[erlang-questions] Socket option FREEBIND
Richard Jones
rj@REDACTED
Fri Oct 20 18:33:27 CEST 2017
I'm able to make outbound connections bound to an arbitrary IP from my
range by specifying a socket option like: {raw, 0, 15, <<1>>}
note that that protocol part of {raw, ???, _, _} is 0, not 6, since
it's an IP level socket option (not tcp-level).
btw there's also a system-wide option so you don't need to specify
ip_freebind per socket:
echo 1 > /proc/sys/net/ipv6/ip_nonlocal_bind
RJ
On 20 October 2017 at 17:17, Michael L Martin <mmartin4242@REDACTED> wrote:
> Thanks for the quick response. As for what I'm attempting to achieve, well,
> I'm not really sure.
>
> I have a customer that is adamant that we use IP_FREEBIND, so I've been
> poking around in :gen_tcp and :inet trying to see how to do that.
>
> Here's what happens when I try to open a listen socket:
>
> iex(5)> {:ok, s} = :gen_tcp.listen(8000, [{:raw, 6, 15, <<1 :: size(32)>>},
> {:ip, {10, 138, 69, 63}}])
> {:ok, #Port<0.1305>}
> iex(6)> :inet.getopts(s, [{:raw, 6, 15, 4}])
> {:ok, []}
> iex(7)> :gen_tcp.close(s)
> :ok
> iex(8)> {:ok, s} = :gen_tcp.listen(8000, [{:raw, 6, 15, <<1 :: size(32)>>},
> {:ip, {10, 138, 69, 64}}])
> ** (MatchError) no match of right hand side value: {:error, :eaddrnotavail}
>
> iex(8)>
>
> So it looks like it's not working for listen sockets, either. Could very
> well be that I simply don't know what the heck I'm doing...
>
>
>
> On 2017-10-20 12:04 PM, Andreas Schultz wrote:
>
> Hi,
>
> ----- On Oct 20, 2017, at 5:10 PM, Michael L Martin <mmartin4242@REDACTED>
> wrote:
>
> Raw socket options looks like it should be the answer, but I'm not getting
> good results:
>
> iex(worker@REDACTED)28> {:ok, s} = :gen_tcp.connect('localhost', 80,
> [{:raw, 6, 15, <<1>>}, {:ip, {10, 138, 69, 63}}])
>
> {:ok, #Port<0.12110>}
>
> iex(worker@REDACTED)29> :inet.getopts(s, [{:raw, 6, 15, 32}])
>
> {:ok, []} <== option not set?
>
> iex(worker@REDACTED)29> {:ok, s} = :gen_tcp.connect('localhost', 80,
> [{:raw, 6, 15, <<1>>}, {:ip, {10, 138, 69, 64}}])
>
> ** (MatchError) no match of right hand side value: {:error, :eaddrnotavail}
>
>
> IP_FREEBIND on connect doesn't make sense, it's only really useful on listen
> sockets.
>
> The option lets you bind to an IP address that does not yet exist on the
> host. That is ok for listen, but when you attempt to build an outgoing
> connection from that IP, then it has to be configured.
>
> It appears that the IP_FREEBIND option is simply not set. If I use
> IP_TRANSPARENT instead:
>
> iex(worker@REDACTED)35> {:ok, s} = :gen_tcp.connect('localhost', 80,
> [{:raw, 6, 19, <<1>>}, {:ip, {10, 138, 69, 63}}])
>
> {:ok, #Port<0.12113>}
>
> iex(worker@REDACTED)34> :inet.getopts(s, [{:raw, 6, 19, 32}])
>
> {:ok, [{:raw, 6, 19, <<0, 0, 0, 0>>}]}
>
>
> IP_TRANSPARENT needs special iptables rules to work correctly and is for a
> very specific use case. I don't think it would be very useful for an Erlang
> application to use that.
>
> In this case, the raw option 19 (IP_TRANSPARENT) is set, but to false rather
> than true. I believe this is because the beam file needs root or
> CAP_NET_ADMIN.
>
> You need root and a specific iptables setup for it to work.
>
> Any thoughts?
>
>
> What are you attempting to achieve anyway?
>
> Regards
> Andreas
>
>
>
>
> On 2017-10-16 01:18 PM, Guilherme Andrade wrote:
>
> I believe you can use raw socket options[1] for that, but it won't be
> portable.
>
> [1]: http://erlang.org/doc/man/inet.html#setopts-2 - {raw, Protocol,
> OptionNum, ValueBin}
>
> On 16 October 2017 at 15:09, Michael L Martin <mmartin4242@REDACTED> wrote:
>>
>> Hi all,
>>
>> Is there a way to specify the FREEBIND option when opening a socket? I
>> don't see any reference to it in the documentation.
>>
>>
>> Thanks,
>>
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/listinfo/erlang-questions
>
>
>
>
> --
> Guilherme
>
>
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
More information about the erlang-questions
mailing list