GitHub - Intika-Linux-Firewall/Force-Bind: Mirror of http://kernel.embedromix.ro/us/

1 Branch 0 Tags

Name	Name	Last commit message	Last commit date
Latest commit intika Add files via upload Apr 27, 2019 8f5d163 · Apr 27, 2019 History 59 Commits
packages	packages	Add files via upload	Apr 27, 2019
.gitignore	.gitignore	Restart accept interrupted by signal	Nov 11, 2014
INSTALL	INSTALL	First version.	Oct 27, 2010
LICENSE	LICENSE	First version.	Oct 27, 2010
Makefile.in	Makefile.in	Switch to v0.13 - Lots of changes - duilder update - rpm changelog	Apr 27, 2019
README	README	Switch to v0.13 - Lots of changes - duilder update - rpm changelog	Apr 27, 2019
TODO	TODO	Switch to v0.13 - Lots of changes - duilder update - rpm changelog	Apr 27, 2019
configure	configure	Restart accept interrupted by signal	Nov 11, 2014
dillo.sh	dillo.sh	Switch to v0.13 - Lots of changes - duilder update - rpm changelog	Apr 27, 2019
duilder	duilder	Switch to v0.13 - Lots of changes - duilder update - rpm changelog	Apr 27, 2019
duilder.conf	duilder.conf	Switch to v0.13 - Lots of changes - duilder update - rpm changelog	Apr 27, 2019
firefox.sh	firefox.sh	Switch to v0.13 - Lots of changes - duilder update - rpm changelog	Apr 27, 2019
force_bind.c	force_bind.c	Switch to v0.13 - Lots of changes - duilder update - rpm changelog	Apr 27, 2019
force_bind.spec.in	force_bind.spec.in	Switch to v0.13 - Lots of changes - duilder update - rpm changelog	Apr 27, 2019
force_bind_config.h.in	force_bind_config.h.in	Log also the version in the log file.	Aug 25, 2011
send_udp.c	send_udp.c	Merge branch 'master' of kernel.embedromix.ro/us/force_bind/force_bind	Aug 22, 2011
test1.sh	test1.sh	Added support for separate FORCE_ADDR for IPv4 and IPv6, MSS, TTL etc.	Jun 21, 2011
test2.sh	test2.sh	Added support for separate FORCE_ADDR for IPv4 and IPv6, MSS, TTL etc.	Jun 21, 2011
test3.sh	test3.sh	Switch to v0.13 - Lots of changes - duilder update - rpm changelog	Apr 27, 2019
test_all.sh	test_all.sh	Added support for separate FORCE_ADDR for IPv4 and IPv6, MSS, TTL etc.	Jun 21, 2011
test_bind.c	test_bind.c	Switch to v0.13 - Lots of changes - duilder update - rpm changelog	Apr 27, 2019
test_bind6	test_bind6	Switch to v0.13 - Lots of changes - duilder update - rpm changelog	Apr 27, 2019
test_bind6.c	test_bind6.c	Switch to v0.13 - Lots of changes - duilder update - rpm changelog	Apr 27, 2019
test_bind6.sh	test_bind6.sh	Switch to v0.13 - Lots of changes - duilder update - rpm changelog	Apr 27, 2019
test_bw1.sh	test_bw1.sh	Added support for multiple connections and chunk size for send_udp ex…	Aug 22, 2011
test_bw2.sh	test_bw2.sh	Added support for multiple connections and chunk size for send_udp ex…	Aug 22, 2011
test_bw3.sh	test_bw3.sh	Added support for separate FORCE_ADDR for IPv4 and IPv6, MSS, TTL etc.	Jun 21, 2011
test_bw4.sh	test_bw4.sh	Added a good example for tc prio classification.	Aug 22, 2011
test_client.c	test_client.c	Added support for connecting clients (socket -> connect or socket -> …	Aug 6, 2011
test_client1.sh	test_client1.sh	Added support for connecting clients (socket -> connect or socket -> …	Aug 6, 2011
test_client2.sh	test_client2.sh	Added support for FWMARK.	Aug 6, 2011
test_client3.sh	test_client3.sh	Added possibility to force skb priority field (SO_PRIORITY).	Aug 6, 2011
test_client6-1.sh	test_client6-1.sh	Added support for IPv6 flowinfo (class + label).	Aug 6, 2011
test_client6.c	test_client6.c	Added support for IPv6 flowinfo (class + label).	Aug 6, 2011
test_deny.sh	test_deny.sh	Added support for deny and fake for Kevin	Jul 18, 2012
test_fake.sh	test_fake.sh	Added support for deny and fake for Kevin	Jul 18, 2012
test_ka1.sh	test_ka1.sh	Added support for separate FORCE_ADDR for IPv4 and IPv6, MSS, TTL etc.	Jun 21, 2011
test_mss1.sh	test_mss1.sh	Added MSS.	Dec 19, 2010
test_poll.c	test_poll.c	Added support to change poll timeout	Oct 14, 2014
test_poll.sh	test_poll.sh	Restart accept interrupted by signal	Nov 11, 2014
test_tos1.sh	test_tos1.sh	Added support for separate FORCE_ADDR for IPv4 and IPv6, MSS, TTL etc.	Jun 21, 2011
test_udp_local_bind.sh	test_udp_local_bind.sh	Added support for connecting clients (socket -> connect or socket -> …	Aug 6, 2011

Repository files navigation

Name:		force_bind

Author:		Catalin(ux) M. BOIE - catab at embedromix dot ro

Start date:	2010-10-26

Description:	Force binding on a specific IP and/or port.
		Plus forcing setsockopt calls on the socket.
		Works with both IPv4 and IPv6.
		It is useful if you have a binary application without sources
		and without the possibility to configure address or port to
		bind to.

