This brings Java meterp in line with other meterps when binding to 0.0.0.0. Previously, when trying to listen on all IPv4 interfaces, Java meterp would also listen on all IPv6 interfaces. Java's ServerSocketChannel class introduced this in Java 15: see here. Because of back-compat requirements, we can't just call it; otherwise trying to load it in older JVMs will fail. So we use reflection to try to call it, and fall back to the existing behaviour if it fails.
The PR also fixes an issue with the Java version detection, which we leverage to select the right version of the TCP server listening. Previously, the version detection was always capped at Java 6. This would have only affected the getpid command, which required Java 9, thus would have never used the "new" version of the code.
Verification
When performing verification, setting up a reverse port forward will not work (since the interface is ignored for that). Instead, use a capture module such as auxiliary/server/capture/telnet, set the srvhost to 0.0.0.0, and use netstat to verify.
[x] Verify that Java > 15 listens on IPv4 only, and the listener works as expected.
[x] Verify that Java between v6 and 15 inclusive still works as expected (albeit listening on all IPv4 and IPv6 interfaces).
[x] Verify that the getpid command works on pre-Java-9 and Java >= 9
This brings Java meterp in line with other meterps when binding to
0.0.0.0. Previously, when trying to listen on all IPv4 interfaces, Java meterp would also listen on all IPv6 interfaces. Java'sServerSocketChannelclass introduced this in Java 15: see here. Because of back-compat requirements, we can't just call it; otherwise trying to load it in older JVMs will fail. So we use reflection to try to call it, and fall back to the existing behaviour if it fails.The PR also fixes an issue with the Java version detection, which we leverage to select the right version of the TCP server listening. Previously, the version detection was always capped at Java 6. This would have only affected the
getpidcommand, which required Java 9, thus would have never used the "new" version of the code.Verification
When performing verification, setting up a reverse port forward will not work (since the interface is ignored for that). Instead, use a capture module such as
auxiliary/server/capture/telnet, set thesrvhostto0.0.0.0, and usenetstatto verify.getpidcommand works on pre-Java-9 and Java >= 9