1 /* Based on netcat 1.10 RELEASE 960320 written by hobbit@avian.org.
2 * Released into public domain by the author.
4 * Copyright (C) 2007 Denys Vlasenko.
6 * Licensed under GPLv2, see file LICENSE in this tarball for details.
9 /* Author's comments from nc 1.10:
10 * =====================
11 * Netcat is entirely my own creation, although plenty of other code was used as
12 * examples. It is freely given away to the Internet community in the hope that
13 * it will be useful, with no restrictions except giving credit where it is due.
14 * No GPLs, Berkeley copyrights or any of that nonsense. The author assumes NO
15 * responsibility for how anyone uses it. If netcat makes you rich somehow and
16 * you're feeling generous, mail me a check. If you are affiliated in any way
17 * with Microsoft Network, get a life. Always ski in control. Comments,
18 * questions, and patches to hobbit@avian.org.
20 * Netcat and the associated package is a product of Avian Research, and is freely
21 * available in full source form with no restrictions save an obligation to give
24 * A damn useful little "backend" utility begun 950915 or thereabouts,
25 * as *Hobbit*'s first real stab at some sockets programming. Something that
26 * should have and indeed may have existed ten years ago, but never became a
27 * standard Unix utility. IMHO, "nc" could take its place right next to cat,
28 * cp, rm, mv, dd, ls, and all those other cryptic and Unix-like things.
29 * =====================
31 * Much of author's comments are still retained in the code.
33 * Functionality removed (rationale):
34 * - miltiple-port ranges, randomized port scanning (use nmap)
35 * - telnet support (use telnet)
37 * - multiple DNS checks
38 * Functionalty which is different from nc 1.10:
39 * - Prog in '-e prog' can have prog's parameters and options.
40 * Because of this -e option must be last.
41 * - nc doesn't redirect stderr to the network socket for the -e prog.
42 * - numeric addresses are printed in (), not [] (IPv6 looks better),
43 * port numbers are inside (): (1.2.3.4:5678)
44 * - network read errors are reported on verbose levels > 1
45 * (nc 1.10 treats them as EOF)
46 * - TCP connects from wrong ip/ports (if peer ip:port is specified
47 * on the command line, but accept() says that it came from different addr)
48 * are closed, but nc doesn't exit - continues to listen/accept.
51 /* done in nc.c: #include "libbb.h" */
54 SLEAZE_PORT = 31337, /* for UDP-scan RTT trick, change if ya want */
55 BIGSIZ = 8192, /* big buffers */
62 /* global cmd flags: */
70 /*int ofd;*/ /* hexdump output fd */
72 #define SENT_N_RECV_M "sent %llu, rcvd %llu\n"
73 unsigned long long wrote_out; /* total stdout bytes */
74 unsigned long long wrote_net; /* total net bytes */
76 #define SENT_N_RECV_M "sent %u, rcvd %u\n"
77 unsigned wrote_out; /* total stdout bytes */
78 unsigned wrote_net; /* total net bytes */
80 /* ouraddr is never NULL and goes through three states as we progress:
81 1 - local address before bind (IP/port possibly zero)
82 2 - local address after bind (port is nonzero)
83 3 - local address after connect??/recv/accept (IP and port are nonzero) */
84 struct len_and_sockaddr *ouraddr;
85 /* themaddr is NULL if no peer hostname[:port] specified on command line */
86 struct len_and_sockaddr *themaddr;
87 /* remend is set after connect/recv/accept to the actual ip:port of peer */
88 struct len_and_sockaddr remend;
90 jmp_buf jbuf; /* timer crud */
92 /* will malloc up the following globals: */
93 fd_set ding1; /* for select loop */
95 char bigbuf_in[BIGSIZ]; /* data buffers */
96 char bigbuf_net[BIGSIZ];
99 #define G (*ptr_to_globals)
100 #define wrote_out (G.wrote_out )
101 #define wrote_net (G.wrote_net )
102 #define ouraddr (G.ouraddr )
103 #define themaddr (G.themaddr )
104 #define remend (G.remend )
105 #define jbuf (G.jbuf )
106 #define ding1 (G.ding1 )
107 #define ding2 (G.ding2 )
108 #define bigbuf_in (G.bigbuf_in )
