Finish the import of nc(1) from OpenBSD. This includes:

- Bring IPsec support from the ports collection [1]. - Bring -o ("once only") option from the ports collection [2]. - Adopt the Makefile framework into usr.bin/nc/Makefile. - Add a knob to control whether to build nc(1), NO_NETCAT. - Bump __FreeBSD_version so ports collection can detect this change. Original patchset are contributed to the ports collection by: [1] nectar, [2] joerg. Note: WARNS?=6 patchset spined off in this commit, in order not to take too many files off the vendor branch.
2005-02-06 14:44:27 +00:00 · 2005-02-06 14:44:27 +00:00 · 3302f9bcc3
commit 3302f9bcc3
parent de15cfcd1d
4 changed files with 131 additions and 11 deletions
--- a/contrib/netcat/nc.1
+++ b/contrib/netcat/nc.1
@ -1,5 +1,3 @@
-.\"     $OpenBSD: nc.1,v 1.36 2005/01/07 10:11:31 jmc Exp $
-.\"
 .\" Copyright (c) 1996 David Sacerdote
 .\" All rights reserved.
 .\"
@ -25,7 +23,10 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd June 25, 2001
+.\"     $OpenBSD: nc.1,v 1.36 2005/01/07 10:11:31 jmc Exp $
+.\" $FreeBSD$
+.\"
+.Dd January 30, 2005
 .Dt NC 1
 .Os
 .Sh NAME
@ -34,7 +35,8 @@
 .Sh SYNOPSIS
 .Nm nc
 .Bk -words
-.Op Fl 46DdhklnrStUuvz
+.Op Fl 46DEdhklnorStUuvz
+.Op Fl e Ar IPsec policy
 .Op Fl i Ar interval
 .Op Fl p Ar source_port
 .Op Fl s Ar source_ip_address
@ -99,6 +101,16 @@ Do not attempt to read from stdin.
 Prints out
 .Nm
 help.
+.It Fl E
+Shortcut for "-e 'in ipsec esp/transport//require' -e 'out ipsec
+esp/transport//require'", which enables IPsec ESP transport mode in both
+directions.
+.It Fl e
+If IPsec support is available, then one can specify the IPsec policies
+to be used using the syntax described in
+.Xr ipsec_set_policy 3 .
+This flag can be specified up to two times, as typically one policy for
+each direction is needed.
 .It Fl i Ar interval
 Specifies a delay time interval between lines of text sent and received.
 Also causes a delay time between connections to multiple ports.
@ -127,6 +139,15 @@ option are ignored.
 .It Fl n
 Do not do any DNS or service lookups on any specified addresses,
 hostnames or ports.
+.It Fl o
+.Dq Once-only mode .
+By default,
+.Nm
+does not terminate on EOF condition on input,
+but continues until the network side has been closed down.
+Specifying
+.Fl o
+will make it terminate on EOF as well.
 .It Fl p Ar source_port
 Specifies the source port
 .Nm
@ -362,6 +383,12 @@ Open a UDP connection to port 53 of hostname:
 .Pp
 Open a TCP connection to port 42 of example.host using 10.1.2.3 as the
 IP for the local end of the connection:
+.It Li "nc -E example.host 42"
+Open a TCP connection to port 42 of example.host using IPsec ESP for
+incoming and outgoing traffic.
+.It Li "nc -e 'out ipsec esp/transport//require' example.host 42"
+Open a TCP connection to port 42 of example.host using IPsec ESP for
+outgoing traffic only.
 .Pp
 .Dl $ nc -s 10.1.2.3 example.host 42
 .Pp
--- a/contrib/netcat/netcat.c
+++ b/contrib/netcat/netcat.c
@ -1,4 +1,3 @@
-/* $OpenBSD: netcat.c,v 1.76 2004/12/10 16:51:31 hshoexer Exp $ */
 /*
 * Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
 *
@ -24,6 +23,9 @@
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * From: $OpenBSD: netcat.c,v 1.76 2004/12/10 16:51:31 hshoexer Exp $
+ * $FreeBSD$
 */

