Nmap Development mailing list archives
Re: ncat should try connecting to all resolved addresses, not only the first one
From: David Fifield <david () bamsoftware com>
Date: Tue, 10 Sep 2013 14:54:16 -0700
On Mon, Sep 02, 2013 at 12:26:24PM -0400, Jaromir Koncicky wrote:
I made a patch which adds this functionality: if one resolved address fails, next one is tried. You can find it there: https://bugzilla.redhat.com/show_bug.cgi?id=978964#c6 I am not very familiar with the code, so I'd like to consult how to do this better. I don't think the way I made it is ideal and would like to make it more acceptable.
Thanks for the patch. I agree with Thomas Hozza's comments at https://bugzilla.redhat.com/show_bug.cgi?id=978964#c7. You can't use global state in the resolver. What you will want to do is store all the potential addresses of the target in ncat_main.c. Then in ncat_connect, call nsock_connect_{tcp,ssl,sctp,udp} with the first address. Then, in connect_handler, if the connection timed out, do another nsock_connect_{tcp,ssl,sctp,udp} on the next address. The changes aren't trivial, and I'm also not sure they are completely specified--for example, what should happen if a port is closed on IPv6 but open on IPv4? Is "connection refused" the same as "timed out" for the purposes of attempting to reconnect? Suppose it does, you have a script that relies on this behavior--then what happens if someone manages to open the IPv6 port and intercept your connection? David Fifield _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- ncat should try connecting to all resolved addresses, not only the first one Jaromir Koncicky (Aug 29)
- Re: ncat should try connecting to all resolved addresses, not only the first one Jaromir Koncicky (Sep 02)
- Re: ncat should try connecting to all resolved addresses, not only the first one Jacek Wielemborek (Sep 02)
- Re: ncat should try connecting to all resolved addresses, not only the first one David Fifield (Sep 10)
- Re: ncat should try connecting to all resolved addresses, not only the first one Jaromir Koncicky (Sep 02)