1 /* Based on netcat 1.10 RELEASE 960320 written by hobbit@avian.org.
2 * Released into public domain by the author.
4 * Copyright (C) 2007 Denys Vlasenko.
6 * Licensed under GPLv2, see file LICENSE in this source tree.
9 /* Author's comments from nc 1.10:
10 * =====================
11 * Netcat is entirely my own creation, although plenty of other code was used as
12 * examples. It is freely given away to the Internet community in the hope that
13 * it will be useful, with no restrictions except giving credit where it is due.
14 * No GPLs, Berkeley copyrights or any of that nonsense. The author assumes NO
15 * responsibility for how anyone uses it. If netcat makes you rich somehow and
16 * you're feeling generous, mail me a check. If you are affiliated in any way
17 * with Microsoft Network, get a life. Always ski in control. Comments,
18 * questions, and patches to hobbit@avian.org.
20 * Netcat and the associated package is a product of Avian Research, and is freely
21 * available in full source form with no restrictions save an obligation to give
24 * A damn useful little "backend" utility begun 950915 or thereabouts,
25 * as *Hobbit*'s first real stab at some sockets programming. Something that
26 * should have and indeed may have existed ten years ago, but never became a
27 * standard Unix utility. IMHO, "nc" could take its place right next to cat,
28 * cp, rm, mv, dd, ls, and all those other cryptic and Unix-like things.
29 * =====================
31 * Much of author's comments are still retained in the code.
33 * Functionality removed (rationale):
34 * - miltiple-port ranges, randomized port scanning (use nmap)
35 * - telnet support (use telnet)
37 * - multiple DNS checks
38 * Functionalty which is different from nc 1.10:
39 * - PROG in '-e PROG' can have ARGS (and options).
40 * Because of this -e option must be last.
41 //TODO: remove -e incompatibility?
42 * - we don't redirect stderr to the network socket for the -e PROG.
43 * (PROG can do it itself if needed, but sometimes it is NOT wanted!)
44 * - numeric addresses are printed in (), not [] (IPv6 looks better),
45 * port numbers are inside (): (1.2.3.4:5678)
46 * - network read errors are reported on verbose levels > 1
47 * (nc 1.10 treats them as EOF)
48 * - TCP connects from wrong ip/ports (if peer ip:port is specified
49 * on the command line, but accept() says that it came from different addr)
50 * are closed, but we don't exit - we continue to listen/accept.
53 /* done in nc.c: #include "libbb.h" */
55 //usage:#if ENABLE_NC_110_COMPAT
57 //usage:#define nc_trivial_usage
58 //usage: "[OPTIONS] HOST PORT - connect"
59 //usage: IF_NC_SERVER("\n"
60 //usage: "nc [OPTIONS] -l -p PORT [HOST] [PORT] - listen"
62 //usage:#define nc_full_usage "\n\n"
63 //usage: " -e PROG Run PROG after connect (must be last)"
64 //usage: IF_NC_SERVER(
65 //usage: "\n -l Listen mode, for inbound connects"
66 //usage: "\n -lk With -e, provides persistent server"
67 /* -ll does the same as -lk, but its our extension, while -k is BSD'd,
68 * presumably more widely known. Therefore we advertise it, not -ll.