License:	GPLv3

How it works:	force_bind is a shared object that is loaded with LD_PRELOAD and hooks 'bind' function.
		Forcing an IP/port to bind to is done with environments variables.

Examples:
		0. Output debug stuff in a log file (for debugging):
		export FORCE_NET_VERBOSE=999
		export FORCE_NET_LOG="xxx.log"
		export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
		your_program_here

		1. Force bind to 127.0.0.1, port 33, verbose operations:
		export FORCE_NET_VERBOSE=1
		export FORCE_BIND_ADDRESS_V4=127.0.0.1
		export FORCE_BIND_PORT_V4=33
		export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
		your_program_here

		2. Force binding to 127.0.0.2, port unchanged
		export FORCE_BIND_ADDRESS_V4=127.0.0.2
		export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
		your_program_here

		3. Force binding to ::1 (IPv6), port unchanged
		export FORCE_BIND_ADDRESS_V6=::1
		export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
		your_program_here

		4. Changing TOS on all sockets to 30
		export FORCE_NET_TOS=30
		export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
		your_program_here

		5. Force Keep alive to 60 seconds:
		export FORCE_NET_KA=60
		export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
		your_program_here

		6. Force MSS to 1400
		export FORCE_NET_MSS=1400
		export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
		your_program_here

		7. Force bandwidth to 1000 bytes/s for _all_ connections, cumulated
		export FORCE_NET_BW=1000
		export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
		your_program_here

		8. Force bandwidth to 20000 bytes/s per socket
		export FORCE_NET_BW_PER_SOCKET=20000
		export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
		scp root@machine1:/image.iso .

		9. Force REUSEADDR
		export FORCE_NET_REUSEADDR=1
		export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
		your_program_here

		10. Force NODELAY
		export FORCE_NET_NODELAY=1
		export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
		your_program_here

		11. Force client connections (for example 'telnet', 'ssh',
		'firefox') to connect from a specified address, not the auto
		selected one:
		export FORCE_NET_VERBOSE=1
		export FORCE_BIND_ADDRESS_V4=127.0.0.2
		export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
		your_program_here

		12. Set a FLOWINFO (flow label + class) for a client connection:
		export FORCE_NET_VERBOSE=1
		export FORCE_NET_FLOWINFO=0x7812345 # class 0x78, label 0x12345
		export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
		your_program_here
		A tcpdump of a connection will look like:
		00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv6 (0x86dd),
		length 94: (class 0x78, flowlabel 0x12345, hlim 64, next-header TCP (6) payload length: 40)
		::1.56981 > ::1.krb524: Flags [S], cksum 0x0030 (incorrect -> 0x91cf),
		seq 1154252590, win 32752, options [mss 16376,sackOK,TS val 28395104 ecr 0,nop,wscale 4], length 0

		13. Force FWMARK on a connection (only root can do it):
		export FORCE_NET_VERBOSE=1
		export FORCE_NET_FWMARK=0x1234
		export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
		your_program_here

		14: Force priority (between 0 and 6 for non-root users). You can
		use 'tc' command from iproute to set-up 'prio' qdisc and to
		assign prio to queues:
		# 0. setup
		export FORCE_NET_VERBOSE=1
		export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
		# 1. Make sure you have a 'prio' qdisc attached to eth0, for example:
		tc qdisc add dev eth0 root handle 1: prio
		# 2. Assign applications to classed (bands):
		export FORCE_NET_PRIO=6 # interactive, band 0
		your_voip_program_here
		export FORCE_NET_PRIO=0 # best effort, band 1
		your_mail_program_here
		export FORCE_NET_PRIO=2 # bulk, band 2
		your_remote_backup_program_here
		# 3. Run tc statistics so you can see the classification:
		tc -s class show dev eth0

		15: Deny binding to any IPv4 sockets. The bind syscall
		will return -1 and errno will be set to EACCES.
		export FORCE_NET_VERBOSE=1
		export FORCE_BIND_ADDRESS_V4=deny
		export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
		your_program_here

		16: Silent fake binding to any IPv6 sockets. The bind will
		return success, but will never accept any connection.
		export FORCE_NET_VERBOSE=1
		export FORCE_BIND_ADDRESS_V6=fake
		export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
		your_program_here

Installation:
		- ./configure
		- make
		- make install

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

About

Releases

Packages

Languages

License

Intika-Linux-Firewall/Force-Bind

Folders and files

Latest commit

History

Repository files navigation

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages