Home page logo

nmap-dev logo Nmap Development mailing list archives

Jacek's status report - #12 of 16
From: Jacek Wielemborek <wielemborekj1 () gmail com>
Date: Tue, 27 Aug 2013 01:08:06 +0200

Hi guys,

This is the report 12/16 for the Google Summer of Code project
“Bringing Lua to Ncat”.

It was a really pleasant week. No long hours spent debugging, loads of
features added (so, probably, loads of bugs as well). For a quick demo
you might want to try the following with the code from my
d33tah/ncat-lua-callbacks branch:

ncat -l &
ncat -L scripts/filters/rot13.lua --proxy-type http -l 8013 &
ncat -L scripts/filters/rot13.lua --proxy-type --proxy localhost:8013 localhost

And see that you just spawned a HTTP proxy that talks ROT13 ;) Of
course, you could use any other kinds of filters and even stack your
own ones. I know that the example is rather silly, but the point there
is to show how easy to achieve such things - now that I added the


* Used my userdata trick to solve the buffer overflow problem that
happened when Lua code returned more data that would fit in the buffer
provided by fdinfo_recv. The temporary solution, definitely not
satisfactory, was to drop the excessive data, now I set *pending to 1
and pass data in chunks.

* Added connect() and close() methods. During my last meeting with
David, when we played with my chat server, I noticed how many times
they'd prove useful to see if somebody new joined the conversation or
left it. To test if the close() actually closes the connection, I
added /kick command to chat.lua; this is only available for the server
administrator. responder.lua also disconnects, when you say “bye” to

* Moved my Lua hooks from ncat_recv to fdinfo_recv to enable them in
proxy connections. This turned out to be not enough yet for connect
mode yet, because there were some recv()/send() calls that didn't yet
go through the fdinfo_recv and fdinfo_send functions (but this showed
up later in testing and I'll get back to that).

* Introduced experimental connect-mode hooks. They work well enough to
demonstrate the Base64+ROT13 demo, but hadn't been tested extensively
yet. Currently there's connect(), close(), recv() and send().
Actually, recv() is a bit tricky - the listen-mode non-blocking recv()
implementation discarded the buffer and I needed a way to emulate this
behavior in Nsock. The implementation might change later on.

* Since even I started to be getting lost in my code, I did a major
refactoring of ncat_lua.c. This involved splitting the file into five
modules: generic Lua code, --lua-exec code, generic filters code,
listen-mode filters code and connect-mode filters code. Hopefully
there will soon be a file for handling connections spawned by filters,

* Solved the bug related to initializing socket abstractions before a
complete parsing of command line. The cause of the problem was that we
couldn't know if we're spawning listen-mode or connect-mode sockets
until we were sure that the --listen switch is there or not.

* Wrote a report that wraps up quite a lot of information on the
current socket abstractions interface and implementation. My message,
along with a link to secwiki page, can be found here:

* Did some changes to the interface - for example, make_socket
function is no longer visible to the user. Also, connection roots are
stored in a separate table for convenience and to speed up lookups.
Moreover, undefined methods are now by default set to transparently
call super, so adding a new event to the standard interface will not
break old scripts.

* Made proxy code use fdinfo_send and fdinfo_recv wrappers. This
exposed a bug that happens when you use these functions in connect
mode, which is initialized to call lua_nsock_read. I solved it with
code that swaps the default function for the given file descriptor,
which made the proxy example from the beginning of this e-mail work.

* Added early support for UDP. Not tested much yet, though recv and
send seem to be working fine.

* Now that Fyodor published Ncat Users' Guide XML file, I added some
Ncat tricks to the document. The related mailing list thread can be
found there: http://seclists.org/nmap-dev/2013/q3/379

* Updated my scripts to conform to my “forward compatibility” concept.
Re-tested them to make sure they work again (which turned out to be a
good idea because they needed some changes then) and found two bugs in
the process.

* Added eval.lua, a remote Lua shell that can be used to debug
filters. Already reminds the real Lua interpreter a lot.


* Talk with David about --lua-exec documentation Fyodor asked for. I
was supposed to do it last week, but I forgot during the meeting.

* Find a good model for error handling in my socket abstractions code.
There's so many things that can fail along the way that even detecting
them would be a lot of work. I need to discuss that with David to find
a good strategy for that.

* Wrap up what I already did with socket abstractions? I'm currently
waiting for David's review of my code and then I expect to have loads
of work to improve the design, probably also write some docs and -
which will probably take most time - the tests. I was reluctant to do
it so far because I didn't know what the more final shape of the
feature would be.

* Add a way to spawn additional connections from inside the filters,
perhaps also to change the destination address. I have a lot of ideas
for the features, need to sort out with David which are worth
implementing and in what order.

Jacek Wielemborek
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
  • Jacek's status report - #12 of 16 Jacek Wielemborek (Aug 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]