amuck-landowner

Binding a process to an IP on Linux

splitice

Just a little bit crazy...
Verified Provider
Have you ever encountered a piece of software that didn't include a feature to allow it to be bound to a specific IP? Or connect to a remote server (IP) via a specific interface or source IP?

Unfortunately this is far to common, either with Open Source software or even more common with Proprietary or closed source software. Fortunately this can be resolved without requiring modification to the software by using a LD_PRELOAD'ed shim.
 
How does this work?
The shim intercepts calls to common networking functions (i.e bind, connect) and replaces s_addr with the desired IP. Say the software has the following code in it before listening to a socket.


name.sin_addr.s_addr = htonl (INADDR_ANY);
if (bind (sock, (struct sockaddr *) &name, sizeof (name)) < 0)

It would become as if the call was:


name.sin_addr.s_addr = in_addr("1.2.3.4");
if (bind (sock, (struct sockaddr *) &name, sizeof (name)) < 0)
Cool so how do I do this?
A tutorial for utilizing a shim made by Daniel Ryde can be found in the X4B Knowledgebase

Questions / Conclusion?

Cool or what? Got any questions, ask away :)
 

splitice

Just a little bit crazy...
Verified Provider
Oh and for those who don't want to read the KB, this works with 7 Days to Die :)
 

splitice

Just a little bit crazy...
Verified Provider
I actually had to use this on another piece of software yesterday, BTSync. Worked like a charm, its worth noting there is a small difference between the version of the code posted at x4b.net and the one posted Daniel Ryde, a bug fix in bind() interception that is not mentioned.

Glad I posted this publicly, found it very useful when I could just go - "hey I posted that at VPSB" and Google it :)
 

HalfEatenPie

The Irrational One
Retired Staff
Haha well that's good.  

I guess I missed it earlier and finally got to re-read through it.  Looks fancy and fantastic! :)
 

Flapadar

Member
Verified Provider
This sort of thing can also be done using iptables SNAT in the POSTROUTING chain 
 
Last edited by a moderator:

splitice

Just a little bit crazy...
Verified Provider
No, that's outgoing nat. It *can* have the same effect but it is far from the same thing. It just rewrites the source ip and nat's it the process is still bound to the same interface which can cause a miriad of issues (MTU, announced ip's over protocol etc)
 
Top
amuck-landowner