‘ binding behavior ’ of the sockets. If the control parameter is set, it means that we can
bind our socket to any IP address, which includes nonlocal types also.
Nonlocal IP addresses are those that are external. This means that it can be a
gateway address or a direct route. Any interface that gets IP addresses dynamically,
is directly connected to the gateways of different networks, and acts as gateway for
the host is considered as a nonlocal IP. For example, PPP, PLIP, SLIP, and so on,
interfaces get IP addresses that are nonlocal because they get an IP addresses
dynamically only when the link between the two ends is up and the IP address
assigned to the interface belongs to the network between the two ends.
http://linux-ip.net/html/adv-nonlocal-bind.html
Binding to a non-local socket, which was possible under kernel 2.2 with when the kernel was compiled with CONFIG_IP_TRANSPROXY, is available under kernel 2.4 via the /proc IP sysctl interface. If you wish to be able to bind to non-local sockets:
# echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind
Thanks go to Oskar Andreasson for his IP sysctl tutorial page. If using sysctl to allow binding to non-local IP doesn't solve your problem, then see if netfilter NAT can be used to solve this class of problem. Some people view the technique of binding to non-local IPs as spoofing, and indeed, it can be used for nefarious purposes, if an attacker controls a machine on the route between a target and a victim.
http://lkml.indiana.edu/hypermail/linux/kernel/0106.0/0966.html
/* try non-local bind on 2.4 kernel...
echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind
doesn't seem to help :(
*/
#include
#include
#include
#include
#include
#include
main(){
int s,c;
struct sockaddr_in addr;
s=socket(PF_INET,SOCK_STREAM,0);
if(s<0)
perror("socket");
#if 1
printf("binding %d\n",s);
addr.sin_family=AF_INET;
addr.sin_port=htons(5678);
inet_aton("2.3.4.5",&addr.sin_addr);
/* this requires echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind */
if(bind(s, (struct sockaddr *)&addr, sizeof(addr))<0)
perror("bind");
#endif
printf("connecting %d\n",s);
addr.sin_family=AF_INET;
addr.sin_port=htons(22);
inet_aton("1.2.3.4",&addr.sin_addr);
c=connect(s,(struct sockaddr *)&addr, sizeof(addr));
if(c<0)
perror("connect");
printf("end.\n");
}
yukarıdaki koda listen eklediğimizde ve listen sonra sleep 10 filan derken aşağıdakini yap:
adsl2:~/ozan# netstat -lnpt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 2.3.4.5:5678 0.0.0.0:* LISTEN 12677/nonlocal_bind
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2772/apache
tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN 2725/inetd
tcp 0 0 192.168.0.2:53 0.0.0.0:* LISTEN 2629/named
No comments:
Post a Comment