1 /* Based on netcat 1.10 RELEASE 960320 written by hobbit@avian.org.
2 * Released into public domain by the author.
4 * Copyright (C) 2007 Denis Vlasenko.
6 * Licensed under GPLv2, see file LICENSE in this tarball for details.
9 /* Author's comments from nc 1.10:
10 * =====================
11 * Netcat is entirely my own creation, although plenty of other code was used as
12 * examples. It is freely given away to the Internet community in the hope that
13 * it will be useful, with no restrictions except giving credit where it is due.
14 * No GPLs, Berkeley copyrights or any of that nonsense. The author assumes NO
15 * responsibility for how anyone uses it. If netcat makes you rich somehow and
16 * you're feeling generous, mail me a check. If you are affiliated in any way
17 * with Microsoft Network, get a life. Always ski in control. Comments,
18 * questions, and patches to hobbit@avian.org.
20 * Netcat and the associated package is a product of Avian Research, and is freely
21 * available in full source form with no restrictions save an obligation to give
24 * A damn useful little "backend" utility begun 950915 or thereabouts,
25 * as *Hobbit*'s first real stab at some sockets programming. Something that
26 * should have and indeed may have existed ten years ago, but never became a
27 * standard Unix utility. IMHO, "nc" could take its place right next to cat,
28 * cp, rm, mv, dd, ls, and all those other cryptic and Unix-like things.
29 * =====================
31 * Much of author's comments are still retained in the code.
33 * Functionality removed (rationale):
34 * - miltiple-port ranges, randomized port scanning (use nmap)
35 * - telnet support (use telnet)
37 * - multiple DNS checks
38 * Functionalty which is different from nc 1.10:
39 * - Prog in '-e prog' can have prog's parameters and options.
40 * Because of this -e option must be last.
41 * - nc doesn't redirect stderr to the network socket for the -e prog.
44 /* done in nc.c: #include "busybox.h" */
46 #define SLEAZE_PORT 31337 /* for UDP-scan RTT trick, change if ya want */
47 #define BIGSIZ 8192 /* big buffers */
51 int ofd; /* hexdump output fd */
53 #define SENT_N_RECV_M "sent %llu, rcvd %llu\n"
54 unsigned long long wrote_out; /* total stdout bytes */
55 unsigned long long wrote_net; /* total net bytes */
57 #define SENT_N_RECV_M "sent %u, rcvd %u"
58 unsigned wrote_out; /* total stdout bytes */
59 unsigned wrote_net; /* total net bytes */
61 /* ouraddr is never NULL and goes thru three states as we progress:
62 1 - local address before bind (IP/port possibly zero)
63 2 - local address after bind (port is nonzero)
64 3 - local address after connect??/recv/accept (IP and port are nonzero) */
65 struct len_and_sockaddr *ouraddr;
66 /* themaddr is NULL if no peer hostname[:port] specified on command line */
67 struct len_and_sockaddr *themaddr;
68 /* remend is set after connect/recv/accept to the actual ip:port of peer */
69 struct len_and_sockaddr remend;
71 /* global cmd flags: */
78 jmp_buf jbuf; /* timer crud */
79 unsigned char *stage; /* hexdump line buffer */
81 /* will malloc up the following globals: */
82 fd_set ding1; /* for select loop */
84 char bigbuf_in[BIGSIZ]; /* data buffers */
85 char bigbuf_net[BIGSIZ];
88 #define G (*ptr_to_globals)
90 #define netfd (G.netfd )
92 #define wrote_out (G.wrote_out )
93 #define wrote_net (G.wrote_net )
94 #define ouraddr (G.ouraddr )
95 #define themaddr (G.themaddr )
96 #define remend (G.remend )
97 #define jbuf (G.jbuf )
98 #define stage (G.stage )
99 #define ding1 (G.ding1 )
100 #define ding2 (G.ding2 )
101 #define bigbuf_in (G.bigbuf_in )
102 #define bigbuf_net (G.bigbuf_net)
103 #define o_verbose (G.o_verbose )
104 #define o_wait (G.o_wait )
106 #define o_interval (G.o_interval)
111 /* Must match getopt32 call! */
120 OPT_l = (1 << 7) * ENABLE_NC_SERVER,
121 OPT_i = (1 << (7+ENABLE_NC_SERVER)) * ENABLE_NC_EXTRA,
122 OPT_o = (1 << (8+ENABLE_NC_SERVER)) * ENABLE_NC_EXTRA,
123 OPT_z = (1 << (9+ENABLE_NC_SERVER)) * ENABLE_NC_EXTRA,
126 #define o_nflag (option_mask32 & OPT_n)
127 #define o_udpmode (option_mask32 & OPT_u)
129 #define o_wfile (option_mask32 & OPT_o)
130 #define o_listen (option_mask32 & OPT_l)
131 #define o_zero (option_mask32 & OPT_z)
138 /* Debug macro: squirt whatever message and sleep a bit so we can see it go
139 by. need to call like Debug((stuff)) [with no ; ] so macro args match!