109 #define bigbuf_net (G.bigbuf_net)
110 #define o_verbose (G.o_verbose )
111 #define o_wait (G.o_wait )
113 #define o_interval (G.o_interval)
117 #define INIT_G() do { \
118 SET_PTR_TO_GLOBALS(xzalloc(sizeof(G))); \
122 /* Must match getopt32 call! */
131 OPT_l = (1 << 7) * ENABLE_NC_SERVER,
132 OPT_i = (1 << (7+ENABLE_NC_SERVER)) * ENABLE_NC_EXTRA,
133 OPT_o = (1 << (8+ENABLE_NC_SERVER)) * ENABLE_NC_EXTRA,
134 OPT_z = (1 << (9+ENABLE_NC_SERVER)) * ENABLE_NC_EXTRA,
137 #define o_nflag (option_mask32 & OPT_n)
138 #define o_udpmode (option_mask32 & OPT_u)
140 #define o_listen (option_mask32 & OPT_l)
145 #define o_ofile (option_mask32 & OPT_o)
146 #define o_zero (option_mask32 & OPT_z)
152 /* Debug: squirt whatever message and sleep a bit so we can see it go by. */
153 /* Beware: writes to stdOUT... */
155 #define Debug(...) do { printf(__VA_ARGS__); printf("\n"); fflush_all(); sleep(1); } while (0)
157 #define Debug(...) do { } while (0)
160 #define holler_error(...) do { if (o_verbose) bb_error_msg(__VA_ARGS__); } while (0)
161 #define holler_perror(...) do { if (o_verbose) bb_perror_msg(__VA_ARGS__); } while (0)
163 /* catch: no-brainer interrupt handler */
164 static void catch(int sig)
166 if (o_verbose > 1) /* normally we don't care */
167 fprintf(stderr, SENT_N_RECV_M, wrote_net, wrote_out);
168 fprintf(stderr, "punt!\n");
169 kill_myself_with_sig(sig);
173 static void unarm(void)
175 signal(SIGALRM, SIG_IGN);
179 /* timeout and other signal handling cruft */
180 static void tmtravel(int sig UNUSED_PARAM)
186 /* arm: set the timer. */
187 static void arm(unsigned secs)
189 signal(SIGALRM, tmtravel);
194 find the next newline in a buffer; return inclusive size of that "line",
195 or the entire buffer size, so the caller knows how much to then write().
196 Not distinguishing \n vs \r\n for the nonce; it just works as is... */
197 static unsigned findline(char *buf, unsigned siz)
201 if (!buf) /* various sanity checks... */
206 for (p = buf; x > 0; x--) {
209 x++; /* 'sokay if it points just past the end! */
210 Debug("findline returning %d", x);
215 Debug("findline returning whole thing: %d", siz);
220 fiddle all the file descriptors around, and hand off to another prog. Sort
221 of like a one-off "poor man's inetd". This is the only section of code
222 that would be security-critical, which is why it's ifdefed out by default.
223 Use at your own hairy risk; if you leave shells lying around behind open
224 listening ports you deserve to lose!! */
225 static int doexec(char **proggie) NORETURN;
226 static int doexec(char **proggie)
230 /* dup2(0, 2); - do we *really* want this? NO!
231 * exec'ed prog can do it yourself, if needed */
232 execvp(proggie[0], proggie);
233 bb_perror_msg_and_die("exec");
236 /* connect_w_timeout:
237 return an fd for one of
238 an open outbound TCP connection, a UDP stub-socket thingie, or
239 an unconnected TCP or UDP socket to listen on.
240 Examines various global o_blah flags to figure out what to do.
241 lad can be NULL, then socket is not bound to any local ip[:port] */
242 static int connect_w_timeout(int fd)
246 /* wrap connect inside a timer, and hit it */
248 if (setjmp(jbuf) == 0) {
249 rr = connect(fd, &themaddr->u.sa, themaddr->len);
251 } else { /* setjmp: connect failed... */
253 errno = ETIMEDOUT; /* fake it */
260 incoming and returns an open connection *from* someplace. If we were
261 given host/port args, any connections from elsewhere are rejected. This
262 in conjunction with local-address binding should limit things nicely... */
263 static void dolisten(void)
268 xlisten(netfd, 1); /* TCP: gotta listen() before we can get */
270 /* Various things that follow temporarily trash bigbuf_net, which might contain
271 a copy of any recvfrom()ed packet, but we'll read() another copy later. */
273 /* I can't believe I have to do all this to get my own goddamn bound address
274 and port number. It should just get filled in during bind() or something.
