Nmap Development mailing list archives
Re: ncat udp
From: David Fifield <david () bamsoftware com>
Date: Fri, 27 Mar 2009 13:07:21 -0600
On Fri, Mar 27, 2009 at 12:15:48PM +0100, Marius Sturm wrote:
Now that we allow multiple connections, could you implement the --max-conns option in ncat_listen_udp? It just involves updating and checking the conn_count variable like in ncat_listen_tcp. The only remaining difference is UDP is listen mode without an exec option. That still only accepts one client. Making that work like TCP mode will be more difficult because we will have to maintain a list of connected clients and somehow decide when to remove a client from the list.
Thanks for your patch. I have committed it.
The same problem concerns --max-conns. You have to decide when a child will be terminated, if it don't terminates by itself, or the conn_count is never be decremented, e.g. --exec "/bin/cat". So you can not do things like this, ncat -l --udp --exec -m 2 "/bin/cat" ncat --udp localhost ncat --udp localhost ^C ncat --udp localhost Maybe we can kill a child after some idle timeout?
I think that is a reasonable solution. I would like to see a general solution that works for listen and exec modes. Such a solution would even enable UDP connection brokering. It would involve finding a representation for the list of "connected" clients, and some mechanism for "disconnecting" them. Maybe you just kill the oldest one once you reach the connection limit, or only if it has been idle for some period. Measuring idleness with --exec would be difficult, because we currently give up control of the socket when we hand it to the child process. I can see a solution where we fork off a "caretaker" process that shuttles data to and from the child process (like we do in a thread under Windows) and can measure for idleness. This is rather cumbersome, but it would also enable --exec to work with --ssl, which it doesn't currently. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- ncat udp Marius Sturm (Mar 25)
- Re: ncat udp David Fifield (Mar 25)
- <Possible follow-ups>
- Re: ncat udp Marius Sturm (Mar 26)
- Re: ncat udp David Fifield (Mar 26)
- Re: ncat udp Marius Sturm (Mar 27)
- Re: ncat udp David Fifield (Mar 27)
- Re: ncat udp David Fifield (Mar 27)
- Re: ncat udp David Fifield (Mar 26)