Networking Software
Programs related to networking.
To facilitate navigating in this list, projects are categorized by their purpose, authorship, and current state. Each project entry lists the categories it pertains to. Clicking on a category name will bring a listing of all projects in that category.
Additionally, a list of related projects is provided where applicable. Each element in that list is a link to the corresponding project entry.
Clicking on a project's name will bring this project's entry as a separate page (a permalink).
Hovering your mouse over the version information of a project shows the list of changes introduced by that version.
Sort controls below allow you to order the list either lexicographically or by the most recent release date, in both directions.
Using the Search control, you can select projects by name. Shell-style globbing patterns (wildcards) are accepted.
(Return to the project listing)
certmon
Initial release.
A tool for monitoring the expiration times of remote SSL certificates via HTTPS. Can be used either as a Nagios plugin or as a standalone tool.
inetutils
* ftp An old inability to allow other names than the canonical name has been corrected. This means that a machine entry in the .netrc file will now be used as expected. Previously any alias name was replaced by the corresponding canonical name, before reading the .netrc file. The internal command `hash' accepts a suffixed letter to the size argument, like `12k', instead of 12288. Made a minor change to the syntax of the command itself, allowing size changes independently of activation of hash markings. After a transfer the summary gives the speed as `Mbytes/s', `kbytes/s', or `bytes/s'. The .netrc file can be overridden by the environment variable NETRC. Of even higher precedence is the new option `-N/--netrc'. The access to the resulting file, whatever method, is now denied unless it is a regular file. * ifconfig Better command line parsing on BSD and Solaris systems. Touch only changeable flags on all systems. * logger The ability to use numerical facilities is restored to full range. * ping, ping6 The ability to specify a pattern as payload is corrected. * syslogd A new switch `-T/--local-time' makes the service ignore a time stamp passed on by the remote host, recording instead the local time at the moment the message was received. As a short form of `--pidfile', the switch `-P' is new. In common with other syslogd implementations, rsyslogd and sysklogd, there has for a long time existed an attack vector based on large facility numbers, made public in CVE-2014-3684. This is now mended in our code base. * telnetd The ability to autologin a client, without using authentication, is now functional in the expected manner, i.e., the prompt for a user name is suppressed in favour of an immediate password prompt. In a setting where the client is using a UTF-8 encoding, it was common to observe strange characters in most responses. This was caused by the server daemon, due to incomplete purging of internal protocol data. The issue should now be resolved. * whois Improved cooperation with servers like `whois.arin.net', `whois.eu', and `whois.ripe.net'.
Inetutils, or GNU Internet Utilities, are the basic internet utilities of the GNU Operating System.
joh
* Use IPv6 URLs as proposed by RFC 2732 The address part of an IPv6 URL must be either an IPv6 address in numeric notation *enclosed in square brackets* or a host name, e.g.: inet6://[::1]:1100
A Jabber Over HTTP tunnel. It enables access to Jabber servers from behind firewalls which do not allow outgoing sockets on port 5222.
jumper
* Implement heartbeat event * Add auxiliary program: ifactive * Fix file descriptor leak
Jumper monitors network interfaces for certain kinds of traffic and starts preconfigured external programs when such traffic is detected. It is designed mainly to bring up network links (such as VPN and the like) on demand.
mailfromd
* Multiple handler definitions
Multiple "prog" declarations with the same handler name are now
allowed. Such declarations are processed the same way multiple
"begin" and "end" sections were processed in prior versions:
when compiling the filter program, the code from all "prog"
declarations having the same handler name is combined into one code
block, in the same order the declarations appear in the source
file(s).
This allows MFL modules to define handler snippets.
* New special handler: action
The "action" special handler is executed before communicating the reply
action (accept, reject, etc.) to the server. The handler takes four
arguments: numeric identifier of the action that is about to be
returned, SMTP response code, extended response code, and textual
message passed along with the action. The last three arguments are
meaningful only for reject and tempfail actions.
Action handlers can be used for logging or accounting of the executed
actions.
* New variable: milter_state
The milter_state variable is initialized with the numeric code of
the current milter state. Using this variable a function can execute
code depending on the handler it was called from.
The new module "milter.mfl" defines numeric constants for milter
states. The functions milter_state_name and milter_state_code can
be used to convert this code to symbolic name and vice versa.
* New functions
The following new functions are provided to convert numeric
identifiers of various MFL entities to strings and vice-versa:
** string milter_state_name (number code)
Returns symbolic name of the milter state identified by its code.
** number milter_state_code (string name)
Returns numeric code of the state identified by its name.
** string milter_action_name (number code)
Returns symbolic name of the reply action identified by its code.
** number milter_action_name (string name)
Returns numeric code of the action identified by its name.
** void dbbreak (number @var{dbn})
Stop sequential access to the database and deallocate all associated
resources. Use this function if you need to break from the sequential
access loop, e.g.:
loop for number dbn dbfirst(dbname)
do
if some_condition
dbbreak(dbn)
break
fi
done while dbnext(dbn)
* New module: cdb
The "cdb" (control database) module provides functions for deciding
what MFL action to take depending on the result of a look up in a DBM
file. Keys in the database have the format "PREFIX:KEY", where PREFIX
is one of:
email match sender email
ip match sender IP address
domain match sender domain part
subdomain search for a match among the domain part and its parent
domains
mx match MX of the sender domain part
Values are (case-insensitive):
OK continue executing the MFL code
ACCEPT accept the mail
REJECT reject the mail (550)
TEMPFAIL return a temporary failure (451)
GREYLIST greylist the mail
or action specification in the form
[code [xcode]] text
where code is 3-digit SMTP response code, xcode is extended SMTP code,
and text is explanatory reason text. Both code and xcode must begin
with '4' or '5'. If code and xcode are missing, reject the mail with
550 5.1.0 and the given text.
