[ncat] Ability to control hostname resolution for proxy destinations #1439
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced Jan 22, 2019
jaymzh
reviewed
Jan 22, 2019
| @@ -647,6 +659,7 @@ int main(int argc, char *argv[]) | |||
| " --proxy <addr[:port]> Specify address of host to proxy through\n" | |||
| " --proxy-type <type> Specify proxy type (\"http\", \"socks4\", \"socks5\")\n" | |||
| " --proxy-auth <auth> Authenticate with HTTP or SOCKS proxy server\n" | |||
| " --proxy-dns <type> Specify where to resolve proxy destination\n" | |||
There was a problem hiding this comment.
probably should list the possible types here (none, local, remote, both)... and maybe what they mean...
There was a problem hiding this comment.
Not enough space if we want to keep it on a single line
|
I checked out your branch and tried to build, but the build fails on: |
|
Nevermind I think this is #1379 I'll give the solution there a shot. |
|
local/remote/both all work as expected, thanks! I will note that |
|
Yup; my bad. Hopefully fixed. |
|
Committed as r37586. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
In connect mode, currently all proxy destinations are directly passed onto the remote proxy server, without trying to resolve them locally. This behavior has raised some concerns.
This proposal implements a new ncat option that provides control over whether these hostnames are resolved by the remote proxy server or locally, by Ncat itself.
Usage:
local- Hostnames are resolved locally on the Ncat host. Ncat exits with error if the hostname cannot be resolved.remote- Hostnames are passed directly onto the remote proxy server. This is the default behavior.both- Hostname resolution is first attempted on the Ncat host. Unresolvable hostnames are passed onto the remote proxy server.none- Hostname resolution is completely disabled. Only an IPv4 or IPv6 address can be used as the proxy destination.Note that this new option is complementing, not replacing, option
--no-dns, which controls all existing hostname resolution, such as non-proxied targets, hops, source address, and the proxy server itself.