we should try to connect to. */ void -build_ports(char *p) +build_ports(char **p) { struct servent *sv; const char *errstr; char *n; int hi, lo, cp; int x = 0; + int i; char *proto = proto_name(uflag, dccpflag); - sv = getservbyname(p, proto); + sv = getservbyname(*p, proto); if (sv) { portlist[0] = calloc(1, PORT_MAX_LEN); if (portlist[0] == NULL) err(1, NULL); snprintf(portlist[0], PORT_MAX_LEN, "%d", ntohs(sv->s_port)); - } else if ((n = strchr(p, '-')) != NULL) { + } else if ((n = strchr(*p, '-')) != NULL) { *n = '\0'; n++; @@ -1128,9 +1161,9 @@ build_ports(char *p) hi = strtonum(n, 1, PORT_MAX, &errstr); if (errstr) errx(1, "port number %s: %s", errstr, n); - lo = strtonum(p, 1, PORT_MAX, &errstr); + lo = strtonum(*p, 1, PORT_MAX, &errstr); if (errstr) - errx(1, "port number %s: %s", errstr, p); + errx(1, "port number %s: %s", errstr, *p); if (lo > hi) { cp = hi; @@ -1160,10 +1193,12 @@ build_ports(char *p) } } } else { - hi = strtonum(p, 1, PORT_MAX, &errstr); + hi = strtonum(*p, 1, PORT_MAX, &errstr); if (errstr) - errx(1, "port number %s: %s", errstr, p); - portlist[0] = strdup(p); + errx(1, "port number %s: %s", errstr, *p); + for (i=0;p[i];i++) { + portlist[i] = strdup(p[i]); + } if (portlist[0] == NULL) err(1, NULL); } @@ -1198,6 +1233,13 @@ set_common_sockopts(int s) { int x = 1; +# if defined(SO_BROADCAST) + if (bflag) { + if (setsockopt(s, IPPROTO_TCP, SO_BROADCAST, + &x, sizeof(x)) == -1) + err(1, NULL); + } +# endif # if defined(TCP_MD5SIG) if (Sflag) { if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG, @@ -1293,6 +1335,7 @@ help(void) fprintf(stderr, "\tCommand Summary:\n\ \t-4 Use IPv4\n\ \t-6 Use IPv6\n\ + \t-b Allow broadcast\n\ \t-C Send CRLF as line-ending\n\ \t-D Enable the debug socket option\n\ \t-d Detach from stdin\n\ @@ -1329,7 +1372,7 @@ void usage(int ret) { fprintf(stderr, - "usage: nc [-46CDdhjklnrStUuvZz] [-I length] [-i interval] [-O length]\n" + "usage: nc [-46bCDdhjklnrStUuvZz] [-I length] [-i interval] [-O length]\n" "\t [-P proxy_username] [-p source_port] [-q seconds] [-s source]\n" "\t [-T toskeyword] [-V rtable] [-w timeout] [-X proxy_protocol]\n" "\t [-x proxy_address[:port]] [destination] [port]\n"); -- debian/patches/netcat-info.patch0000644000000000000000000000076012057251634014055 0ustar Index: b/netcat.c =================================================================== --- a/netcat.c +++ b/netcat.c @@ -1371,6 +1371,8 @@ void usage(int ret) { + fprintf(stderr, "This is nc from the netcat-openbsd package. An alternative nc is available\n"); + fprintf(stderr, "in the netcat-traditional package.\n"); fprintf(stderr, "usage: nc [-46bCDdhjklnrStUuvZz] [-I length] [-i interval] [-O length]\n" "\t [-P proxy_username] [-p source_port] [-q seconds] [-s source]\n" debian/patches/0004-poll-hup.patch0000644000000000000000000000235111765763715014002 0ustar From: Aron Xu Date: Mon, 13 Feb 2012 15:08:33 +0800 Subject: poll hup --- netcat.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/netcat.c b/netcat.c index d912544..fdaca44 100644 --- a/netcat.c +++ b/netcat.c @@ -884,9 +884,7 @@ readwrite(int nfd) if ((n = read(nfd, buf, plen)) < 0) return; else if (n == 0) { - shutdown(nfd, SHUT_RD); - pfd[0].fd = -1; - pfd[0].events = 0; + goto shutdown_rd; } else { if (tflag) atelnet(nfd, buf, n); @@ -894,18 +892,30 @@ readwrite(int nfd) return; } } + else if (pfd[0].revents & POLLHUP) { + shutdown_rd: + shutdown(nfd, SHUT_RD); + pfd[0].fd = -1; + pfd[0].events = 0; + } - if (!dflag && pfd[1].revents & POLLIN) { + if (!dflag) { + if(pfd[1].revents & POLLIN) { if ((n = read(wfd, buf, plen)) < 0) return; else if (n == 0) { - shutdown(nfd, SHUT_WR); - pfd[1].fd = -1; - pfd[1].events = 0; + goto shutdown_wr; } else { if (atomicio(vwrite, nfd, buf, n) != n) return; } + } + else if (pfd[1].revents & POLLHUP) { + shutdown_wr: + shutdown(nfd, SHUT_WR); + pfd[1].fd = -1; + pfd[1].events = 0; + } } } } -- debian/patches/0003-get-sev-by-name.patch0000644000000000000000000000156111765763715015143 0ustar From: Aron Xu Date: Mon, 13 Feb 2012 14:45:08 +0800 Subject: get sev by name --- netcat.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/netcat.c b/netcat.c index f3cc8c1..d912544 100644 --- a/netcat.c +++ b/netcat.c @@ -949,12 +949,19 @@ atelnet(int nfd, unsigned char *buf, unsigned int size) void build_ports(char *p) { + struct servent *sv; const char *errstr; char *n; int hi, lo, cp; int x = 0; - if ((n = strchr(p, '-')) != NULL) { + sv = getservbyname(p, uflag ? "udp" : "tcp"); + if (sv) { + portlist[0] = calloc(1, PORT_MAX_LEN); + if (portlist[0] == NULL) + err(1, NULL); + snprintf(portlist[0], PORT_MAX_LEN, "%d", ntohs(sv->s_port)); + } else if ((n = strchr(p, '-')) != NULL) { *n = '\0'; n++; -- debian/patches/0010-serialized-handling-multiple-clients.patch0000644000000000000000000000316511765763715021450 0ustar From: Aron Xu Date: Tue, 14 Feb 2012 23:02:00 +0800 Subject: serialized handling multiple clients --- netcat.c | 39 +++++++++++++++++++-------------------- 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/netcat.c b/netcat.c index 56cc15e..bf9940f 100644 --- a/netcat.c +++ b/netcat.c @@ -447,26 +447,24 @@ main(int argc, char *argv[]) s = unix_bind(host); else s = unix_listen(host); - } + } else + s = local_listen(host, uport, hints); + if (s < 0) + err(1, NULL); + + char* local; + if (family == AF_INET6) + local = ":::"; + else + local = "0.0.0.0"; + fprintf(stderr, "Listening on [%s] (family %d, port %d)\n", + host ?: local, + family, + *uport); /* Allow only one connection at a time, but