69 * I would like to drop -ll support, but our "small" nc supports it,
73 //usage: "\n -p PORT Local port"
74 //usage: "\n -s ADDR Local address"
75 //usage: "\n -w SEC Timeout for connects and final net reads"
77 //usage: "\n -i SEC Delay interval for lines sent" /* ", ports scanned" */
79 //usage: "\n -n Don't do DNS resolution"
80 //usage: "\n -u UDP mode"
81 //usage: "\n -v Verbose"
83 //usage: "\n -o FILE Hex dump traffic"
84 //usage: "\n -z Zero-I/O mode (scanning)"
88 /* "\n -r Randomize local and remote ports" */
89 /* "\n -g gateway Source-routing hop point[s], up to 8" */
90 /* "\n -G num Source-routing pointer: 4, 8, 12, ..." */
91 /* "\nport numbers can be individual or ranges: lo-hi [inclusive]" */
93 /* -e PROG can take ARGS too: "nc ... -e ls -l", but we don't document it
94 * in help text: nc 1.10 does not allow that. We don't want to entice
95 * users to use this incompatibility */
98 SLEAZE_PORT = 31337, /* for UDP-scan RTT trick, change if ya want */
99 BIGSIZ = 8192, /* big buffers */
106 /* global cmd flags: */
114 /*int ofd;*/ /* hexdump output fd */
116 #define SENT_N_RECV_M "sent %llu, rcvd %llu\n"
117 unsigned long long wrote_out; /* total stdout bytes */
118 unsigned long long wrote_net; /* total net bytes */
120 #define SENT_N_RECV_M "sent %u, rcvd %u\n"
121 unsigned wrote_out; /* total stdout bytes */
122 unsigned wrote_net; /* total net bytes */
125 /* ouraddr is never NULL and goes through three states as we progress:
126 1 - local address before bind (IP/port possibly zero)
127 2 - local address after bind (port is nonzero)
128 3 - local address after connect??/recv/accept (IP and port are nonzero) */
129 struct len_and_sockaddr *ouraddr;
130 /* themaddr is NULL if no peer hostname[:port] specified on command line */
131 struct len_and_sockaddr *themaddr;
132 /* remend is set after connect/recv/accept to the actual ip:port of peer */
133 struct len_and_sockaddr remend;
135 jmp_buf jbuf; /* timer crud */
137 fd_set ding1; /* for select loop */
139 char bigbuf_in[BIGSIZ]; /* data buffers */
140 char bigbuf_net[BIGSIZ];
143 #define G (*ptr_to_globals)
144 #define wrote_out (G.wrote_out )
145 #define wrote_net (G.wrote_net )
146 #define ouraddr (G.ouraddr )
147 #define themaddr (G.themaddr )
148 #define remend (G.remend )
149 #define jbuf (G.jbuf )
150 #define ding1 (G.ding1 )
151 #define ding2 (G.ding2 )
152 #define bigbuf_in (G.bigbuf_in )
153 #define bigbuf_net (G.bigbuf_net)
154 #define o_verbose (G.o_verbose )
155 #define o_wait (G.o_wait )
157 #define o_interval (G.o_interval)
161 #define INIT_G() do { \
162 SET_PTR_TO_GLOBALS(xzalloc(sizeof(G))); \
166 /* Must match getopt32 call! */
174 OPT_l = (1 << 6) * ENABLE_NC_SERVER,
175 OPT_k = (1 << 7) * ENABLE_NC_SERVER,
176 OPT_i = (1 << (7+2*ENABLE_NC_SERVER)) * ENABLE_NC_EXTRA,
177 OPT_o = (1 << (8+2*ENABLE_NC_SERVER)) * ENABLE_NC_EXTRA,
178 OPT_z = (1 << (9+2*ENABLE_NC_SERVER)) * ENABLE_NC_EXTRA,
181 #define o_nflag (option_mask32 & OPT_n)
182 #define o_udpmode (option_mask32 & OPT_u)
184 #define o_ofile (option_mask32 & OPT_o)
185 #define o_zero (option_mask32 & OPT_z)
191 /* Debug: squirt whatever message and sleep a bit so we can see it go by. */
192 /* Beware: writes to stdOUT... */
194 #define Debug(...) do { printf(__VA_ARGS__); printf("\n"); fflush_all(); sleep(1); } while (0)
196 #define Debug(...) do { } while (0)
199 #define holler_error(...) do { if (o_verbose) bb_error_msg(__VA_ARGS__); } while (0)
200 #define holler_perror(...) do { if (o_verbose) bb_perror_msg(__VA_ARGS__); } while (0)
202 /* catch: no-brainer interrupt handler */
203 static void catch(int sig)
205 if (o_verbose > 1) /* normally we don't care */
206 fprintf(stderr, SENT_N_RECV_M, wrote_net, wrote_out);
207 fprintf(stderr, "punt!\n");
208 kill_myself_with_sig(sig);
212 static void unarm(void)
214 signal(SIGALRM, SIG_IGN);
218 /* timeout and other signal handling cruft */
219 static void tmtravel(int sig UNUSED_PARAM)
225 /* arm: set the timer. */
226 static void arm(unsigned secs)
228 signal(SIGALRM, tmtravel);
233 find the next newline in a buffer; return inclusive size of that "line",
234 or the entire buffer size, so the caller knows how much to then write().
235 Not distinguishing \n vs \r\n for the nonce; it just works as is... */
236 static unsigned findline(char *buf, unsigned siz)
240 if (!buf) /* various sanity checks... */
245 for (p = buf; x > 0; x--) {
248 x++; /* 'sokay if it points just past the end! */
249 Debug("findline returning %d", x);
254 Debug("findline returning whole thing: %d", siz);
259 fiddle all the file descriptors around, and hand off to another prog. Sort
260 of like a one-off "poor man's inetd". This is the only section of code
261 that would be security-critical, which is why it's ifdefed out by default.
262 Use at your own hairy risk; if you leave shells lying around behind open
263 listening ports you deserve to lose!! */
264 static int doexec(char **proggie) NORETURN;
265 static int doexec(char **proggie)
268 proggie[0] = G.proggie0saved;
271 /* dup2(0, 2); - do we *really* want this? NO!
272 * exec'ed prog can do it yourself, if needed */
273 BB_EXECVP_or_die(proggie);
276 /* connect_w_timeout:
277 return an fd for one of
278 an open outbound TCP connection, a UDP stub-socket thingie, or
279 an unconnected TCP or UDP socket to listen on.
280 Examines various global o_blah flags to figure out what to do.
281 lad can be NULL, then socket is not bound to any local ip[:port] */
282 static int connect_w_timeout(int fd)
286 /* wrap connect inside a timer, and hit it */
288 if (setjmp(jbuf) == 0) {
289 rr = connect(fd, &themaddr->u.sa, themaddr->len);
291 } else { /* setjmp: connect failed... */
293 errno = ETIMEDOUT; /* fake it */
300 incoming and returns an open connection *from* someplace. If we were
301 given host/port args, any connections from elsewhere are rejected. This
302 in conjunction with local-address binding should limit things nicely... */
303 static void dolisten(int is_persistent, char **proggie)
308 xlisten(netfd, 1); /* TCP: gotta listen() before we can get */
310 /* Various things that follow temporarily trash bigbuf_net, which might contain
311 a copy of any recvfrom()ed packet, but we'll read() another copy later. */
313 /* I can't believe I have to do all this to get my own goddamn bound address
314 and port number. It should just get filled in during bind() or something.
315 All this is only useful if we didn't say -p for listening, since if we
316 said -p we *know* what port we're listening on. At any rate we won't bother
317 with it all unless we wanted to see it, although listening quietly on a
318 random unknown port is probably not very useful without "netstat". */
321 getsockname(netfd, &ouraddr->u.sa, &ouraddr->len);
323 // bb_perror_msg_and_die("getsockname after bind");
324 addr = xmalloc_sockaddr2dotted(&ouraddr->u.sa);
325 fprintf(stderr, "listening on %s ...\n", addr);
330 /* UDP is a speeeeecial case -- we have to do I/O *and* get the calling
331 party's particulars all at once, listen() and accept() don't apply.
332 At least in the BSD universe, however, recvfrom/PEEK is enough to tell
333 us something came in, and we can set things up so straight read/write
334 actually does work after all. Yow. YMMV on strange platforms! */
336 /* I'm not completely clear on how this works -- BSD seems to make UDP
337 just magically work in a connect()ed context, but we'll undoubtedly run
338 into systems this deal doesn't work on. For now, we apparently have to
339 issue a connect() on our just-tickled socket so we can write() back.
340 Again, why the fuck doesn't it just get filled in and taken care of?!
341 This hack is anything but optimal. Basically, if you want your listener
342 to also be able to send data back, you need this connect() line, which
343 also has the side effect that now anything from a different source or even a
344 different port on the other end won't show up and will cause ICMP errors.
