Networking Software

Programs related to networking.

To facilitate navigating in this list, projects are categorized by their purpose, authorship, and current state. Each project entry lists the categories it pertains to. Clicking on a category name will bring a listing of all projects in that category.

Additionally, a list of related projects is provided where applicable. Each element in that list is a link to the corresponding project entry.

Clicking on a project's name will bring this project's entry as a separate page (a permalink).

Hovering your mouse over the version information of a project shows the list of changes introduced by that version.

Sort controls below allow you to order the list either lexicographically or by the most recent release date, in both directions.

Using the Search control, you can select projects by name. Shell-style globbing patterns (wildcards) are accepted.

(Return to the project listing)


Version: 1.0  —  2019-10-10
Initial release.

A tool for monitoring the expiration times of remote SSL certificates via HTTPS. Can be used either as a Nagios plugin or as a standalone tool.


Version: 1.9.3  —  May 12, 2015
* ftp

An old inability to allow other names than the canonical name has
been corrected.  This means that a machine entry in the .netrc file
will now be used as expected.  Previously any alias name was replaced
by the corresponding canonical name, before reading the .netrc file.

The internal command `hash' accepts a suffixed letter to the size
argument, like `12k', instead of 12288.  Made a minor change to the
syntax of the command itself, allowing size changes independently
of activation of hash markings.  After a transfer the summary gives
the speed as `Mbytes/s', `kbytes/s', or `bytes/s'.

The .netrc file can be overridden by the environment variable NETRC.
Of even higher precedence is the new option `-N/--netrc'.  The access
to the resulting file, whatever method, is now denied unless it is a
regular file.

* ifconfig

Better command line parsing on BSD and Solaris systems.  Touch only
changeable flags on all systems.

* logger

The ability to use numerical facilities is restored to full range.

* ping, ping6

The ability to specify a pattern as payload is corrected.

* syslogd

A new switch `-T/--local-time' makes the service ignore a time
stamp passed on by the remote host, recording instead the local
time at the moment the message was received.  As a short form of
`--pidfile', the switch `-P' is new.

In common with other syslogd implementations, rsyslogd and sysklogd,
there has for a long time existed an attack vector based on large
facility numbers, made public in CVE-2014-3684.  This is now mended
in our code base.

* telnetd

The ability to autologin a client, without using authentication,
is now functional in the expected manner, i.e., the prompt for a
user name is suppressed in favour of an immediate password prompt.

In a setting where the client is using a UTF-8 encoding, it was
common to observe strange characters in most responses.  This was
caused by the server daemon, due to incomplete purging of internal
protocol data.  The issue should now be resolved.

* whois

Improved cooperation with servers like `', `',
and `'.

Inetutils, or GNU Internet Utilities, are the basic internet utilities of the GNU Operating System.


(Not released)



Version: 1.3  —  2011-03-31
* Use IPv6 URLs as proposed by RFC 2732

The address part of an IPv6 URL must be either an IPv6 address in
numeric notation *enclosed in square brackets* or a host name, e.g.:



A Jabber Over HTTP tunnel. It enables access to Jabber servers from behind firewalls which do not allow outgoing sockets on port 5222.


Version: 1.2  —  2018-10-26
* Implement heartbeat event

* Add auxiliary program: ifactive

* Fix file descriptor leak


Jumper monitors network interfaces for certain kinds of traffic and starts preconfigured external programs when such traffic is detected. It is designed mainly to bring up network links (such as VPN and the like) on demand.

Related projects:


Version: 8.14  —  2022-08-13
* Initialization of implicitly declared automatic variables

Implicitly declared automatic variables are initialized to null
values, just like global ones.  This means, in particular that
the following code is now valid:

  func foo()
    if bar()
       set a "ok"
    echo a

Depending on the return value of bar(), this function will print
either "ok" or an empty string.  In previous versions, it would
produce unspecified results.

* Buffered I/O

The I/O operations can be buffered.  Use of fully buffered streams
can dramatically improve performance, especially for `getline' and
`getdelim' calls.

The global variables `io_buffering' and `io_buffer_size' define
buffering mode and associated buffer size for file descriptors
returned by the subsequent calls to `open' or `spawn'.  Buffering mode
of an already open file descriptor can be changed using the `setbuf'

The `io_buffering' variable defines the buffering mode.  By
default it is 0 (BUFFER_NONE), which disables buffering for
backward compatibility with the previous versions.  Another
possible values are: 1 (BUFFER_FULL) and 2 (BUFFER_LINE)

When set to BUFFER_FULL, all I/O operations become fully buffered.
The buffer size is defined by the `io_buffer_size' global variable.

BUFFER_LINE is similar to BUFFER_FILE when used for input.  When used
for the output, the data are accumulated in buffer
and actually sent to the underlying transport stream when the newline
character is seen.  The `io_buffer_size' global variable sets the
initial value for the buffer size in this mode.  The actual size can
grow as needed during the I/O.

The default value for `io_buffer_size' is the size of the system page.

The symbolic constants BUFFER_NONE, BUFFER_FULL and BUFFER_LINE are
defined in the '' module.  E.g.:

  require status

    io_buffering = BUFFER_FULL

Use the `setbuf' function to change the buffering mode and/or buffer
size for an already opened stream, e.g.:

  setbuf(fd, BUFFER_FULL, 4096)

* Changes in read and write functions

The 'read' function tries to read as much data (up to the requested
amount) as possible.  It will return success if it succeeded to read
less bytes than requested (in previous versions it would incorrectly
signal the e_io exception in this case).  Use the length() function
to determine actual number of bytes read.  The 'read' functions signals
e_eof if it read 0 bytes and e_io if an error occurred.

The 'write' function tries to write as much data (up to the requested
amount) as possible.  It will signal e_io in case of error and e_eof
if 0 bytes were written.

* dkim_sign and Sendmail

Sendmail silently modifies certain headers before sending the
message in the SMTP transaction.  It has been reported that on certain
occasions this invalidates DKIM signatures created by dkim_sign().
To prevent this from happening, dkim_sign() now mimics the Sendmail
behavior and reformats those headers before signing the message.  The
headers affected are: Apparently-To, Bcc, Cc,
Disposition-Notification-To, Errors-To, From, Reply-To, Resent-Bcc,
Resent-Cc, Resent-From, Resent-Reply-To, Resent-Sender, Resent-To,
Sender, To.

This behavior is controlled by the global variable
dkim_sendmail_commaize.  Set it to 0 to disable it.

* Support for rsa-sha1 in DKIM

Both dkim_sign and dkim_verify support rsa-sha1 for compatibility with
older software.  Upon return from dkim_verify the name of the algorithm
used to sign the message is stored in the global variable
dkim_signing_algorithm.  The dkim_sign function takes additional
optional argument that specifies the algorithm to use.  Its
declaration is now:

  void dkim_sign(string d, string s, string keyfile
                 [, string ch, string cb, string headers, string algo ])

* New DKIM explanation code: DKIM_EXPL_BAD_KEY_TYPE

This code is reported by `dkim_verify' if the `k=' tag of the public
DKIM key contains a value other than "rsa".

* Support for CNAME chains

CNAME chains are formed by DNS CNAME records pointing to another
CNAME.  Using CNAME chains in DNS is not considered a good practice and
prior versions of mailfromd would refuse to resolve a CNAME pointing to
CNAME.  However, this interacted badly with certain DNS servers that
publish otherwise valid RRs pointed to by 2 or 3 element CNAME chains.
To cope with such server, mailfromd now allows for CNAME chains of
length 2 by default.  This can further be configured using the
"max-cname-chain" statement in the "resolver" section of mailfromd
configuration file (see below).

* The "resolver" configuration statement

This new configuration statement configures certain aspects of the
internal DNS resolver.  The syntax is as follows:

  resolver {
    config FILENAME;
    max-cname-chain NUM;

The "config" statements defines the name of the resolver configuration
file to use instead of the default /etc/resolv.conf.

The "max-cname-chain" statement defines the maximum length of a CNAME
chain that will be followed.  The default is 2.