stay alive. */ for (;;) { - if (family != AF_UNIX) - s = local_listen(host, uport, hints); - if (s < 0) - err(1, NULL); - char* local; - if (family == AF_INET6 ) - local = "0.0.0.0"; - else if (family == AF_INET) - local = ":::"; - else - local = "unknown"; - fprintf(stderr, "Listening on [%s] (family %d, port %d)\n", - host ?: local, - family, - *uport); /* * For UDP, we will use recvfrom() initially * to wait for a caller, then use the regular @@ -536,15 +534,16 @@ main(int argc, char *argv[]) close(connfd); } - if (family != AF_UNIX) + if (kflag) + continue; + if (family != AF_UNIX) { close(s); + } else if (uflag) { if (connect(s, NULL, 0) < 0) err(1, "connect"); } - - if (!kflag) - break; + break; } } else if (family == AF_UNIX) { ret = 0; -- debian/patches/0008-verbose-numeric-port.patch0000644000000000000000000000636411765763715016345 0ustar From: Aron Xu Date: Mon, 13 Feb 2012 15:38:15 +0800 Subject: verbose numeric port --- netcat.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 55 insertions(+), 4 deletions(-) diff --git a/netcat.c b/netcat.c index baab909..eb3453e 100644 --- a/netcat.c +++ b/netcat.c @@ -41,6 +41,7 @@ #include #include #include +#include #ifndef IPTOS_LOWDELAY # define IPTOS_LOWDELAY 0x10 @@ -424,6 +425,18 @@ main(int argc, char *argv[]) s = local_listen(host, uport, hints); if (s < 0) err(1, NULL); + + char* local; + if (family == AF_INET6 + local = "0.0.0.0"; + else if (family == AF_INET) + local = ":::"; + else + local = "unknown" + fprintf(stderr, "Listening on [%s] (family %d, port %d)\n", + host ?: local, + family, + *uport); /* * For UDP, we will use recvfrom() initially * to wait for a caller, then use the regular @@ -432,16 +445,15 @@ main(int argc, char *argv[]) if (uflag) { int rv, plen; char buf[16384]; - struct sockaddr_storage z; - len = sizeof(z); + len = sizeof(cliaddr); plen = jflag ? 16384 : 2048; rv = recvfrom(s, buf, plen, MSG_PEEK, - (struct sockaddr *)&z, &len); + (struct sockaddr *)&cliaddr, &len); if (rv < 0) err(1, "recvfrom"); - rv = connect(s, (struct sockaddr *)&z, len); + rv = connect(s, (struct sockaddr *)&cliaddr, len); if (rv < 0) err(1, "connect"); @@ -450,6 +462,45 @@ main(int argc, char *argv[]) len = sizeof(cliaddr); connfd = accept(s, (struct sockaddr *)&cliaddr, &len); + if(vflag) { + /* Don't look up port if -n. */ + if (nflag) + sv = NULL; + else + sv = getservbyport(ntohs(atoi(uport)), + uflag ? "udp" : "tcp"); + + if (((struct sockaddr *)&cliaddr)->sa_family == AF_INET) { + char dst[INET_ADDRSTRLEN]; + inet_ntop(((struct sockaddr *)&cliaddr)->sa_family,&(((struct sockaddr_in *)&cliaddr)->sin_addr),dst,INET_ADDRSTRLEN); + fprintf(stderr, "Connection from [%s] port %s [%s/%s] accepted (family %d, sport %d)\n", + dst, + uport, + uflag ? "udp" : "tcp", + sv ? sv->s_name : "*", + ((struct sockaddr *)(&cliaddr))->sa_family, + ntohs(((struct sockaddr_in *)&cliaddr)->sin_port)); + } + else if(((struct sockaddr *)&cliaddr)->sa_family == AF_INET6) { + char dst[INET6_ADDRSTRLEN]; + inet_ntop(((struct sockaddr *)&cliaddr)->sa_family,&(((struct sockaddr_in6 *)&cliaddr)->sin6_addr),dst,INET6_ADDRSTRLEN); + fprintf(stderr, "Connection from [%s] port %s [%s/%s] accepted (family %d, sport %d)\n", + dst, + uport, + uflag ? "udp" : "tcp", + sv ? sv->s_name : "*", + ((struct sockaddr *)&cliaddr)->sa_family, + ntohs(((struct sockaddr_in6 *)&cliaddr)->sin6_port)); + } + else { + fprintf(stderr, "Connection from unknown port %s [%s/%s] accepted (family %d, sport %d)\n", + uport, + uflag ? "udp" : "tcp", + sv ? sv->s_name : "*", + ((struct sockaddr *)(&cliaddr))->sa_family, + ntohs(((struct sockaddr_in *)&cliaddr)->sin_port)); + } + } readwrite(connfd); close(connfd); } -- debian/patches/0002-connect-timeout.patch0000644000000000000000000000664511765763715015367 0ustar From: Aron Xu Date: Mon, 13 Feb 2012 14:43:56 +0800 Subject: connect timeout --- netcat.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 75 insertions(+), 2 deletions(-) diff --git a/netcat.c b/netcat.c index 9b2def2..f3cc8c1 100644 --- a/netcat.c +++ b/netcat.c @@ -106,6 +106,10 @@ #define PORT_MAX_LEN 6 #define UNIX_DG_TMP_SOCKET_SIZE 19 +#define CONNECTION_SUCCESS 0 +#define CONNECTION_FAILED 1 +#define CONNECTION_TIMEOUT 2 + /* Command Line Options */ int dflag; /* detached, no stdin */ unsigned int iflag; /* Interval Flag */ @@ -151,6 +155,9 @@ void set_common_sockopts(int); int map_tos(char *, int *); void usage(int); +static int connect_with_timeout(int fd, const struct sockaddr *sa, + socklen_t salen, int ctimeout); + int main(int argc, char *argv[]) { @@ -651,11 +658,14 @@ remote_connect(const char *host, const char *port, struct addrinfo hints) set_common_sockopts(s); - if (timeout_connect(s, res0->ai_addr, res0->ai_addrlen) == 0) + if ((error = connect_with_timeout(s, res0->ai_addr, res0->ai_addrlen, timeout))== CONNECTION_SUCCESS) break; - else if (vflag) + else if (vflag && error == CONNECTION_FAILED) warn("connect to %s port %s (%s) failed", host, port, uflag ? "udp" : "tcp"); + else if (vflag && error == CONNECTION_TIMEOUT) + warn("connect to %s port %s (%s) timed out", host, port, + uflag ? "udp" : "tcp"); close(s); s = -1; @@ -703,6 +713,69 @@ timeout_connect(int s, const struct sockaddr *name, socklen_t namelen) return (ret); } +static int connect_with_timeout(int fd, const struct sockaddr *sa, + socklen_t salen, int ctimeout) +{ + int err; + struct timeval tv, *tvp = NULL; + fd_set connect_fdset; + socklen_t len; + int orig_flags; + + orig_flags = fcntl(fd, F_GETFL, 0); + if (fcntl(fd, F_SETFL, orig_flags | O_NONBLOCK) < 0 ) { + warn("can't set O_NONBLOCK - timeout not available"); + if (connect(fd, sa, salen) == 0) + return CONNECTION_SUCCESS; + else + return CONNECTION_FAILED; + } + + /* set connect timeout */ + if (ctimeout > 0) { + tv.tv_sec = (time_t)ctimeout/1000; + tv.tv_usec = 0; + tvp = &tv; + } + + /* attempt the connection */ + err = connect(fd, sa, salen); + if (err != 0 && errno == EINPROGRESS) { + /* connection is proceeding + * it is complete (or failed) when select returns */ + + /* initialize connect_fdset */ + FD_ZERO(&connect_fdset); + FD_SET(fd, &connect_fdset); + + /* call select */ + do { + err = select(fd + 1, NULL, &connect_fdset, + NULL, tvp); + } while (err < 0 && errno == EINTR); + + /* select error */ + if (err < 0) + errx(1,"select error: %s", strerror(errno)); + /* we have reached a timeout */ + if (err == 0) + return CONNECTION_TIMEOUT; + /* select returned successfully, but we must test socket + * error for result */ + len = sizeof(err); + if (getsockopt(fd, SOL_SOCKET, SO_ERROR, &err, &len) < 0) + errx(1, "getsockopt error: %s", strerror(errno)); + /* setup errno according to the result returned by + * getsockopt */ + if (err != 0) + errno = err; + } + + /* return aborted if an error occured, and valid otherwise */ + fcntl(fd, F_SETFL, orig_flags); + return (err != 0)? CONNECTION_FAILED : CONNECTION_SUCCESS; +} + /* * local_listen() * Returns a socket listening on a local port, binds to specified source -- debian/patches/0007-udp-scan-timeout.patch0000644000000000000000000000251111765763715015441 0ustar From: Aron Xu Date: Mon, 13 Feb 2012 15:29:37 +0800 Subject: udp scan timeout --- netcat.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/netcat.c b/netcat.c index 29ecf1a..baab909 100644 --- a/netcat.c +++ b/netcat.c @@ -111,6 +111,8 @@ #define CONNECTION_FAILED 1 #define CONNECTION_TIMEOUT 2 +#define UDP_SCAN_TIMEOUT 3 /* Seconds */ + /* Command Line Options */ int Cflag = 0; /* CRLF line-ending */ int dflag; /* detached, no stdin */ @@ -497,7 +499,7 @@ main(int argc, char *argv[]) continue; ret = 0; - if (vflag || zflag) { + if (vflag) { /* For UDP, make sure we are connected. */ if (uflag) { if (udptest(s) == -1) { @@ -1057,15 +1059,20 @@ build_ports(char *p) int udptest(int s) { - int i, ret; - - for (i = 0; i <= 3; i++) { - if (write(s, "X", 1) == 1) - ret = 1; - else - ret = -1; + int i, t; + + if ((write(s, "X", 1) != 1) || + ((write(s, "X", 1) != 1) && (errno == ECONNREFUSED))) + return -1; + + /* Give the remote host some time to reply. */ + for (i = 0, t = (timeout == -1) ? UDP_SCAN_TIMEOUT : (timeout / 1000); + i < t; i++) { + sleep(1); + if ((write(s, "X", 1) != 1) && (errno == ECONNREFUSED)) + return -1; } - return (ret); + return 1; } void -- debian/patches/series0000644000000000000000000000052512057251553012041 0ustar 0001-port-to-linux-with-libsd.patch 0002-connect-timeout.patch 0003-get-sev-by-name.patch 0004-poll-hup.patch 0005-send-crlf.patch 0006-quit-timer.patch 0007-udp-scan-timeout.patch 0008-verbose-numeric-port.patch 0009-dccp-support.patch 0010-serialized-handling-multiple-clients.patch 0011-misc-failures-and-features.patch netcat-info.patch debian/netcat-openbsd.README.Debian0000644000000000000000000000475211765763715014166 0ustar OpenBSD netcat for Debian ------------------------- Merge with upstream again, now it links against -lresov and -lbsd. The former one is from libc, and the latter provides a good strlcpy(). Now the package has a much saner dependency to make its way into base system. A lot of bug fixes and some new features are also applied. For record, the reason of not implementing features like -c or -e in this cat is about security. These options enable anyone on the system to open port and execute arbitrary command on local host from remote very easily, which is not desired for ordinary multi-user systems. If you do need such function, please try nc.traditional or nc6. -- Aron Xu Wed, 15 Feb 2012 01:39:04 +0800 This package has been rebased on OpenBSD's implementation of netcat. The code has been massively cleaned up, and important functionality has been added. -- Soren Hansen Tue, 15 Jan 2008 10:38:34 +0100 The OpenBSD implementation has been split from netcat-traditional for two reasons (not counting sentimental value): 1. Netcat should be part of the base system; OpenBSD netcat uses strlcpy. While there is already a perfectly good implementation of strlcpy in Debian, it is part of glib, which is not included in base. 2. Packages should not be replaced under users' feet; a transitional package will be provided for lenny so that users can note the new package and switch if they wish. You may install this package alongside netcat-traditional; they both use the alternatives system for nc(1) as well as the deprecated alias netcat(1). Other implementations of netcat with compatible command line options are encouraged to also do so and provide the virtual package "netcat". The following features from netcat-traditional will not be added to this package: * The -e and -c options (This should be done by redirecting the appropriate file descriptors, not within netcat. How to do so should be better documented.) * Printing "connection refused" messages when -v is not specified (because there is only one level of verbosity in this netcat, and that message is primarily what the option is for.) Anything else that netcat-traditional does that this package doesn't is a bug. Wherever possible, command-line compatibility with the BSDs and Fedora is desired, but it should be easy to use netcat-openbsd as a "drop-in" replacement for netcat-traditional as well. -- Decklin Foster Tue, 22 Jan 2008 18:50:08 -0500 debian/copyright0000644000000000000000000000371711765763715011153 0ustar Format: http://dep.debian.net/deps/dep5/ Source: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/nc/ Files: netcat.c Copyright: 2001 Eric Jackson License: BSD-3-Clause Files: atomicio.* Copyright: 2005 Anil Madhavapeddy 1995,1999 Theo de Raadt License: BSD-3-Clause Files: socks.c Copyright: 1999 Niklas Hallqvist 2004, 2005 Damien Miller License: BSD-3-Clause Files: debian/* Copyright: 2008, 2009, 2010 Decklin Foster 2008, 2009, 2010 Soren Hansen 2012 Aron Xu License: BSD-3-Clause License: BSD-3-Clause Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: . 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. . THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. debian/netcat-openbsd.links0000644000000000000000000000010011765763715013147 0ustar usr/share/man/man1/nc_openbsd.1 usr/share/man/man1/nc.openbsd.1 debian/netcat-openbsd.examples0000644000000000000000000000002211765763715013650 0ustar debian/examples/* debian/netcat-openbsd.postinst0000644000000000000000000000063511765763715013727 0ustar #!/bin/sh -e if [ "$1" = "configure" ]; then update-alternatives \ --install /bin/nc nc /bin/nc.openbsd 50 \ --slave /bin/netcat netcat /bin/nc.openbsd \ --slave /usr/share/man/man1/nc.1.gz nc.1.gz \ /usr/share/man/man1/nc_openbsd.1.gz \ --slave /usr/share/man/man1/netcat.1.gz netcat.1.gz \ /usr/share/man/man1/nc_openbsd.1.gz fi #DEBHELPER# debian/examples/0000755000000000000000000000000011765763715011026 5ustar debian/examples/webrelay0000644000000000000000000000302711765763715012565 0ustar #! /bin/sh ## web relay -- a degenerate version of webproxy, usable with browsers that ## don't understand proxies. This just forwards connections to a given server. ## No query logging, no access control [although you can add it to XNC for ## your own run], and full-URL links will undoubtedly confuse the browser ## if it can't reach the server directly. This was actually written before ## the full proxy was, and it shows. ## The arguments in this case are the destination server and optional port. ## Please flame pinheads who use self-referential absolute links. # set these as you wish: proxy port... PORT=8000 # any extra args to the listening "nc", for instance "-s inside-net-addr" XNC='' # functionality switch, which has to be done fast to start the next listener case "${1}${RDEST}" in "") echo needs hostname exit 1 ;; esac case "${1}" in "") # no args: fire off new relayer process NOW. Will hang around for 10 minutes nc -w 600 -l -n -p $PORT -e "$0" $XNC < /dev/null > /dev/null 2>&1 & # and handle this request, which will simply fail if vars not set yet. exec nc -w 15 $RDEST $RPORT ;; esac # Fall here for setup; this can now be slower. RDEST="$1" RPORT="$2" test "$RPORT" || RPORT=80 export RDEST RPORT # Launch the first relayer same as above, but let its error msgs show up # will hang around for a minute, and exit if no new connections arrive. nc -v -w 600 -l -p $PORT -e "$0" $XNC < /dev/null > /dev/null & echo \ "Relay to ${RDEST}:${RPORT} running -- point your browser here on port $PORT" exit 0 debian/examples/dist.sh0000644000000000000000000000156311765763715012332 0ustar #! /bin/sh ## This is a quick example listen-exec server, which was used for a while to ## distribute netcat prereleases. It illustrates use of netcat both as a ## "fake inetd" and a syslogger, and how easy it then is to crock up a fairly ## functional server that restarts its own listener and does full connection ## logging. In a half-screen of shell script!! PORT=31337 sleep 1 SRC=`tail -1 dist.log` echo "<36>elite: ${SRC}" | ./nc -u -w 1 localhost 514 > /dev/null 2>&1 echo ";;; Hi, ${SRC}..." echo ";;; This is a PRERELEASE version of 'netcat', tar/gzip/uuencoded." echo ";;; Unless you are capturing this somehow, it won't do you much good." echo ";;; Ready?? Here it comes! Have phun ..." sleep 8 cat dist.file sleep 1 ./nc -v -l -p ${PORT} -e dist.sh < /dev/null >> dist.log 2>&1 & sleep 1 echo "<36>elite: done" | ./nc -u -w 1 localhost 514 > /dev/null 2>&1 exit 0 debian/examples/alta0000644000000000000000000000216411765763715011675 0ustar #! /bin/sh ## special handler for altavista, since they only hand out chunks of 10 at ## a time. Tries to isolate out results without the leading/trailing trash. ## multiword arguments are foo+bar, as usual. ## Second optional arg switches the "what" field, to e.g. "news" test "${1}" = "" && echo 'Needs an argument to search for!' && exit 1 WHAT="web" test "${2}" && WHAT="${2}" # convert multiple args PLUSARG="`echo $* | sed 's/ /+/g'`" # Plug in arg. only doing simple-q for now; pg=aq for advanced-query # embedded quotes define phrases; otherwise it goes wild on multi-words QB="GET /cgi-bin/query?pg=q&what=${WHAT}&fmt=c&q=\"${PLUSARG}\"" # ping 'em once, to get the routing warm nc -z -w 8 www.altavista.digital.com 24015 2> /dev/null echo "=== Altavista ===" for xx in 0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 160 170 180 \ 190 200 210 220 230 240 250 260 270 280 290 300 310 320 330 340 350 ; do echo "${QB}&stq=${xx}" | nc -w 15 www.altavista.digital.com 80 | \ egrep '^&1 echo '0' | $UCMD "$1" 79 2>&1 # if LSRR was passed thru, should get refusal here: $UCMD -z -r -g $GATE "$1" 6473 2>&1 $UCMD -r -z "$1" 6000 4000-4004 111 53 2105 137-140 1-20 540-550 95 87 2>&1 # -s `hostname` may be wrong for some multihomed machines echo 'UDP echoecho!' | nc -u -p 7 -s `hostname` -w 3 "$1" 7 19 2>&1 echo '113,10158' | $UCMD -p 10158 "$1" 113 2>&1 rservice bin bin | $UCMD -p 1019 "$1" shell 2>&1 echo QUIT | $UCMD -w 8 -r "$1" 25 158 159 119 110 109 1109 142-144 220 23 2>&1 # newline after any telnet trash echo '' echo PASV | $UCMD -r "$1" 21 2>&1 echo 'GET /' | $UCMD -w 10 "$1" 80 81 210 70 2>&1 # sometimes contains useful directory info: echo 'GET /robots.txt' | $UCMD -w 10 "$1" 80 2>&1 # now the big red lights go on rservice bin bin 9600/9600 | $UCMD -p 1020 "$1" login 2>&1 rservice root root | $UCMD -r "$1" exec 2>&1 echo 'BEGIN big udp -- everything may look "open" if packet-filtered' data -g < ${DDIR}/nfs-0.d | $UCMD -i 1 -u "$1" 2049 | od -x 2>&1 # no wait-time, uses RTT hack nc -v -z -u -r "$1" 111 66-70 88 53 87 161-164 121-123 213 49 2>&1 nc -v -z -u -r "$1" 137-140 694-712 747-770 175-180 2103 510-530 2>&1 echo 'END big udp' $UCMD -r -z "$1" 175-180 2000-2003 530-533 1524 1525 666 213 8000 6250 2>&1 # Use our identd-sniffer! iscan "$1" 21 25 79 80 111 53 6667 6000 2049 119 2>&1 # this gets pretty intrusive, but what the fuck. Probe for portmap first if nc -w 5 -z -u "$1" 111 ; then showmount -e "$1" 2>&1 rpcinfo -p "$1" 2>&1 fi exit 0 debian/examples/web0000644000000000000000000001171611765763715011534 0ustar #! /bin/sh ## The web sucks. It is a mighty dismal kludge built out of a thousand ## tiny dismal kludges all band-aided together, and now these bottom-line ## clueless pinheads who never heard of "TCP handshake" want to run ## *commerce* over the damn thing. Ye godz. Welcome to TV of the next ## century -- six million channels of worthless shit to choose from, and ## about as much security as today's cable industry! ## ## Having grown mightily tired of pain in the ass browsers, I decided ## to build the minimalist client. It doesn't handle POST, just GETs, but ## the majority of cgi forms handlers apparently ignore the method anyway. ## A distinct advantage is that it *doesn't* pass on any other information ## to the server, like Referer: or info about your local machine such as ## Netscum tries to! ## ## Since the first version, this has become the *almost*-minimalist client, ## but it saves a lot of typing now. And with netcat as its backend, it's ## totally the balls. Don't have netcat? Get it here in /src/hacks! ## _H* 950824, updated 951009 et seq. ## ## args: hostname [port]. You feed it the filename-parts of URLs. ## In the loop, HOST, PORT, and SAVE do the right things; a null line ## gets the previous spec again [useful for initial timeouts]; EOF to exit. ## Relative URLs behave like a "cd" to wherever the last slash appears, or ## just use the last component with the saved preceding "directory" part. ## "\" clears the "filename" part and asks for just the "directory", and ## ".." goes up one "directory" level while retaining the "filename" part. ## Play around; you'll get used to it. if test "$1" = "" ; then echo Needs hostname arg. exit 1 fi umask 022 # optional PATH fixup # PATH=${HOME}:${PATH} ; export PATH test "${PAGER}" || PAGER=more BACKEND="nc -v -w 15" TMPAGE=/tmp/web$$ host="$1" port="80" if test "$2" != "" ; then port="$2" fi spec="/" specD="/" specF='' saving='' # be vaguely smart about temp file usage. Use your own homedir if you're # paranoid about someone symlink-racing your shell script, jeez. rm -f ${TMPAGE} test -f ${TMPAGE} && echo "Can't use ${TMPAGE}" && exit 1 # get loopy. Yes, I know "echo -n" aint portable. Everything echoed would # need "\c" tacked onto the end in an SV universe, which you can fix yourself. while echo -n "${specD}${specF} " && read spec ; do case $spec in HOST) echo -n 'New host: ' read host continue ;; PORT) echo -n 'New port: ' read port continue ;; SAVE) echo -n 'Save file: ' read saving # if we've already got a page, save it test "${saving}" && test -f ${TMPAGE} && echo "=== ${host}:${specD}${specF} ===" >> $saving && cat ${TMPAGE} >> $saving && echo '' >> $saving continue ;; # changing the logic a bit here. Keep a state-concept of "current dir" # and "current file". Dir is /foo/bar/ ; file is "baz" or null. # leading slash: create whole new state. /*) specF=`echo "${spec}" | sed 's|.*/||'` specD=`echo "${spec}" | sed 's|\(.*/\).*|\1|'` spec="${specD}${specF}" ;; # embedded slash: adding to the path. "file" part can be blank, too */*) specF=`echo "${spec}" | sed 's|.*/||'` specD=`echo "${specD}${spec}" | sed 's|\(.*/\).*|\1|'` ;; # dotdot: jump "up" one level and just reprompt [confirms what it did...] ..) specD=`echo "${specD}" | sed 's|\(.*/\)..*/|\1|'` continue ;; # blank line: do nothing, which will re-get the current one '') ;; # hack-quoted blank line: "\" means just zero out "file" part '\') specF='' ;; # sigh '?') echo Help yourself. Read the script fer krissake. continue ;; # anything else is taken as a "file" part *) specF=${spec} ;; esac # now put it together and stuff it down a connection. Some lame non-unix # http servers assume they'll never get simple-query format, and wait till # an extra newline arrives. If you're up against one of these, change # below to (echo GET "$spec" ; echo '') | $BACKEND ... spec="${specD}${specF}" echo GET "${spec}" | $BACKEND $host $port > ${TMPAGE} ${PAGER} ${TMPAGE} # save in a format that still shows the URLs we hit after a de-html run if test "${saving}" ; then echo "=== ${host}:${spec} ===" >> $saving cat ${TMPAGE} >> $saving echo '' >> $saving fi done rm -f ${TMPAGE} exit 0 ####### # Encoding notes, finally from RFC 1738: # %XX -- hex-encode of special chars # allowed alphas in a URL: $_-.