140 Beware: writes to stdOUT... */
142 #define Debug(x) printf x; printf("\n"); fflush(stdout); sleep(1);
144 #define Debug(x) /* nil... */
147 #define holler_error(...) do { if (o_verbose) bb_error_msg(__VA_ARGS__); } while(0)
148 #define holler_perror(...) do { if (o_verbose) bb_perror_msg(__VA_ARGS__); } while(0)
150 /* catch: no-brainer interrupt handler */
151 static void catch(int sig)
154 if (o_verbose > 1) /* normally we don't care */
155 fprintf(stderr, SENT_N_RECV_M, wrote_net, wrote_out);
156 fprintf(stderr, "punt!\n");
159 /* timeout and other signal handling cruft */
160 static void tmtravel(int sig)
162 signal(SIGALRM, SIG_IGN);
167 /* arm: set the timer. */
168 static void arm(unsigned secs)
170 signal(SIGALRM, tmtravel);
175 static void unarm(void)
177 signal(SIGALRM, SIG_IGN);
182 find the next newline in a buffer; return inclusive size of that "line",
183 or the entire buffer size, so the caller knows how much to then write().
184 Not distinguishing \n vs \r\n for the nonce; it just works as is... */
185 static unsigned findline(char *buf, unsigned siz)
189 if (!buf) /* various sanity checks... */
194 for (p = buf; x > 0; x--) {
197 x++; /* 'sokay if it points just past the end! */
198 Debug(("findline returning %d", x))
203 Debug(("findline returning whole thing: %d", siz))
208 fiddle all the file descriptors around, and hand off to another prog. Sort
209 of like a one-off "poor man's inetd". This is the only section of code
210 that would be security-critical, which is why it's ifdefed out by default.
211 Use at your own hairy risk; if you leave shells lying around behind open
212 listening ports you deserve to lose!! */
213 static int doexec(char **proggie) ATTRIBUTE_NORETURN;
214 static int doexec(char **proggie)
218 /* dup2(0, 2); - do we *really* want this? NO!
219 * exec'ed prog can do it yourself, if needed */
220 execvp(proggie[0], proggie);
221 bb_perror_msg_and_die("exec");
224 /* connect_w_timeout:
225 return an fd for one of
226 an open outbound TCP connection, a UDP stub-socket thingie, or
227 an unconnected TCP or UDP socket to listen on.
