mirror of
https://repo.or.cz/socat.git
synced 2025-01-08 22:12:33 +00:00
UDP-DATAGRAM no longer checks peerport by default
This commit is contained in:
parent
583e14d7fa
commit
50bdb453dd
6 changed files with 102 additions and 8 deletions
6
CHANGES
6
CHANGES
|
@ -158,6 +158,12 @@ New features:
|
||||||
New option ip-add-source-membership
|
New option ip-add-source-membership
|
||||||
Feature inspired by Brian (b f31415)
|
Feature inspired by Brian (b f31415)
|
||||||
|
|
||||||
|
INCOMPATIBLE CHANGE: Address UDP-DATAGRAM now does not check peerport
|
||||||
|
of replies, as it did up to version 1.7.3.4. Use option sourceport when
|
||||||
|
you need the old behaviour.
|
||||||
|
Test: UDP_DATAGRAM_SOURCEPORT
|
||||||
|
Feature inspired by Hans Bueckler for SSDP inquiry (for UPnP)
|
||||||
|
|
||||||
####################### V 1.7.3.4:
|
####################### V 1.7.3.4:
|
||||||
|
|
||||||
Corrections:
|
Corrections:
|
||||||
|
|
29
doc/socat.yo
29
doc/socat.yo
|
@ -1088,7 +1088,7 @@ label(ADDRESS_UDP6_CONNECT)dit(bf(tt(UDP6:<host>:<port>)))
|
||||||
label(ADDRESS_UDP_DATAGRAM)dit(bf(tt(UDP-DATAGRAM:<address>:<port>)))
|
label(ADDRESS_UDP_DATAGRAM)dit(bf(tt(UDP-DATAGRAM:<address>:<port>)))
|
||||||
Sends outgoing data to the specified address which may in particular be a
|
Sends outgoing data to the specified address which may in particular be a
|
||||||
broadcast or multicast address. Packets arriving on the local socket are
|
broadcast or multicast address. Packets arriving on the local socket are
|
||||||
checked for the correct remote port and if their source addresses match
|
checked for the correct remote port only when option link(sourceport)(OPTION_SOURCEPORT) is used (this is a change with Socat() version 1.7.4.0) and if their source addresses match
|
||||||
link(RANGE)(OPTION_RANGE) or link(TCPWRAP)(OPTION_TCPWRAPPERS)
|
link(RANGE)(OPTION_RANGE) or link(TCPWRAP)(OPTION_TCPWRAPPERS)
|
||||||
options. This address type can for example be used for implementing
|
options. This address type can for example be used for implementing
|
||||||
symmetric or asymmetric broadcast or multicast communications.nl()
|
symmetric or asymmetric broadcast or multicast communications.nl()
|
||||||
|
@ -2260,6 +2260,20 @@ enddit()
|
||||||
startdit()enddit()nl()
|
startdit()enddit()nl()
|
||||||
|
|
||||||
|
|
||||||
|
label(GROUP_UDP)em(bf(UDP option group))
|
||||||
|
|
||||||
|
This option may be applied to UDP datagram sockets.
|
||||||
|
|
||||||
|
startdit()
|
||||||
|
label(OPTION_UDP_IGNORE_PEERPORT)dit(bf(tt(udp-ignore-peerport>)))
|
||||||
|
Address UDP-DATAGRAM expects incoming responses to come from the port
|
||||||
|
specified in its second parameter. With this option, it accepts packets
|
||||||
|
coming from any port.
|
||||||
|
enddit()
|
||||||
|
|
||||||
|
startdit()enddit()nl()
|
||||||
|
|
||||||
|
|
||||||
label(GROUP_SCTP)em(bf(SCTP option group))
|
label(GROUP_SCTP)em(bf(SCTP option group))
|
||||||
|
|
||||||
These options may be applied to SCTP stream sockets.
|
These options may be applied to SCTP stream sockets.
|
||||||
|
@ -2274,7 +2288,7 @@ enddit()
|
||||||
startdit()enddit()nl()
|
startdit()enddit()nl()
|
||||||
|
|
||||||
|
|
||||||
em(bf(UDP, TCP, and SCTP option groups))
|
em(bf(UDP, TCP, and SCTP option group))
|
||||||
|
|
||||||
Here we find options that are related to the network port mechanism and thus
|
Here we find options that are related to the network port mechanism and thus
|
||||||
can be used with UDP, TCP, and SCTP client and server addresses.
|
can be used with UDP, TCP, and SCTP client and server addresses.
|
||||||
|
@ -2283,7 +2297,10 @@ label(OPTION_SOURCEPORT)dit(bf(tt(sourceport=<port>)))
|
||||||
For outgoing (client) TCP and UDP connections, it sets the source
|
For outgoing (client) TCP and UDP connections, it sets the source
|
||||||
link(<port>)(TYPE_PORT) using an extra code(bind()) call.
|
link(<port>)(TYPE_PORT) using an extra code(bind()) call.
|
||||||
With TCP or UDP listen addresses, socat immediately shuts down the
|
With TCP or UDP listen addresses, socat immediately shuts down the
|
||||||
connection if the client does not use this sourceport (link(example)(EXAMPLE_OPTION_SOURCEPORT)).