+!*'(), # relative names *not* described, but obviously used all over the place # transport://user:pass@host:port/path/name?query-string # wais: port 210, //host:port/database?search or /database/type/file? # cgi-bin/script?arg1=foo&arg2=bar&... scripts have to parse xxx&yyy&zzz # ISMAP imagemap stuff: /bin/foobar.map?xxx,yyy -- have to guess at coords! # local access-ctl files: ncsa: .htaccess ; cern: .www_acl ####### # SEARCH ENGINES: fortunately, all are GET forms or at least work that way... # multi-word args for most cases: foo+bar # See 'websearch' for concise results of this research... debian/examples/ncp0000644000000000000000000000267311765763715011541 0ustar #! /bin/sh ## Like "rcp" but uses netcat on a high port. ## do "ncp targetfile" on the RECEIVING machine ## then do "ncp sourcefile receivinghost" on the SENDING machine ## if invoked as "nzp" instead, compresses transit data. ## pick your own personal favorite port, which will be used on both ends. ## You should probably change this for your own uses. MYPORT=23456 ## if "nc" isn't systemwide or in your PATH, add the right place # PATH=${HOME}:${PATH} ; export PATH test "$3" && echo "too many args" && exit 1 test ! "$1" && echo "no args?" && exit 1 me=`echo $0 | sed 's+.*/++'` test "$me" = "nzp" && echo '[compressed mode]' # if second arg, it's a host to send an [extant] file to. if test "$2" ; then test ! -f "$1" && echo "can't find $1" && exit 1 if test "$me" = "nzp" ; then compress -c < "$1" | nc -v -w 2 $2 $MYPORT && exit 0 else nc -v -w 2 $2 $MYPORT < "$1" && exit 0 fi echo "transfer FAILED!" exit 1 fi # fall here for receiver. Ask before trashing existing files if test -f "$1" ; then echo -n "Overwrite $1? " read aa test ! "$aa" = "y" && echo "[punted!]" && exit 1 fi # 30 seconds oughta be pleeeeenty of time, but change if you want. if test "$me" = "nzp" ; then nc -v -w 30 -p $MYPORT -l < /dev/null | uncompress -c > "$1" && exit 0 else nc -v -w 30 -p $MYPORT -l < /dev/null > "$1" && exit 0 fi echo "transfer FAILED!" # clean up, since even if the transfer failed, $1 is already trashed rm -f "$1" exit 1 debian/examples/iscan0000644000000000000000000000175511765763715012056 0ustar #! /bin/sh ## duplicate DaveG's ident-scan thingie using netcat. Oooh, he'll be pissed. ## args: target port [port port port ...] ## hose stdout *and* stderr together. ## ## advantages: runs slower than ident-scan, giving remote inetd less cause ## for alarm, and only hits the few known daemon ports you specify. ## disadvantages: requires numeric-only port args, the output sleazitude, ## and won't work for r-services when coming from high source ports. case "${2}" in "" ) echo needs HOST and at least one PORT ; exit 1 ;; esac # ping 'em once and see if they *are* running identd nc -z -w 9 "$1" 113 || { echo "oops, $1 isn't running identd" ; exit 0 ; } # generate a randomish base port RP=`expr $$ % 999 + 31337` TRG="$1" shift while test "$1" ; do nc -v -w 8 -p ${RP} "$TRG" ${1} < /dev/null > /dev/null & PROC=$! sleep 3 echo "${1},${RP}" | nc -w 4 -r "$TRG" 113 2>&1 sleep 2 # does this look like a lamer script or what... kill -HUP $PROC RP=`expr ${RP} + 1` shift done debian/examples/README0000644000000000000000000000035711765763715011713 0ustar A collection of example scripts that use netcat as a backend, each documented by its own internal comments. I'll be the first to admit that some of these are seriously *sick*, but they do work and are quite useful to me on a daily basis. debian/examples/irc0000644000000000000000000000354411765763715011534 0ustar #! /bin/sh ## Shit-simple script to supply the "privmsg " of IRC typein, and ## keep the connection alive. Pipe this thru "nc -v -w 5 irc-server port". ## Note that this mechanism makes the script easy to debug without being live, ## since it just echoes everything bound for the server. ## if you want autologin-type stuff, construct some appropriate files and ## shovel them in using the "<" mechanism. # magic arg: if "tick", do keepalive process instead of main loop if test "$1" = "tick" ; then # ignore most signals; the parent will nuke the kid # doesn't stop ^Z, of course. trap '' 1 2 3 13 14 15 16 while true ; do sleep 60 echo "PONG !" done fi # top level: fire ourselves off as the keepalive process, and keep track of it sh $0 tick & ircpp=$! echo "[Keepalive: $ircpp]" >&2 # catch our own batch of signals: hup int quit pipe alrm term urg trap 'kill -9 $ircpp ; exit 0' 1 2 3 13 14 15 16 sleep 2 sender='' savecmd='' # the big honkin' loop... while read xx yy ; do case "${xx}" in # blank line: do nothing "") continue ;; # new channel or recipient; if bare ">", we're back to raw literal mode. ">") if test "${yy}" ; then sender="privmsg ${yy} :" else sender='' fi continue ;; # send crud from a file, one line per second. Can you say "skr1pt kidz"?? # *Note: uses current "recipient" if set. "<") if test -f "${yy}" ; then ( while read zz ; do sleep 1 echo "${sender}${zz}" done ) < "$yy" echo "[done]" >&2 else echo "[File $yy not found]" >&2 fi continue ;; # do and save a single command, for quick repeat "/") if test "${yy}" ; then savecmd="${yy}" fi echo "${savecmd}" ;; # default case goes to recipient, just like always *) echo "${sender}${xx} ${yy}" continue ;; esac done # parting shot, if you want it echo "quit :Bye all!" kill -9 $ircpp exit 0 debian/examples/contrib/0000755000000000000000000000000011765763715012466 5ustar debian/examples/contrib/ncmeter0000644000000000000000000000405711765763715014054 0ustar #! /bin/bash # script to measure the speed of netcat. # start with one argument for usage information # # Tools that are used by this script are: # nc, bc, wc, sed, awk # # Author: Karsten Priegnitz (koem@petoria.de) NCPORT=23457 WAIT=1 # determine the programme's name me=`echo $0 | sed 's+.