 /*
@ -31,12 +33,16 @@
 * *Hobbit* <hobbit@avian.org>.
 */

+#include <sys/limits.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/time.h>
 #include <sys/un.h>

 #include <netinet/in.h>
+#ifdef IPSEC
+#include <netinet6/ipsec.h>
+#endif
 #include <netinet/tcp.h>
 #include <arpa/telnet.h>

@ -60,11 +66,13 @@
 #define PORT_MAX_LEN	6

 /* Command Line Options */
+int	Eflag;					/* Use IPsec ESP */
 int	dflag;					/* detached, no stdin */
 int	iflag;					/* Interval Flag */
 int	kflag;					/* More than one connect */
 int	lflag;					/* Bind to local port */
 int	nflag;					/* Don't do name look up */
+int	oflag;					/* Once only: stop on EOF */
 char   *pflag;					/* Localport flag */
 int	rflag;					/* Random ports flag */
 char   *sflag;					/* Source Address */
@ -94,10 +102,16 @@ int	unix_connect(char *);
 int	unix_listen(char *);
 void	usage(int);

+#ifdef IPSEC
+void	add_ipsec_policy(int, char *);
+
+char	*ipsec_policy[2];
+#endif
+
 int
 main(int argc, char *argv[])
 {
-	int ch, s, ret, socksv;
+	int ch, s, ret, socksv, ipsec_count;
 	char *host, *uport, *endp;
 	struct addrinfo hints;
 	struct servent *sv;
@ -108,6 +122,7 @@ main(int argc, char *argv[])
 	struct addrinfo proxyhints;

 	ret = 1;
+	ipsec_count = 0;
 	s = 0;
 	socksv = 5;
 	host = NULL;
@ -115,7 +130,7 @@ main(int argc, char *argv[])
 	endp = NULL;
 	sv = NULL;

-	while ((ch = getopt(argc, argv, "46Ddhi:klnp:rSs:tUuvw:X:x:z")) != -1) {
+	while ((ch = getopt(argc, argv, "46e:DEdhi:klnop:rSs:tUuvw:X:x:z")) != -1) {
 		switch (ch) {
 		case '4':
 			family = AF_INET;
@ -139,6 +154,21 @@ main(int argc, char *argv[])
 		case 'd':
 			dflag = 1;
 			break;
+		case 'e':
+#ifdef IPSEC
+			ipsec_policy[ipsec_count++ % 2] = optarg;
+#else
+			errx(1, "IPsec support unavailable.");
+#endif
+			break;
+		case 'E':
+#ifdef IPSEC
+			ipsec_policy[0] = "in  ipsec esp/transport//require";
+			ipsec_policy[1] = "out ipsec esp/transport//require";
+#else
+			errx(1, "IPsec support unavailable.");
+#endif
+			break;
 		case 'h':
 			help();
 			break;
@ -156,6 +186,9 @@ main(int argc, char *argv[])
 		case 'n':
 			nflag = 1;
 			break;
+		case 'o':
+			oflag = 1;
+			break;
 		case 'p':
 			pflag = optarg;
 			break;
@ -465,6 +498,12 @@ remote_connect(char *host, char *port, struct addrinfo hints)
 		if ((s = socket(res0->ai_family, res0->ai_socktype,
 		    res0->ai_protocol)) < 0)
 			continue;
+#ifdef IPSEC
+		if (ipsec_policy[0] != NULL)
+			add_ipsec_policy(s, ipsec_policy[0]);
+		if (ipsec_policy[1] != NULL)
+			add_ipsec_policy(s, ipsec_policy[1]);
+#endif

