You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When Ncat is acting as a proxy client, the remote proxy server is specified as --proxy <addr>[:<port>]. In case of literal IPv6 the option syntax has two quirks:
The port part becomes mandatory
The result can be confusing, such as --proxy 2001:db8::123:456
I am proposing to adopt the well-established square-bracket notation, making the example above much more clear (--proxy [2001:db8::123]:456) and also providing support for default port numbers.
The controversial part is that this change breaks backward command-line compatibility. The original example would be now interpreted as the default port at address 2001:db8::123:456, instead of port 456 at address 2001:db8::123.
--- a/ncat/ncat_main.c+++ b/ncat/ncat_main.c@@ -164,12 +164,21 @@
static size_t parseproxy(char *str, struct sockaddr_storage *ss,
size_t *sslen, unsigned short *portno)
{
- char *p = strrchr(str, ':');+ char *p = str;
char *q;
long pno;
int rc;
- if (p != NULL) {+ if (*p == '[') {+ p = strchr(p, ']');+ if (p == NULL)+ bye("Invalid proxy IPv6 address \"%s\".", str);+ ++str;+ *p++ = '\0';+ }++ p = strchr(p, ':');+ if (p != NULL && strchr(p + 1, ':') == NULL) {
*p++ = '\0';
pno = strtol(p, &q, 10);
if (pno < 1 || pno > 0xFFFF || *q)
--- a/ncat/docs/ncat.xml+++ b/ncat/docs/ncat.xml@@ -429,8 +429,10 @@
using the protocol specified by <option>--proxy-type</option>.</para>
<para>If no port is specified, the proxy protocol's well-known port is used (1080 for
- SOCKS and 3128 for HTTP). However, when specifying an IPv6 HTTP proxy server using- the IP address rather than the hostname, the port number MUST be specified as well.+ SOCKS and 3128 for HTTP). When specifying an IPv6 HTTP proxy server+ using the IP address rather than the hostname, the square-bracket+ notation (for example [2001:db8::1]:8080) MUST be used to separate+ the port from the IPv6 address.
If the proxy requires authentication, use <option>--proxy-auth</option>.</para>
</listitem>
</varlistentry>
The text was updated successfully, but these errors were encountered:
When Ncat is acting as a proxy client, the remote proxy server is specified as
--proxy <addr>[:<port>]
. In case of literal IPv6 the option syntax has two quirks:--proxy 2001:db8::123:456
I am proposing to adopt the well-established square-bracket notation, making the example above much more clear (
--proxy [2001:db8::123]:456
) and also providing support for default port numbers.The controversial part is that this change breaks backward command-line compatibility. The original example would be now interpreted as the default port at address
2001:db8::123:456
, instead of port456
at address2001:db8::123
.The text was updated successfully, but these errors were encountered: