Help:Socketbox/socketbox-preload

Instruct your server daemon, with the LD_PRELOAD library injected, to bind to the following IPv6 address:

fe8f::X:YYYY:ZZZZ
  • X = 0, open $SKBOX_DIRECTORY_ROOT/skbox_dir_Yd000 where Yd000 is the decimal representation of YYYY zero-left-padded to five digits. Use the first 108 (or UNIX_PATH_MAX) bytes starting from byte offset 128 * Zd of that file as the Unix domain socket address (i.e. the bytes in that range are copied into struct sockaddr_un->sun_path), where Zd is the numeric value of ZZZZ in decimal (if past the end of the file, bind() returns -1 and sets errno to ERANGE). If that address contains the string _@SB_, then it is replaced with the original requested port number of the bind() call zero-left-padded to five digits. The socket will be created as an instance of a Socketbox "A" protocol listener. If $SKBOX_DIRECTORY_ROOT is unset, this will result in an error.
  • X = 1, same as X = 0, but create a traditional stream socket instead.
  • X = 2, open $SKBOX_DIRECTORY_ROOT2/Yd000/Zd000_Pd000 as the socket address, using the Socketbox "A" protocol, where Yd000 is the decimal value of YYYY zero-left-padded to five digits, Zd000 is the decimal value of ZZZZ zero-left-padded to five digits, and Pd000 is the decimal value of the original port number zero-left-padded to five digits. If $SKBOX_DIRECTORY_ROOT2 is unset, this will result in an error.
  • X = 3, same as X = 2, but create a traditional stream socket instead.
  • All other values for X are reserved and will result in an error.

The following additional restrictions apply:

  • The length of the socket address passed to bind() must be equal to sizeof(struct sockaddr_in6) and the value of sa_family is set to AF_INET6.
  • Original socket must be detected as domain AF_INET or AF_INET6 and type SOCK_STREAM.
  • Requested port number to bind() must be greater than zero and less than 1024.
  • sin6_scope_id must be set to 0.
  • IPv6 must not be disabled on the machine using ipv6.disable=1. (Use net.ipv6.conf.all.disable_ipv6=1 in /etc/sysctl.conf instead, though I would question why you would want to run socketbox in such an environment.)
  • The "B" protocol is not supported.

Bugs

It is possible to also enable the ability to connect to fe8f:: addresses using SKBOX_ENABLE_CONNECT (it is disabled by default), but depending on the credentials of the web (or other) server, enabling it may also result in the ability to create server-side request forgery attacks. Use with caution!

This end-user documentation is part of socketbox. Reproduction and use of this material for any purpose is permitted, provided that a link to this page is provided as attribution.