SOCKETLOCK

By Luis Grangeia (luis at rnl dot ist dot utl dot pt)

http://mega.ist.utl.pt/~luis/socketlock/


INTRODUCTION

socketlock is a dynamic library that wraps libc's bind() and connect()
functions. Its purpose is to force bad programs to bind to specific IP's on
multihomed machines. Both listening sockets and outbound sockets are
supported.

The idea was taken from a similar tool called socketbind. There were serious
problems and lack of features, so I've written this new tool.


INSTALL:

(installs in /usr/local/lib)
$ make
# make install


USAGE:

$ export LD_PRELOAD=/usr/local/lib/libsocketlock.so
$ export BINDTO=<ipaddress>
<start program>

Hopefully your program will now start to bind to a specific IP address on your
multi-homed/interface/alias/whatever) machine, as opposed to binding listening
sockets on INADDR_ANY (0.0.0.0). Your program's outgoing connections will also
be forced through the IP of your choice.

You can now (as from version 0.2) create exceptions to the rule by setting an
optional EXEMPT_BIND shell variable with values 'net/netmask' or 'ipaddress'
separated by :'s such as:

$ export EXEMPT_BIND="10.0.0.0/8:192.168.0.0/255.255.0.0:66.102.11.99"

This way connections made to these addresses/networks will proceed through the
usual ip/interface. This can be useful when there are diferent routes on the 
system, such as a different network interface that links to a privately 
addressed internal network. The loopback network (127.0.0.0/8) is hardcoded in 
the source code into the exception list.

