SHARE
TWEET

Untitled

a guest Mar 9th, 2017 62 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. /*
  2.    Copyright (C) 2014 nieyong
  3.    This library is free software; you can redistribute it and/or
  4.    modify it under the terms of the GNU Lesser General Public
  5.    License as published by the Free Software Foundation; either
  6.    version 2.1 of the License, or (at your option) any later version.
  7.    This library is distributed in the hope that it will be useful,
  8.    but WITHOUT ANY WARRANTY; without even the implied warranty of
  9.    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  10.    Lesser General Public License for more details.
  11. */
  12.  
  13. /*
  14.    LD_PRELOAD library to make bind and connect to use a virtual
  15.    IP address as localaddress. Specified via the environment
  16.    variable BIND_ADDR.
  17.    Compile on Linux with:
  18.    gcc -nostartfiles -fpic -shared bindp.c -o libindp.so -ldl -D_GNU_SOURCE
  19.    or just use make be easy:
  20.    make
  21.    Example in bash to make inetd only listen to the localhost
  22.    lo interface, thus disabling remote connections and only
  23.    enable to/from localhost:
  24.    BIND_ADDR="127.0.0.1" BIND_PORT="49888" LD_PRELOAD=./libindp.so curl http://192.168.190.128
  25.    OR:
  26.    BIND_ADDR="127.0.0.1" LD_PRELOAD=./libindp.so curl http://192.168.190.128
  27.    Example in bash to use your virtual IP as your outgoing
  28.    sourceaddress for ircII:
  29.    BIND_ADDR="your-virt-ip" LD_PRELOAD=./bind.so ircII
  30.    Note that you have to set up your servers virtual IP first.
  31.    Add SO_REUSEPORT support within Centos7 or Linux OS with kernel >= 3.9, for the applications with multi-process support just listen one port now
  32.    REUSE_ADDR=1 REUSE_PORT=1 LD_PRELOAD=./libindp.so python server.py &
  33.    REUSE_ADDR=1 REUSE_PORT=1 LD_PRELOAD=./libindp.so java -server -jar your.jar &
  34.    email: nieyong@staff.weibo.com
  35.    web:   http://www.blogjava.net/yongboy
  36. */
  37.  
  38. #include <stdio.h>
  39. #include <stdlib.h>
  40. #include <sys/types.h>
  41. #include <sys/socket.h>
  42. #include <netinet/in.h>
  43. #include <dlfcn.h>
  44. #include <errno.h>
  45. #include <arpa/inet.h>
  46.  
  47. int debug_enabled = 1 ;
  48.  
  49. int (*real_bind)(int, const struct sockaddr *, socklen_t);
  50. int (*real_connect)(int, const struct sockaddr *, socklen_t);
  51.  
  52. uint32_t bind_addr_saddr = 0;
  53. struct sockaddr_in local_sockaddr_in[] = { 0 };
  54.  
  55. unsigned int bind_port_saddr = 0;
  56. unsigned int reuse_port = 0;
  57. unsigned int reuse_addr = 0;
  58. unsigned int ip_transparent = 0;
  59.  
  60. void _init (void) {
  61.     const char *err;
  62.  
  63.     real_bind = dlsym (RTLD_NEXT, "bind");
  64.     if ((err = dlerror ()) != NULL) {
  65.         fprintf (stderr, "dlsym (bind): %s\n", err);
  66.     }
  67.  
  68.     real_connect = dlsym (RTLD_NEXT, "connect");
  69.     if ((err = dlerror ()) != NULL) {
  70.         fprintf (stderr, "dlsym (connect): %s\n", err);
  71.     }
  72.  
  73.     char *bind_addr_env;
  74.     if ((bind_addr_env = getenv ("BIND_ADDR"))) {
  75.         bind_addr_saddr = inet_addr (bind_addr_env);
  76.         local_sockaddr_in->sin_family = AF_INET;
  77.         local_sockaddr_in->sin_addr.s_addr = bind_addr_saddr;
  78.         local_sockaddr_in->sin_port = htons (0);
  79.     }
  80.  
  81.     char *bind_port_env;
  82.     if ((bind_port_env = getenv ("BIND_PORT"))) {
  83.         bind_port_saddr = atoi(bind_port_env);
  84.         local_sockaddr_in->sin_port = htons (bind_port_saddr);
  85.     }
  86.  
  87.     char *reuse_addr_env;
  88.     if ((reuse_addr_env = getenv ("REUSE_ADDR"))) {
  89.         reuse_addr = atoi(reuse_addr_env);
  90.     }
  91.  
  92.     char *reuse_port_env;
  93.     if ((reuse_port_env = getenv ("REUSE_PORT"))) {
  94.         reuse_port = atoi(reuse_port_env);
  95.     }
  96.  
  97.     char *ip_transparent_env;
  98.     if ((ip_transparent_env = getenv ("IP_TRANSPARENT"))) {
  99.         ip_transparent = atoi(ip_transparent_env);
  100.     }
  101. }
  102.  
  103. unsigned short get_address_family(const struct sockaddr *sk) {
  104.     /*
  105.         As defined in linux/socket.h ,__kernel_sa_family_t is 2 bytes wide.
  106.         We read the first two bytes of sk without using cast to protocol families
  107.     */
  108.     unsigned short _pf = *((unsigned short*) sk);
  109.     return _pf;
  110. }
  111.  
  112.  
  113. int bind (int fd, const struct sockaddr *sk, socklen_t sl) {
  114.     unsigned short _pf = get_address_family(sk);
  115.     switch (_pf) {
  116.         case AF_INET:
  117.         {
  118.             static struct sockaddr_in *lsk_in;
  119.  
  120.             lsk_in = (struct sockaddr_in *)sk;
  121.  
  122.             if (debug_enabled) {
  123.                 char original_ip [INET_ADDRSTRLEN];
  124.                 inet_ntop(AF_INET,&(lsk_in->sin_addr),original_ip,INET_ADDRSTRLEN);
  125.                 int original_port = ntohs(lsk_in->sin_port);
  126.                 char *l_bind_addr = getenv ("BIND_ADDR");
  127.                 char *l_bind_port = getenv ("BIND_PORT");
  128.                 printf("[-] LIB received AF_INET bind request\n");
  129.                 if (l_bind_addr && l_bind_port) {
  130.                     printf("[-] Changing %s:%d to %s:%s\n" , original_ip,original_port,l_bind_addr,l_bind_port);
  131.                 } else if (l_bind_addr) {
  132.                     printf("[-] Changing %s to %s\n" , original_ip,l_bind_addr);
  133.                     printf("[-] AF_INET: Leaving port unchanged\n");
  134.                 } else if (l_bind_port) {
  135.                     printf("[-] Changing %d to %s\n" ,original_port,l_bind_port);
  136.                     printf("[-] AF_INET: Leaving ip unchanged\n");
  137.                 } else {
  138.                     printf("[!] AF_INET: Leaving request unchanged\n");
  139.                 }
  140.             }
  141.  
  142.             if (bind_addr_saddr)
  143.                 lsk_in->sin_addr.s_addr = bind_addr_saddr;
  144.  
  145.             if (bind_port_saddr)
  146.                 lsk_in->sin_port = htons (bind_port_saddr);
  147.            
  148.             break;
  149.         }
  150.  
  151.         case AF_UNIX:
  152.             if (debug_enabled) {
  153.                 printf("[-] LIB received AF_UNIX bind request\n");
  154.                 printf("[-] AF_UNIX: Leaving request unchanged\n");
  155.             }
  156.             break;
  157.  
  158.         /*
  159.             Other families handling
  160.         */
  161.  
  162.         default:
  163.             if (debug_enabled) {
  164.                 printf("[!] LIB received unmanaged address family\n");
  165.             }
  166.             break;
  167.     }
  168.  
  169.     /*
  170.         FIXME: Be careful when using setsockopt
  171.         Is it valid to use these options for AF_UNIX?
  172.         Must be checked
  173.     */
  174.  
  175.     if (reuse_addr) {
  176.         setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &reuse_addr, sizeof(reuse_addr));
  177.     }
  178.  
  179. #ifdef SO_REUSEPORT
  180.     if (reuse_port) {
  181.         setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &reuse_port, sizeof(reuse_port));
  182.     }
  183. #endif
  184.  
  185.     if (ip_transparent) {
  186.         int opt =1;
  187.         setsockopt(fd, SOL_IP, IP_TRANSPARENT, &ip_transparent, sizeof(ip_transparent));
  188.     }
  189.    
  190.     return real_bind (fd, sk, sl);
  191. }
  192.  
  193. int connect (int fd, const struct sockaddr *sk, socklen_t sl) {
  194.     unsigned short _pf = get_address_family(sk);
  195.     if (_pf == AF_INET) {
  196.         /*
  197.             the default behavior of connect function is that when you
  198.             don't specify BIND_PORT environmental variable it sets port 0 for
  199.             the local socket. OS network stack will choose a randome number
  200.             for the port in this case and also in the case of duplicate port
  201.             numbers for client sockets
  202.         */
  203.         if (debug_enabled) {
  204.             printf("[-] connect(): AF_INET connect() call, binding to local address\n");
  205.         }
  206.         static struct sockaddr_in *rsk_in;
  207.  
  208.         rsk_in = (struct sockaddr_in *)sk;
  209.  
  210.         if (bind_addr_saddr || bind_port_saddr) {
  211.             int r = bind (fd, (struct sockaddr *)local_sockaddr_in, sizeof (struct sockaddr));
  212.            
  213.         }
  214.         return real_connect (fd, sk, sl);
  215.        
  216.     } else {
  217.         if (debug_enabled) {
  218.             printf("[-] connect(): ignoring to change local address for non AF_INET socket\n");
  219.         }
  220.         return real_connect (fd, sk, sl);
  221.     }
  222. }
  223.  
  224. int main(int argc,char **argv) {
  225.     return 0;
  226. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top