1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
|
.TH FORCE_BIND "1"
.SH NAME
FORCE_BIND
.SH AUTHOR
Catalin(ux) M. BOIE \- catab at embedromix dot ro
.SH DESCRIPTION
Force an application to bind on a specific IP and/or port. Plus forcing setsockopt calls on the socket. Works with both IPv4 and IPv6.
.TP
It is useful if you have a binary application without sources and without the possibility to configure address or port to bind to.
.SH LICENSE
GPLv3
.SH HOW IT WORKS
force_bind is a shared object that is loaded with LD_PRELOAD and hooks 'bind' function. Forcing an IP/port to bind to is done with environments variables.
.SH EXAMPLES
0. Output debug stuff in a log file (for debugging):
.TP
\fB export FORCE_NET_VERBOSE=999
.TP
\fB export FORCE_NET_LOG="xxx.log"
.TP
\fB export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
.TP
\fB your_program_here
.TP
1. Force bind to 127.0.0.1, port 33, verbose operations:
.TP
\fB export FORCE_NET_VERBOSE=1
.TP
\fB export FORCE_BIND_ADDRESS_V4=127.0.0.1
.TP
\fB export FORCE_BIND_PORT_V4=33
.TP
\fB export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
.TP
\fB your_program_here
.TP
2. Force binding to 127.0.0.2, port unchanged
.TP
\fB export FORCE_BIND_ADDRESS_V4=127.0.0.2
.TP
\fB export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
.TP
\fB your_program_here
.TP
3. Force binding to ::1 (IPv6), port unchanged
.TP
\fB export FORCE_BIND_ADDRESS_V6=::1
.TP
\fB export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
.TP
\fB your_program_here
.TP
4. Changing TOS on all sockets to 30
.TP
\fB export FORCE_NET_TOS=30
.TP
\fB export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
.TP
\fB your_program_here
.TP
5. Force Keep alive to 60 seconds:
.TP
\fB export FORCE_NET_KA=60
.TP
\fB export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
.TP
\fB your_program_here
.TP
6. Force MSS to 1400
.TP
\fB export FORCE_NET_MSS=1400
.TP
\fB export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
.TP
\fB your_program_here
.TP
7. Force bandwidth to 1000 bytes/s for _all_ connections, cumulated
.TP
\fB export FORCE_NET_BW=1000
.TP
\fB export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
.TP
\fB your_program_here
.TP
8. Force bandwidth to 20000 bytes/s per socket
.TP
\fB export FORCE_NET_BW_PER_SOCKET=20000
.TP
\fB export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
.TP
\fB your_program_here
.TP
9. Force REUSEADDR
.TP
\fB export FORCE_NET_REUSEADDR=1
.TP
\fB export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
.TP
\fB your_program_here
.TP
10. Force NODELAY
.TP
\fB export FORCE_NET_NODELAY=1
.TP
\fB export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
.TP
\fB your_program_here
.TP
11. Force client connections (for example 'telnet', 'ssh', 'firefox') to connect from a specified address, not the auto selected one:
.TP
\fB export FORCE_NET_VERBOSE=1
.TP
\fB export FORCE_BIND_ADDRESS_V4=127.0.0.2
.TP
\fB export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
.TP
\fB your_program_here
.TP
12. Set a FLOWINFO (flow label + class) for a client connection:
.TP
\fB export FORCE_NET_VERBOSE=1
.TP
\fB export FORCE_NET_FLOWINFO=0x7812345 # class 0x78, label 0x12345
.TP
\fB export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
.TP
\fB your_program_here
.TP
13. Force FWMARK on a connection (only root can do it):
.TP
\fB export FORCE_NET_VERBOSE=1
.TP
\fB export FORCE_NET_FWMARK=0x1234
.TP
\fB export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
.TP
\fB your_program_here
.TP
14. Force priority (between 0 and 6 for non-root users). You can use 'tc' command from iproute to set-up 'prio' qdisc and to assign prio to queues:
.TP
\fB # 0. setup
.TP
\fB export FORCE_NET_VERBOSE=1
.TP
\fB export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
.TP
\fB # 1. Make sure you have a 'prio' qdisc attached to eth0, for example:
.TP
\fB tc qdisc add ev eth0 root handle 1: prio
.TP
\fB # 2. Assign applications to classed (bands):
.TP
\fB export FORCE_NET_PRIO=6 # interactive, band 0
.TP
\fB your_voip_program_here
.TP
\fB export FORCE_NET_PRIO=0 # best effort, band 1
.TP
\fB your_mail_program_here
.TP
\fB export FORCE_NET_PRIO=2 # bulk, band 2
.TP
\fB your_remote_backup_program_here
.TP
\fB # 3. Run tc statistics so you can see the classification:
.TP
\fB tc -s class show dev eth0
.TP
15. Deny binding to any IPv4 sockets. The bind syscall will return -1 and errno will be set to EACCES.
.TP
\fB export FORCE_NET_VERBOSE=1
.TP
\fB export FORCE_BIND_ADDRESS_V4=deny
.TP
\fB export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
.TP
\fB your_program_here
.TP
16. Silent fake binding to any IPv6 sockets. The bind will return success, but will never accept any connection.
.TP
\fB export FORCE_NET_VERBOSE=1
.TP
\fB export FORCE_BIND_ADDRESS_V6=fake
.TP
\fB export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
.TP
\fB your_program_here
|