-S enables tcp md5 signature option; ok deraadt@, mcbride@

author: markus <> 2004-01-22 13:28:46 +0000
committer: markus <> 2004-01-22 13:28:46 +0000
commit: 25065dc9542519de5f238f16c84ba1d8864ec13b (patch)
tree: d880df63e932001570f866e80f21ba6811110443 /src/usr.bin
parent: 9d8f0334912497dc64a4c98c61e586a9caeccac8 (diff)
download: openbsd-25065dc9542519de5f238f16c84ba1d8864ec13b.tar.gz
openbsd-25065dc9542519de5f238f16c84ba1d8864ec13b.tar.bz2
openbsd-25065dc9542519de5f238f16c84ba1d8864ec13b.zip
2 files changed, 25 insertions, 6 deletions
diff --git a/src/usr.bin/nc/nc.1 b/src/usr.bin/nc/nc.1
index 29f506945c..5bf4480433 100644
--- a/src/usr.bin/nc/nc.1
+++ b/src/usr.bin/nc/nc.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: nc.1,v 1.26 2003/09/05 16:54:07 jmc Exp $
+.\"     $OpenBSD: nc.1,v 1.27 2004/01/22 13:28:46 markus Exp $
 .\"
 .\" Copyright (c) 1996 David Sacerdote
 .\" All rights reserved.
@@ -33,7 +33,7 @@
 .Nd "arbitrary TCP and UDP connections and listens"
 .Sh SYNOPSIS
 .Nm nc
-.Op Fl 46hklnrtuvzU
+.Op Fl 46hklnrtuvzSU
 .Op Fl i Ar interval
 .Op Fl p Ar source port
 .Op Fl s Ar source ip address
@@ -154,6 +154,8 @@ If port is not specified, port 1080 is used.
 Specifies that
 .Nm
 should just scan for listening daemons, without sending any data to them.
+.It Fl S
+Enables the RFC 2385 TCP MD5 signature option.
 .It Fl U
 Specifies to use Unix Domain Sockets.
 .It Fl X Ar version
diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c
index df5c44a8ce..baeb3cefd1 100644
--- a/src/usr.bin/nc/netcat.c
+++ b/src/usr.bin/nc/netcat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: netcat.c,v 1.64 2003/10/19 22:50:35 deraadt Exp $ */
+/* $OpenBSD: netcat.c,v 1.65 2004/01/22 13:28:46 markus Exp $ */
 /*
 * Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
 *
@@ -37,6 +37,7 @@
 #include <sys/un.h>
 #include <netinet/in.h>
+#include <netinet/tcp.h>
 #include <arpa/telnet.h>
 #include <err.h>
@@ -71,6 +72,7 @@ int	uflag;					/* UDP - Default to TCP */
 int     vflag;                                  /* Verbosity */
 int     xflag;                                  /* Socks proxy */
 int     zflag;                                  /* Port Scan Flag */
+int     Sflag;                                  /* TCP MD5 signature option */
 int timeout = -1;
 int family = AF_UNSPEC;
@@ -111,7 +113,7 @@ main(int argc, char *argv[])
        endp = NULL;
        sv = NULL;
-        while ((ch = getopt(argc, argv, "46UX:hi:klnp:rs:tuvw:x:z")) != -1) {
+        while ((ch = getopt(argc, argv, "46UX:hi:klnp:rs:tuvw:x:zS")) != -1) {
                switch (ch) {
                case '4':
                        family = AF_INET;
@@ -178,6 +180,9 @@ main(int argc, char *argv[])
                case 'z':
                        zflag = 1;
                        break;
+                case 'S':
+                        Sflag = 1;
+                        break;
                default:
                        usage(1);
                }
@@ -437,7 +442,7 @@ int
 remote_connect(char *host, char *port, struct addrinfo hints)
 {
        struct addrinfo *res, *res0;
-        int s, error;
+        int s, error, x = 1;
        if ((error = getaddrinfo(host, port, &hints, &res)))
                errx(1, "getaddrinfo: %s", gai_strerror(error));
@@ -472,6 +477,11 @@ remote_connect(char *host, char *port, struct addrinfo hints)
                                errx(1, "bind failed: %s", strerror(errno));
                        freeaddrinfo(ares);
                }
+                if (Sflag) {
+                        if (setsockopt(s, IPPROTO_TCP, TCP_SIGNATURE_ENABLE,
+                            &x, sizeof(x)) == -1)
+                                err(1, NULL);
+                }
                if (connect(s, res0->ai_addr, res0->ai_addrlen) == 0)
                        break;
@@ -519,6 +529,12 @@ local_listen(char *host, char *port, struct addrinfo hints)
                ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x));
                if (ret == -1)
                        err(1, NULL);
+                if (Sflag) {
+                        ret = setsockopt(s, IPPROTO_TCP, TCP_SIGNATURE_ENABLE,
+                            &x, sizeof(x));
+                        if (ret == -1)
+                                err(1, NULL);
+                }
                if (bind(s, (struct sockaddr *)res0->ai_addr,
                    res0->ai_addrlen) == 0)
@@ -730,6 +746,7 @@ help(void)
        fprintf(stderr, "\tCommand Summary:\n\
        \t-4            Use IPv4\n\
        \t-6            Use IPv6\n\
+        \t-S            Enable the TCP MD5 signature option\n\
        \t-U            Use UNIX domain socket\n\
        \t-X vers\t     SOCKS version (4 or 5)\n\
        \t-h            This help text\n\
@@ -753,7 +770,7 @@ help(void)
 void
 usage(int ret)
 {
-        fprintf(stderr, "usage: nc [-46Uhklnrtuvz] [-i interval] [-p source port]\n");
+        fprintf(stderr, "usage: nc [-46SUhklnrtuvz] [-i interval] [-p source port]\n");
        fprintf(stderr, "\t  [-s ip address] [-w timeout] [-X vers] [-x proxy address [:port]]\n");
        fprintf(stderr, "\t  [hostname] [port[s...]]\n");
        if (ret)
author	markus <>	2004-01-22 13:28:46 +0000
committer	markus <>	2004-01-22 13:28:46 +0000
commit	25065dc9542519de5f238f16c84ba1d8864ec13b (patch)
tree	d880df63e932001570f866e80f21ba6811110443 /src/usr.bin
parent	9d8f0334912497dc64a4c98c61e586a9caeccac8 (diff)
download	openbsd-25065dc9542519de5f238f16c84ba1d8864ec13b.tar.gz openbsd-25065dc9542519de5f238f16c84ba1d8864ec13b.tar.bz2 openbsd-25065dc9542519de5f238f16c84ba1d8864ec13b.zip