追踪命令执行strace -e trace=network,open,close bash -c 'exec 3<>/dev/tcp/example.org/80'关键部分socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("93.184.215.14")}, 16) = 0检查文件描述符ls -lat /proc/self/fd/lrwx------ 1 user user 64 Aug 25 15:01 0 -> /dev/pts/0
lrwx------ 1 user user 64 Aug 25 15:01 1 -> /dev/pts/1
lrwx------ 1 user user 64 Aug 25 15:01 2 -> /dev/pts/2
lrwx------ 1 user user 64 Aug 25 15:01 3 -> 'socket:[2910856]'
lr-x------ 1 user user 64 Aug 25 15:01 4 -> /proc/1579316/fd3是连接到example.org的套接字的文件描述符重点来了:exec 3<> /dev/tcp/...这个语法。它的含义是: "创建一个用于输入和输出操作的套接字,并将其分配给进程标识符为3的文件描述符。发送http请求echo -ne "GET / HTTP/1.1\r\nHost: example.org\r\n\r\n" >&3读取响应结果cat <&3HTTP/1.1 200 OK
Age: 243157
Cache-Control: max-age=604800
Content-Type: text/html; charset=UTF-8
Date: Sun, 25 Aug 2024 14:15:54 GMT
Etag: "3147526947+ident"
Expires: Sun, 01 Sep 2024 14:15:54 GMT
Last-Modified: Thu, 17 Oct 2019 07:18:26 GMT
Server: ECAcc (dcd/7D77)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 1256<!doctype html>
<html>
<head><title>Example Domain</title>...
</head>
<body><div><h1>Example Domain</h1><p>This domain is for use in illustrative examples in documents. You may use this domain in literature without prior coordination or asking for permission.</p><p><a href="https://www.iana.org/domains/example">More information...</a></p></div>
</body>
</html>关闭套接字exec 3<&-搜集来自掌握Bash的秘密:直接用Bash发送HTTP请求的终极指南