This module exports one function:
func cdb_check(string prefix, string key)
Depending on the value of the prefix argument it does the following:
ip
Look up the "ip:KEY" in the database. If found, take the action
as described above.
email
Key is an email address. Obtain its canonical form by
splitting it into local and domain parts, converting the latter
to lower case, reassembling the parts back into an email address
and prefixing it with the string "email:". Look up the resulting
string in the database. Take action indicated by the value.
domain
Key is an email address. Extract its domain part, convert it
to lower case and prefix it with "domain:". Look up resulting
string in the database. If the look up succeeds, take action
indicated by the value found.
subdomain
Same as above, but in case of failure, strip the shortest
hostname prefix (everything up to the first dot, inclusively)
from the domain and restart with the resulting value. Continue
process until a match is found or the argument is reduced to empty
string.
mx
Key is an email address. Extract its domain part. For each of
its MX servers, look up the key "mx:SERVER" and, if found, take
action indicated by the value found.
The cdb_check function returns to caller only if the key was not
found in the database, or the lookup returned "OK" (case-insensitive)
or an empty string. Otherwise, if the lookup returns an action, this
action will be performed and further execution of the filter code will
stop.
If the looked up value was "GREYLIST" while the function was called
from the handler prior to "envrcpt" (i.e. "connect", "helo", or
"envfrom"), the current handler will return and normal control flow
will resume from the next handler (as if by "continue" action). Actual
greylisting will be performed later, on entry to "envrcpt" handler.
The following global variables control the functionality of the
module:
cdb_name Name of the control database file. Defaults to
/etc/mail/mfctl.db
cdb_greylist_interval
Greylisting time. Defaults to 900 seconds.
* mtasim: check expected textual replies
The "\E" command accepts optional second argument. If supplied,
it is treated as an extended regular expression. The subsequent
command will then succeed if its return code matched the one supplied
as the first argument, and its extended SMTP code and textual message
match the supplied regular expression.
* Bugfixes
** mtasim: correctly pass final body chunk to the milter
** Fix discrepancy between $N and $(N)
Both terms now mean exactly the same: Nth variadic argument.
** fix type conversions of typed variadic arguments
** Milter library: eliminate trailing space from arguments passed to handlers
** Milter server: don't pass extra \0 when sending multiple strings
** Fix handling of reply actions without explicit message text
In previous versions, the reject and tempfail actions would use the
default reply code if called without explicit message text (3rd
argument).
Mailfromd is a general-purpose mail filtering daemon for Sendmail, Postfix and MeTA1. It is able to filter both incoming and outgoing messages using criteria of arbitrary complexity, supplied by the administrator in the form of a script file. The daemon interfaces with the MTA using Milter or PMilter protocols.
mangemanche
A modular remote management system for Ping903. Allows the user to inspect configuration of the running server, add or remove IP addresses, synchronize the monitored IP list with the Nagios configuration or an SQL database etc.
pies
* New configuration keywords ** sigterm SIG Available for use in "component" sections. This statement defines signal which pies should send to the running component instance in order to terminate it. Defaults to SIGTERM. * Fix the component shutdown sequence The shutdown sequence is determined taking into account dependencies between components, so that all dependent components are stopped before their prerequisite components. * Fallback log file Fallback log file is a place where pies writes out of band log messages, i.e. messages about not being able to open syslog socket or send logs to it. Regular log messages are diverted to this file if syslog was requested, but cannot be used because of a permanent error. * Bugfixes ** Fix piesctl config reload ** Fix configuration preprocessing. ** Varios fixes in REST API server.
GNU pies (pronounced p-yes) is a program invocation and execution supervisor. This utility allows to execute usual foreground-mode applications in detached mode, as if they were daemons. It combines the fucntionality of init and inetd programs. It can be used to control complex multi-component software.
ping903
* Fix handing of the Connection: HTTP handler (both server and client)
Ping903 is designed to periodically monitor a very large number of remote hosts using ICMP ECHO packets. The package is built using the client-server architecture. The main component (ping903) is a daemon that sits in memory and wakes up periodically to send certain number of ICMP echo packets to a preconfigured number of hosts and to collect replies. The resulting round-trip statistics is made available via REST API.
radius
* Configuration file raddb/config
The syslog statement takes an optional 4th argument specifying syslog
tag to use, e.g.:
channel default {
syslog local1.info radiusd;
};
* New attributes
** GNU-Server-Address
Holds IP address of the RADIUS server that recieved the
request. Notice, that the value of this attribute is "0.0.0.0" if
there are no `listen' statement in your `raddb/config'.
** GNU-Server-Port
Holds UDP port number of the RADIUS server that recieved the request.
* Automake function AM_GNU_RADIUS is provided, for checking if
GNU Radius is installed from configure.ac scripts.
* Guile support requires Guile version 1.8 or later.
* Bugfixes
** Pass NAS-IP-Address to mlc_stop_query
GNU Radius is an extensible and scalable authentication and accounting server.
rpipe
* Syslog support New option '-S FACILITY' switches diagnostic output to the given syslog facility.
A simple tool for forwarding content of a local file to the stdin of a program running on a remote host via TCP. The tool was created when I needed to run GNU Mailman in a docker container without MTA in it. It implements a slightly modified version of TCPMUX protocol. The same binary (rpipe) serves both as a server (on the remote end) and as a client (on the local end).
rush
* Fix invalid memory addressing in remopt command * Fix building with flex >= 2.6.1 (EOF check)
GNU Rush is a Restricted User Shell. It is intended for use with ssh, rsh and similar remote access programs. Using a sophisticated configuration file, Rush gives you complete control over the command lines users can execute, system resources they can use, etc. In particular, it allows to run remote programs in a chrooted environment.