Nmap Development mailing list archives
Re: ncat should try connecting to all resolved addresses, not only the first one
From: Jaromir Koncicky <jkoncick () redhat com>
Date: Tue, 3 Dec 2013 15:20:34 -0500 (EST)
Bump: Could you please look and this and give me a feedback? I'd like to finish this issue and make an acceptable patch which could be included in nmap. Thanks! ----- Original Message ----- From: "Jaromir Koncicky" <jkoncick () redhat com> To: "David Fifield" <david () bamsoftware com> Cc: dev () nmap org Sent: Thursday, November 7, 2013 10:14:18 AM Subject: Re: ncat should try connecting to all resolved addresses, not only the first one Hi, I'm back here with a new patch. I made two new versions of the patch, both can be found in https://bugzilla.redhat.com/show_bug.cgi?id=978964#c9 (comments #9 and #11). As you can read there, I've made it without goto and global pointer, which I didn't like either. In the first patch I'm using a fixed size array for storing the addresses, in the second I'm using dynamically allocated linked list and also passing next address via client-data in callback function. I still don't think it's 100% ideal, because I still mainly use only the first field of addresses list in many cases it was used before and using the full list in just one case - when ncat simply connects to a server. But I think this can now be the right way to implement the more-address support. I'm again awaiting your feedback, thanks! ----- Original Message ----- From: "David Fifield" <david () bamsoftware com> To: "Jaromir Koncicky" <jkoncick () redhat com> Cc: dev () nmap org Sent: Tuesday, September 10, 2013 11:54:16 PM Subject: Re: ncat should try connecting to all resolved addresses, not only the first one On Mon, Sep 02, 2013 at 12:26:24PM -0400, Jaromir Koncicky wrote:
I made a patch which adds this functionality: if one resolved address fails, next one is tried. You can find it there: https://bugzilla.redhat.com/show_bug.cgi?id=978964#c6 I am not very familiar with the code, so I'd like to consult how to do this better. I don't think the way I made it is ideal and would like to make it more acceptable.
Thanks for the patch. I agree with Thomas Hozza's comments at https://bugzilla.redhat.com/show_bug.cgi?id=978964#c7. You can't use global state in the resolver. What you will want to do is store all the potential addresses of the target in ncat_main.c. Then in ncat_connect, call nsock_connect_{tcp,ssl,sctp,udp} with the first address. Then, in connect_handler, if the connection timed out, do another nsock_connect_{tcp,ssl,sctp,udp} on the next address. The changes aren't trivial, and I'm also not sure they are completely specified--for example, what should happen if a port is closed on IPv6 but open on IPv4? Is "connection refused" the same as "timed out" for the purposes of attempting to reconnect? Suppose it does, you have a script that relies on this behavior--then what happens if someone manages to open the IPv6 port and intercept your connection? David Fifield _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/ _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/ _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: ncat should try connecting to all resolved addresses, not only the first one Jaromir Koncicky (Nov 07)
- Re: ncat should try connecting to all resolved addresses, not only the first one Jaromir Koncicky (Dec 03)
- Re: ncat should try connecting to all resolved addresses, not only the first one Jacek Wielemborek (Dec 09)
- Re: ncat should try connecting to all resolved addresses, not only the first one Jaromir Koncicky (Dec 11)
- Re: ncat should try connecting to all resolved addresses, not only the first one David Fifield (Dec 27)
- Re: ncat should try connecting to all resolved addresses, not only the first one Jacek Wielemborek (Dec 09)
- Re: ncat should try connecting to all resolved addresses, not only the first one Fyodor (Dec 12)
- Re: ncat should try connecting to all resolved addresses, not only the first one Jacek Wielemborek (Dec 13)
- Re: ncat should try connecting to all resolved addresses, not only the first one Fyodor (Dec 15)
- Re: ncat should try connecting to all resolved addresses, not only the first one Jacek Wielemborek (Dec 15)
- Re: ncat should try connecting to all resolved addresses, not only the first one Fyodor (Dec 15)
- Re: ncat should try connecting to all resolved addresses, not only the first one Jaromir Koncicky (Dec 16)
- Re: ncat should try connecting to all resolved addresses, not only the first one Jaromir Koncicky (Dec 03)
- Re: ncat should try connecting to all resolved addresses, not only the first one Daniel Miller (Dec 13)