345 I guess that's what they meant by "connect".
346 Let's try to remember what the "U" is *really* for, eh? */
348 /* If peer address is specified, connect to it */
349 remend.len = LSA_SIZEOF_SA;
352 xconnect(netfd, &themaddr->u.sa, themaddr->len);
354 /* peek first packet and remember peer addr */
355 arm(o_wait); /* might as well timeout this, too */
356 if (setjmp(jbuf) == 0) { /* do timeout for initial connect */
357 /* (*ouraddr) is prefilled with "default" address */
358 /* and here we block... */
359 rr = recv_from_to(netfd, NULL, 0, MSG_PEEK, /*was bigbuf_net, BIGSIZ*/
360 &remend.u.sa, &ouraddr->u.sa, ouraddr->len);
362 bb_perror_msg_and_die("recvfrom");
365 bb_error_msg_and_die("timeout");
366 /* Now we learned *to which IP* peer has connected, and we want to anchor
367 our socket on it, so that our outbound packets will have correct local IP.
368 Unfortunately, bind() on already bound socket will fail now (EINVAL):
369 xbind(netfd, &ouraddr->u.sa, ouraddr->len);
370 Need to read the packet, save data, close this socket and
371 create new one, and bind() it. TODO */
373 xconnect(netfd, &remend.u.sa, ouraddr->len);
377 arm(o_wait); /* wrap this in a timer, too; 0 = forever */
378 if (setjmp(jbuf) == 0) {
380 remend.len = LSA_SIZEOF_SA;
381 rr = accept(netfd, &remend.u.sa, &remend.len);
383 bb_perror_msg_and_die("accept");
385 int sv_port, port, r;
387 sv_port = get_nport(&remend.u.sa); /* save */
388 port = get_nport(&themaddr->u.sa);
390 /* "nc -nl -p LPORT RHOST" (w/o RPORT!):
391 * we should accept any remote port */
392 set_nport(&remend.u.sa, 0); /* blot out remote port# */
394 r = memcmp(&remend.u.sa, &themaddr->u.sa, remend.len);
395 set_nport(&remend.u.sa, sv_port); /* restore */
397 /* nc 1.10 bails out instead, and its error message
398 * is not suppressed by o_verbose */
400 char *remaddr = xmalloc_sockaddr2dotted(&remend.u.sa);
401 bb_error_msg("connect from wrong ip/port %s ignored", remaddr);
410 bb_error_msg_and_die("timeout");
412 if (is_persistent && proggie) {
414 signal(SIGCHLD, SIG_IGN); /* no zombies please */
416 /* parent: go back and accept more connections */
421 signal(SIGCHLD, SIG_DFL);
424 xmove_fd(rr, netfd); /* dump the old socket, here's our new one */
425 /* find out what address the connection was *to* on our end, in case we're
426 doing a listen-on-any on a multihomed machine. This allows one to
427 offer different services via different alias addresses, such as the
428 "virtual web site" hack. */
429 getsockname(netfd, &ouraddr->u.sa, &ouraddr->len);
431 // bb_perror_msg_and_die("getsockname after accept");
435 char *lcladdr, *remaddr, *remhostname;
437 #if ENABLE_NC_EXTRA && defined(IP_OPTIONS)
438 /* If we can, look for any IP options. Useful for testing the receiving end of
439 such things, and is a good exercise in dealing with it. We do this before
440 the connect message, to ensure that the connect msg is uniformly the LAST
441 thing to emerge after all the intervening crud. Doesn't work for UDP on
442 any machines I've tested, but feel free to surprise me. */
444 socklen_t x = sizeof(optbuf);
446 rr = getsockopt(netfd, IPPROTO_IP, IP_OPTIONS, optbuf, &x);
447 if (rr >= 0 && x) { /* we've got options, lessee em... */
448 *bin2hex(bigbuf_net, optbuf, x) = '\0';
449 fprintf(stderr, "IP options: %s\n", bigbuf_net);
453 /* now check out who it is. We don't care about mismatched DNS names here,
454 but any ADDR and PORT we specified had better fucking well match the caller.
