我的书签
添加书签
移除书签Read & Write
Once the connection is established, it is time to transfer data. The readwrite is the core function of netcat, and thankfully, it is well-commented, and refrain you from losing. In this post, I will only cherry-pick code snippets that I think is important.
(1) There is a -d option that if set, your netcat program can not send data inputted from stdin:
......int dflag; /* detached, no stdin *//* don't read from stdin if requested */if (dflag)stdin_fd = -1;
(2) readwrite uses poll to manage 3 file descriptors: stdin, stdout, and network socket, and monitor whether there is data from stdin or network socket. If there is no need for “high-priority” (e.g., out-of-band) data, POLLIN is enough, otherwise the monitor events should be POLLIN|POLLPRI. This is similar for POLLOUT and POLLWRBAND:
....../* stdin */pfd[POLL_STDIN].fd = stdin_fd;pfd[POLL_STDIN].events = POLLIN;/* network out */pfd[POLL_NETOUT].fd = net_fd;pfd[POLL_NETOUT].events = 0;/* network in */pfd[POLL_NETIN].fd = net_fd;pfd[POLL_NETIN].events = POLLIN;/* stdout */pfd[POLL_STDOUT].fd = stdout_fd;pfd[POLL_STDOUT].events = 0;....../* poll */num_fds = poll(pfd, 4, timeout);/* treat poll errors */if (num_fds == -1)err(1, "polling error");/* timeout happened */if (num_fds == 0)return;
There are 3 values(POLLERR, POLLNVAL and POLLHUP) which are only used in struct pollfd‘s revents. If POLLERR or POLLNVAL is detected, it’s not necessary to poll this file descriptor furthermore:
/* treat socket error conditions */for (n = 0; n < 4; n++) {if (pfd[n].revents & (POLLERR|POLLNVAL)) {pfd[n].fd = -1;}}
POLLHUP means the device or network socket has been disconnected, and it is exclusive with POLLOUT, but not input events:POLLIN, POLLRDNORM, POLLRDBAND, and POLLPRI. That’s because the buffer may still has data to be read:
/* reading is possible after HUP */if (pfd[POLL_STDIN].events & POLLIN &&pfd[POLL_STDIN].revents & POLLHUP &&!(pfd[POLL_STDIN].revents & POLLIN))pfd[POLL_STDIN].fd = -1;......if (pfd[POLL_NETOUT].revents & POLLHUP) {if (Nflag)shutdown(pfd[POLL_NETOUT].fd, SHUT_WR);pfd[POLL_NETOUT].fd = -1;}
BTW, the Nflag is set through -N option, which means shutting down the network socket if there is no any input or the network connection is already disconnected:
int Nflag; /* shutdown() network socket */....../* stdin gone and queue empty? */if (pfd[POLL_STDIN].fd == -1 && stdinbufpos == 0) {if (pfd[POLL_NETOUT].fd != -1 && Nflag)shutdown(pfd[POLL_NETOUT].fd, SHUT_WR);pfd[POLL_NETOUT].fd = -1;}
(3) The following code shows how to read from stdin and send data to remote:
......#define BUFSIZE 16384.....unsigned char stdinbuf[BUFSIZE];size_t stdinbufpos = 0;....../* try to read from stdin */if (pfd[POLL_STDIN].revents & POLLIN && stdinbufpos < BUFSIZE) {ret = fillbuf(pfd[POLL_STDIN].fd, stdinbuf,&stdinbufpos, NULL);if (ret == TLS_WANT_POLLIN)pfd[POLL_STDIN].events = POLLIN;else if (ret == TLS_WANT_POLLOUT)pfd[POLL_STDIN].events = POLLOUT;else if (ret == 0 || ret == -1)pfd[POLL_STDIN].fd = -1;/* read something - poll net out */if (stdinbufpos > 0)pfd[POLL_NETOUT].events = POLLOUT;/* filled buffer - remove self from polling */if (stdinbufpos == BUFSIZE)pfd[POLL_STDIN].events = 0;}/* try to write to network */if (pfd[POLL_NETOUT].revents & POLLOUT && stdinbufpos > 0) {ret = drainbuf(pfd[POLL_NETOUT].fd, stdinbuf,&stdinbufpos, tls_ctx);if (ret == TLS_WANT_POLLIN)pfd[POLL_NETOUT].events = POLLIN;else if (ret == TLS_WANT_POLLOUT)pfd[POLL_NETOUT].events = POLLOUT;else if (ret == -1)pfd[POLL_NETOUT].fd = -1;/* buffer empty - remove self from polling */if (stdinbufpos == 0)pfd[POLL_NETOUT].events = 0;/* buffer no longer full - poll stdin again */if (stdinbufpos < BUFSIZE)pfd[POLL_STDIN].events = POLLIN;}
Please ignore all TLS* stuff now. It just means using libtls instead of traditional read/write APIs to receive/send data, and I will cover libtls in future. stdinbufpos denotes the first empty position in buffer, therefore, netcat knows how many bytes could be sent.
fillbuf and drainbuf code is like following:
ssize_tfillbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls){size_t num = BUFSIZE - *bufpos;ssize_t n;if (tls)n = tls_read(tls, buf + *bufpos, num);else {n = read(fd, buf + *bufpos, num);/* don't treat EAGAIN, EINTR as error */if (n == -1 && (errno == EAGAIN || errno == EINTR))n = TLS_WANT_POLLIN;}if (n <= 0)return n;*bufpos += n;return n;}ssize_tdrainbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls){ssize_t n;ssize_t adjust;if (tls)n = tls_write(tls, buf, *bufpos);else {n = write(fd, buf, *bufpos);/* don't treat EAGAIN, EINTR as error */if (n == -1 && (errno == EAGAIN || errno == EINTR))n = TLS_WANT_POLLOUT;}if (n <= 0)return n;/* adjust buffer */adjust = *bufpos - n;if (adjust > 0)memmove(buf, buf + n, adjust);*bufpos -= n;return n;}
You should get 2 takeaways from preceding code:
a) EAGAIN and EINTR are not considered as real errors;
b) Don’t forget to adjust bufpos and buf, i.e., stdinbufpos and stdinbuf accordingly.
As for reading data from network socket and outputting it to stdout flow, it is very similar, so there is no need to say more here.
(4) There is a -W recvlimit option which specifies after receiving how many packets, the program should terminate:
......int recvcount, recvlimit;....../* try to read from network */if (pfd[POLL_NETIN].revents & POLLIN && netinbufpos < BUFSIZE) {......if (recvlimit > 0 && ++recvcount >= recvlimit) {if (pfd[POLL_NETIN].fd != -1)shutdown(pfd[POLL_NETIN].fd, SHUT_RD);pfd[POLL_NETIN].fd = -1;pfd[POLL_STDIN].fd = -1;}......}
