Nmap Development mailing list archives
Re: ncat unix domain datagram socket receive only mode
From: Guy Lichtman <guy () guylichtman com>
Date: Sun, 18 Jan 2015 11:59:46 +0200
Hi Dan, Thanks for the detailed reply. I think the fix I suggested at https://github.com/nmap/nmap/pull/23 is still valid as you don't want to initialize a connection if working in `--recv-only' mode regardless of the socket type. But I may be missing something. I would expect that in duplex mode when the unix dgram socket has no remote address then ncat should fail with a meaningful message. The way I see it, `--recv-only` should be a required parameter if working with unix dgram sockets which don't specify the remote address (as seen with the logger utility). Best, Guy On Wed, Jan 14, 2015 at 9:03 PM, Daniel Miller <bonsaiviking () gmail com> wrote:
Guy, Thanks for the bug report. Unfortunately, things aren't as simple as that: Ncat crashes even without `--recv-only`. The reason is that `logger` does not bind its socket to a filename before sending, meaning that it is an unnamed socket. Ncat just can't handle that right now. I'm going to add a bug for this, since it is a legit problem. Removing the `Connect` call (a wrapper around `connect(2)`) works because the `connect` call is failing due to an empty (null) `sockaddr` being passed as the second argument. This value (`remotess`) is populated farther up with a `recvfrom` call, which works for UDP (which always has a remote address), but not for AF_UNIX SOCK_DGRAM, which can be unnamed (no remote address). We *could possibly* do a more specific check for AF_UNIX and a null `remotess.un.sun_path` in order to skip the `Connect`, but I see 2 potential problems: 1. We later use `send` and `recv` on this socket, which I think need to have a connected socket in order to work properly 2. We use connected UDP for some reason (connection tracking?) that is probably based on a design decision that would need proper discussion and planning to reverse. I'm open to suggestions on how to move forward. Please comment here or on the Github bug report: https://github.com/nmap/nmap/issues/46 Dan On Mon, Dec 15, 2014 at 2:44 PM, Guy Lichtman <guy () guylichtman com> wrote:Hi, I am trying to use ncat to listen on a unix domain datagram socket in receive only mode. I am using this as a simple syslog receiving server for testing. When I use the following command: ncat --recv-only -luU /tmp/test.socket and then try to log a a message using logger with the following command: logger -d -u /tmp/test.socket "this is a test" I get the following error on the ncat side: connect: Invalid argument From looking at the ncat_listen.c code it looks like ncat tries to connect a sending socket even when in recv-only mode. I added a check to connect only when not in recv-only mode and then ncat worked as expected. Here is a suggested patch: svn diff ncat_listen.c Index: ncat_listen.c =================================================================== --- ncat_listen.c (revision 33864) +++ ncat_listen.c (working copy) @@ -818,7 +818,9 @@ * We're using connected udp. This has the down side of only * being able to handle one udp client at a time */ - Connect(socket_n, &remotess.sockaddr, sslen); + /* Connect only if not recvonly */ + if (!o.recvonly) + Connect(socket_n, &remotess.sockaddr, sslen); /* clean slate for buf */ zmem(buf, sizeof(buf)); Best, Guy _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: ncat unix domain datagram socket receive only mode Daniel Miller (Jan 14)
- Re: ncat unix domain datagram socket receive only mode Guy Lichtman (Jan 20)