228 Examines various global o_blah flags to figure out what to do.
229 lad can be NULL, then socket is not bound to any local ip[:port] */
230 static int connect_w_timeout(int fd)
234 /* wrap connect inside a timer, and hit it */
236 if (setjmp(jbuf) == 0) {
237 rr = connect(fd, &themaddr->sa, themaddr->len);
238 } else { /* setjmp: connect failed... */
240 errno = ETIMEDOUT; /* fake it */
248 incoming and returns an open connection *from* someplace. If we were
249 given host/port args, any connections from elsewhere are rejected. This
250 in conjunction with local-address binding should limit things nicely... */
251 static void dolisten(void)
254 const char *errmsg = errmsg; /* gcc */
257 xlisten(netfd, 1); /* TCP: gotta listen() before we can get */
259 /* Various things that follow temporarily trash bigbuf_net, which might contain
260 a copy of any recvfrom()ed packet, but we'll read() another copy later. */
262 /* I can't believe I have to do all this to get my own goddamn bound address
263 and port number. It should just get filled in during bind() or something.
264 All this is only useful if we didn't say -p for listening, since if we
265 said -p we *know* what port we're listening on. At any rate we won't bother
266 with it all unless we wanted to see it, although listening quietly on a
267 random unknown port is probably not very useful without "netstat". */
270 rr = getsockname(netfd, &ouraddr->sa, &ouraddr->len);
272 bb_perror_msg_and_die("getsockname after bind");
273 addr = xmalloc_sockaddr2dotted(&ouraddr->sa, ouraddr->len);
274 fprintf(stderr, "listening on [%s] ...\n", addr);
279 /* UDP is a speeeeecial case -- we have to do I/O *and* get the calling
280 party's particulars all at once, listen() and accept() don't apply.
281 At least in the BSD universe, however, recvfrom/PEEK is enough to tell
282 us something came in, and we can set things up so straight read/write
283 actually does work after all. Yow. YMMV on strange platforms! */
285 /* I'm not completely clear on how this works -- BSD seems to make UDP
286 just magically work in a connect()ed context, but we'll undoubtedly run
287 into systems this deal doesn't work on. For now, we apparently have to
288 issue a connect() on our just-tickled socket so we can write() back.
289 Again, why the fuck doesn't it just get filled in and taken care of?!
290 This hack is anything but optimal. Basically, if you want your listener
291 to also be able to send data back, you need this connect() line, which
292 also has the side effect that now anything from a different source or even a
293 different port on the other end won't show up and will cause ICMP errors.
294 I guess that's what they meant by "connect".
295 Let's try to remember what the "U" is *really* for, eh? */
297 /* If peer address is specified, connect to it */
300 xconnect(netfd, &themaddr->sa, themaddr->len);
302 } else { /* peek first packet and remember peer addr */
303 arm(o_wait); /* might as well timeout this, too */
304 if (setjmp(jbuf) == 0) { /* do timeout for initial connect */
305 /* (*ouraddr) is prefilled with "default" address */
306 /* and here we block... */
307 rr = recv_from_to(netfd, NULL, 0, MSG_PEEK, /*was bigbuf_net, BIGSIZ*/
308 &remend.sa, &ouraddr->sa, ouraddr->len);
310 bb_perror_msg_and_die("recvfrom");
312 bb_error_msg_and_die("timeout");
314 rr = connect(netfd, &remend.sa, ouraddr->len);
319 arm(o_wait); /* wrap this in a timer, too; 0 = forever */
320 if (setjmp(jbuf) == 0) {
321 remend.len = LSA_SIZEOF_SA;
322 rr = accept(netfd, &remend.sa, &remend.len);
324 bb_error_msg_and_die("timeout");
328 close(netfd); /* dump the old socket */
329 netfd = rr; /* here's our new one */
330 /* find out what address the connection was *to* on our end, in case we're
331 doing a listen-on-any on a multihomed machine. This allows one to
332 offer different services via different alias addresses, such as the
333 "virtual web site" hack. */
334 rr = getsockname(netfd, &ouraddr->sa, &ouraddr->len);
335 errmsg = "getsockname after accept";
339 bb_perror_msg_and_die(errmsg);
341 #if ENABLE_NC_EXTRA && defined(IP_OPTIONS)
342 /* If we can, look for any IP options. Useful for testing the receiving end of
343 such things, and is a good exercise in dealing with it. We do this before
344 the connect message, to ensure that the connect msg is uniformly the LAST
345 thing to emerge after all the intervening crud. Doesn't work for UDP on
346 any machines I've tested, but feel free to surprise me. */
349 int x = sizeof(optbuf);
350 rr = getsockopt(netfd, IPPROTO_IP, IP_OPTIONS, optbuf, &x);
352 bb_perror_msg("getsockopt failed");
353 else if (x) { /* we've got options, lessee em... */
354 bin2hex(bigbuf_net, optbuf, x);
355 bigbuf_net[2*x] = '\0';
356 fprintf(stderr, "IP options: %s\n", bigbuf_net);
361 /* now check out who it is. We don't care about mismatched DNS names here,
362 but any ADDR and PORT we specified had better fucking well match the caller.
363 Converting from addr to inet_ntoa and back again is a bit of a kludge, but
364 gethostpoop wants a string and there's much gnarlier code out there already,
366 The *real* question is why BFD sockets wasn't designed to allow listens for
367 connections *from* specific hosts/ports, instead of requiring the caller to
368 accept the connection and then reject undesireable ones by closing.
369 In other words, we need a TCP MSG_PEEK. */
370 /* bbox: removed most of it */
372 char *lcladdr = xmalloc_sockaddr2dotted(&ouraddr->sa, ouraddr->len);
373 char *remaddr = xmalloc_sockaddr2dotted(&remend.sa, remend.len);
374 char *remhostname = o_nflag ? remaddr : xmalloc_sockaddr2host(&remend.sa, remend.len);
375 fprintf(stderr, "connect to [%s] from %s [%s]\n",
376 lcladdr, remhostname, remaddr);
385 fire a couple of packets at a UDP target port, just to see if it's really
386 there. On BSD kernels, ICMP host/port-unreachable errors get delivered to
387 our socket as ECONNREFUSED write errors. On SV kernels, we lose; we'll have
388 to collect and analyze raw ICMP ourselves a la satan's probe_udp_ports
389 backend. Guess where one could swipe the appropriate code from...
391 Use the time delay between writes if given, otherwise use the "tcp ping"
392 trick for getting the RTT. [I got that idea from pluvius, and warped it.]
393 Return either the original fd, or clean up and return -1. */
394 static int udptest(void)
398 rr = write(netfd, bigbuf_in, 1);
400 bb_perror_msg("udptest first write");
405 /* use the tcp-ping trick: try connecting to a normally refused port, which
406 causes us to block for the time that SYN gets there and RST gets back.
407 Not completely reliable, but it *does* mostly work. */
408 /* Set a temporary connect timeout, so packet filtration doesnt cause
409 us to hang forever, and hit it */
410 o_wait = 5; /* enough that we'll notice?? */
411 rr = xsocket(ouraddr->sa.sa_family, SOCK_STREAM, 0);
412 set_nport(themaddr, htons(SLEAZE_PORT));
413 connect_w_timeout(rr);
414 //need to restore port?
416 o_wait = 0; /* reset it */
419 rr = write(netfd, bigbuf_in, 1);
420 return (rr != 1); /* if rr == 1, return 0 (success) */
424 Hexdump bytes shoveled either way to a running logfile, in the format:
425 D offset - - - - --- 16 bytes --- - - - - # .... ascii .....
426 where "which" sets the direction indicator, D:
427 0 -- sent to network, or ">"
428 1 -- rcvd and printed to stdout, or "<"
429 and "buf" and "n" are data-block and length. If the current block generates
430 a partial line, so be it; we *want* that lockstep indication of who sent
431 what when. Adapted from dgaudet's original example -- but must be ripping
432 *fast*, since we don't want to be too disk-bound... */
433 static void oprint(int which, char *buf, int n)
435 int bc; /* in buffer count */
436 int obc; /* current "global" offset */
437 int soc; /* stage write count */
438 unsigned char *p; /* main buf ptr; m.b. unsigned here */
439 unsigned char *op; /* out hexdump ptr */
440 unsigned char *a; /* out asc-dump ptr */
449 obc = wrote_out; /* use the globals! */
454 op++; /* preload "direction" */
456 p = (unsigned char *) buf;
458 stage[59] = '#'; /* preload separator */
461 while (bc) { /* for chunk-o-data ... */
463 soc = 78; /* len of whole formatted line */
465 soc = soc - 16 + bc; /* fiddle for however much is left */
466 x = (bc * 3) + 11; /* 2 digits + space per, after D & offset */
470 *op++ = ' '; /* preload filler spaces */
475 x = bc; /* re-fix current linecount */
478 bc -= x; /* fix wrt current line size */
479 sprintf(&stage[2], "%8.8x ", obc); /* xxx: still slow? */
480 obc += x; /* fix current offset */
481 op = &stage[11]; /* where hex starts */
482 a = &stage[61]; /* where ascii starts */
484 while (x) { /* for line of dump, however long ... */
485 *op++ = 0x20 | bb_hexdigits_upcase[*p >> 4];
486 *op++ = 0x20 | bb_hexdigits_upcase[*p & 0x0f];
488 if ((*p > 31) && (*p < 127))
489 *a = *p; /* printing */
491 *a = '.'; /* nonprinting, loose def */
496 *a = '\n'; /* finish the line */
497 xwrite(ofd, stage, soc);
502 handle stdin/stdout/network I/O. Bwahaha!! -- the select loop from hell.
503 In this instance, return what might become our exit status. */
504 static int readwrite(void)
507 char *zp = zp; /* gcc */ /* stdin buf ptr */
508 char *np = np; /* net-in buf ptr */
511 unsigned netretry; /* net-read retry counter */
512 unsigned wretry; /* net-write sanity counter */
513 unsigned wfirst; /* one-shot flag to skip first net read */
515 /* if you don't have all this FD_* macro hair in sys/types.h, you'll have to
516 either find it or do your own bit-bashing: *ding1 |= (1 << fd), etc... */
517 FD_SET(netfd, &ding1); /* global: the net is open */
522 sleep(o_interval); /* pause *before* sending stuff, too */
524 errno = 0; /* clear from sleep, close, whatever */
525 /* and now the big ol' select shoveling loop ... */
526 while (FD_ISSET(netfd, &ding1)) { /* i.e. till the *net* closes! */
527 wretry = 8200; /* more than we'll ever hafta write */
528 if (wfirst) { /* any saved stdin buffer? */
529 wfirst = 0; /* clear flag for the duration */
530 goto shovel; /* and go handle it first */
532 ding2 = ding1; /* FD_COPY ain't portable... */
533 /* some systems, notably linux, crap into their select timers on return, so
534 we create a expendable copy and give *that* to select. */
536 struct timeval tmp_timer;
537 tmp_timer.tv_sec = o_wait;
538 tmp_timer.tv_usec = 0;
539 rr = select(16, &ding2, NULL, NULL, &tmp_timer);
541 rr = select(16, &ding2, NULL, NULL, NULL);
542 if (rr < 0 && errno != EINTR) { /* might have gotten ^Zed, etc */
543 holler_perror("select");
547 /* if we have a timeout AND stdin is closed AND we haven't heard anything
548 from the net during that time, assume it's dead and close it too. */
550 if (!FD_ISSET(0, &ding1))
551 netretry--; /* we actually try a coupla times. */
553 if (o_verbose > 1) /* normally we don't care */
554 fprintf(stderr, "net timeout\n");
556 return 0; /* not an error! */
558 } /* select timeout */
559 /* xxx: should we check the exception fds too? The read fds seem to give
560 us the right info, and none of the examples I found bothered. */
562 /* Ding!! Something arrived, go check all the incoming hoppers, net first */
563 if (FD_ISSET(netfd, &ding2)) { /* net: ding! */
564 rr = read(netfd, bigbuf_net, BIGSIZ);
566 FD_CLR(netfd, &ding1); /* net closed, we'll finish up... */
567 rzleft = 0; /* can't write anymore: broken pipe */
572 Debug(("got %d from the net, errno %d", rr, errno))
575 /* if we're in "slowly" mode there's probably still stuff in the stdin
576 buffer, so don't read unless we really need MORE INPUT! MORE INPUT! */
580 /* okay, suck more stdin */
581 if (FD_ISSET(0, &ding2)) { /* stdin: ding! */
582 rr = read(0, bigbuf_in, BIGSIZ);
583 /* Considered making reads here smaller for UDP mode, but 8192-byte
584 mobygrams are kinda fun and exercise the reassembler. */
585 if (rr <= 0) { /* at end, or fukt, or ... */
586 FD_CLR(0, &ding1); /* disable and close stdin */
594 /* now that we've dingdonged all our thingdings, send off the results.
