From 4e37a607a13ca4023d51d3a79a88c296c1878485 Mon Sep 17 00:00:00 2001
From: moparisthebest <admin@moparisthebest.com>
Date: Wed, 20 Nov 2019 18:13:26 -0500
Subject: [PATCH] Add force_bind

---
 src/force_bind/PKGBUILD                       |  40 ++++
 src/force_bind/force_bind.1                   | 187 ++++++++++++++++++
 .../force_bind_null-to-strcmp-fix.patch       |  14 ++
 3 files changed, 241 insertions(+)
 create mode 100644 src/force_bind/PKGBUILD
 create mode 100644 src/force_bind/force_bind.1
 create mode 100644 src/force_bind/force_bind_null-to-strcmp-fix.patch

diff --git a/src/force_bind/PKGBUILD b/src/force_bind/PKGBUILD
new file mode 100644
index 0000000..4c7ae41
--- /dev/null
+++ b/src/force_bind/PKGBUILD
@@ -0,0 +1,40 @@
+# Maintainer: Kevin MacMartin <prurigro@gmail.com>
+
+pkgname=force_bind
+pkgver=0.13
+pkgrel=1
+pkgdesc='Force binding on a specific IP and/or port, change TTL/TOS/KA/MSS/REUSEADDR/FWMARK/PRIORITY. Works with both IPv4 and IPv6. Also, you can enforce bandwidth per process or per socket'
+url='http://kernel.embedromix.ro/us/'
+license=('GPL3')
+arch=('i686' 'x86_64' 'armv6h' 'armv7h')
+depends=('glibc')
+
+source=(
+  "http://kernel.embedromix.ro/us/$pkgname/$pkgname-$pkgver.tar.gz"
+  "$pkgname.1"
+  "${pkgname}_null-to-strcmp-fix.patch"
+)
+
+sha512sums=(
+  '37aaac1407118bbeb2ec484318afb1d517979c620ace9eca87b609cf99e7c9cfdc03863d42f017f28567fcbb7f8a23fac33aa70fad379c7841da31be16143da1'
+  '4eac471df6329f09ba4f8e66fbdd12daaff58221fbbfacf37d10d5017d9afcf8dd79d9330ca3044310c7c7cf4106f645fea81329d32f76cc15c8524d2677b0ad'
+  '3e33eb1158dd89737fa62c018ff5af0419a3900315875363f30194c8ae0cceecd943d2c8e1f139127f5b092c428597f1a570ff072c0c29a60082bc6b990f4be9'
+)
+
+prepare() {
+  cd $pkgname-$pkgver
+  patch -p1 < ../${pkgname}_null-to-strcmp-fix.patch
+}
+
+build() {
+  cd $pkgname-$pkgver
+  ./configure --prefix=/usr
+  make
+}
+
+package() {
+  install -Dm644 $pkgname.1 "$pkgdir/usr/share/man/man1/$pkgname.1"
+  cd $pkgname-$pkgver
+  make DESTDIR="$pkgdir" install
+  mv "$pkgdir/usr/lib64" "$pkgdir/usr/lib"
+}
diff --git a/src/force_bind/force_bind.1 b/src/force_bind/force_bind.1
new file mode 100644
index 0000000..134ead0
--- /dev/null
+++ b/src/force_bind/force_bind.1
@@ -0,0 +1,187 @@
+.TH FORCE_BIND "1"
+.SH NAME
+FORCE_BIND
+.SH AUTHOR
+Catalin(ux) M. BOIE \- catab at embedromix dot ro
+.SH DESCRIPTION
+Force an application to bind on a specific IP and/or port. Plus forcing setsockopt calls on the socket. Works with both IPv4 and IPv6.
+.TP
+It is useful if you have a binary application without sources and without the possibility to configure address or port to bind to.
+.SH LICENSE
+GPLv3
+.SH HOW IT WORKS
+force_bind is a shared object that is loaded with LD_PRELOAD and hooks 'bind' function. Forcing an IP/port to bind to is done with environments variables.
+.SH EXAMPLES
+0. Output debug stuff in a log file (for debugging):
+.TP
+\fB	export FORCE_NET_VERBOSE=999
+.TP
+\fB	export FORCE_NET_LOG="xxx.log"
+.TP
+\fB	export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
+.TP
+\fB	your_program_here
+.TP
+1. Force bind to 127.0.0.1, port 33, verbose operations:
+.TP
+\fB	export FORCE_NET_VERBOSE=1
+.TP
+\fB	export FORCE_BIND_ADDRESS_V4=127.0.0.1
+.TP
+\fB	export FORCE_BIND_PORT_V4=33
+.TP
+\fB	export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
+.TP
+\fB	your_program_here
+.TP
+2. Force binding to 127.0.0.2, port unchanged
+.TP
+\fB	export FORCE_BIND_ADDRESS_V4=127.0.0.2
+.TP
+\fB	export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
+.TP
+\fB	your_program_here
+.TP
+3. Force binding to ::1 (IPv6), port unchanged
+.TP
+\fB	export FORCE_BIND_ADDRESS_V6=::1
+.TP
+\fB	export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
+.TP
+\fB	your_program_here
+.TP
+4. Changing TOS on all sockets to 30
+.TP
+\fB	export FORCE_NET_TOS=30
+.TP
+\fB	export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
+.TP
+\fB	your_program_here
+.TP
+5. Force Keep alive to 60 seconds:
+.TP
+\fB	export FORCE_NET_KA=60
+.TP
+\fB	export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
+.TP
+\fB	your_program_here
+.TP
+6. Force MSS to 1400
+.TP
+\fB	export FORCE_NET_MSS=1400
+.TP
+\fB	export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
+.TP
+\fB	your_program_here
+.TP
+7. Force bandwidth to 1000 bytes/s for _all_ connections, cumulated
+.TP
+\fB	export FORCE_NET_BW=1000
+.TP
+\fB	export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
+.TP
+\fB	your_program_here
+.TP
+8. Force bandwidth to 20000 bytes/s per socket
+.TP
+\fB	export FORCE_NET_BW_PER_SOCKET=20000
+.TP
+\fB	export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
+.TP
+\fB	your_program_here
+.TP
+9. Force REUSEADDR
+.TP
+\fB	export FORCE_NET_REUSEADDR=1
+.TP
+\fB	export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
+.TP
+\fB	your_program_here
+.TP
+10. Force NODELAY
+.TP
+\fB	export FORCE_NET_NODELAY=1
+.TP
+\fB	export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
+.TP
+\fB	your_program_here
+.TP
+11. Force client connections (for example 'telnet', 'ssh', 'firefox') to connect from a specified address, not the auto selected one:
+.TP
+\fB	export FORCE_NET_VERBOSE=1
+.TP
+\fB	export FORCE_BIND_ADDRESS_V4=127.0.0.2
+.TP
+\fB	export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
+.TP
+\fB	your_program_here
+.TP
+12. Set a FLOWINFO (flow label + class) for a client connection:
+.TP
+\fB	export FORCE_NET_VERBOSE=1
+.TP
+\fB	export FORCE_NET_FLOWINFO=0x7812345 # class 0x78, label 0x12345
+.TP
+\fB	export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
+.TP
+\fB	your_program_here
+.TP
+13. Force FWMARK on a connection (only root can do it):
+.TP
+\fB	export FORCE_NET_VERBOSE=1
+.TP
+\fB	export FORCE_NET_FWMARK=0x1234
+.TP
+\fB	export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
+.TP
+\fB	your_program_here
+.TP
+14. Force priority (between 0 and 6 for non-root users). You can use 'tc' command from iproute to set-up 'prio' qdisc and to assign prio to queues:
+.TP
+\fB	# 0. setup
+.TP
+\fB	export FORCE_NET_VERBOSE=1
+.TP
+\fB	export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
+.TP
+\fB	# 1. Make sure you have a 'prio' qdisc attached to eth0, for example:
+.TP
+\fB	tc qdisc add ev eth0 root handle 1: prio
+.TP
+\fB	# 2. Assign applications to classed (bands):
+.TP
+\fB	export FORCE_NET_PRIO=6 # interactive, band 0
+.TP
+\fB	your_voip_program_here
+.TP
+\fB	export FORCE_NET_PRIO=0 # best effort, band 1
+.TP
+\fB	your_mail_program_here
+.TP
+\fB	export FORCE_NET_PRIO=2 # bulk, band 2
+.TP
+\fB	your_remote_backup_program_here
+.TP
+\fB	# 3. Run tc statistics so you can see the classification:
+.TP
+\fB	tc -s class show dev eth0
+.TP
+15. Deny binding to any IPv4 sockets. The bind syscall will return -1 and errno will be set to EACCES.
+.TP
+\fB	export FORCE_NET_VERBOSE=1
+.TP
+\fB	export FORCE_BIND_ADDRESS_V4=deny
+.TP
+\fB	export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
+.TP
+\fB	your_program_here
+.TP
+16. Silent fake binding to any IPv6 sockets. The bind will return success, but will never accept any connection.
+.TP
+\fB	export FORCE_NET_VERBOSE=1
+.TP
+\fB	export FORCE_BIND_ADDRESS_V6=fake
+.TP
+\fB	export LD_PRELOAD=${LD_PRELOAD}:/usr/lib/force_bind.so
+.TP
+\fB	your_program_here
diff --git a/src/force_bind/force_bind_null-to-strcmp-fix.patch b/src/force_bind/force_bind_null-to-strcmp-fix.patch
new file mode 100644
index 0000000..bd17dcb
--- /dev/null
+++ b/src/force_bind/force_bind_null-to-strcmp-fix.patch
@@ -0,0 +1,14 @@
+diff --git a/force_bind.c b/force_bind.c
+index 644e3a7..5656a05 100644
+--- a/force_bind.c
++++ b/force_bind.c
+@@ -916,6 +916,9 @@ int bind(int sockfd, const struct sockaddr *addr, socklen_t addrlen)
+ 		case AF_INET6: force_address = force_address_v6; break;
+ 		}
+ 
++		if (force_address == NULL)
++			break;
++
+ 		/* Test if we should deny the bind */
+ 		if (strcmp(force_address, "deny") == 0) {
+ 			xlog(1, "\tDeny binding to %s\n", tmp);