|
connection if the client does not use this sourceport. UDP-RECV,
|
||||||
|
UDP-RECVFROM, UDP-SENDTO, and UDP-DATAGRAM addresses ignore the packet when
|
||||||
|
it does not match.
|
||||||
|
(link(example)(EXAMPLE_OPTION_SOURCEPORT)).
|
||||||
label(OPTION_LOWPORT)dit(bf(tt(lowport)))
|
label(OPTION_LOWPORT)dit(bf(tt(lowport)))
|
||||||
Outgoing (client) TCP and UDP connections with this option use
|
Outgoing (client) TCP and UDP connections with this option use
|
||||||
an unused random source port between 640 and 1023 incl. On UNIX class operating
|
an unused random source port between 640 and 1023 incl. On UNIX class operating
|
||||||
|
@ -3452,6 +3469,12 @@ SOCAT_IP_DSTADDR: it contains the target address of the packet which may be a
|
||||||
unicast, multicast, or broadcast address.
|
unicast, multicast, or broadcast address.
|
||||||
|
|
||||||
|
|
||||||
|
label(EXAMPLE_SSD)
|
||||||
|
dit(bf(tt(echo -e "M-SEARCH * HTTP/1.1\nHOST: 239.255.255.250:1900\nMAN: \"ssdp:discover\"\nMX: 4\nST: \"ssdp:all\"\n" |./socat - UDP-DATAGRAM:239.255.255.250:1900,crlf)))
|
||||||
|
|
||||||
|
sends an SSDP (Simple Service Discovery Protocol) query to the local network
|
||||||
|
and collects and outputs the answers received.
|
||||||
|
|
||||||
dit(bf(tt()))
|
dit(bf(tt()))
|
||||||
|
|
||||||
|
|
||||||
|
|
56
test.sh
56
test.sh
|
@ -69,6 +69,15 @@ export SOCAT_OPTS="$opts"
|
||||||
#debug="1"
|
#debug="1"
|
||||||
debug=
|
debug=
|
||||||
TESTS="$@"; export TESTS
|
TESTS="$@"; export TESTS
|
||||||
|
if ! $SOCAT -V >/dev/null 2>&1; then
|
||||||
|
echo "Failed to execute $SOCAT, exiting" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
SOCAT_VERSION=$($SOCAT -V |head -n 2 |tail -n 1 |sed 's/.* \([0-9][1-9]*\.[0-9][0-9]*\.[0-9][^[:space:]]*\).*/\1/')
|
||||||
|
if [ -z "$SOCAT_VERSION" ]; then
|
||||||
|
echo "Warning: failed to retrieve Socat version" >&2
|
||||||
|
fi
|
||||||
|
|
||||||
# for some tests we need a network interface
|
# for some tests we need a network interface
|
||||||
if type ip >/dev/null 2>&1; then
|
if type ip >/dev/null 2>&1; then
|
||||||
|
@ -14465,6 +14474,53 @@ esac
|
||||||
N=$((N+1))
|
N=$((N+1))
|
||||||
|
|
||||||
|
|
||||||
|
# Test the modified UDP-DATAGRAM address: Now it ignores peerport by default
|
||||||
|
NAME=UDP_DATAGRAM_PEERPORT
|
||||||
|
case "$TESTS" in
|
||||||
|
*%$N%*|*%functions%*|*%udp%*|*%socket%*|*%$NAME%*)
|
||||||
|
TEST="$NAME: test UDP-DATAGRAM ignoring peerport"
|
||||||
|
# A UDP-DATAGRAM address bound to PORT has defined peer on PORT+1
|
||||||
|
# From another Socat instance we send a packet to PORT but with source port
|
||||||
|
# PORT+2. The first instance should accept the packet
|
||||||
|
if ! eval $NUMCOND; then :
|
||||||
|
elif [ $(echo $E "$SOCAT_VERSION\n1.7.3.4" |sort -n |tail -n 1) = 1.7.3.4 ]; then
|
||||||
|
$PRINTF "test $F_n $TEST... ${YELLOW}Only with Socat 1.7.4.0 or higher${NORMAL}\n" $N
|
||||||
|
numCANT=$((numCANT+1))
|
||||||
|
listCANT="$listCANT $N"
|
||||||
|
else
|
||||||
|
tf="$td/test$N.stdout"
|
||||||
|
te="$td/test$N.stderr"
|
||||||
|
tdiff="$td/test$N.diff"
|
||||||
|
da="test$N $(date) $RANDOM"
|
||||||
|
CMD0="$TRACE $SOCAT $opts -u UDP-DATAGRAM:$LOCALHOST:$((PORT+1)),bind=:$((PORT)) -"
|
||||||
|
CMD1="$TRACE $SOCAT $opts -u - UDP-DATAGRAM:$LOCALHOST:$((PORT)),bind=:$((PORT+2))"
|
||||||
|
printf "test $F_n $TEST... " $N
|
||||||
|
$CMD0 >${tf}0 2>"${te}0" &
|
||||||
|
pid0=$!
