182 lines
4.7 KiB
Diff
182 lines
4.7 KiB
Diff
--- apps/nc/netcat.c.orig 2017-02-07 17:12:34.169650728 +0900
|
|
+++ apps/nc/netcat.c 2017-02-07 17:12:55.465651976 +0900
|
|
@@ -65,7 +65,9 @@
|
|
#define POLL_NETIN 2
|
|
#define POLL_STDOUT 3
|
|
#define BUFSIZE 16384
|
|
+#ifndef DEFAULT_CA_FILE
|
|
#define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
|
|
+#endif
|
|
|
|
#define TLS_ALL (1 << 1)
|
|
#define TLS_NOVERIFY (1 << 2)
|
|
@@ -93,9 +95,13 @@ int zflag; /* Port Scan Flag */
|
|
int Dflag; /* sodebug */
|
|
int Iflag; /* TCP receive buffer size */
|
|
int Oflag; /* TCP send buffer size */
|
|
+#ifdef TCP_MD5SIG
|
|
int Sflag; /* TCP MD5 signature option */
|
|
+#endif
|
|
int Tflag = -1; /* IP Type of Service */
|
|
+#ifdef SO_RTABLE
|
|
int rtableid = -1;
|
|
+#endif
|
|
|
|
int usetls; /* use TLS */
|
|
char *Cflag; /* Public cert file */
|
|
@@ -148,7 +154,7 @@ main(int argc, char *argv[])
|
|
struct servent *sv;
|
|
socklen_t len;
|
|
struct sockaddr_storage cliaddr;
|
|
- char *proxy, *proxyport = NULL;
|
|
+ char *proxy = NULL, *proxyport = NULL;
|
|
const char *errstr;
|
|
struct addrinfo proxyhints;
|
|
char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
|
|
@@ -258,12 +264,14 @@ main(int argc, char *argv[])
|
|
case 'u':
|
|
uflag = 1;
|
|
break;
|
|
+#ifdef SO_RTABLE
|
|
case 'V':
|
|
rtableid = (int)strtonum(optarg, 0,
|
|
RT_TABLEID_MAX, &errstr);
|
|
if (errstr)
|
|
errx(1, "rtable %s: %s", errstr, optarg);
|
|
break;
|
|
+#endif
|
|
case 'v':
|
|
vflag = 1;
|
|
break;
|
|
@@ -299,9 +307,11 @@ main(int argc, char *argv[])
|
|
case 'o':
|
|
oflag = optarg;
|
|
break;
|
|
+#ifdef TCP_MD5SIG
|
|
case 'S':
|
|
Sflag = 1;
|
|
break;
|
|
+#endif
|
|
case 'T':
|
|
errstr = NULL;
|
|
errno = 0;
|
|
@@ -325,9 +335,11 @@ main(int argc, char *argv[])
|
|
argc -= optind;
|
|
argv += optind;
|
|
|
|
+#ifdef SO_RTABLE
|
|
if (rtableid >= 0)
|
|
if (setrtable(rtableid) == -1)
|
|
err(1, "setrtable");
|
|
+#endif
|
|
|
|
if (family == AF_UNIX) {
|
|
if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
|
|
@@ -853,7 +865,10 @@ int
|
|
remote_connect(const char *host, const char *port, struct addrinfo hints)
|
|
{
|
|
struct addrinfo *res, *res0;
|
|
- int s = -1, error, on = 1, save_errno;
|
|
+ int s = -1, error, save_errno;
|
|
+#ifdef SO_BINDANY
|
|
+ int on = 1;
|
|
+#endif
|
|
|
|
if ((error = getaddrinfo(host, port, &hints, &res0)))
|
|
errx(1, "getaddrinfo: %s", gai_strerror(error));
|
|
@@ -867,8 +882,10 @@ remote_connect(const char *host, const c
|
|
if (sflag || pflag) {
|
|
struct addrinfo ahints, *ares;
|
|
|
|
+#ifdef SO_BINDANY
|
|
/* try SO_BINDANY, but don't insist */
|
|
setsockopt(s, SOL_SOCKET, SO_BINDANY, &on, sizeof(on));
|
|
+#endif
|
|
memset(&ahints, 0, sizeof(struct addrinfo));
|
|
ahints.ai_family = res->ai_family;
|
|
ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
|
|
@@ -939,7 +956,10 @@ int
|
|
local_listen(char *host, char *port, struct addrinfo hints)
|
|
{
|
|
struct addrinfo *res, *res0;
|
|
- int s = -1, ret, x = 1, save_errno;
|
|
+ int s = -1, save_errno;
|
|
+#ifdef SO_REUSEPORT
|
|
+ int ret, x = 1;
|
|
+#endif
|
|
int error;
|
|
|
|
/* Allow nodename to be null. */
|
|
@@ -960,9 +980,11 @@ local_listen(char *host, char *port, str
|
|
res->ai_protocol)) < 0)
|
|
continue;
|
|
|
|
+#ifdef SO_REUSEPORT
|
|
ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x));
|
|
if (ret == -1)
|
|
err(1, NULL);
|
|
+#endif
|
|
|
|
set_common_sockopts(s, res->ai_family);
|
|
|
|
@@ -1420,11 +1442,13 @@ set_common_sockopts(int s, int af)
|
|
{
|
|
int x = 1;
|
|
|
|
+#ifdef TCP_MD5SIG
|
|
if (Sflag) {
|
|
if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG,
|
|
&x, sizeof(x)) == -1)
|
|
err(1, NULL);
|
|
}
|
|
+#endif
|
|
if (Dflag) {
|
|
if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
|
|
&x, sizeof(x)) == -1)
|
|
@@ -1461,13 +1485,17 @@ set_common_sockopts(int s, int af)
|
|
}
|
|
|
|
if (minttl != -1) {
|
|
+#ifdef IP_MINTTL
|
|
if (af == AF_INET && setsockopt(s, IPPROTO_IP,
|
|
IP_MINTTL, &minttl, sizeof(minttl)))
|
|
err(1, "set IP min TTL");
|
|
+#endif
|
|
|
|
- else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
|
|
+#ifdef IPV6_MINHOPCOUNT
|
|
+ if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
|
|
IPV6_MINHOPCOUNT, &minttl, sizeof(minttl)))
|
|
err(1, "set IPv6 min hop count");
|
|
+#endif
|
|
}
|
|
}
|
|
|
|
@@ -1661,14 +1689,22 @@ help(void)
|
|
\t-P proxyuser\tUsername for proxy authentication\n\
|
|
\t-p port\t Specify local port for remote connects\n\
|
|
\t-R CAfile CA bundle\n\
|
|
- \t-r Randomize remote ports\n\
|
|
- \t-S Enable the TCP MD5 signature option\n\
|
|
+ \t-r Randomize remote ports\n"
|
|
+#ifdef TCP_MD5SIG
|
|
+ "\
|
|
+ \t-S Enable the TCP MD5 signature option\n"
|
|
+#endif
|
|
+ "\
|
|
\t-s source Local source address\n\
|
|
\t-T keyword TOS value or TLS options\n\
|
|
\t-t Answer TELNET negotiation\n\
|
|
\t-U Use UNIX domain socket\n\
|
|
- \t-u UDP mode\n\
|
|
- \t-V rtable Specify alternate routing table\n\
|
|
+ \t-u UDP mode\n"
|
|
+#ifdef SO_RTABLE
|
|
+ "\
|
|
+ \t-V rtable Specify alternate routing table\n"
|
|
+#endif
|
|
+ "\
|
|
\t-v Verbose\n\
|
|
\t-w timeout Timeout for connects and final net reads\n\
|
|
\t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\
|