net-analyzer/netcat: Please use netcat-v6.c.gz from http://www.t17.ds.pwr.wroc.pl/%7Emisiek/ipv6/Utils/ instead of the original netcat.c if the 'ipv6' USE flag is set. Please add support for the USE flag 'static', too. Thanks!
thanks for submission so far, but i should check that there is no trojan in this sourcecode before committing. well, and this is ~2500 lines c code. so a lot to do, but i don't want to have trojans in portage.
I've just done a quick diff between the original netcat.c and netcat-v6.c. Most of the changes are purely cosmetical. If you use GNU indent to format both sources, the diff should be rather small, so it does not take too much time to check for not-too-subtle security problems. A full security audit would take much longer, of course.
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/nc/netcat.c I'd feel more confident with openbsd's netcat, which apparently supports ipv6 and socks4/5... food for thought, anyway
http://packages.qa.debian.org/n/nc6.html And that is debian's ipv6 enabled netcat.
The OpenBSD version would be even better, yes. Did you already compare it to the Debian one? If so, what are the main differences?
Just found another one on http://www.deepspace6.net/sections/sources.html: ftp://ftp.deepspace6.net/pub/sources/nc6/nc6-0.2pre3.tar.bz2 From the version number I guess Debian uses this one.
Just checked that: Debian really uses this one.
afaics openbsds netcat is a rewrite and seems to have less features. also initial URL does no longer work, so i think debians nc6 should be the best ;) (but they have minor version numbers :( (0.2, we currently have 110 in portage. seemant, any idea on this? naming it nc-200? or 110-r3?)
Actually the OpenBSD version seems to have more features, not the Debian version: Debian nc6: === BEGIN === Usage: nc6 [-46nh] [-p port] [-s addr] hostname port nc6 -l -p port [-s addr] [-46nh] [hostname] [port] Recognized options are: -4 Use only IPv4 -6 Use only IPv6 -l Listen mode, for inbound connects -s addr Local source address -p port Local source port -n Numeric-only IP addresses, no DNS -h Display help === END === OpenBSD netcat.c: === BEGIN === fprintf(stderr, "usage: nc [-46Uhklnrtuvz] [-i interval] [-p source port]\n"); fprintf(stderr, "\t [-s ip address] [-w timeout] [-X vers] [-x proxy address [:port fprintf(stderr, "\t [hostname] [port[s...]]\n"); fprintf(stderr, "\tCommand Summary:\n\ \t-4 Use IPv4\n\ \t-6 Use IPv6\n\ \t-U Use UNIX domain socket\n\ \t-X vers\t SOCKS version (4 or 5)\n\ \t-h This help text\n\ \t-i secs\t Delay interval for lines sent, ports scanned\n\ \t-k Keep inbound sockets open for multiple connects\n\ \t-l Listen mode, for inbound connects\n\ \t-n Suppress name/port resolutions\n\ \t-p port\t Specify local port for remote connects\n\ \t-r Randomize remote ports\n\ \t-s addr\t Local source address\n\ \t-t Answer TELNET negotiation\n\ \t-u UDP mode\n\ \t-v Verbose\n\ \t-w secs\t Timeout for connects and final net reads\n\ \t-x addr[:port]\tSpecify socks proxy address and port\n\ \t-z Zero-I/O mode [used for scanning]\n\ Port numbers can be individual or ranges: lo-hi [inclusive]\n"); exit(1); === END === So I'd vote for the OpenBSD version.
Sascha: ok, i couldn't get netcat from openbsd compiled (get: netcat.c: In function `local_listen': netcat.c:508: `SO_REUSEPORT' undeclared (first use in this function) netcat.c:508: (Each undeclared identifier is reported only once netcat.c:508: for each function it appears in.) and SO_REUSEPORT can only be found in /usr/include/asm/socket.h and is commented out :( #define SO_LINGER 13 #define SO_BSDCOMPAT 14 /* To add :#define SO_REUSEPORT 15 */ #define SO_PASSCRED 16 #define SO_PEERCRED 17) Feel free to patch openbsds netcat sources ;) if you don't want to patch them, we will have use debians netcat6. please comment here if you want to patch openbsds source or found a patch. thanks.
Using the patch ftp://sith.mimuw.edu.pl/pub/users/baggins/IPv6/nc-v6-20000918.patch.gz which FreeBSD use : http://www.freebsd.org/cgi/pds.cgi?ports/net/netcat I was able to compile netcat with ipv6 support. Here are the features included : [v1.10] connect to somewhere: nc [-options] hostname port[s] [ports] ... listen for inbound: nc -l -p port [-options] [hostname] [port] options: -4 Use IPv4 (default) -6 Use IPv6 -g gateway source-routing hop point[s], up to 8 -G num source-routing pointer: 4, 8, 12, ... -h this cruft -i secs delay interval for lines sent, ports scanned -l listen mode, for inbound connects -n numeric-only IP addresses, no DNS -o file hex dump of traffic -p port local port number -r randomize local and remote ports -s addr local source address -u UDP mode -v verbose [use twice to be more verbose] -w secs timeout for connects and final net reads -z zero-I/O mode [used for scanning] port numbers can be individual or ranges: lo-hi [inclusive] There is much more features than the debian's version but some are missing in comparison to OpenBSD version. Btw, I think that OpenBSD version has been entirely rewitten from scratch for OpenBSD but I'm not sure. As long as this patch enable ipv6 support without removing any existing features, I think this could be the netcat -r3 without problems. Do you agree ?
what consequences do we face if we switch to OpenBSD's version, just out of curiosity?
Here is a table which show differences between OpenBSD and Gentoo version of netcat : OBSD GENTOO | EXPLANATION --------------------------------|------------ -4 -4 | Use IPv4 -6 -6 | Use IPv6 -U | Use UNIX domain socket -X vers | SOCKS version (4 or 5) -g gateway | source-routing hop point[s], up to 8 -G num | source-routing pointer: 4, 8, 12, ... -h -h | Help -i secs -i secs | Delay interval for lines sent, ports scanned -k | Keep inbound sockets open for multiple connects -l -l | Listen mode, for inbound connects -n -n | Suppress name/port resolutions -o file | hex dump of traffic -p port -p port | Specify local port for remote connects -r -r | Randomize remote ports -s addr -s addr | Local source address -t | Answer TELNET negotiation -u -u | UDP mode -v -v | Verbose -w secs -w secs | Timeout for connects and final net reads -x addr[:port] | Specify socks proxy address and port -z -z | Zero-I/O mode [used for scanning] For short, differences are : Gentoo version provide source-routing, and file dump. OBSD version provide UNIX domain socket, multiple connection, telnet negotiation and socks proxy usage. So, users who where using file dump and source-routing, will have their scripts broken. I think that this MUST not happend. If someone really need OpenBSD's features, we might create a other ebuild like netcat-obsd but this require porting and I don't think I've the skill to do this right now.
Martin: I'm fine with FreeBSDs netcat6. if there are no objections, please commit.
IPv6 and static use flag support added in netcat-110-r3.ebuild.
