Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ncat] Support for square-bracket notation for IPv6 proxy address #1441

Closed
nnposter opened this issue Jan 22, 2019 · 1 comment
Closed

[ncat] Support for square-bracket notation for IPv6 proxy address #1441

nnposter opened this issue Jan 22, 2019 · 1 comment

Comments

@nnposter
Copy link

When Ncat is acting as a proxy client, the remote proxy server is specified as --proxy <addr>[:<port>]. In case of literal IPv6 the option syntax has two quirks:

  • The port part becomes mandatory
  • The result can be confusing, such as --proxy 2001:db8::123:456

I am proposing to adopt the well-established square-bracket notation, making the example above much more clear (--proxy [2001:db8::123]:456) and also providing support for default port numbers.

The controversial part is that this change breaks backward command-line compatibility. The original example would be now interpreted as the default port at address 2001:db8::123:456, instead of port 456 at address 2001:db8::123.

--- a/ncat/ncat_main.c
+++ b/ncat/ncat_main.c
@@ -164,12 +164,21 @@
 static size_t parseproxy(char *str, struct sockaddr_storage *ss,
     size_t *sslen, unsigned short *portno)
 {
-    char *p = strrchr(str, ':');
+    char *p = str;
     char *q;
     long pno;
     int rc;
 
-    if (p != NULL) {
+    if (*p == '[') {
+        p = strchr(p, ']');
+        if (p == NULL)
+            bye("Invalid proxy IPv6 address \"%s\".", str);
+        ++str;
+        *p++ = '\0';
+    }
+
+    p = strchr(p, ':');
+    if (p != NULL && strchr(p + 1, ':') == NULL) {
         *p++ = '\0';
         pno = strtol(p, &q, 10);
         if (pno < 1 || pno > 0xFFFF || *q)
--- a/ncat/docs/ncat.xml
+++ b/ncat/docs/ncat.xml
@@ -429,8 +429,10 @@
           using the protocol specified by <option>--proxy-type</option>.</para>
 
           <para>If no port is specified, the proxy protocol's well-known port is used (1080 for
-          SOCKS and 3128 for HTTP).  However, when specifying an IPv6 HTTP proxy server using
-          the IP address rather than the hostname, the port number MUST be specified as well.
+          SOCKS and 3128 for HTTP).  When specifying an IPv6 HTTP proxy server
+          using the IP address rather than the hostname, the square-bracket
+          notation (for example [2001:db8::1]:8080) MUST be used to separate
+          the port from the IPv6 address.
           If the proxy requires authentication, use <option>--proxy-auth</option>.</para>
         </listitem>
       </varlistentry>
@nnposter
Copy link
Author

Committed as r37587.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant