termsend(1)
bofc manual pages
termsend(1)
NAME
termsend - share files or program output from command line using the most basic UNIX tools
SYNOPSIS
termsend [ -h | -v | options ]
DESCRIPTION
This server has one job - receive files and return link to uploaded content. There are no headers, after client connects every received byte is treated as part of file content and is stored on the server. There is a need for at least one control frame - it's not enough to just close connection after file has been transfered, because then, uploader won't receive link to his uploaded file. Client could of course send FIN with shutdown() function at the end of transfer but not all clients do that - nc, for example, nc does not issue FIN once stdin ends, but socat does that. The only control frame is an ending string - termsend\n. When this string is received at the end of stream, server returns link to uploaded content and closes connection. This simplicity is intentional, as thanks to this, files can be uploaded to the server using the most simple tools from terminal such as netcat and cat. Downloading or displaying files are as easy as calling curl on link that server returns. Both text an binary files can be uploaded to the server, but because there are no control headers, server knows nothing about it and it's up to the user to properly download and process received file. This mode is good for uploading outputs that can stall for long time.
To sumarize, upload will succed when:
-
- "termsend\n" is seen at the end of transfer
- client sends FIN, which is treated as end of stdin and thus end of upload
Upload will fail when:
-
-
max-timeout
passes and neither "termsend\n" nor FIN is seen
- client closes connection without waiting for data and FIN from server.
- client connects and immediately sends FIN (no data sent)
- client connects sends, only "termsend\n" and sends FIN (no data sent)
Timed upload
Normally termsend will wait for "termsend\n" string and if no data is sent within MAX_TIMEOUT seconds connection will be closed with error and data will not be saved. You can however use timed upload to send data without the "termsend\n" string, which will make uploading even easier. If you use timed upload, and timeout occurs, server will save uploaded data and link will be sent back to the client. When "termsend\n" is seen, link will be transmited back immediately as it is done in non-timed upload. When client sends FIN, link will also be send immediately, but for clients that does nothing when stdin ends (netcat), server will wait timeout seconds until link is provided. Because of that, it's advisible to set timed-max-timeout to small value like 3 seconds or so. So since, timeout upload is more versatile than non-upload one, it is not to be used with programs that can output data slowly.
This can be important, for example, when you want to upload output of make.
make | nc termsend.pl 1338
In this situation when make does not output anything, which is not something strange when big C++ file with templates is being compiled, server will save partial output and close connection. On the other hand, if you set timeout to big value, client will hand for that time waiting for server to respond.
To sumarize, upload will succed when:
-
- "termsend\n" is seen at the end of transfer
- client sends FIN, which is treated as end of stdin and thus end of upload
- timed-max-timeout passes and no data is seen during that period
Upload will fail when:
-
- client closes connection without waiting for data and FIN from server.
- client connects and immediately sends FIN (no data sent)
- client connects sends, only "termsend\n" and sends FIN (no data sent)
- client connects and does not send anything until timeout occurs (no data sent)
If you still don't know which mode to use - if you don't want to support uploading from slow programs, use timed upload as it's more versatile. Otherwise use non-timed with big timeout. And remember you can always start termsend in both modes working on 2 different ports.
OPTIONS
- -h
- Prints short help and exits
- -v
- Prints version number and exits
- -l, --level=<level>
-
Verbosity of logs.
level
can be one of:
0 fatal errors, application cannot continue 1 major failure, needs immediate attention 2 critical errors 3 error but recoverable 4 warnings 5 normal message, but of high importance 6 info log, doesn't print that much (default) 7 debug, not needed in production
- -c
- When enabled, ANSI colors will be added to program logs depending on log level. Usefull for spotting errors and warnings, but might not work with all terminals and tools.
Passing 0 as port number will disable given socket.
- -i, --listen-port=<port>
-
Program will listen on specified
port
for incoming connections.
This port will be used for handling unencrypted connections that ends with
termsend\n
string.
When no data in
max-timeout
is received, connection is closed with error.
Default is: 1337 - -a, --timed-listen-port=<port>
-
Program will listen on specified
port
for incoming connections.
This port will be used for handling unencrypted connections and data does
not have to end with
termsend\n
string.
Transfer ends if either
termsend\n
string is seen at the end or, client issues gentle connection close with
shutdown() function or
timed-max-timeout
passes.
Default is: 1338 - -I, --ssl-listen-port=<port>
- Program will listen on specified port for incoming connections. This port will be used for handling encrypted connections that ends with termsend\n string. When no data in max-timeout is received, connection is closed with error. For this to work, you will also need to set --key-file and --cert-file.
- -A, --timed-ssl-listen-port=<port>
- Program will listen on specified port for incoming connections. This works in the same way as timed-listen-port but over encrypted socket. For this to work, you will also need to set --key-file and --cert-file.
- -k, --key-file=<path>
- When --ssl-listen-port is set, you need to set path to a key file in PEM format.
- -C, --cert-file=<path>
-
When
--ssl-listen-port
is set, you need to set path to a certificate file in
PEM
format.
Both key and self-signed certificate can be generated via
# create new 2048 bit long RSA key openssl genrsa -out termsend.key 2048 # create self-signed certificate openssl req -new -key termsend.key -x509 -days 3650 -out termsend.crt # key should be secret and unavailable to outer world chmod 600 termsend.key
Keep in mind, that users will have to have your termsend.crt file in order to verify your server. Without that, user will not be sure if your server really belongs to you and will be suscible to man-in-the-middle attack. - -f, --pem-pass-file=<path>
- If your key is encrypted with password, you can pass path to a file, which contains password for the key. File should contain only password, file should end with new line character, which will be trimmed. If your password ends with a new line character, file should have 2 new line characters at the end of file.
- -s, --max-filesize=<size>
-
Maximum
size
of file that can be uploaded to server.
If uploaded size of file is bigger than configured, user will receive error, and
file will not be stored on the server.
Default is: 1048576 bytes (1MiB) - -D, --daemonize
-
Program will try to run as daemon. If
termsend
is called as
root,
program will try to drop priviliges and run with
user
and
group
priviliges. If
user
and
group
is not set, program will try to run with
termsend
user and group.
Default is: off - -m, --max-connections=<number>
-
Defines how many clients can be connected (active uploads) simultaneously.
If this number is reached, and new connection is inboud, user will receive
information about limit reach and connection will be closed.
Default is: 10 - -t, --max-timeout=<seconds>
-
If during upload, client doesn't send any single bytes for configured
seconds,
server will close connection and information will be sent back to the client
informing him about timeout - as it is possible that he forgot to end upload
with special phrase
termsend\n.
Default is: 60 - -T, --list-type=<type>
-
When
type
is set to
-1,
program operates in
blacklist
mode. If connected clients ip is in the
list_file,
such connection will be droped and information to user about his banishment will
be sent.
When type is set to 1, program oeprates in whitelist mode. Only clients listed in list_file will be able to upload files. Everyone else will receive access denied error.
When type is set to 0, everyone can upload without restriction.
Default is: 0 - -L, --list_file=<path>
-
Path to list of IPs, which will be filtered base on
list-type
option. One IP per line is allowed.
Default is: /etc/termsend-iplist - -b, --bind-ip=<ip-list>
-
Comma separeted list of IPs. Program will listen only on IPs listed in
ip-list
field.
Default is: 0.0.0.0 (accept connection from any source) - -d, --domain=<domain>
-
Domain on which server runs.
This will be used to send user back information where he can download what he
just sent.
Default is: localhost - you definately want to change this. - -u, --user=<user>
-
user
that should run server. Only works when run as daemon started from root account.
Default is: termsend - -g, --group=<group>
-
group
that should run server. Only works when run as daemon started from root account.
Default is: termsend - -q, --query-log=<path>
-
Place where all queries will be logged. Check
FILES
section for more information
Default is: /var/log/termsend-query.log - -p, --program-log=<path>
-
Program log path. Check
FILES
section for more information.
Default is: /var/log/termsend.log - -P, --pid-file=<path>
-
Where to store programs pid.
Only works if run as daemon.
Default is: /var/run/termsend.pid - -o, --output-dir=<path>
-
Location where all uploaded files will be stored. Check
FILES
section for more information.
Default is: /var/lib/termsend
FILES
These are default file locations. They can be changed via options.
- /etc/termsend/iplist
- Separated by new line list of IPs that are filtered (depending on list_type field). One IP per line is allowed
- /etc/termsend/termsend.cert
- SSL certificate to use with encrypted uploads
- /etc/termsend/termsend.key
- SSL key to use with encrypted uploads
- /var/run/termsend.pid
- Process id of working daemon. This file is created only when program is run with -d option
- /var/log/termsend-query.log
- Every upload query will be logged here exactly once. If query failed, short reason is added and more information about failure can be found in program log. For successful queries, filename is loged. All queries will contain date of upload and source IP.
- /var/log/termsend.log
- General execution logs are kept here. Detailed information about errornous queries will be here.
- /var/lib/termsend
- Directory where all uploaded files are stored - usually root of http from where people can download files. User that runs program should have write access to this directory. http server should have read access to this directory.
BUG REPORTING
Please report all bugs to "Michał Łyszczek <michal.lyszczek@bofc.pl>"
23 August 2019 (v1.1.1)
termsend(1)