275 All this is only useful if we didn't say -p for listening, since if we
276 said -p we *know* what port we're listening on. At any rate we won't bother
277 with it all unless we wanted to see it, although listening quietly on a
278 random unknown port is probably not very useful without "netstat". */
281 getsockname(netfd, &ouraddr->u.sa, &ouraddr->len);
283 // bb_perror_msg_and_die("getsockname after bind");
284 addr = xmalloc_sockaddr2dotted(&ouraddr->u.sa);
285 fprintf(stderr, "listening on %s ...\n", addr);
290 /* UDP is a speeeeecial case -- we have to do I/O *and* get the calling
291 party's particulars all at once, listen() and accept() don't apply.
292 At least in the BSD universe, however, recvfrom/PEEK is enough to tell
293 us something came in, and we can set things up so straight read/write
294 actually does work after all. Yow. YMMV on strange platforms! */
296 /* I'm not completely clear on how this works -- BSD seems to make UDP
297 just magically work in a connect()ed context, but we'll undoubtedly run
298 into systems this deal doesn't work on. For now, we apparently have to
299 issue a connect() on our just-tickled socket so we can write() back.
300 Again, why the fuck doesn't it just get filled in and taken care of?!
301 This hack is anything but optimal. Basically, if you want your listener
302 to also be able to send data back, you need this connect() line, which
303 also has the side effect that now anything from a different source or even a
304 different port on the other end won't show up and will cause ICMP errors.
305 I guess that's what they meant by "connect".
306 Let's try to remember what the "U" is *really* for, eh? */
308 /* If peer address is specified, connect to it */
309 remend.len = LSA_SIZEOF_SA;
312 xconnect(netfd, &themaddr->u.sa, themaddr->len);
314 /* peek first packet and remember peer addr */
315 arm(o_wait); /* might as well timeout this, too */
316 if (setjmp(jbuf) == 0) { /* do timeout for initial connect */
317 /* (*ouraddr) is prefilled with "default" address */
318 /* and here we block... */
319 rr = recv_from_to(netfd, NULL, 0, MSG_PEEK, /*was bigbuf_net, BIGSIZ*/
320 &remend.u.sa, &ouraddr->u.sa, ouraddr->len);
322 bb_perror_msg_and_die("recvfrom");
325 bb_error_msg_and_die("timeout");
326 /* Now we learned *to which IP* peer has connected, and we want to anchor
327 our socket on it, so that our outbound packets will have correct local IP.
328 Unfortunately, bind() on already bound socket will fail now (EINVAL):
329 xbind(netfd, &ouraddr->u.sa, ouraddr->len);
330 Need to read the packet, save data, close this socket and
331 create new one, and bind() it. TODO */
333 xconnect(netfd, &remend.u.sa, ouraddr->len);
336 arm(o_wait); /* wrap this in a timer, too; 0 = forever */
337 if (setjmp(jbuf) == 0) {
339 remend.len = LSA_SIZEOF_SA;
340 rr = accept(netfd, &remend.u.sa, &remend.len);
342 bb_perror_msg_and_die("accept");
344 int sv_port, port, r;
346 sv_port = get_nport(&remend.u.sa); /* save */
347 port = get_nport(&themaddr->u.sa);
349 /* "nc -nl -p LPORT RHOST" (w/o RPORT!):
350 * we should accept any remote port */
351 set_nport(&remend, 0); /* blot out remote port# */
353 r = memcmp(&remend.u.sa, &themaddr->u.sa, remend.len);
354 set_nport(&remend, sv_port); /* restore */
356 /* nc 1.10 bails out instead, and its error message
357 * is not suppressed by o_verbose */
359 char *remaddr = xmalloc_sockaddr2dotted(&remend.u.sa);
360 bb_error_msg("connect from wrong ip/port %s ignored", remaddr);