455 Converting from addr to inet_ntoa and back again is a bit of a kludge, but
456 gethostpoop wants a string and there's much gnarlier code out there already,
458 The *real* question is why BFD sockets wasn't designed to allow listens for
459 connections *from* specific hosts/ports, instead of requiring the caller to
460 accept the connection and then reject undesireable ones by closing.
461 In other words, we need a TCP MSG_PEEK. */
462 /* bbox: removed most of it */
463 lcladdr = xmalloc_sockaddr2dotted(&ouraddr->u.sa);
464 remaddr = xmalloc_sockaddr2dotted(&remend.u.sa);
465 remhostname = o_nflag ? remaddr : xmalloc_sockaddr2host(&remend.u.sa);
466 fprintf(stderr, "connect to %s from %s (%s)\n",
467 lcladdr, remhostname, remaddr);
479 fire a couple of packets at a UDP target port, just to see if it's really
480 there. On BSD kernels, ICMP host/port-unreachable errors get delivered to
481 our socket as ECONNREFUSED write errors. On SV kernels, we lose; we'll have
482 to collect and analyze raw ICMP ourselves a la satan's probe_udp_ports
483 backend. Guess where one could swipe the appropriate code from...
485 Use the time delay between writes if given, otherwise use the "tcp ping"
486 trick for getting the RTT. [I got that idea from pluvius, and warped it.]
487 Return either the original fd, or clean up and return -1. */
489 static int udptest(void)
493 rr = write(netfd, bigbuf_in, 1);
495 bb_perror_msg("udptest first write");
498 sleep(o_wait); // can be interrupted! while (t) nanosleep(&t)?
500 /* use the tcp-ping trick: try connecting to a normally refused port, which
501 causes us to block for the time that SYN gets there and RST gets back.
502 Not completely reliable, but it *does* mostly work. */
503 /* Set a temporary connect timeout, so packet filtration doesnt cause
504 us to hang forever, and hit it */
505 o_wait = 5; /* enough that we'll notice?? */
506 rr = xsocket(ouraddr->u.sa.sa_family, SOCK_STREAM, 0);
507 set_nport(&themaddr->u.sa, htons(SLEAZE_PORT));
508 connect_w_timeout(rr);
509 /* don't need to restore themaddr's port, it's not used anymore */
511 o_wait = 0; /* restore */
514 rr = write(netfd, bigbuf_in, 1);
515 return (rr != 1); /* if rr == 1, return 0 (success) */
522 Hexdump bytes shoveled either way to a running logfile, in the format:
523 D offset - - - - --- 16 bytes --- - - - - # .... ascii .....
524 where "which" sets the direction indicator, D:
525 0 -- sent to network, or ">"
526 1 -- rcvd and printed to stdout, or "<"
527 and "buf" and "n" are data-block and length. If the current block generates
528 a partial line, so be it; we *want* that lockstep indication of who sent
529 what when. Adapted from dgaudet's original example -- but must be ripping
530 *fast*, since we don't want to be too disk-bound... */
532 static void oprint(int direction, unsigned char *p, unsigned bc)
534 unsigned obc; /* current "global" offset */
536 unsigned char *op; /* out hexdump ptr */
537 unsigned char *ap; /* out asc-dump ptr */
538 unsigned char stage[100];
543 obc = wrote_net; /* use the globals! */
544 if (direction == '<')
546 stage[0] = direction;
547 stage[59] = '#'; /* preload separator */
550 do { /* for chunk-o-data ... */
553 /* memset(&stage[bc*3 + 11], ' ', 16*3 - bc*3); */
554 memset(&stage[11], ' ', 16*3);
557 sprintf((char *)&stage[1], " %8.8x ", obc); /* xxx: still slow? */
558 bc -= x; /* fix current count */
559 obc += x; /* fix current offset */
560 op = &stage[11]; /* where hex starts */
561 ap = &stage[61]; /* where ascii starts */
563 do { /* for line of dump, however long ... */
564 *op++ = 0x20 | bb_hexdigits_upcase[*p >> 4];
565 *op++ = 0x20 | bb_hexdigits_upcase[*p & 0x0f];
567 if ((*p > 31) && (*p < 127))
568 *ap = *p; /* printing */
570 *ap = '.'; /* nonprinting, loose def */
574 *ap++ = '\n'; /* finish the line */
575 xwrite(ofd, stage, ap - stage);
579 void oprint(int direction, unsigned char *p, unsigned bc);
583 handle stdin/stdout/network I/O. Bwahaha!! -- the select loop from hell.
