[ncat] Ability to control hostname resolution for proxy destinations #1439
Conversation
From a read-through of the code, this looks like it'll solve the issue. I'm traveling the next two weeks, so I'm not sure when I'll get a chance to actually give it a shot, but I'll try to find time this this week if I can.
| @@ -647,6 +659,7 @@ int main(int argc, char *argv[]) | |||
| " --proxy <addr[:port]> Specify address of host to proxy through\n" | |||
| " --proxy-type <type> Specify proxy type (\"http\", \"socks4\", \"socks5\")\n" | |||
| " --proxy-auth <auth> Authenticate with HTTP or SOCKS proxy server\n" | |||
| " --proxy-dns <type> Specify where to resolve proxy destination\n" | |||
There was a problem hiding this comment.
probably should list the possible types here (none, local, remote, both)... and maybe what they mean...
There was a problem hiding this comment.
Not enough space if we want to keep it on a single line
|
I checked out your branch and tried to build, but the build fails on: |
|
Nevermind I think this is #1379 I'll give the solution there a shot. |
|
local/remote/both all work as expected, thanks! I will note that |
|
Yup; my bad. Hopefully fixed. |
|
Committed as r37586. |
In connect mode, currently all proxy destinations are directly passed onto the remote proxy server, without trying to resolve them locally. This behavior has raised some concerns.
This proposal implements a new ncat option that provides control over whether these hostnames are resolved by the remote proxy server or locally, by Ncat itself.
Usage:
local- Hostnames are resolved locally on the Ncat host. Ncat exits with error if the hostname cannot be resolved.remote- Hostnames are passed directly onto the remote proxy server. This is the default behavior.both- Hostname resolution is first attempted on the Ncat host. Unresolvable hostnames are passed onto the remote proxy server.none- Hostname resolution is completely disabled. Only an IPv4 or IPv6 address can be used as the proxy destination.Note that this new option is complementing, not replacing, option
--no-dns, which controls all existing hostname resolution, such as non-proxied targets, hops, source address, and the proxy server itself.