Re: Implementing nsock server mode

[David Fifield <david () bamsoftware com>]

On Tue, Sep 11, 2012 at 09:56:06PM +0200, Henri Doreau wrote:
> adding server mode support to nsock is something that have been
> discussed a couple times on this list. The patch attached is an
> implementation proposal.
>
> Briefly, I introduced two new functions to nsock.
>
> The first one (nsock_listen()) is a regular nsock event registration
> function that binds a socket to the desired address, enables listening
> mode and associate it to the given IOD.
>
> The second function (nsock_accept_client()) is aimed to be called from
> within event handlers corresponding to nsock_listen events. It
> basically does what accept(2) does.
>
> In case we decide to land this patch, a couple additional safety
> checks and extra comments would be needed, but I think the current
> version can already be interesting to discuss.

I like this idea and I like that the patch is so concise. I'm tempted to
just merge the patch so we can easily begin working on it.

To me, a goal for listening sockets in Nsock is to replace the the
handcrafted loop in ncat_listen.c. For that, it may be that all that's
needed is SSL support. In ncat_listen.c, we apparently found it
necessary to have an fd_set of sslpending_fds, separate from the listen
set and the read set. Probably Nsock will need some special handling
like the condition in ncat_listen_stream:

            /* Is this an ssl socket pending a handshake? If so handle * it. */
            if (o.ssl && FD_ISSET(i, &sslpending_fds)) {

I bet we can have a listen call that takes an SSL_CTX (and requires the
caller to set it up with certificates and everything, like Ncat
setup_ssl_listen does).

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/