584 In this instance, return what might become our exit status. */
585 static int readwrite(void)
588 char *zp = zp; /* gcc */ /* stdin buf ptr */
589 char *np = np; /* net-in buf ptr */
592 unsigned netretry; /* net-read retry counter */
593 unsigned wretry; /* net-write sanity counter */
594 unsigned wfirst; /* one-shot flag to skip first net read */
596 /* if you don't have all this FD_* macro hair in sys/types.h, you'll have to
597 either find it or do your own bit-bashing: *ding1 |= (1 << fd), etc... */
598 FD_SET(netfd, &ding1); /* global: the net is open */
603 sleep(o_interval); /* pause *before* sending stuff, too */
605 errno = 0; /* clear from sleep, close, whatever */
606 /* and now the big ol' select shoveling loop ... */
607 while (FD_ISSET(netfd, &ding1)) { /* i.e. till the *net* closes! */
608 wretry = 8200; /* more than we'll ever hafta write */
609 if (wfirst) { /* any saved stdin buffer? */
610 wfirst = 0; /* clear flag for the duration */
611 goto shovel; /* and go handle it first */
613 ding2 = ding1; /* FD_COPY ain't portable... */
614 /* some systems, notably linux, crap into their select timers on return, so
615 we create a expendable copy and give *that* to select. */
617 struct timeval tmp_timer;
618 tmp_timer.tv_sec = o_wait;
619 tmp_timer.tv_usec = 0;
620 /* highest possible fd is netfd (3) */
621 rr = select(netfd+1, &ding2, NULL, NULL, &tmp_timer);
623 rr = select(netfd+1, &ding2, NULL, NULL, NULL);
624 if (rr < 0 && errno != EINTR) { /* might have gotten ^Zed, etc */
625 holler_perror("select");
629 /* if we have a timeout AND stdin is closed AND we haven't heard anything
630 from the net during that time, assume it's dead and close it too. */
632 if (!FD_ISSET(STDIN_FILENO, &ding1))
633 netretry--; /* we actually try a coupla times. */
635 if (o_verbose > 1) /* normally we don't care */
636 fprintf(stderr, "net timeout\n");
638 return 0; /* not an error! */
640 } /* select timeout */
641 /* xxx: should we check the exception fds too? The read fds seem to give
642 us the right info, and none of the examples I found bothered. */
644 /* Ding!! Something arrived, go check all the incoming hoppers, net first */
645 if (FD_ISSET(netfd, &ding2)) { /* net: ding! */
646 rr = read(netfd, bigbuf_net, BIGSIZ);
648 if (rr < 0 && o_verbose > 1) {
649 /* nc 1.10 doesn't do this */
650 bb_perror_msg("net read");
652 FD_CLR(netfd, &ding1); /* net closed, we'll finish up... */
653 rzleft = 0; /* can't write anymore: broken pipe */
658 Debug("got %d from the net, errno %d", rr, errno);
661 /* if we're in "slowly" mode there's probably still stuff in the stdin
662 buffer, so don't read unless we really need MORE INPUT! MORE INPUT! */
666 /* okay, suck more stdin */
667 if (FD_ISSET(STDIN_FILENO, &ding2)) { /* stdin: ding! */
668 rr = read(STDIN_FILENO, bigbuf_in, BIGSIZ);
669 /* Considered making reads here smaller for UDP mode, but 8192-byte
670 mobygrams are kinda fun and exercise the reassembler. */
671 if (rr <= 0) { /* at end, or fukt, or ... */
672 FD_CLR(STDIN_FILENO, &ding1); /* disable and close stdin */
674 // Does it make sense to shutdown(net_fd, SHUT_WR)
675 // to let other side know that we won't write anything anymore?