*/++'` # check number of arguments provided if [ $# -ne 0 -a $# -ne 2 ]; then echo "Usage:" echo echo " On the transmitter side:" echo " $me " echo echo " The is to be given in byte but you" echo " also can supply M or K for MegaByte and KiloByte." echo " Example: $me 10.1.1.3 20M" echo echo " On the receiver side:" echo " $me" echo echo " Start $me on the receiver side before starting it" echo " on the transmitter side. Stop the receiver by pressing" echo " and holding Ctrl-C." exit 1 fi # are we the receiver? if [ $# -eq 0 ]; then # yes, we are while true; do echo "waiting to receive data... (quit: press and hold Ctrl-C)" # wait for data and count bytes AMOUNT=`nc -v -w 120 -l -p $NCPORT | wc -c | awk '{print $1}'` # display amount of data received echo $AMOUNT byte of data received echo # sleep, so that the loop can be # interrupted by pressing Ctrl-C sleep 1 done fi # we are the sender echo "sending data..." # calculate the amount of data to be sent AMOUNT=`echo $2|sed s/[mM]/\*1048576/g | sed s/[kK]/\*1024/g | bc` # send data and measure the time spent TEMP=/tmp/$me.tx ( time -p dd if=/dev/zero bs=$AMOUNT count=1 2>/dev/null | nc -v -w $WAIT $1 $NCPORT ) 2>"$TEMP" || cat "$TEMP" # read the time needed REAL=`grep "^real" "$TEMP" | awk '{print $2}'` rm "$TEMP" # subtract the wait times DOUBLEWAIT=$(($WAIT * 2)) NEEDED=`echo $REAL - $DOUBLEWAIT|bc` # calculate and print speed BPS=`echo "scale=3;$AMOUNT / $NEEDED"|bc` KBPS=`echo "scale=3;$AMOUNT / $NEEDED / 1024"|bc` MBPS=`echo "scale=3;$AMOUNT / $NEEDED / 1048576"|bc` echo "time needed: ${NEEDED}s" echo "byte per second: $BPS" echo "KByte per second: $KBPS" echo "MByte per second: $MBPS" debian/examples/websearch0000644000000000000000000000565511765763715012727 0ustar #! /bin/sh ## Hit the major search engines. Hose the [large] output to a file! ## autoconverts multiple arguments into the right format for given servers -- ## usually worda+wordb, with certain lame exceptions like dejanews. ## Extracting and post-sorting the URLs is highly recommended... ## ## Altavista currently handled by a separate script; may merge at some point. ## ## _H* original 950824, updated 951218 and 960209 test "${1}" = "" && echo 'Needs argument[s] to search for!' && exit 1 PLUSARG="`echo $* | sed 's/ /+/g'`" PIPEARG="`echo ${PLUSARG} | sed 's/+/|/g'`" IFILE=/tmp/.webq.$$ # Don't have "nc"? Get "netcat" from avian.org and add it to your toolkit. doquery () { echo GET "$1" | nc -v -i 1 -w 30 "$2" "$3" } # changed since original: now supplying port numbers and separator lines... echo "=== Yahoo ===" doquery "/bin/search?p=${PLUSARG}&n=300&w=w&s=a" search.yahoo.com 80 echo '' ; echo "=== Webcrawler ===" doquery "/cgi-bin/WebQuery?searchText=${PLUSARG}&maxHits=300" webcrawler.com 80 # the infoseek lamers want "registration" before they do a real search, but... echo '' ; echo "=== Infoseek ===" echo " is broken." # doquery "WW/IS/Titles?qt=${PLUSARG}" www2.infoseek.com 80 # ... which doesn't work cuz their lame server wants the extra newlines, WITH # CRLF pairs ferkrissake. Fuck 'em for now, they're hopelessly broken. If # you want to play, the basic idea and query formats follow. # echo "GET /WW/IS/Titles?qt=${PLUSARG}" > $IFILE # echo "" >> $IFILE # nc -v -w 30 guide-p.infoseek.com 80 < $IFILE # this is kinda flakey; might have to do twice?? echo '' ; echo "=== Opentext ===" doquery "/omw/simplesearch?SearchFor=${PLUSARG}&mode=phrase" \ search.opentext.com 80 # looks like inktomi will only take hits=100, or defaults back to 30 # we try to suppress all the stupid rating dots here, too echo '' ; echo "=== Inktomi ===" doquery "/query/?query=${PLUSARG}&hits=100" ink3.cs.berkeley.edu 1234 | \ sed '/^$/d' #djnews lame shit limits hits to 120 and has nonstandard format echo '' ; echo "=== Dejanews ===" doquery "/cgi-bin/nph-dnquery?query=${PIPEARG}+maxhits=110+format=terse+defaultOp=AND" \ smithers.dejanews.com 80 # OLD lycos: used to work until they fucking BROKE it... # doquery "/cgi-bin/pursuit?query=${PLUSARG}&maxhits=300&terse=1" \ # query5.lycos.cs.cmu.edu 80 # NEW lycos: wants the User-agent field present in query or it returns nothing # 960206: webmaster@lycos duly bitched at # 960208: reply received; here's how we will now handle it: echo \ "GET /cgi-bin/pursuit?query=${PLUSARG}&maxhits=300&terse=terse&matchmode=and&minscore=.5 HTTP/1.x" \ > $IFILE echo "User-agent: *FUCK OFF*" >> $IFILE echo "Why: go ask todd@pointcom.com (Todd Whitney)" >> $IFILE echo '' >> $IFILE echo '' ; echo "=== Lycos ===" nc -v -i 1 -w 30 twelve.srv.lycos.com 80 < $IFILE rm -f $IFILE exit 0 # CURRENTLY BROKEN [?] # infoseek # some args need to be redone to ensure whatever "and" mode applies debian/examples/webproxy0000644000000000000000000001275011765763715012635 0ustar #! /bin/sh ## Web proxy, following the grand tradition of Web things being handled by ## gross scripts. Uses netcat to listen on a high port [default 8000], ## picks apart requests and sends them on to the right place. Point this ## at the browser client machine you'll be coming from [to limit access to ## only it], and point the browser's concept of an HTTP proxy to the ## machine running this. Takes a single argument of the client that will ## be using it, and rejects connections