ncat not closing connection after remote end does..

nmap / nmap

Nmap - the Network Mapper. Github mirror of official SVN repository.

https://svn.nmap.org/

Other

10.06k stars 2.39k forks source link

ncat not closing connection after remote end does.. #1413

Open nailara-technologies opened 5 years ago

nailara-technologies commented 5 years ago

hi there,

ncat keeps the connection open after the remote end closes it... ( tested: TCP and unix connections )

i have just compiled the current verison from git (dd75a8fec) on debian sid to verify that the issue still exists, and it does.. TCP/IP example:

shell-1 ~> nc -l -p 1342 foo ^C⏎

shell-2 ~> nc local 1342 foo ^-- stays open..

unix domain socket example:

photon@w520 ~> nc -U /tmp/.n/s/53BNMpXBtETx_5xqiZcwlQ >:] close ACK connection closed ^-- should have been closed now, stays open as well..

socat and the 'original' netcat behave as expected in all those cases, example:

photon@w520 ~> socat - tcp:127.0.0.1:242 >:] close ACK connection closed photon@w520 ~> ^-- closed as expected..

..greetinx and thanks for the great work! : ) --photon

dmiller-nmap commented 5 years ago

It's hard to say what is "correct" in many of these cases, though we strive for compatibility with traditional and OpenBSD netcats. Here's some documentation of known cases that may help you out: Ncat/EOF behavior on SecWiki.

I'm not closing this yet, though: I want to investigate whether this really is a bug first, and at least be able to tell you exactly why Ncat acts this way.

nailara-technologies commented 5 years ago

I understand.. yet the current behavior is that it will exit with 'broken pipe' if you try to send further bytes on such a closed connection, but only then. personally i would have to stop using it and switch to the old one or socat because for development i really need to see timeouts and stuff like that immediately, which i'd find sad because i really love ncat! ( cats in general >; ] )

greetings, photon

nailara-technologies commented 5 years ago

btw, just to be clear on this: this is no half-open connection, i had changed my code to call shutdown(2) before the close, so that it is explicit.. in such a case writing to that remote would have been impossible, (beyond the IP stack discarding it after close()) ... so i think it really is an actual bug, even with the desire of half closed connections in mind, since there is nothing the cat could ever do from this point on than to exit..

KrisLloyd commented 5 years ago

Any updates on this?

I set up a new CentOS 7 (7.7.1908) VM, installed ncat 7.50, and this problem still persists.

Server side: ncat -lp 411 -c ./script.sh

Client side: ncat -w1 127.0.0.1 411

Server side will close connection, however client side will hang indefinitely unless the user presses the 'enter' key a minimum of 3 times to force the broken pipe error. Even with the -w flag, the connection doesn't terminate.