Date: Tue, 14 Nov 2000 14:22:33 -0500 From: "Robert S. Wojciechowski Jr." <robertw@wojo.com> To: <freebsd-stable@FreeBSD.ORG>, <freebsd-questions@FreeBSD.ORG> Subject: Re: source IP address Message-ID: <16DC0F334516F5478EC60CADEDB6A6840787A8@moe.wojo.net>
next in thread | raw e-mail | index | archive | help
Has anyone tried using LD_PRELOAD to force a program to bind to a specific
IP?
For instance you could start ssh like so:
$ LD_PRELOAD=<dir>/preload.so
$ export LD_PRELOAD
$ <run the program>
$ unset LD_PRELOAD
Or making a wrapper program would be nice,
$ bindto <ip> <program ...>
Here is some code I found, but I haven't had the time or been able to get it
to work in FreeBSD. Can anyone get this to work?
gcc -c -fPIC preload.c
ld -o preload.so -G preload.o
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <dlfcn.h>
#define LIBRARY "/usr/lib/libsocket.so"
#define ADDRESS "YOUR IP ADDRESS GOES HERE"
#define TRUE 1
#define FALSE 0
int bind (int s, struct sockaddr *name, int namelen)
{
void *Handle;
int (*Fptr)(int, struct sockaddr *, int);
int Found = FALSE;
/* Look for inet type sockets */
if (name->sa_family == AF_INET) {
Found = TRUE;
}
/* Open the library */
Handle = dlopen (LIBRARY, RTLD_LAZY);
/* Get the function symbol out of the library */
Fptr = (int (*)(int, struct sockaddr *, int)) dlsym (Handle, "bind");
/*
* If this is an inet socket, make it find to the local ip and not
* all ips on the box
*/
if (Found) {
if (((struct sockaddr_in *) name)->sin_addr.s_addr ==
htonl (INADDR_ANY)) {
((struct sockaddr_in *) name)->sin_addr.s_addr =
inet_addr (ADDRESS);
}
/* Call the real function with the new struct */
(*Fptr)(s, name, namelen);
}
else {
/* Call the real function with the original struct */
(*Fptr)(s, name, namelen);
}
/* Cleanup and close the library */
dlclose (Handle);
}
---
Robert S. Wojciechowski Jr.
robertw@wojo.com
-----------------------------------------------------------------
> On 14-Nov-2000 13:42:01, Matt Dillon writes:
>
> :
> :On Mon, Nov 13, 2000 at 06:59:13PM -0800, Matt Dillon wrote:
> :>
> :> Some programs, such as ping and traceroute, allow you to bind
> :> to a specific source IP address. Most programs don't, though.
> :>
> :> -Matt
> :
> :Telnet does. It would be really used if ssh did also.
> :
> :Joe
> :--
> :Josef Karthauser FreeBSD: How many times have you booted today?
> :Technical Manager Viagra for your server (http://www.uk.freebsd.org)
> :Pavilion Internet plc. [joe@pavilion.net, joe@uk.freebsd.org,
joe@tao.org.uk]
>
> Yah, it would be really nice if ssh did too... I have a box with
> five IP addresses on it, some externally routed, some NAT'd, some
> internal, and ssh'ing out from it without being able to bind to a
> specific IP makes setting up security difficult.
>
> It's utterly trivial to add, but I don't have time myself.
>
> It is possible to use a jail to force the source IP address, but
> jail's do not appear to work well with interactive tty's. ssh gets
> really confused when run from a jail.
>
> -Matt
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
>
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?16DC0F334516F5478EC60CADEDB6A6840787A8>