676 // (and what about keeping compat if we do that?)
683 /* now that we've dingdonged all our thingdings, send off the results.
684 Geez, why does this look an awful lot like the big loop in "rsh"? ...
685 not sure if the order of this matters, but write net -> stdout first. */
687 /* sanity check. Works because they're both unsigned... */
688 if ((rzleft > 8200) || (rnleft > 8200)) {
689 holler_error("bogus buffers: %u, %u", rzleft, rnleft);
692 /* net write retries sometimes happen on UDP connections */
693 if (!wretry) { /* is something hung? */
694 holler_error("too many output retries");
698 rr = write(STDOUT_FILENO, np, rnleft);
700 if (o_ofile) /* log the stdout */
701 oprint('<', (unsigned char *)np, rr);
702 np += rr; /* fix up ptrs and whatnot */
703 rnleft -= rr; /* will get sanity-checked above */
704 wrote_out += rr; /* global count */
706 Debug("wrote %d to stdout, errno %d", rr, errno);
709 if (o_interval) /* in "slowly" mode ?? */
710 rr = findline(zp, rzleft);
713 rr = write(netfd, zp, rr); /* one line, or the whole buffer */
715 if (o_ofile) /* log what got sent */
716 oprint('>', (unsigned char *)zp, rr);
719 wrote_net += rr; /* global count */
721 Debug("wrote %d to net, errno %d", rr, errno);
723 if (o_interval) { /* cycle between slow lines, or ... */
725 errno = 0; /* clear from sleep */
726 continue; /* ...with hairy select loop... */
728 if ((rzleft) || (rnleft)) { /* shovel that shit till they ain't */
729 wretry--; /* none left, and get another load */
732 } /* while ding1:netfd is open */
734 /* XXX: maybe want a more graceful shutdown() here, or screw around with
735 linger times?? I suspect that I don't need to since I'm always doing
736 blocking reads and writes and my own manual "last ditch" efforts to read
737 the net again after a timeout. I haven't seen any screwups yet, but it's
738 not like my test network is particularly busy... */
743 /* main: now we pull it all together... */
744 int nc_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
745 int nc_main(int argc UNUSED_PARAM, char **argv)
748 IF_NC_EXTRA(char *str_i, *str_o;)
749 char *themdotted = themdotted; /* for compiler */
753 unsigned o_lport = 0;
757 /* catch a signal or two for cleanup */
763 /* and suppress others... */
768 + (1 << SIGPIPE) /* important! */
773 if (strcmp(*proggie, "-e") == 0) {
778 /* -<other_opts>e PROG [ARGS] ? */
779 /* (aboriginal linux uses this form) */
780 if (proggie[0][0] == '-') {
781 char *optpos = *proggie + 1;
782 /* Skip all valid opts w/o params */
783 optpos = optpos + strspn(optpos, "nuv"IF_NC_SERVER("lk")IF_NC_EXTRA("z"));
784 if (*optpos == 'e' && !optpos[1]) {
787 G.proggie0saved = *proggie;
788 *proggie = NULL; /* terminate argv for getopt32 */
796 // -g -G -t -r deleted, unimplemented -a deleted too
797 opt_complementary = "?2:vv:ll:w+"; /* max 2 params; -v and -l are counters; -w N */
798 getopt32(argv, "np:s:uvw:" IF_NC_SERVER("lk")
799 IF_NC_EXTRA("i:o:z"),
800 &str_p, &str_s, &o_wait
801 IF_NC_EXTRA(, &str_i, &str_o), &o_verbose IF_NC_SERVER(, &cnt_l));
804 if (option_mask32 & OPT_i) /* line-interval time */
805 o_interval = xatou_range(str_i, 1, 0xffff);
808 //if (option_mask32 & OPT_l) /* listen mode */