|
||||||
|
waitudp4port $PORT 1
|
||||||
|
echo "$da" |$CMD1 >"${tf}1" 2>"${te}1"
|
||||||
|
rc1=$?
|
||||||
|
kill $pid0 2>/dev/null; wait
|
||||||
|
if [ -f ${tf}0 ] && echo "$da" |diff - ${tf}0 >$tdiff; then
|
||||||
|
$PRINTF "$OK\n"
|
||||||
|
numOK=$((numOK+1))
|
||||||
|
else
|
||||||
|
$PRINTF "$FAILED\n"
|
||||||
|
echo "$CMD0 &" >&2
|
||||||
|
cat "${te}0" >&2
|
||||||
|
echo "$CMD1" >&2
|
||||||
|
cat "${te}1" >&2
|
||||||
|
cat "${tdiff}" >&2
|
||||||
|
numFAIL=$((numFAIL+1))
|
||||||
|
listFAIL="$listFAIL $N"
|
||||||
|
fi
|
||||||
|
fi # NUMCOND
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
PORT=$((PORT+1))
|
||||||
|
N=$((N+1))
|
||||||
|
|
||||||
|
|
||||||
##################################################################################
|
##################################################################################
|
||||||
#=================================================================================
|
#=================================================================================
|
||||||
# here come tests that might affect your systems integrity. Put normal tests
|
# here come tests that might affect your systems integrity. Put normal tests
|
||||||
|
|
11
xio-udp.c
11
xio-udp.c
|
@ -453,6 +453,13 @@ int xioopen_udp_datagram(int argc, const char *argv[], struct opt *opts,
|
||||||
return STAT_RETRYLATER;
|
return STAT_RETRYLATER;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* only accept packets with correct remote ports */
|
||||||
|
if (retropt_ushort(opts, OPT_SOURCEPORT, &xfd->para.socket.ip.sourceport)
|
||||||
|
>= 0) {
|
||||||
|
xfd->para.socket.ip.dosourceport = true;
|
||||||
|
xfd->para.socket.ip.sourceport = ntohs(xfd->peersa.ip4.sin_port);
|
||||||
|
}
|
||||||
|
|
||||||
retropt_socket_pf(opts, &pf);
|
retropt_socket_pf(opts, &pf);
|
||||||
result =
|
result =
|
||||||
_xioopen_udp_sendto(hostname, argv[2], opts, xioflags, xxfd, groups,
|
_xioopen_udp_sendto(hostname, argv[2], opts, xioflags, xxfd, groups,
|
||||||
|
@ -466,10 +473,6 @@ int xioopen_udp_datagram(int argc, const char *argv[], struct opt *opts,
|
||||||
|
|
||||||
xfd->para.socket.la.soa.sa_family = xfd->peersa.soa.sa_family;
|
xfd->para.socket.la.soa.sa_family = xfd->peersa.soa.sa_family;
|
||||||
|
|
||||||
/* only accept packets with correct remote ports */
|
|
||||||
xfd->para.socket.ip.sourceport = ntohs(xfd->peersa.ip4.sin_port);
|
|
||||||
xfd->para.socket.ip.dosourceport = true;
|
|
||||||
|
|
||||||
/* which reply packets will be accepted - determine by range option */
|
/* which reply packets will be accepted - determine by range option */
|
||||||
if (retropt_string(opts, OPT_RANGE, &rangename)
|
if (retropt_string(opts, OPT_RANGE, &rangename)
|
||||||
>= 0) {
|
>= 0) {
|
||||||
|
|
2
xio.h
2
xio.h
|
@ -193,7 +193,7 @@ typedef struct single {
|
||||||
struct {
|
struct {
|
||||||
unsigned int res_opts[2]; /* bits to be set in _res.options are
|
unsigned int res_opts[2]; /* bits to be set in _res.options are
|
||||||
at [0], bits to be cleared are at [1] */
|
at [0], bits to be cleared are at [1] */
|
||||||
bool dosourceport;
|
bool dosourceport; /* check the source port of incoming connection or packets */
|
||||||
uint16_t sourceport; /* host byte order */
|
uint16_t sourceport; /* host byte order */
|
||||||
bool lowport;
|
bool lowport;
|
||||||
#if (WITH_TCP || WITH_UDP) && WITH_LIBWRAP
|
#if (WITH_TCP || WITH_UDP) && WITH_LIBWRAP
|
||||||
|
|
|
@ -83,6 +83,12 @@ bool xioopts_ignoregroups;
|
||||||
# define IF_TCP(a,b)
|
# define IF_TCP(a,b)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if WITH_UDP
|
||||||
|
# define IF_UDP(a,b) {a,b},
|
||||||
|
#else
|
||||||
|
# define IF_UDP(a,b)
|
||||||
|
#endif
|
||||||
|
|
||||||
#if WITH_SCTP
|
#if WITH_SCTP
|
||||||
# define IF_SCTP(a,b) {a,b},
|
# define IF_SCTP(a,b) {a,b},
|
||||||
#else
|
#else
|
||||||
|
|
Loading…
Reference in a new issue