from elsewhere. LOGS the queries ## to a configurable logfile, which can be an interesting read later on! ## If the argument is "reset", the listener and logfile are cleaned up. ## ## This works surprisingly fast and well, for a shell script, although may ## randomly fail when hammered by a browser that tries to open several ## connections at once. Drop the "maximum connections" in your browser if ## this is a problem. ## ## A more degenerate case of this, or preferably a small C program that ## does the same thing under inetd, could handle a small site's worth of ## proxy queries. Given the way browsers are evolving, proxies like this ## can play an important role in protecting your own privacy. ## ## If you grabbed this in ASCII mode, search down for "eew" and make sure ## the embedded-CR check is intact, or requests might hang. ## ## Doesn't handle POST forms. Who cares, if you're just watching HTTV? ## Dumbness here has a highly desirable side effect: it only sends the first ## GET line, since that's all you really ever need to send, and suppresses ## the other somewhat revealing trash that most browsers insist on sending. ## ## To use the proxy, export `http_proxy' in your environment, e.g. ## `http_proxy=http://localhost:8000'. # set these as you wish: proxy port... PORT=8000 # logfile spec: a real file or /dev/null if you don't care LFILE=${0}.log # optional: where to dump connect info, so you can see if anything went wrong # CFILE=${0}.conn # optional extra args to the listener "nc", for instance "-s inside-net-addr" # XNC='' # functionality switch has to be done fast, so the next listener can start # prelaunch check: if no current client and no args, bail. case "${1}${CLIENT}" in "") echo needs client hostname exit 1 ;; esac case "${1}" in "") # Make like inetd, and run the next relayer process NOW. All the redirection # is necessary so this shell has NO remaining channel open to the net. # This will hang around for 10 minutes, and exit if no new connections arrive. # Using -n for speed, avoiding any DNS/port lookups. nc -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" < /dev/null > /dev/null \ 2> $CFILE & ;; esac # no client yet and had an arg, this checking can be much slower now umask 077 if test "$1" ; then # if magic arg, just clean up and then hit our own port to cause server exit if test "$1" = "reset" ; then rm -f $LFILE test -f "$CFILE" && rm -f $CFILE nc -w 1 -n 127.0.0.1 $PORT < /dev/null > /dev/null 2>&1 exit 0 fi # find our ass with both hands test ! -f "$0" && echo "Oops, cannot find my own corporeal being" && exit 1 # correct launch: set up client access control, passed along thru environment. CLIENT="$1" export CLIENT test "$CFILE" || CFILE=/dev/null export CFILE touch "$CFILE" # tell us what happened during the last run, if possible if test -f "$CFILE" ; then echo "Last connection results:" cat $CFILE fi # ping client machine and get its bare IP address CLIENT=`nc -z -v -w 8 "$1" 22000 2>&1 | sed 's/.*\[\(..*\)\].*/\1/'` test ! "$CLIENT" && echo "Can't find address of $1" && exit 1 # if this was an initial launch, be informative about it echo "=== Launch: $CLIENT" >> $LFILE echo "Proxy running -- will accept connections on $PORT from $CLIENT" echo " Logging queries to $LFILE" test -f "$CFILE" && echo " and connection fuckups to $CFILE" # and run the first listener, showing us output just for the first hit nc -v -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" & exit 0 fi # Fall here to handle a page. # GET type://host.name:80/file/path HTTP/1.0 # Additional: trash # More: trash # read x1 x2 x3 x4 echo "=== query: $x1 $x2 $x3 $x4" >> $LFILE test "$x4" && echo "extra junk after request: $x4" && exit 0 # nuke questionable characters and split up the request hurl=`echo "$x2" | sed -e "s+.*//++" -e 's+[\`'\''|$;<>{}\\!*()"]++g'` # echo massaged hurl: $hurl >> $LFILE hh=`echo "$hurl" | sed -e "s+/.*++" -e "s+:.*++"` hp=`echo "$hurl" | sed -e "s+.*:++" -e "s+/.*++"` test "$hp" = "$hh" && hp=80 hf=`echo "$hurl" | sed -e "s+[^/]*++"` # echo total split: $hh : $hp : $hf >> $LFILE # suck in and log the entire request, because we're curious # Fails on multipart stuff like forms; oh well... if test "$x3" ; then while read xx ; do echo "${xx}" >> $LFILE test "${xx}" || break # eew, buried returns, gross but necessary for DOS stupidity: test "${xx}" = " " && break done fi # check for non-GET *after* we log the query... test "$x1" != "GET" && echo "sorry, this proxy only does GETs" && exit 0 # no, you can *not* phone home, you miserable piece of shit test "`echo $hh | fgrep -i netscap`" && \ echo "access to Netscam's servers DENIED." && exit 0 # Do it. 30 sec net-wait time oughta be *plenty*... # Some braindead servers have forgotten how to handle the simple-query syntax. # If necessary, replace below with (echo "$x1 $hf" ; echo '') | nc... echo "$x1 $hf" | nc -w 30 "$hh" "$hp" 2> /dev/null || \ echo "oops, can't get to $hh : $hp". echo "sent \"$x1 $hf\" to $hh : $hp" >> $LFILE exit 0 debian/examples/bsh0000644000000000000000000000074711765763715011535 0ustar #! /bin/sh ## a little wrapper to "password" and re-launch a shell-listener. ## Arg is taken as the port to listen on. Define "NC" to point wherever. NC=nc case "$1" in ?* ) LPN="$1" export LPN sleep 1 echo "-l -p $LPN -e $0" | $NC > /dev/null 2>&1 & echo "launched on port $LPN" exit 0 ;; esac # here we play inetd echo "-l -p $LPN -e $0" | $NC > /dev/null 2>&1 & while read qq ; do case "$qq" in # here's yer password gimme ) cd / exec csh -i ;; esac done