Skip to content

[ncat] Support for square-bracket notation for IPv6 proxy address #1441

New issue
New issue
Closed
Closed
[ncat] Support for square-bracket notation for IPv6 proxy address#1441
Assignees
nnposter
Labels
Ncatenhancementhave code
@nnposter

Description

@nnposter
nnposter
opened on Jan 22, 2019

When Ncat is acting as a proxy client, the remote proxy server is specified as --proxy <addr>[:<port>]. In case of literal IPv6 the option syntax has two quirks:

  • The port part becomes mandatory
  • The result can be confusing, such as --proxy 2001:db8::123:456

I am proposing to adopt the well-established square-bracket notation, making the example above much more clear (--proxy [2001:db8::123]:456) and also providing support for default port numbers.

The controversial part is that this change breaks backward command-line compatibility. The original example would be now interpreted as the default port at address 2001:db8::123:456, instead of port 456 at address 2001:db8::123.

--- a/ncat/ncat_main.c
+++ b/ncat/ncat_main.c
@@ -164,12 +164,21 @@
 static size_t parseproxy(char *str, struct sockaddr_storage *ss,
     size_t *sslen, unsigned short *portno)
 {
-    char *p = strrchr(str, ':');
+    char *p = str;
     char *q;
     long pno;
     int rc;
 
-    if (p != NULL) {
+    if (*p == '[') {
+        p = strchr(p, ']');
+        if (p == NULL)
+            bye("Invalid proxy IPv6 address \"%s\".", str);
+        ++str;
+        *p++ = '\0';
+    }
+
+    p = strchr(p, ':');
+    if (p != NULL && strchr(p + 1, ':') == NULL) {
         *p++ = '\0';
         pno = strtol(p, &q, 10);
         if (pno < 1 || pno > 0xFFFF || *q)
--- a/ncat/docs/ncat.xml
+++ b/ncat/docs/ncat.xml
@@ -429,8 +429,10 @@
           using the protocol specified by <option>--proxy-type</option>.</para>
 
           <para>If no port is specified, the proxy protocol's well-known port is used (1080 for
-          SOCKS and 3128 for HTTP).  However, when specifying an IPv6 HTTP proxy server using
-          the IP address rather than the hostname, the port number MUST be specified as well.
+          SOCKS and 3128 for HTTP).  When specifying an IPv6 HTTP proxy server
+          using the IP address rather than the hostname, the square-bracket
+          notation (for example [2001:db8::1]:8080) MUST be used to separate
+          the port from the IPv6 address.
           If the proxy requires authentication, use <option>--proxy-auth</option>.</para>
         </listitem>
       </varlistentry>

Metadata

Metadata

Assignees

Labels

Ncatenhancementhave code

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions