diff --git a/.gitignore b/.gitignore index 353b48d..499205f 100644 --- a/.gitignore +++ b/.gitignore @@ -111,6 +111,7 @@ include/pqueue.h include/tls.h include/openssl/*.h +!/apps/nc/readpassphrase.c /apps/nc/*.h /apps/nc/*.c /apps/nc/nc* diff --git a/apps/nc/Makefile.am b/apps/nc/Makefile.am index 916681b..89fe266 100644 --- a/apps/nc/Makefile.am +++ b/apps/nc/Makefile.am @@ -1,8 +1,6 @@ include $(top_srcdir)/Makefile.am.common -if HOST_OPENBSD - -if HAVE_POLL +if BUILD_NC noinst_PROGRAMS = nc @@ -11,15 +9,26 @@ EXTRA_DIST = nc.1 nc_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD) nc_LDADD += $(top_builddir)/tls/libtls.la +CPPFLAGS += -I$(top_srcdir)/apps/nc/compat + nc_SOURCES = atomicio.c nc_SOURCES += netcat.c nc_SOURCES += socks.c noinst_HEADERS = atomicio.h +noinst_HEADERS += compat/sys/socket.h + +nc_SOURCES += compat/socket.c + +if !HAVE_ACCEPT4 +nc_SOURCES += compat/accept4.c +endif + +if !HAVE_READPASSPHRASE +nc_SOURCES += compat/readpassphrase.c +endif if !HAVE_STRTONUM -nc_SOURCES += strtonum.c -endif - +nc_SOURCES += compat/strtonum.c endif endif diff --git a/apps/nc/compat/accept4.c b/apps/nc/compat/accept4.c new file mode 100644 index 0000000..278198b --- /dev/null +++ b/apps/nc/compat/accept4.c @@ -0,0 +1,17 @@ +#include +#include + +int +accept4(int s, struct sockaddr *addr, socklen_t *addrlen, int flags) +{ + int rets = accept(s, addr, addrlen); + if (rets == -1) + return s; + + if (flags & SOCK_CLOEXEC) { + flags = fcntl(s, F_GETFD); + fcntl(rets, F_SETFD, flags | FD_CLOEXEC); + } + + return rets; +} diff --git a/apps/nc/compat/readpassphrase.c b/apps/nc/compat/readpassphrase.c new file mode 100644 index 0000000..0d04134 --- /dev/null +++ b/apps/nc/compat/readpassphrase.c @@ -0,0 +1,205 @@ +/* $OpenBSD: readpassphrase.c,v 1.22 2010/01/13 10:20:54 dtucker Exp $ */ + +/* + * Copyright (c) 2000-2002, 2007 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F39502-99-1-0512. + */ + +/* OPENBSD ORIGINAL: lib/libc/gen/readpassphrase.c */ + +#include +#include +#include +#include +#include +#include +#include + +#include + +#ifndef _PATH_TTY +# define _PATH_TTY "/dev/tty" +#endif + +#ifdef TCSASOFT +# define _T_FLUSH (TCSAFLUSH|TCSASOFT) +#else +# define _T_FLUSH (TCSAFLUSH) +#endif + +/* SunOS 4.x which lacks _POSIX_VDISABLE, but has VDISABLE */ +#if !defined(_POSIX_VDISABLE) && defined(VDISABLE) +# define _POSIX_VDISABLE VDISABLE +#endif + +#ifndef _NSIG +# ifdef NSIG +# define _NSIG NSIG +# else +# define _NSIG 128 +# endif +#endif + +static volatile sig_atomic_t signo[_NSIG]; + +static void handler(int); + +char * +readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags) +{ + ssize_t bytes_written = 0; + ssize_t nr; + int input, output, save_errno, i, need_restart; + char ch, *p, *end; + struct termios term, oterm; + struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm; + struct sigaction savetstp, savettin, savettou, savepipe; + + /* I suppose we could alloc on demand in this case (XXX). */ + if (bufsiz == 0) { + errno = EINVAL; + return(NULL); + } + +restart: + for (i = 0; i < _NSIG; i++) + signo[i] = 0; + nr = -1; + save_errno = 0; + need_restart = 0; + /* + * Read and