369 bb_error_msg_and_die("timeout");
370 xmove_fd(rr, netfd); /* dump the old socket, here's our new one */
371 /* find out what address the connection was *to* on our end, in case we're
372 doing a listen-on-any on a multihomed machine. This allows one to
373 offer different services via different alias addresses, such as the
374 "virtual web site" hack. */
375 getsockname(netfd, &ouraddr->u.sa, &ouraddr->len);
377 // bb_perror_msg_and_die("getsockname after accept");
381 char *lcladdr, *remaddr, *remhostname;
383 #if ENABLE_NC_EXTRA && defined(IP_OPTIONS)
384 /* If we can, look for any IP options. Useful for testing the receiving end of
385 such things, and is a good exercise in dealing with it. We do this before
386 the connect message, to ensure that the connect msg is uniformly the LAST
387 thing to emerge after all the intervening crud. Doesn't work for UDP on
388 any machines I've tested, but feel free to surprise me. */
390 socklen_t x = sizeof(optbuf);
392 rr = getsockopt(netfd, IPPROTO_IP, IP_OPTIONS, optbuf, &x);
393 if (rr >= 0 && x) { /* we've got options, lessee em... */
394 bin2hex(bigbuf_net, optbuf, x);
395 bigbuf_net[2*x] = '\0';
396 fprintf(stderr, "IP options: %s\n", bigbuf_net);
400 /* now check out who it is. We don't care about mismatched DNS names here,
401 but any ADDR and PORT we specified had better fucking well match the caller.
402 Converting from addr to inet_ntoa and back again is a bit of a kludge, but
403 gethostpoop wants a string and there's much gnarlier code out there already,
405 The *real* question is why BFD sockets wasn't designed to allow listens for
406 connections *from* specific hosts/ports, instead of requiring the caller to
407 accept the connection and then reject undesireable ones by closing.
408 In other words, we need a TCP MSG_PEEK. */
409 /* bbox: removed most of it */
410 lcladdr = xmalloc_sockaddr2dotted(&ouraddr->u.sa);
411 remaddr = xmalloc_sockaddr2dotted(&remend.u.sa);
412 remhostname = o_nflag ? remaddr : xmalloc_sockaddr2host(&remend.u.sa);
413 fprintf(stderr, "connect to %s from %s (%s)\n",
414 lcladdr, remhostname, remaddr);
423 fire a couple of packets at a UDP target port, just to see if it's really
424 there. On BSD kernels, ICMP host/port-unreachable errors get delivered to
425 our socket as ECONNREFUSED write errors. On SV kernels, we lose; we'll have
426 to collect and analyze raw ICMP ourselves a la satan's probe_udp_ports
427 backend. Guess where one could swipe the appropriate code from...
429 Use the time delay between writes if given, otherwise use the "tcp ping"
430 trick for getting the RTT. [I got that idea from pluvius, and warped it.]
431 Return either the original fd, or clean up and return -1. */
433 static int udptest(void)
437 rr = write(netfd, bigbuf_in, 1);
439 bb_perror_msg("udptest first write");
442 sleep(o_wait); // can be interrupted! while (t) nanosleep(&t)?
444 /* use the tcp-ping trick: try connecting to a normally refused port, which
445 causes us to block for the time that SYN gets there and RST gets back.
446 Not completely reliable, but it *does* mostly work. */
447 /* Set a temporary connect timeout, so packet filtration doesnt cause
448 us to hang forever, and hit it */
449 o_wait = 5; /* enough that we'll notice?? */
450 rr = xsocket(ouraddr->u.sa.sa_family, SOCK_STREAM, 0);
451 set_nport(themaddr, htons(SLEAZE_PORT));
452 connect_w_timeout(rr);
453 /* don't need to restore themaddr's port, it's not used anymore */
455 o_wait = 0; /* restore */
458 rr = write(netfd, bigbuf_in, 1);
459 return (rr != 1); /* if rr == 1, return 0 (success) */
466 Hexdump bytes shoveled either way to a running logfile, in the format:
467 D offset - - - - --- 16 bytes --- - - - - # .... ascii .....
468 where "which" sets the direction indicator, D:
469 0 -- sent to network, or ">"
470 1 -- rcvd and printed to stdout, or "<"
471 and "buf" and "n" are data-block and length. If the current block generates
472 a partial line, so be it; we *want* that lockstep indication of who sent
473 what when. Adapted from dgaudet's original example -- but must be ripping
474 *fast*, since we don't want to be too disk-bound... */
476 static void oprint(int direction, unsigned char *p, unsigned bc)
478 unsigned obc; /* current "global" offset */
480 unsigned char *op; /* out hexdump ptr */
481 unsigned char *ap; /* out asc-dump ptr */
482 unsigned char stage[100];
487 obc = wrote_net; /* use the globals! */
488 if (direction == '<')
490 stage[0] = direction;
491 stage[59] = '#'; /* preload separator */
494 do { /* for chunk-o-data ... */
497 /* memset(&stage[bc*3 + 11], ' ', 16*3 - bc*3); */
498 memset(&stage[11], ' ', 16*3);
501 sprintf((char *)&stage[1], " %8.8x ", obc); /* xxx: still slow? */
502 bc -= x; /* fix current count */
503 obc += x; /* fix current offset */
504 op = &stage[11]; /* where hex starts */
505 ap = &stage[61]; /* where ascii starts */
507 do { /* for line of dump, however long ... */
508 *op++ = 0x20 | bb_hexdigits_upcase[*p >> 4];
509 *op++ = 0x20 | bb_hexdigits_upcase[*p & 0x0f];
511 if ((*p > 31) && (*p < 127))
512 *ap = *p; /* printing */
514 *ap = '.'; /* nonprinting, loose def */
518 *ap++ = '\n'; /* finish the line */
519 xwrite(ofd, stage, ap - stage);
523 void oprint(int direction, unsigned char *p, unsigned bc);
527 handle stdin/stdout/network I/O. Bwahaha!! -- the select loop from hell.
528 In this instance, return what might become our exit status. */
529 static int readwrite(void)
532 char *zp = zp; /* gcc */ /* stdin buf ptr */
533 char *np = np; /* net-in buf ptr */
536 unsigned netretry; /* net-read retry counter */
537 unsigned wretry; /* net-write sanity counter */
538 unsigned wfirst; /* one-shot flag to skip first net read */
540 /* if you don't have all this FD_* macro hair in sys/types.h, you'll have to
541 either find it or do your own bit-bashing: *ding1 |= (1 << fd), etc... */
542 FD_SET(netfd, &ding1); /* global: the net is open */
547 sleep(o_interval); /* pause *before* sending stuff, too */
549 errno = 0; /* clear from sleep, close, whatever */
550 /* and now the big ol' select shoveling loop ... */
551 while (FD_ISSET(netfd, &ding1)) { /* i.e. till the *net* closes! */
552 wretry = 8200; /* more than we'll ever hafta write */
553 if (wfirst) { /* any saved stdin buffer? */
554 wfirst = 0; /* clear flag for the duration */
555 goto shovel; /* and go handle it first */
557 ding2 = ding1; /* FD_COPY ain't portable... */
558 /* some systems, notably linux, crap into their select timers on return, so
559 we create a expendable copy and give *that* to select. */
561 struct timeval tmp_timer;
562 tmp_timer.tv_sec = o_wait;
563 tmp_timer.tv_usec = 0;
564 /* highest possible fd is netfd (3) */
565 rr = select(netfd+1, &ding2, NULL, NULL, &tmp_timer);
567 rr = select(netfd+1, &ding2, NULL, NULL, NULL);
568 if (rr < 0 && errno != EINTR) { /* might have gotten ^Zed, etc */
569 holler_perror("select");
573 /* if we have a timeout AND stdin is closed AND we haven't heard anything
574 from the net during that time, assume it's dead and close it too. */
576 if (!FD_ISSET(STDIN_FILENO, &ding1))
577 netretry--; /* we actually try a coupla times. */
579 if (o_verbose > 1) /* normally we don't care */
580 fprintf(stderr, "net timeout\n");
582 return 0; /* not an error! */
584 } /* select timeout */
585 /* xxx: should we check the exception fds too? The read fds seem to give
586 us the right info, and none of the examples I found bothered. */
588 /* Ding!! Something arrived, go check all the incoming hoppers, net first */
589 if (FD_ISSET(netfd, &ding2)) { /* net: ding! */
590 rr = read(netfd, bigbuf_net, BIGSIZ);
592 if (rr < 0 && o_verbose > 1) {
593 /* nc 1.10 doesn't do this */
594 bb_perror_msg("net read");
596 FD_CLR(netfd, &ding1); /* net closed, we'll finish up... */
597 rzleft = 0; /* can't write anymore: broken pipe */
602 Debug("got %d from the net, errno %d", rr, errno);
605 /* if we're in "slowly" mode there's probably still stuff in the stdin
606 buffer, so don't read unless we really need MORE INPUT! MORE INPUT! */
610 /* okay, suck more stdin */
611 if (FD_ISSET(STDIN_FILENO, &ding2)) { /* stdin: ding! */
612 rr = read(STDIN_FILENO, bigbuf_in, BIGSIZ);
613 /* Considered making reads here smaller for UDP mode, but 8192-byte
614 mobygrams are kinda fun and exercise the reassembler. */
615 if (rr <= 0) { /* at end, or fukt, or ... */
616 FD_CLR(STDIN_FILENO, &ding1); /* disable and close stdin */
618 // Does it make sense to shutdown(net_fd, SHUT_WR)
619 // to let other side know that we won't write anything anymore?
620 // (and what about keeping compat if we do that?)
627 /* now that we've dingdonged all our thingdings, send off the results.
628 Geez, why does this look an awful lot like the big loop in "rsh"? ...
629 not sure if the order of this matters, but write net -> stdout first. */
631 /* sanity check. Works because they're both unsigned... */
632 if ((rzleft > 8200) || (rnleft > 8200)) {
633 holler_error("bogus buffers: %u, %u", rzleft, rnleft);
636 /* net write retries sometimes happen on UDP connections */
637 if (!wretry) { /* is something hung? */
638 holler_error("too many output retries");
642 rr = write(STDOUT_FILENO, np, rnleft);
644 if (o_ofile) /* log the stdout */
645 oprint('<', (unsigned char *)np, rr);
646 np += rr; /* fix up ptrs and whatnot */
647 rnleft -= rr; /* will get sanity-checked above */
648 wrote_out += rr; /* global count */
650 Debug("wrote %d to stdout, errno %d", rr, errno);
653 if (o_interval) /* in "slowly" mode ?? */
654 rr = findline(zp, rzleft);
657 rr = write(netfd, zp, rr); /* one line, or the whole buffer */
659 if (o_ofile) /* log what got sent */
660 oprint('>', (unsigned char *)zp, rr);
663 wrote_net += rr; /* global count */
665 Debug("wrote %d to net, errno %d", rr, errno);
667 if (o_interval) { /* cycle between slow lines, or ... */
669 errno = 0; /* clear from sleep */
670 continue; /* ...with hairy select loop... */
672 if ((rzleft) || (rnleft)) { /* shovel that shit till they ain't */
673 wretry--; /* none left, and get another load */
676 } /* while ding1:netfd is open */
678 /* XXX: maybe want a more graceful shutdown() here, or screw around with
679 linger times?? I suspect that I don't need to since I'm always doing
680 blocking reads and writes and my own manual "last ditch" efforts to read
681 the net again after a timeout. I haven't seen any screwups yet, but it's
682 not like my test network is particularly busy... */
687 /* main: now we pull it all together... */
688 int nc_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
689 int nc_main(int argc UNUSED_PARAM, char **argv)
692 IF_NC_EXTRA(char *str_i, *str_o;)
693 char *themdotted = themdotted; /* gcc */
696 unsigned o_lport = 0;
700 /* catch a signal or two for cleanup */
706 /* and suppress others... */
711 + (1 << SIGPIPE) /* important! */
716 if (strcmp(*proggie, "-e") == 0) {
725 // -g -G -t -r deleted, unimplemented -a deleted too
726 opt_complementary = "?2:vv:w+"; /* max 2 params; -v is a counter; -w N */
727 getopt32(argv, "hnp:s:uvw:" IF_NC_SERVER("l")
728 IF_NC_EXTRA("i:o:z"),
729 &str_p, &str_s, &o_wait
730 IF_NC_EXTRA(, &str_i, &str_o, &o_verbose));
733 if (option_mask32 & OPT_i) /* line-interval time */
734 o_interval = xatou_range(str_i, 1, 0xffff);
736 //if (option_mask32 & OPT_l) /* listen mode */
737 //if (option_mask32 & OPT_n) /* numeric-only, no DNS lookups */
738 //if (option_mask32 & OPT_o) /* hexdump log */
739 if (option_mask32 & OPT_p) { /* local source port */
740 o_lport = bb_lookup_port(str_p, o_udpmode ? "udp" : "tcp", 0);
742 bb_error_msg_and_die("bad local port '%s'", str_p);
744 //if (option_mask32 & OPT_r) /* randomize various things */
745 //if (option_mask32 & OPT_u) /* use UDP */
746 //if (option_mask32 & OPT_v) /* verbose */
747 //if (option_mask32 & OPT_w) /* wait time */
748 //if (option_mask32 & OPT_z) /* little or no data xfer */
750 /* We manage our fd's so that they are never 0,1,2 */
751 /*bb_sanitize_stdio(); - not needed */
754 themaddr = xhost2sockaddr(argv[0],
756 ? bb_lookup_port(argv[1], o_udpmode ? "udp" : "tcp", 0)
760 /* create & bind network socket */
761 x = (o_udpmode ? SOCK_DGRAM : SOCK_STREAM);
762 if (option_mask32 & OPT_s) { /* local address */
763 /* if o_lport is still 0, then we will use random port */
764 ouraddr = xhost2sockaddr(str_s, o_lport);
766 /* prevent spurious "UDP listen needs !0 port" */
767 o_lport = get_nport(ouraddr);
768 o_lport = ntohs(o_lport);
770 x = xsocket(ouraddr->u.sa.sa_family, x, 0);
772 /* We try IPv6, then IPv4, unless addr family is
773 * implicitly set by way of remote addr/port spec */
774 x = xsocket_type(&ouraddr,
775 (themaddr ? themaddr->u.sa.sa_family : AF_UNSPEC),
778 set_nport(ouraddr, htons(o_lport));
781 setsockopt_reuseaddr(netfd);
783 socket_want_pktinfo(netfd);
784 if (!ENABLE_FEATURE_UNIX_LOCAL
786 || ouraddr->u.sa.sa_family != AF_UNIX
788 xbind(netfd, &ouraddr->u.sa, ouraddr->len);
791 setsockopt(netfd, SOL_SOCKET, SO_RCVBUF, &o_rcvbuf, sizeof o_rcvbuf);
792 setsockopt(netfd, SOL_SOCKET, SO_SNDBUF, &o_sndbuf, sizeof o_sndbuf);
796 if (OPT_l && (option_mask32 & (OPT_u|OPT_l)) == (OPT_u|OPT_l)) {
797 /* apparently UDP can listen ON "port 0",
798 but that's not useful */
800 bb_error_msg_and_die("UDP listen needs nonzero -p port");
804 FD_SET(STDIN_FILENO, &ding1); /* stdin *is* initially open */
806 close(0); /* won't need stdin */
807 option_mask32 &= ~OPT_o; /* -o with -e is meaningless! */
811 xmove_fd(xopen(str_o, O_WRONLY|O_CREAT|O_TRUNC), ofd);
816 /* dolisten does its own connect reporting */
817 if (proggie) /* -e given? */
819 x = readwrite(); /* it even works with UDP! */
821 /* Outbound connects. Now we're more picky about args... */
823 bb_error_msg_and_die("no destination");
827 themdotted = xmalloc_sockaddr2dotted(&themaddr->u.sa);
829 x = connect_w_timeout(netfd);
830 if (o_zero && x == 0 && o_udpmode) /* if UDP scanning... */
832 if (x == 0) { /* Yow, are we OPEN YET?! */
834 fprintf(stderr, "%s (%s) open\n", argv[0], themdotted);
835 if (proggie) /* exec is valid for outbound, too */
839 } else { /* connect or udptest wasn't successful */
840 x = 1; /* exit status */
841 /* if we're scanning at a "one -v" verbosity level, don't print refusals.
842 Give it another -v if you want to see everything. */
843 if (o_verbose > 1 || (o_verbose && errno != ECONNREFUSED))
844 bb_perror_msg("%s (%s)", argv[0], themdotted);
847 if (o_verbose > 1) /* normally we don't care */
848 fprintf(stderr, SENT_N_RECV_M, wrote_net, wrote_out);