Bug 2208485

Summary: netcat can't close TCP connection automatically
Product: [Fedora] Fedora Reporter: mhou <mhou>
Component: netcatAssignee: Robert Scheck <redhat-bugzilla>
Status: ASSIGNED --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 38CC: ctrautma, jiji, kzhang, redhat-bugzilla
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description mhou 2023-05-19 09:03:01 UTC 
Description of problem:
netcat can't close TCP connection automatically

Version-Release number of selected component (if applicable):
netcat-1.219-2.el9.x86_64

How reproducible: 100%


Steps to Reproduce:
1. start a server side and listen port 10000
netcat -l 192.168.100.200 10000 -k
2. from client side, read test data from a file and send to server side.
seq -sX 1025 | tr -d '[:digit:]' > /tmp/1024.pkt
netcat 192.168.100.200 10000 -p 5011 < /tmp/1024.pkt 
3. check the data already send to server side
# netcat -l 192.168.100.200 10000 -k
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

4. check nc still use port 
# netstat -anltup | grep 10000
tcp        0      0 192.168.100.100:5011    192.168.100.200:10000   ESTABLISHED 4664/netcat 

5. If add -N parameter, nc will close but the connection go to TIME_WAIT status.
]# netcat -N 192.168.100.200 10000 -p 5010 < /tmp/1024.pkt 
[root@dell-per740-60 ~]# netcat -N 192.168.100.200 10000 -p 5010 < /tmp/1024.pkt 
netcat: bind failed: Address already in use
[root@dell-per740-60 ~]# netstat -anltup | grep 5010
tcp        0      0 192.168.100.100:5010    192.168.100.200:10000   TIME_WAIT   - 

6. Use ncat won't meet this issue
# ncat 192.168.100.200 10000 -p 5010 < /tmp/1024.pkt 
[root@dell-per740-60 ~]# ncat 192.168.100.200 10000 -p 5010 < /tmp/1024.pkt 
[root@dell-per740-60 ~]# ncat 192.168.100.200 10000 -p 5010 < /tmp/1024.pkt 
[root@dell-per740-60 ~]# netstat -anltup | grep 5010
tcp        0      0 192.168.100.100:5010    192.168.100.200:10000   TIME_WAIT   -

Actual results:
From step4, after send data the nc still running

Expected results:
As man description, After the file has been transferred, the connection will close automatically.

Additional info:
Until rhel9.2 version, nc points to ncat by default. But if netcat is installed after 9.3, the nc command will point to netcat by default.

rhel9.2 
# alternatives --list
libnssckbi.so.x86_64	auto  	/usr/lib64/pkcs11/p11-kit-trust.so
soelim              	auto  	/usr/bin/soelim.groff
iptables            	auto  	/usr/sbin/iptables-nft
ebtables            	auto  	/usr/sbin/ebtables-nft
arptables           	auto  	/usr/sbin/arptables-nft
cifs-idmap-plugin   	auto  	/usr/lib64/cifs-utils/cifs_idmap_sss.so
man                 	auto  	/usr/bin/man.man-db
ld                  	auto  	/usr/bin/ld.bfd
nc                  	auto  	/usr/bin/ncat
cdrecord            	auto  	/usr/bin/xorrecord
mkisofs             	auto  	/usr/bin/xorrisofs
# file /usr/bin/nc
/usr/bin/nc: symbolic link to /etc/alternatives/nc
# file /etc/alternatives/nc
/etc/alternatives/nc: symbolic link to /usr/bin/ncat

rhel9.3
# alternatives --list
libnssckbi.so.x86_64	auto  	/usr/lib64/pkcs11/p11-kit-trust.so
soelim              	auto  	/usr/bin/soelim.groff
iptables            	auto  	/usr/sbin/iptables-nft
ebtables            	auto  	/usr/sbin/ebtables-nft
arptables           	auto  	/usr/sbin/arptables-nft
cifs-idmap-plugin   	auto  	/usr/lib64/cifs-utils/cifs_idmap_sss.so
man                 	auto  	/usr/bin/man.man-db
ld                  	auto  	/usr/bin/ld.bfd
nc                  	auto  	/usr/bin/netcat
cdrecord            	auto  	/usr/bin/xorrecord
mkisofs             	auto  	/usr/bin/xorrisofs
qtchooser-5         	auto  	/etc/xdg/qtchooser/5-64.conf
qtchooser-default   	auto  	/etc/xdg/qtchooser/5.conf

# file /usr/bin/nc
/usr/bin/nc: symbolic link to /etc/alternatives/nc

# file /etc/alternatives/nc
/etc/alternatives/nc: symbolic link to /usr/bin/netcat
Comment 1 Robert Scheck 2023-05-19 09:27:16 UTC 
OpenBSD netcat requires usage of '-N': shutdown(2) the network socket after EOF on the input.  Some servers require this to finish their work.

> Until rhel9.2 version, nc points to ncat by default. But if netcat is installed after 9.3, the nc command will point to netcat by default.

From my point of view, the alternatives symlink should not change. But as a non-Red-Hat-employee, I do not have access to RHEL 9.3. Do you have any reproducing scenario that does not require RHEL 9.3?
Comment 2 mhou 2023-05-19 09:36:13 UTC 
Hello Robert

> OpenBSD netcat requires usage of '-N': shutdown(2) the network socket after EOF on the input.  Some servers require this to finish their work.

The key problem is that even if I use -N to close the netcat application, starting netcat again with the same configuration fails. But this doesn't happen in ncat.

please check below output:
5. If add -N parameter, nc will close but the connection go to TIME_WAIT status.
]# netcat -N 192.168.100.200 10000 -p 5010 < /tmp/1024.pkt 
[root@dell-per740-60 ~]# netcat -N 192.168.100.200 10000 -p 5010 < /tmp/1024.pkt 
netcat: bind failed: Address already in use
[root@dell-per740-60 ~]# netstat -anltup | grep 5010
tcp        0      0 192.168.100.100:5010    192.168.100.200:10000   TIME_WAIT   - 

6. Use ncat won't meet this issue
# ncat 192.168.100.200 10000 -p 5010 < /tmp/1024.pkt 
[root@dell-per740-60 ~]# ncat 192.168.100.200 10000 -p 5010 < /tmp/1024.pkt 
[root@dell-per740-60 ~]# ncat 192.168.100.200 10000 -p 5010 < /tmp/1024.pkt 
[root@dell-per740-60 ~]# netstat -anltup | grep 5010
tcp        0      0 192.168.100.100:5010    192.168.100.200:10000   TIME_WAIT   -




> From my point of view, the alternatives symlink should not change. But as a non-Red-Hat-employee, I do not have access to RHEL 9.3. Do you have any reproducing scenario that does not require RHEL 9.3?

From fedora, I think this issue also can be reproduced.
1. configure epel repo as below:
# cat /etc/yum.repos.d/epel.repo 
[epel]
name=Extra Packages for Enterprise Linux $releasever - $basearch
# It is much more secure to use the metalink, but if you wish to use a local mirror
# place its address here.
#baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch/
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir
enabled=1
gpgcheck=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever

2. try to install nc
yum install nc

3. check the alternatives
Comment 3 Robert Scheck 2023-05-19 10:38:38 UTC 
OpenBSD netcat does not behave identically like Nmap ncat - not sure at the moment if this is intended here or a bug.

However, what I do treat as critical is that the alternative symlink gets changed. I'll have a look to it.