write to /dev/tty if available. If not, read from + * stdin and write to stderr unless a tty is required. + */ + if ((flags & RPP_STDIN) || + (input = output = open(_PATH_TTY, O_RDWR)) == -1) { + if (flags & RPP_REQUIRE_TTY) { + errno = ENOTTY; + return(NULL); + } + input = STDIN_FILENO; + output = STDERR_FILENO; + } + + /* + * Catch signals that would otherwise cause the user to end + * up with echo turned off in the shell. Don't worry about + * things like SIGXCPU and SIGVTALRM for now. + */ + sigemptyset(&sa.sa_mask); + sa.sa_flags = 0; /* don't restart system calls */ + sa.sa_handler = handler; + (void)sigaction(SIGALRM, &sa, &savealrm); + (void)sigaction(SIGHUP, &sa, &savehup); + (void)sigaction(SIGINT, &sa, &saveint); + (void)sigaction(SIGPIPE, &sa, &savepipe); + (void)sigaction(SIGQUIT, &sa, &savequit); + (void)sigaction(SIGTERM, &sa, &saveterm); + (void)sigaction(SIGTSTP, &sa, &savetstp); + (void)sigaction(SIGTTIN, &sa, &savettin); + (void)sigaction(SIGTTOU, &sa, &savettou); + + /* Turn off echo if possible. */ + if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) { + memcpy(&term, &oterm, sizeof(term)); + if (!(flags & RPP_ECHO_ON)) + term.c_lflag &= ~(ECHO | ECHONL); +#ifdef VSTATUS + if (term.c_cc[VSTATUS] != _POSIX_VDISABLE) + term.c_cc[VSTATUS] = _POSIX_VDISABLE; +#endif + (void)tcsetattr(input, _T_FLUSH, &term); + } else { + memset(&term, 0, sizeof(term)); + term.c_lflag |= ECHO; + memset(&oterm, 0, sizeof(oterm)); + oterm.c_lflag |= ECHO; + } + + /* No I/O if we are already backgrounded. */ + if (signo[SIGTTOU] != 1 && signo[SIGTTIN] != 1) { + if (!(flags & RPP_STDIN)) + bytes_written = write(output, prompt, strlen(prompt)); + end = buf + bufsiz - 1; + p = buf; + while ((nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') { + if (p < end) { + if ((flags & RPP_SEVENBIT)) + ch &= 0x7f; + if (isalpha(ch)) { + if ((flags & RPP_FORCELOWER)) + ch = (char)tolower(ch); + if ((flags & RPP_FORCEUPPER)) + ch = (char)toupper(ch); + } + *p++ = ch; + } + } + *p = '\0'; + save_errno = errno; + if (!(term.c_lflag & ECHO)) + bytes_written = write(output, "\n", 1); + } + + (void) bytes_written; + + /* Restore old terminal settings and signals. */ + if (memcmp(&term, &oterm, sizeof(term)) != 0) { + while (tcsetattr(input, _T_FLUSH, &oterm) == -1 && + errno == EINTR) + continue; + } + (void)sigaction(SIGALRM, &savealrm, NULL); + (void)sigaction(SIGHUP, &savehup, NULL); + (void)sigaction(SIGINT, &saveint, NULL); + (void)sigaction(SIGQUIT, &savequit, NULL); + (void)sigaction(SIGPIPE, &savepipe, NULL); + (void)sigaction(SIGTERM, &saveterm, NULL); + (void)sigaction(SIGTSTP, &savetstp, NULL); + (void)sigaction(SIGTTIN, &savettin, NULL); + (void)sigaction(SIGTTOU, &savettou, NULL); + if (input != STDIN_FILENO) + (void)close(input); + + /* + * If we were interrupted by a signal, resend it to ourselves + * now that we have restored the signal handlers. + */ + for (i = 0; i < _NSIG; i++) { + if (signo[i]) { + kill(getpid(), i); + switch (i) { + case SIGTSTP: + case SIGTTIN: + case SIGTTOU: + need_restart = 1; + } + } + } + if (need_restart) + goto restart; + + if (save_errno) + errno = save_errno; + return(nr == -1 ? NULL : buf); +} + +static void handler(int s) +{ + signo[s] = 1; +} diff --git a/apps/nc/compat/socket.c b/apps/nc/compat/socket.c new file mode 100644 index 0000000..fd699f9 --- /dev/null +++ b/apps/nc/compat/socket.c @@ -0,0 +1,29 @@ +#define SOCKET_FLAGS_PRIV + +#include + +#ifdef NEED_SOCKET_FLAGS + +#include + +int +_socket(int domain, int type, int protocol) +{ + int s = socket(domain, type & ~(SOCK_CLOEXEC | SOCK_NONBLOCK), protocol); + int flags; + if (s == -1) + return s; + + if (type & SOCK_CLOEXEC) { + flags = fcntl(s, F_GETFD); + fcntl(s, F_SETFD, flags | FD_CLOEXEC); + } + + if (type & SOCK_NONBLOCK) { + flags = fcntl(s, F_GETFL); + fcntl(s, F_SETFL, flags | O_NONBLOCK); + } + return s; +} + +#endif diff --git a/apps/nc/compat/strtonum.c b/apps/nc/compat/strtonum.c new file mode 100644 index 0000000..1aeee34 --- /dev/null +++ b/apps/nc/compat/strtonum.c @@ -0,0 +1,65 @@ +/* $OpenBSD: strtonum.c,v 1.7 2013/04/17 18:40:58 tedu Exp $ */ + +/* + * Copyright (c) 2004 Ted Unangst and Todd Miller + * All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include + +#define INVALID 1 +#define TOOSMALL 2 +#define TOOLARGE 3 + +long long +strtonum(const char *numstr, long long minval, long long maxval, + const char **errstrp) +{ + long long ll = 0; + int error = 0; + char *ep; + struct errval { + const char *errstr; + int err; + } ev[4] = { + { NULL, 0 }, + { "invalid", EINVAL }, + { "too small", ERANGE }, + { "too large", ERANGE }, + }; + + ev[0].err = errno; + errno = 0; + if (minval > maxval) { + error = INVALID; + } else { + ll = strtoll(numstr, &ep, 10); + if (numstr == ep || *ep != '\0') + error = INVALID; + else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval) + error = TOOSMALL; + else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval) + error = TOOLARGE; + } + if (errstrp != NULL) + *errstrp = ev[error].errstr; + errno = ev[error].err; + if (error) + ll = 0; + + return (ll); +} diff --git a/apps/nc/compat/sys/socket.h b/apps/nc/compat/sys/socket.h new file mode 100644 index 0000000..13eb380 --- /dev/null +++ b/apps/nc/compat/sys/socket.h @@ -0,0 +1,31 @@ +/* + * Public domain + * sys/socket.h compatibility shim + */ + +#ifndef _WIN32 +#include_next + +#if !defined(SOCK_NONBLOCK) || !defined(SOCK_CLOEXEC) +#define NEED_SOCKET_FLAGS +int _socket(int domain, int type, int protocol); +#ifndef SOCKET_FLAGS_PRIV +#define socket(d, t, p) _socket(d, t, p) +#endif +#endif + +#ifndef SOCK_NONBLOCK +#define SOCK_NONBLOCK 0x4000 /* set O_NONBLOCK */ +#endif + +#ifndef SOCK_CLOEXEC +#define SOCK_CLOEXEC 0x8000 /* set FD_CLOEXEC */ +#endif + +#ifndef HAVE_ACCEPT4 +int accept4(int s, struct sockaddr *addr, socklen_t *addrlen, int flags); +#endif + +#else +#include +#endif diff --git a/configure.ac b/configure.ac index 09bc9f1..9f3d636 100644 --- a/configure.ac +++ b/configure.ac @@ -52,8 +52,6 @@ CHECK_LIBC_COMPAT CHECK_LIBC_CRYPTO_COMPAT CHECK_VA_COPY -AC_CHECK_HEADERS([err.h]) - AC_ARG_WITH([openssldir], AS_HELP_STRING([--with-openssldir], [Set the default openssl directory]), diff --git a/include/Makefile.am b/include/Makefile.am index 3978af7..929ff7d 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -23,6 +23,7 @@ noinst_HEADERS += compat/arpa/nameser.h noinst_HEADERS += compat/machine/endian.h noinst_HEADERS += compat/netinet/in.h +noinst_HEADERS += compat/netinet/ip.h noinst_HEADERS += compat/netinet/tcp.h noinst_HEADERS += compat/sys/cdefs.h @@ -31,7 +32,6 @@ noinst_HEADERS += compat/sys/mman.h noinst_HEADERS += compat/sys/param.h noinst_HEADERS += compat/sys/select.h noinst_HEADERS += compat/sys/stat.h -noinst_HEADERS += compat/sys/socket.h noinst_HEADERS += compat/sys/time.h noinst_HEADERS += compat/sys/types.h noinst_HEADERS += compat/sys/uio.h diff --git a/include/compat/netinet/ip.h b/include/compat/netinet/ip.h new file mode 100644 index 0000000..405bbcf --- /dev/null +++ b/include/compat/netinet/ip.h @@ -0,0 +1,43 @@ +/* + * Public domain + * netinet/ip.h compatibility shim + */ + +#ifndef _WIN32 +#include_next +#else +#include +#endif + +/* + * Definitions for DiffServ Codepoints as per RFC2474 + */ +#ifndef IPTOS_DSCP_CS0 +#define IPTOS_DSCP_CS0 0x00 +#define IPTOS_DSCP_CS1 0x20 +#define IPTOS_DSCP_CS2 0x40 +#define IPTOS_DSCP_CS3 0x60 +#define IPTOS_DSCP_CS4 0x80 +#define IPTOS_DSCP_CS5 0xa0 +#define IPTOS_DSCP_CS6 0xc0 +#define IPTOS_DSCP_CS7 0xe0 +#endif + +#ifndef IPTOS_DSCP_AF11 +#define IPTOS_DSCP_AF11 0x28 +#define IPTOS_DSCP_AF12 0x30 +#define IPTOS_DSCP_AF13 0x38 +#define IPTOS_DSCP_AF21 0x48 +#define IPTOS_DSCP_AF22 0x50 +#define IPTOS_DSCP_AF23 0x58 +#define IPTOS_DSCP_AF31 0x68 +#define IPTOS_DSCP_AF32 0x70 +#define IPTOS_DSCP_AF33 0x78 +#define IPTOS_DSCP_AF41 0x88 +#define IPTOS_DSCP_AF42 0x90 +#define IPTOS_DSCP_AF43 0x98 +#endif + +#ifndef IPTOS_DSCP_EF +#define IPTOS_DSCP_EF 0xb8 +#endif diff --git a/include/compat/readpassphrase.h b/include/compat/readpassphrase.h new file mode 100644 index 0000000..aedf16c --- /dev/null +++ b/include/compat/readpassphrase.h @@ -0,0 +1,48 @@ +/* $OpenBSD: readpassphrase.h,v 1.5 2003/06/17 21:56:23 millert Exp $ */ + +/* + * Copyright (c) 2000, 2002 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F39502-99-1-0512. + */ + +#ifdef HAVE_READPASSPHRASE_H + +#include_next + +#else + +#ifndef _READPASSPHRASE_H_ +#define _READPASSPHRASE_H_ + +#define RPP_ECHO_OFF 0x00 /* Turn off echo (default). */ +#define RPP_ECHO_ON 0x01 /* Leave echo on. */ +#define RPP_REQUIRE_TTY 0x02 /* Fail if there is no tty. */ +#define RPP_FORCELOWER 0x04 /* Force input to lower case. */ +#define RPP_FORCEUPPER 0x08 /* Force input to upper case. */ +#define RPP_SEVENBIT 0x10 /* Strip the high bit from input. */ +#define RPP_STDIN 0x20 /* Read from stdin, not /dev/tty */ + +#include + +__BEGIN_DECLS +char * readpassphrase(const char *, char *, size_t, int); +__END_DECLS + +#endif /* !_READPASSPHRASE_H_ */ + +#endif diff --git a/include/compat/sys/socket.h b/include/compat/sys/socket.h deleted file mode 100644 index 17e84f1..0000000 --- a/include/compat/sys/socket.h +++ /dev/null @@ -1,10 +0,0 @@ -/* - * Public domain - * sys/socket.h compatibility shim - */ - -#ifndef _WIN32 -#include_next -#else -#include -#endif diff --git a/m4/check-libc.m4 b/m4/check-libc.m4 index f1ba611..c189ac9 100644 --- a/m4/check-libc.m4 +++ b/m4/check-libc.m4 @@ -1,11 +1,15 @@ AC_DEFUN([CHECK_LIBC_COMPAT], [ +# Check for libc headers +AC_CHECK_HEADERS([err.h readpassphrase.h]) # Check for general libc functions -AC_CHECK_FUNCS([asprintf inet_pton memmem poll reallocarray]) +AC_CHECK_FUNCS([accept4 asprintf inet_pton memmem poll readpassphrase reallocarray]) AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strsep strtonum]) +AM_CONDITIONAL([HAVE_ACCEPT4], [test "x$ac_cv_func_accept4" = xyes]) AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes]) AM_CONDITIONAL([HAVE_INET_PTON], [test "x$ac_cv_func_inet_pton" = xyes]) AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes]) AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes]) +AM_CONDITIONAL([HAVE_READPASSPHRASE], [test "x$ac_cv_func_readpassphrase" = xyes]) AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes]) AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes]) AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes]) diff --git a/m4/check-os-options.m4 b/m4/check-os-options.m4 index 895d22b..9835cd8 100644 --- a/m4/check-os-options.m4 +++ b/m4/check-os-options.m4 @@ -15,8 +15,10 @@ case $host_os in HOST_OS=cygwin ;; *darwin*) + BUILD_NC=yes HOST_OS=darwin HOST_ABI=macosx + AC_SUBST([PROG_LDADD], ['-lresolv']) ;; *freebsd*) HOST_OS=freebsd @@ -34,15 +36,18 @@ case $host_os in AC_SUBST([PLATFORM_LDADD], ['-lpthread']) ;; *linux*) + BUILD_NC=yes HOST_OS=linux HOST_ABI=elf CPPFLAGS="$CPPFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE" + AC_SUBST([PROG_LDADD], ['-lresolv']) ;; *netbsd*) HOST_OS=netbsd CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" ;; *openbsd* | *bitrig*) + BUILD_NC=yes HOST_OS=openbsd HOST_ABI=elf AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD gcc has bounded]) @@ -66,6 +71,7 @@ case $host_os in *) ;; esac +AM_CONDITIONAL([BUILD_NC], [test x$BUILD_NC = xyes]) AM_CONDITIONAL([HOST_AIX], [test x$HOST_OS = xaix]) AM_CONDITIONAL([HOST_CYGWIN], [test x$HOST_OS = xcygwin]) AM_CONDITIONAL([HOST_DARWIN], [test x$HOST_OS = xdarwin]) diff --git a/patches/netcat.c.patch b/patches/netcat.c.patch new file mode 100644 index 0000000..c5206f6 --- /dev/null +++ b/patches/netcat.c.patch @@ -0,0 +1,137 @@ +--- apps/nc/netcat.c.orig Sun Sep 13 08:12:39 2015 ++++ apps/nc/netcat.c Sun Sep 13 16:39:51 2015 +@@ -98,9 +98,13 @@ + int Dflag; /* sodebug */ + int Iflag; /* TCP receive buffer size */ + int Oflag; /* TCP send buffer size */ ++#ifdef TCP_MD5SIG + int Sflag; /* TCP MD5 signature option */ ++#endif + int Tflag = -1; /* IP Type of Service */ ++#ifdef SO_RTABLE + int rtableid = -1; ++#endif + + int usetls; /* use TLS */ + char *Cflag; /* Public cert file */ +@@ -150,7 +154,7 @@ + struct servent *sv; + socklen_t len; + struct sockaddr_storage cliaddr; +- char *proxy; ++ char *proxy = NULL; + const char *errstr, *proxyhost = "", *proxyport = NULL; + struct addrinfo proxyhints; + char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE]; +@@ -251,12 +255,14 @@ + case 'u': + uflag = 1; + break; ++#ifdef SO_RTABLE + case 'V': + rtableid = (int)strtonum(optarg, 0, + RT_TABLEID_MAX, &errstr); + if (errstr) + errx(1, "rtable %s: %s", errstr, optarg); + break; ++#endif + case 'v': + vflag = 1; + break; +@@ -289,9 +295,11 @@ + errx(1, "TCP send window %s: %s", + errstr, optarg); + break; ++#ifdef TCP_MD5SIG + case 'S': + Sflag = 1; + break; ++#endif + case 'T': + errstr = NULL; + errno = 0; +@@ -776,7 +784,10 @@ + remote_connect(const char *host, const char *port, struct addrinfo hints) + { + struct addrinfo *res, *res0; +- int s, error, on = 1; ++ int s, error; ++#ifdef SO_BINDANY ++ int on = 1; ++#endif + + if ((error = getaddrinfo(host, port, &hints, &res))) + errx(1, "getaddrinfo: %s", gai_strerror(error)); +@@ -787,16 +798,20 @@ + SOCK_NONBLOCK, res0->ai_protocol)) < 0) + continue; + ++#ifdef SO_RTABLE + if (rtableid >= 0 && (setsockopt(s, SOL_SOCKET, SO_RTABLE, + &rtableid, sizeof(rtableid)) == -1)) + err(1, "setsockopt SO_RTABLE"); ++#endif + + /* Bind to a local port or source address if specified. */ + if (sflag || pflag) { + struct addrinfo ahints, *ares; + ++#ifdef SO_BINDANY + /* try SO_BINDANY, but don't insist */ + setsockopt(s, SOL_SOCKET, SO_BINDANY, &on, sizeof(on)); ++#endif + memset(&ahints, 0, sizeof(struct addrinfo)); + ahints.ai_family = res0->ai_family; + ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM; +@@ -887,9 +902,11 @@ + res0->ai_protocol)) < 0) + continue; + ++#ifdef SO_RTABLE + if (rtableid >= 0 && (setsockopt(s, SOL_SOCKET, SO_RTABLE, + &rtableid, sizeof(rtableid)) == -1)) + err(1, "setsockopt SO_RTABLE"); ++#endif + + ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x)); + if (ret == -1) +@@ -1337,11 +1354,13 @@ + { + int x = 1; + ++#ifdef TCP_MD5SIG + if (Sflag) { + if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG, + &x, sizeof(x)) == -1) + err(1, NULL); + } ++#endif + if (Dflag) { + if (setsockopt(s, SOL_SOCKET, SO_DEBUG, + &x, sizeof(x)) == -1) +@@ -1516,15 +1535,19 @@ + \t-P proxyuser\tUsername for proxy authentication\n\ + \t-p port\t Specify local port for remote connects\n\ + \t-R CAfile CA bundle\n\ +- \t-r Randomize remote ports\n\ +- \t-S Enable the TCP MD5 signature option\n\ +- \t-s source Local source address\n\ ++ \t-r Randomize remote ports\n" ++#ifdef TCP_MD5SIG ++ "\t-S Enable the TCP MD5 signature option\n" ++#endif ++ "\t-s source Local source address\n\ + \t-T keyword TOS value or TLS options\n\ + \t-t Answer TELNET negotiation\n\ + \t-U Use UNIX domain socket\n\ +- \t-u UDP mode\n\ +- \t-V rtable Specify alternate routing table\n\ +- \t-v Verbose\n\ ++ \t-u UDP mode\n" ++#ifdef SO_RTABLE ++ "\t-V rtable Specify alternate routing table\n" ++#endif ++ "\t-v Verbose\n\ + \t-w timeout Timeout for connects and final net reads\n\ + \t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\ + \t-x addr[:port]\tSpecify proxy address and port\n\ diff --git a/update.sh b/update.sh index 83468a6..6df4290 100755 --- a/update.sh +++ b/update.sh @@ -213,7 +213,7 @@ sed -e "s/compat\///" crypto/Makefile.am.arc4random > \ echo "copying nc(1) source" $CP $app_src/nc/nc.1 apps/nc rm -f apps/nc/*.c apps/nc/*.h -$CP_LIBC $libc_src/stdlib/strtonum.c apps/nc +$CP_LIBC $libc_src/stdlib/strtonum.c apps/nc/compat for i in `awk '/SOURCES|HEADERS|MANS/ { print $3 }' apps/nc/Makefile.am` ; do if [ -e $app_src/nc/$i ]; then $CP $app_src/nc/$i apps/nc