595 Geez, why does this look an awful lot like the big loop in "rsh"? ...
596 not sure if the order of this matters, but write net -> stdout first. */
598 /* sanity check. Works because they're both unsigned... */
599 if ((rzleft > 8200) || (rnleft > 8200)) {
600 holler_error("bogus buffers: %u, %u", rzleft, rnleft);
603 /* net write retries sometimes happen on UDP connections */
604 if (!wretry) { /* is something hung? */
605 holler_error("too many output retries");
609 rr = write(1, np, rnleft);
612 oprint(1, np, rr); /* log the stdout */
613 np += rr; /* fix up ptrs and whatnot */
614 rnleft -= rr; /* will get sanity-checked above */
615 wrote_out += rr; /* global count */
617 Debug(("wrote %d to stdout, errno %d", rr, errno))
620 if (o_interval) /* in "slowly" mode ?? */
621 rr = findline(zp, rzleft);
624 rr = write(netfd, zp, rr); /* one line, or the whole buffer */
627 oprint(0, zp, rr); /* log what got sent */
630 wrote_net += rr; /* global count */
632 Debug(("wrote %d to net, errno %d", rr, errno))
634 if (o_interval) { /* cycle between slow lines, or ... */
636 errno = 0; /* clear from sleep */
637 continue; /* ...with hairy select loop... */
639 if ((rzleft) || (rnleft)) { /* shovel that shit till they ain't */
640 wretry--; /* none left, and get another load */
643 } /* while ding1:netfd is open */
645 /* XXX: maybe want a more graceful shutdown() here, or screw around with
646 linger times?? I suspect that I don't need to since I'm always doing
647 blocking reads and writes and my own manual "last ditch" efforts to read
648 the net again after a timeout. I haven't seen any screwups yet, but it's
649 not like my test network is particularly busy... */
654 /* main: now we pull it all together... */
655 int nc_main(int argc, char **argv);
656 int nc_main(int argc, char **argv)
658 char *str_p, *str_s, *str_w;
659 USE_NC_EXTRA(char *str_i;)
660 char *themdotted = themdotted; /* gcc */
663 unsigned o_lport = 0;
665 /* I was in this barbershop quartet in Skokie IL ... */
666 /* round up the usual suspects, i.e. malloc up all the stuff we need */
667 PTR_TO_GLOBALS = xzalloc(sizeof(G));
669 /* catch a signal or two for cleanup */
670 signal(SIGINT, catch);
671 signal(SIGQUIT, catch);
672 signal(SIGTERM, catch);
673 /* and suppress others... */
675 signal(SIGURG, SIG_IGN);
677 signal(SIGPIPE, SIG_IGN); /* important! */
681 if (strcmp(*proggie, "-e") == 0) {
683 argc = proggie - argv;
691 // -g -G -t -r deleted, unimplemented -a deleted too
692 opt_complementary = "?2:vv"; /* max 2 params, -v is a counter */
693 getopt32(argc, argv, "hnp:s:uvw:" USE_NC_SERVER("l")
694 USE_NC_EXTRA("i:o:z"),
695 &str_p, &str_s, &str_w
696 USE_NC_EXTRA(, &str_i, &stage, &o_verbose));
699 if (option_mask32 & OPT_i) /* line-interval time */
700 o_interval = xatou_range(str_i, 1, 0xffff);