809 if (option_mask32 & OPT_k) /* persistent server mode */
812 //if (option_mask32 & OPT_n) /* numeric-only, no DNS lookups */
813 //if (option_mask32 & OPT_o) /* hexdump log */
814 if (option_mask32 & OPT_p) { /* local source port */
815 o_lport = bb_lookup_port(str_p, o_udpmode ? "udp" : "tcp", 0);
817 bb_error_msg_and_die("bad local port '%s'", str_p);
819 //if (option_mask32 & OPT_r) /* randomize various things */
820 //if (option_mask32 & OPT_u) /* use UDP */
821 //if (option_mask32 & OPT_v) /* verbose */
822 //if (option_mask32 & OPT_w) /* wait time */
823 //if (option_mask32 & OPT_z) /* little or no data xfer */
825 /* We manage our fd's so that they are never 0,1,2 */
826 /*bb_sanitize_stdio(); - not needed */
829 themaddr = xhost2sockaddr(argv[0],
831 ? bb_lookup_port(argv[1], o_udpmode ? "udp" : "tcp", 0)
835 /* create & bind network socket */
836 x = (o_udpmode ? SOCK_DGRAM : SOCK_STREAM);
837 if (option_mask32 & OPT_s) { /* local address */
838 /* if o_lport is still 0, then we will use random port */
839 ouraddr = xhost2sockaddr(str_s, o_lport);
841 /* prevent spurious "UDP listen needs !0 port" */
842 o_lport = get_nport(ouraddr);
843 o_lport = ntohs(o_lport);
845 x = xsocket(ouraddr->u.sa.sa_family, x, 0);
847 /* We try IPv6, then IPv4, unless addr family is
848 * implicitly set by way of remote addr/port spec */
849 x = xsocket_type(&ouraddr,
850 (themaddr ? themaddr->u.sa.sa_family : AF_UNSPEC),
853 set_nport(&ouraddr->u.sa, htons(o_lport));
856 setsockopt_reuseaddr(netfd);
858 socket_want_pktinfo(netfd);
859 if (!ENABLE_FEATURE_UNIX_LOCAL
860 || cnt_l != 0 /* listen */
861 || ouraddr->u.sa.sa_family != AF_UNIX
863 xbind(netfd, &ouraddr->u.sa, ouraddr->len);
866 setsockopt(netfd, SOL_SOCKET, SO_RCVBUF, &o_rcvbuf, sizeof o_rcvbuf);
867 setsockopt(netfd, SOL_SOCKET, SO_SNDBUF, &o_sndbuf, sizeof o_sndbuf);
871 if (OPT_l && (option_mask32 & (OPT_u|OPT_l)) == (OPT_u|OPT_l)) {
872 /* apparently UDP can listen ON "port 0",
873 but that's not useful */
875 bb_error_msg_and_die("UDP listen needs nonzero -p port");
879 FD_SET(STDIN_FILENO, &ding1); /* stdin *is* initially open */
881 close(0); /* won't need stdin */
882 option_mask32 &= ~OPT_o; /* -o with -e is meaningless! */
886 xmove_fd(xopen(str_o, O_WRONLY|O_CREAT|O_TRUNC), ofd);
890 dolisten((cnt_l - 1), proggie);
891 /* dolisten does its own connect reporting */
892 x = readwrite(); /* it even works with UDP! */
894 /* Outbound connects. Now we're more picky about args... */
900 themdotted = xmalloc_sockaddr2dotted(&themaddr->u.sa);
902 x = connect_w_timeout(netfd);
903 if (o_zero && x == 0 && o_udpmode) /* if UDP scanning... */
905 if (x == 0) { /* Yow, are we OPEN YET?! */
907 fprintf(stderr, "%s (%s) open\n", argv[0], themdotted);
908 if (proggie) /* exec is valid for outbound, too */
912 } else { /* connect or udptest wasn't successful */
913 x = 1; /* exit status */
914 /* if we're scanning at a "one -v" verbosity level, don't print refusals.
915 Give it another -v if you want to see everything. */
916 if (o_verbose > 1 || (o_verbose && errno != ECONNREFUSED))
917 bb_perror_msg("%s (%s)", argv[0], themdotted);
920 if (o_verbose > 1) /* normally we don't care */
921 fprintf(stderr, SENT_N_RECV_M, wrote_net, wrote_out);