[PATCH] "ncat -l --send-only" not sending only

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey everyone,

I found (what I consider to be) an oddity in server-mode --send-only in Ncat.

I was messing with TCP RX/TX queues on my Linux box earlier, for no real
reason other than just to play around.  At one point I wanted to 1) have a
server accept connections but not read any data, 2) have a client send a lot
of data to that server, and 3) view netstat output to see the amount of data
in the server's RX queue and in the client's TX queue.

Looks like #1 and #2 are areas for Ncat to shine!

I figured that -l --send-only will make the server do pretty much nothing but
accept connections, since I won't be sending anything from it.

So:

term1$ ncat -l --send-only 31337

term2$ cat abigmanual.pdf | ncat --send-only localhost 31337

term3$ netstat -an | grep :31337

Hmm.. not quite what I wanted:

Proto Recv-Q  Send-Q   Local Address     Foreign Address   State
tcp        0       0   127.0.0.1:33327   127.0.0.1:31337   TIME_WAIT

Well, I know that netcat6[1] has a --send-only option, because I renamed the
old Ncat --sendonly to it last year for a bit of conformity (and I liked it
better).  So I decided to fire up a couple of nc6s and see what it happens:

term1$ nc6 -l --send-only -p 31337

term2$ cat abigmanual.pdf | nc6 --send-only localhost 31337

term3$ netstat -an | grep :31337

Just what I was looking for:

Proto Recv-Q  Send-Q   Local Address     Foreign Address   State
tcp        0  136896   127.0.0.1:42833   127.0.0.1:31337   ESTABLISHED
tcp    76096       0   127.0.0.1:31337   127.0.0.1:42833   ESTABLISHED

So what's the deal with Ncat?  Using -l and --send-only obviously doesn't just
send only.  The man page only says that Ncat "will ignore anything received"
when using this option, but you can take that to mean different things.

It turns out that Ncat will actually read in the data, it just won't write it
to stdout or log it.  That makes Ncat's option a bit of a misnomer since it
does everything it normally would, except pass the data to the user--which is
very different from sending only.

I created one patch to simply make Ncat behave like Netcat6 (which I think it
should do).  But I figured having a choice in the matter is a lot better
(since I seem to often have opinions on how things should behave which are
different than that of many list members), which lead me to my current patch
(attached) against the dev branch.  With this patch, --send-only's behavior
does not change; however, you can now use the new --send-only=force to make it
actually only send (or more specifically, not receive).

Thoughts?  Objections?

Thanks,
Kris Katterjohn

[1] http://www.deepspace6.net/projects/netcat6.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJKRsKUAAoJEEQxgFs5kUfuPW4P/ikE+bCdEa8L0/yei0bbZCag
35kC1j4oTsOAwscl+oh5moJWvhw9+Q3zo7o+QilmiE/v80pjp6YYYqBLNm2OHQy2
yITm1uD7NTsER4J8QXgbF31/FvKeW/Odg2od69C6RBAxCrA8ibWFzl7OsXfc0f7X
xF24XXD0N3ZDwqmxxJxhK1aTMszJUu/s+01s9fdGyvHHTB0h5MmUR1OBF+1ysi39
b0AOY3HOrTM6sTmFec7eSfIJjXvlTUyi7kbbqtlx3GveCaWvTeTzu3JWKsMZryo2
PHaF2w7XWjJTJJ+7Lm2e0g156kWeJ/LtWQc3aTHDhI7n03l8wUgjfwRp0ixVUoL2
F1Zdhm70s6GiOzPzrBRJKNeVHW3dSTJYOwPEEvW+6S/nPiWEW0UFLyyGu22G7ctp
lBOrOBssGqNTMIo7/VggAUO2/YVbR62AiAr00ZhZcbhTL2+mrs7r+y5nILgpk7Ha
QP+KmjLzUbJFLuYE8YYLbXU23TZTAUF+8ib8EEN3f6lVOd4xAugHcP0Hkr5emNGm
Yc27k2jMElxsDZFelgiMetUqaC6dmhI3ef8UTblozEsfqTha+n+gipXtd1UFlPra
r+KQD3I8GrYFIG+agf4jWVXyfnipVpXHZCZ3W2lZpBm0LDT/7wfEkqjWn7J5HTvN
oJZ88lxJMzgs/oLcjZ66
=3uwB
-----END PGP SIGNATURE-----

Index: ncat_core.h
===================================================================
--- ncat_core.h (revision 13939)
+++ ncat_core.h (working copy)
@@ -111,6 +111,7 @@
     int listen;
     int keepopen;
     int sendonly;
+    int forcesendonly;
     int recvonly;
     int telnet;
     int udp;
Index: ncat_listen.c
===================================================================
--- ncat_listen.c       (revision 13939)
+++ ncat_listen.c       (working copy)
@@ -208,10 +208,12 @@
                         goto quit;
                 }
             } else {
-                /* Read from a client and write to stdout. */
-                if (read_socket(i) <= 0) {
-                    if (!o.keepopen)
-                        goto quit;
+                if (!o.forcesendonly) {
+                    /* Read from a client and write to stdout. */
+                    if (read_socket(i) <= 0) {
+                        if (!o.keepopen)
+                            goto quit;
+                    }
                 }
             }
 
Index: ncat_main.c
===================================================================
--- ncat_main.c (revision 13939)
+++ ncat_main.c (working copy)
@@ -248,7 +248,7 @@
         {"recv-only",       no_argument,        &o.recvonly,  1},
         {"source-port",     required_argument,  NULL,         'p'},
         {"source",          required_argument,  NULL,         's'},
-        {"send-only",       no_argument,        &o.sendonly,  1},
+        {"send-only",       optional_argument,  NULL,         0},
         {"broker",          no_argument,        &o.broker,    1},
         {"chat",            no_argument,        NULL,         0},
         {"talk",            no_argument,        NULL,         0},
@@ -386,6 +386,12 @@
                 print_banner(stdout);
                 exit(EXIT_SUCCESS);
             }
+            else if (strcmp(long_options[option_index].name, "send-only") == 0)
+            {
+                o.sendonly = 1;
+                if (optarg && strcmp(optarg, "force") == 0)
+                    o.forcesendonly = 1;
+            }
             else if (strcmp(long_options[option_index].name, "proxy") == 0)
             {
                 if (proxyaddr)
@@ -484,7 +490,7 @@
 "  -u, --udp                  Use UDP instead of default TCP\n"
 "  -v, --verbose              Set verbosity level (can be used up to 3 times)\n"
 "  -w, --wait <time>          Connect timeout\n"
-"      --send-only            Only send data, ignoring received; quit on EOF\n"
+"      --send-only[=force]    Only send data, ignoring received; quit on EOF\n"
 "      --recv-only            Only receive data, never send anything\n"
 "      --allow                Allow specific hosts to connect to Ncat\n"
 "      --allowfile            A file of hosts allowed to connect to Ncat\n"
Index: ncat_core.c
===================================================================
--- ncat_core.c (revision 13939)
+++ ncat_core.c (working copy)
@@ -128,6 +128,7 @@
     o.listen = 0;
     o.keepopen = 0;
     o.sendonly = 0;
+    o.forcesendonly = 0;
     o.recvonly = 0;
     o.telnet = 0;
     o.udp = 0;


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org