Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: ncat: patch that adds socks5 support - allows to proxy IPv6 connections
From: Shinnok <admin () shinnok com>
Date: Mon, 20 Jun 2011 20:37:08 +0300

Hi Marek,

I've taken a look over your patch and it looks really good now and did
some outside of ./ncat-test.pl testing(tor,ssh -D, etc).
Read bellow for a few small comments:

On 06/13/2011 10:36 AM, Marek Lukaszuk wrote:
All is working but, the ncat-test.pl script had some issues (patch attached):
- as far as I saw the first test was done a bit strange, it starts
single listening ncat (-lk) and then tries to connect to it via IPv4
and IPv6, this would always fail because as far as I can see ncat by
default only listens on IPv4 addresses. I didn't check that patch from
Colin that allows it to listen on both address families at the same
times,
It is fixed now, with Colin's patch.

- on my system when I do name resolution I prefer IPv6 addresses over
IPv4, this is causing issues with some tests, because in few places
there is an assumption that "localhost" should resolve back to
127.0.0.1, in my case it resolves to ::1,

Still there could be problem with the function inet_pton. I need to
use it always (for SOCKS5), no matter if the system supports IPv6 or
not. I can copy the definition of function inet_pton6 from nbase (that
definition is only added when we compile nmap with IPv6 support) and
add this function only to ncat when there is no IPv6 support, this
would allow to proxy to IPv6 addresses even in an IPv4 only
environment. Does this make sense ?
I think inet_pton6 can be taken outside of the scope of HAVE_IPV6 since
it is a standalone function, if this case and others are enough to
justify it. IMHO, this case is enough to justify taking it out of that
#ifdef, as I guess there will be other times we might need it.

David, why do we include a custom version of a POSIX available function
in nbase? Searching nmap-dev and svn-log inet_pton.c does not reveal the
reason. My guess is that it might not be available or it does not behave
consistently enough on some platforms?


Thanks,
Marek

If David is fine with this,from my limited view point, I think the patch
is commit ready. :-)

Thanks for the patience,
Shinnok
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]