702 //if (option_mask32 & OPT_l) /* listen mode */
703 //if (option_mask32 & OPT_n) /* numeric-only, no DNS lookups */
704 //if (option_mask32 & OPT_o) /* hexdump log */
705 if (option_mask32 & OPT_p) { /* local source port */
706 o_lport = bb_lookup_port(str_p, o_udpmode ? "udp" : "tcp", 0);
708 bb_error_msg_and_die("bad local port '%s'", str_p);
710 //if (option_mask32 & OPT_r) /* randomize various things */
711 //if (option_mask32 & OPT_u) /* use UDP */
712 //if (option_mask32 & OPT_v) /* verbose */
713 if (option_mask32 & OPT_w) { /* wait time */
714 o_wait = xatoi_u(str_w);
716 //if (option_mask32 & OPT_z) /* little or no data xfer */
720 /* create & bind network socket */
721 if (option_mask32 & OPT_s) { /* local address */
722 /* if o_port is still 0, then we will use random port */
723 ouraddr = xhost2sockaddr(str_s, o_lport);
724 netfd = xsocket(ouraddr->sa.sa_family, o_udpmode ? SOCK_DGRAM : SOCK_STREAM, 0); //// 0?
726 netfd = xsocket_type(&ouraddr, o_udpmode ? SOCK_DGRAM : SOCK_STREAM);
728 set_nport(ouraddr, htons(o_lport));
730 setsockopt_reuseaddr(netfd);
732 socket_want_pktinfo(netfd);
733 xbind(netfd, &ouraddr->sa, ouraddr->len);
735 setsockopt(netfd, SOL_SOCKET, SO_RCVBUF, &o_rcvbuf, sizeof o_rcvbuf);
736 setsockopt(netfd, SOL_SOCKET, SO_SNDBUF, &o_sndbuf, sizeof o_sndbuf);
739 if (o_udpmode) { /* apparently UDP can listen ON */
740 if (!o_lport) /* "port 0", but that's not useful */
741 bb_error_msg_and_die("UDP listen needs -p arg");
744 FD_SET(0, &ding1); /* stdin *is* initially open */
746 close(0); /* won't need stdin */
747 option_mask32 &= ~OPT_o; /* -o with -e is meaningless! */
751 ofd = xopen(stage, O_WRONLY|O_CREAT|O_TRUNC);
752 stage = xzalloc(100);
756 themaddr = xhost2sockaddr(argv[0],
758 ? bb_lookup_port(argv[1], o_udpmode ? "udp" : "tcp", 0)
760 ///what if sa_family won't match??
765 /* dolisten does its own connect reporting */
766 if (proggie) /* -e given? */
768 x = readwrite(); /* it even works with UDP! */
770 /* Outbound connects. Now we're more picky about args... */
772 bb_error_msg_and_die("no destination");
776 themdotted = xmalloc_sockaddr2dotted(&themaddr->sa, themaddr->len);
778 x = connect_w_timeout(netfd);
779 if (o_zero && x == 0 && o_udpmode) /* if UDP scanning... */
781 if (x == 0) { /* Yow, are we OPEN YET?! */
783 fprintf(stderr, "%s [%s] open\n", argv[0], themdotted);
784 if (proggie) /* exec is valid for outbound, too */
788 } else { /* connect or udptest wasn't successful */
789 x = 1; /* exit status */
790 /* if we're scanning at a "one -v" verbosity level, don't print refusals.
791 Give it another -v if you want to see everything. */
792 if (o_verbose > 1 || (o_verbose && errno != ECONNREFUSED))
793 bb_perror_msg("%s [%s]", argv[0], themdotted);
796 if (o_verbose > 1) /* normally we don't care */
797 fprintf(stderr, SENT_N_RECV_M, wrote_net, wrote_out);