* Bugfixes

** Fixed sorting in dns_query()

** Fixed a bug in message I/O functions

If compiled with mailutils versions newer than 3.13, this bug would
provoke infinite recursion in message_to_stream or its derived

** Fixed a bug in dkim_sign routine

The bug would cause coredumps on 32-bit architecture.

** Avoid dereferencing undefined optional arguments in built-ins

** Fixed return value of hasmx function

** Fixed header handling in send_text, create_dsn and send_dsn built-ins

** Fixed compilation with flex >= 2.6.1

** Remove unused configuration variables

Mailfromd is a general-purpose mail filtering daemon for Sendmail, Postfix and MeTA1. It is able to filter both incoming and outgoing messages using criteria of arbitrary complexity, supplied by the administrator in the form of a script file. The daemon interfaces with the MTA using Milter or PMilter protocols.


(Not released)

A modular remote management system for Ping903. Allows the user to inspect configuration of the running server, add or remove IP addresses, synchronize the monitored IP list with the Nagios configuration or an SQL database etc.

Related projects:


Version: 1.8  —  2022-08-13
* New configuration keywords

** sigterm SIG

Available for use in "component" sections.  This statement defines
signal which pies should send to the running component instance in
order to terminate it.  Defaults to SIGTERM.

* Fix the component shutdown sequence

The shutdown sequence is determined taking into account dependencies
between components, so that all dependent components are stopped
before their prerequisite components.

* Fallback log file

Fallback log file is a place where pies writes out of band log messages,
i.e. messages about not being able to open syslog socket or send logs
to it.  Regular log messages are diverted to this file if syslog was
requested, but cannot be used because of a permanent error.

* Bugfixes

** Fix piesctl config reload

** Fix configuration preprocessing.

** Varios fixes in REST API server.

GNU pies (pronounced p-yes) is a program invocation and execution supervisor. This utility allows to execute usual foreground-mode applications in detached mode, as if they were daemons. It combines the fucntionality of init and inetd programs. It can be used to control complex multi-component software.

Related projects:


Version: 0.8  —  2020-03-19
* Use red-black trees to index the IP list.


Ping903 is designed to periodically monitor a very large number of remote hosts using ICMP ECHO packets. The package is built using the client-server architecture. The main component (ping903) is a daemon that sits in memory and wakes up periodically to send certain number of ICMP echo packets to a preconfigured number of hosts and to collect replies. The resulting round-trip statistics is made available via REST API.

Related projects:


Version: 1.6  —  2008-12-06
* Configuration file raddb/config

The syslog statement takes an optional 4th argument specifying syslog
tag to use, e.g.:

    channel default {
	    syslog radiusd;

* New attributes

** GNU-Server-Address

Holds IP address of the RADIUS server that recieved the
request. Notice, that the value of this attribute is "" if
there are no `listen' statement in your `raddb/config'.
** GNU-Server-Port

Holds UDP port number of the RADIUS server that recieved the request.

* Automake function AM_GNU_RADIUS is provided, for checking if
GNU Radius is installed from scripts.

* Guile support requires Guile version 1.8 or later.

* Bugfixes
** Pass NAS-IP-Address to mlc_stop_query	

GNU Radius is an extensible and scalable authentication and accounting server.


Version: 1.8  —  2021-05-17
* Syslog support

New option '-S FACILITY' switches diagnostic output to the given
syslog facility.


A simple tool for forwarding content of a local file to the stdin of a program running on a remote host via TCP. The tool was created when I needed to run GNU Mailman in a docker container without MTA in it. It implements a slightly modified version of TCPMUX protocol. The same binary (rpipe) serves both as a server (on the remote end) and as a client (on the local end).

Related projects:


Version: 2.3  —  2022-07-16
* Fix invalid memory addressing in remopt command

* Fix building with flex >= 2.6.1 (EOF check)

GNU Rush is a Restricted User Shell. It is intended for use with ssh, rsh and similar remote access programs. Using a sophisticated configuration file, Rush gives you complete control over the command lines users can execute, system resources they can use, etc. In particular, it allows to run remote programs in a chrooted environment.

Related projects:


(Not released)