186 lines
4.5 KiB
Diff
186 lines
4.5 KiB
Diff
--- apps/nc/netcat.c.orig Mon May 30 11:05:31 2016
|
|
+++ apps/nc/netcat.c Mon May 30 11:05:44 2016
|
|
@@ -57,6 +57,10 @@
|
|
#include <tls.h>
|
|
#include "atomicio.h"
|
|
|
|
+#ifndef IPV6_TCLASS
|
|
+#define IPV6_TCLASS -1
|
|
+#endif
|
|
+
|
|
#define PORT_MAX 65535
|
|
#define UNIX_DG_TMP_SOCKET_SIZE 19
|
|
|
|
@@ -65,7 +69,9 @@
|
|
#define POLL_NETIN 2
|
|
#define POLL_STDOUT 3
|
|
#define BUFSIZE 16384
|
|
+#ifndef DEFAULT_CA_FILE
|
|
#define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
|
|
+#endif
|
|
|
|
#define TLS_LEGACY (1 << 1)
|
|
#define TLS_NOVERIFY (1 << 2)
|
|
@@ -92,9 +98,13 @@
|
|
int Dflag; /* sodebug */
|
|
int Iflag; /* TCP receive buffer size */
|
|
int Oflag; /* TCP send buffer size */
|
|
+#ifdef TCP_MD5SIG
|
|
int Sflag; /* TCP MD5 signature option */
|
|
+#endif
|
|
int Tflag = -1; /* IP Type of Service */
|
|
+#ifdef SO_RTABLE
|
|
int rtableid = -1;
|
|
+#endif
|
|
|
|
int usetls; /* use TLS */
|
|
char *Cflag; /* Public cert file */
|
|
@@ -150,7 +160,7 @@
|
|
struct servent *sv;
|
|
socklen_t len;
|
|
struct sockaddr_storage cliaddr;
|
|
- char *proxy;
|
|
+ char *proxy = NULL;
|
|
const char *errstr, *proxyhost = "", *proxyport = NULL;
|
|
struct addrinfo proxyhints;
|
|
char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
|
|
@@ -251,12 +261,14 @@
|
|
case 'u':
|
|
uflag = 1;
|
|
break;
|
|
+#ifdef SO_RTABLE
|
|
case 'V':
|
|
rtableid = (int)strtonum(optarg, 0,
|
|
RT_TABLEID_MAX, &errstr);
|
|
if (errstr)
|
|
errx(1, "rtable %s: %s", errstr, optarg);
|
|
break;
|
|
+#endif
|
|
case 'v':
|
|
vflag = 1;
|
|
break;
|
|
@@ -289,9 +301,11 @@
|
|
errx(1, "TCP send window %s: %s",
|
|
errstr, optarg);
|
|
break;
|
|
+#ifdef TCP_MD5SIG
|
|
case 'S':
|
|
Sflag = 1;
|
|
break;
|
|
+#endif
|
|
case 'T':
|
|
errstr = NULL;
|
|
errno = 0;
|
|
@@ -315,9 +329,11 @@
|
|
argc -= optind;
|
|
argv += optind;
|
|
|
|
+#ifdef SO_RTABLE
|
|
if (rtableid >= 0)
|
|
if (setrtable(rtableid) == -1)
|
|
err(1, "setrtable");
|
|
+#endif
|
|
|
|
if (family == AF_UNIX) {
|
|
if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
|
|
@@ -469,7 +485,10 @@
|
|
errx(1, "-H and -T noverify may not be used"
|
|
"together");
|
|
tls_config_insecure_noverifycert(tls_cfg);
|
|
- }
|
|
+ } else {
|
|
+ if (Rflag && access(Rflag, R_OK) == -1)
|
|
+ errx(1, "unable to find root CA file %s", Rflag);
|
|
+ }
|
|
}
|
|
if (lflag) {
|
|
struct tls *tls_cctx = NULL;
|
|
@@ -817,7 +836,10 @@
|
|
remote_connect(const char *host, const char *port, struct addrinfo hints)
|
|
{
|
|
struct addrinfo *res, *res0;
|
|
- int s, error, on = 1;
|
|
+ int s, error;
|
|
+#ifdef SO_BINDANY
|
|
+ int on = 1;
|
|
+#endif
|
|
|
|
if ((error = getaddrinfo(host, port, &hints, &res)))
|
|
errx(1, "getaddrinfo: %s", gai_strerror(error));
|
|
@@ -832,8 +854,10 @@
|
|
if (sflag || pflag) {
|
|
struct addrinfo ahints, *ares;
|
|
|
|
+#ifdef SO_BINDANY
|
|
/* try SO_BINDANY, but don't insist */
|
|
setsockopt(s, SOL_SOCKET, SO_BINDANY, &on, sizeof(on));
|
|
+#endif
|
|
memset(&ahints, 0, sizeof(struct addrinfo));
|
|
ahints.ai_family = res0->ai_family;
|
|
ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
|
|
@@ -902,7 +926,10 @@
|
|
local_listen(char *host, char *port, struct addrinfo hints)
|
|
{
|
|
struct addrinfo *res, *res0;
|
|
- int s, ret, x = 1;
|
|
+ int s;
|
|
+#ifdef SO_REUSEPORT
|
|
+ int ret, x = 1;
|
|
+#endif
|
|
int error;
|
|
|
|
/* Allow nodename to be null. */
|
|
@@ -924,9 +951,11 @@
|
|
res0->ai_protocol)) < 0)
|
|
continue;
|
|
|
|
+#ifdef SO_REUSEPORT
|
|
ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x));
|
|
if (ret == -1)
|
|
err(1, NULL);
|
|
+#endif
|
|
|
|
set_common_sockopts(s, res0->ai_family);
|
|
|
|
@@ -1366,11 +1395,13 @@
|
|
{
|
|
int x = 1;
|
|
|
|
+#ifdef TCP_MD5SIG
|
|
if (Sflag) {
|
|
if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG,
|
|
&x, sizeof(x)) == -1)
|
|
err(1, NULL);
|
|
}
|
|
+#endif
|
|
if (Dflag) {
|
|
if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
|
|
&x, sizeof(x)) == -1)
|
|
@@ -1553,14 +1584,22 @@
|
|
\t-P proxyuser\tUsername for proxy authentication\n\
|
|
\t-p port\t Specify local port for remote connects\n\
|
|
\t-R CAfile CA bundle\n\
|
|
- \t-r Randomize remote ports\n\
|
|
- \t-S Enable the TCP MD5 signature option\n\
|
|
+ \t-r Randomize remote ports\n"
|
|
+#ifdef TCP_MD5SIG
|
|
+ "\
|
|
+ \t-S Enable the TCP MD5 signature option\n"
|
|
+#endif
|
|
+ "\
|
|
\t-s source Local source address\n\
|
|
\t-T keyword TOS value or TLS options\n\
|
|
\t-t Answer TELNET negotiation\n\
|
|
\t-U Use UNIX domain socket\n\
|
|
- \t-u UDP mode\n\
|
|
- \t-V rtable Specify alternate routing table\n\
|
|
+ \t-u UDP mode\n"
|
|
+#ifdef SO_RTABLE
|
|
+ "\
|
|
+ \t-V rtable Specify alternate routing table\n"
|
|
+#endif
|
|
+ "\
|
|
\t-v Verbose\n\
|
|
\t-w timeout Timeout for connects and final net reads\n\
|
|
\t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\
|