 		/* Bind to a local port or source address if specified. */
 		if (sflag || pflag) {
@ -550,6 +589,12 @@ local_listen(char *host, char *port, struct addrinfo hints)
 		ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x));
 		if (ret == -1)
 			err(1, NULL);
+#ifdef IPSEC
+		if (ipsec_policy[0] != NULL)
+			add_ipsec_policy(s, ipsec_policy[0]);
+		if (ipsec_policy[1] != NULL)
+			add_ipsec_policy(s, ipsec_policy[1]);
+#endif
 		if (Sflag) {
 			ret = setsockopt(s, IPPROTO_TCP, TCP_MD5SIG,
 			    &x, sizeof(x));
@ -629,9 +674,10 @@ readwrite(int nfd)
 		}

 		if (!dflag && pfd[1].revents & POLLIN) {
-			if ((n = read(wfd, buf, sizeof(buf))) < 0)
+			if ((n = read(wfd, buf, sizeof(buf))) < 0 ||
+			    (oflag && n == 0)) {
 				return;
-			else if (n == 0) {
+			} else if (n == 0) {
 				shutdown(nfd, SHUT_WR);
 				pfd[1].fd = -1;
 				pfd[1].events = 0;
@ -767,7 +813,13 @@ help(void)
 	usage(0);
 	fprintf(stderr, "\tCommand Summary:\n\
 	\t-4		Use IPv4\n\
-	\t-6		Use IPv6\n\
+	\t-6            Use IPv6\n");
+#ifdef IPSEC
+	fprintf(stderr, "\
+	\t-e policy     Use specified IPsec policy\n\
+	\t-E            Use IPsec ESP\n");
+#endif
+	fprintf(stderr, "\
 	\t-D		Enable the debug socket option\n\
 	\t-d		Detach from stdin\n\
 	\t-h		This help text\n\
@ -788,13 +840,43 @@ help(void)
 	\t-x addr[:port]\tSpecify proxy address and port\n\
 	\t-z		Zero-I/O mode [used for scanning]\n\
 	Port numbers can be individual or ranges: lo-hi [inclusive]\n");
+#ifdef IPSEC
+	fprintf(stderr, "See ipsec_set_policy(3) for -e argument format\n");
+#endif
 	exit(1);
 }

+#ifdef IPSEC
+void
+add_ipsec_policy(int s, char *policy)
+{
+	char *raw;
+	int e;
+
+	raw = ipsec_set_policy(policy, strlen(policy));
+	if (raw == NULL)
+		errx(1, "ipsec_set_policy `%s': %s", policy,
+		     ipsec_strerror());
+	e = setsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY, raw,
+			ipsec_get_policylen(raw));
+	if (e < 0)
+		err(1, "ipsec policy cannot be configured");
+	free(raw);
+	if (vflag)
+		fprintf(stderr, "ipsec policy configured: `%s'\n", policy);
+	return;
+}
+#endif /* IPSEC */
+
 void
 usage(int ret)
 {
+
+#ifdef IPSEC
+	fprintf(stderr, "usage: nc [-46DEdhklnrStUuvz] [-e policy] [-i interval] [-p source_port]\n");
+#else
 	fprintf(stderr, "usage: nc [-46DdhklnrStUuvz] [-i interval] [-p source_port]\n");
+#endif
 	fprintf(stderr, "\t  [-s source_ip_address] [-w timeout] [-X proxy_version]\n");
 	fprintf(stderr, "\t  [-x proxy_address[:port]] [hostname] [port[s]]\n");
 	if (ret)
--- a/sys/sys/param.h
+++ b/sys/sys/param.h
@ -57,7 +57,7 @@
 *		is created, otherwise 1.
 */
 #undef __FreeBSD_version
-#define __FreeBSD_version 600009	/* Master, propagated to newvers */
+#define __FreeBSD_version 600010	/* Master, propagated to newvers */

 #ifndef LOCORE
 #include <sys/types.h>
--- a/usr.bin/nc/Makefile
+++ b/usr.bin/nc/Makefile
@ -0,0 +1,11 @@
+# $FreeBSD$
+
+.PATH:	${.CURDIR}/../../contrib/netcat
+
+PROG=	nc
+SRCS=	netcat.c atomicio.c socks.c
+
+CFLAGS+=-DIPSEC
+LDADD+=	-lipsec
+
+.include <bsd.prog.mk>