Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 508
  • Last Modified:

socket options and setsockopt.c src location

I am having trouble finding the source code in the openBSD source tree for for following functions:

socket.c (if it exists)
setsockopt()
getsockopt()

Also, I am going to need to add a new socket option and have been unable to locate the source code locations that pertain to this (ie: where is the select structure that process the hex codes for socket options found in socket.h? where is the code located for individual socket options? where would code for a new socket option go?)

thanks!
0
jellis613
Asked:
jellis613
  • 3
1 Solution
 
CrossleyCommented:
Yes it certainly does exist.  But firstly (and apologies if this sounds like a stupid question) did you load the source code (seperate CD) when you installed OpenBSD?  If not it's easy enough to do subsequently (ask if you need help to do so).

Anyhow, if you do have the source installed you should be able to find the paths to these commands using 'locate socket.c' (look for hits in the /usr/src directories) - or if that doesn't work try 'find /usr/src -name socket.c -print'.

For example on a machine with the 3.2 build, you should find getsockopt.c at /usr/src/lib/libc_r/uthread/uthread_getsockopt.c - which begins:

#include <sys/types.h>
#include <sys/socket.h>
#ifdef _THREAD_SAFE
#include <pthread.h>
#include "pthread_private.h"

int
getsockopt(int fd, int level, int optname, void *optval, socklen_t *optlen)
{
        int             ret;

        if ((ret = _FD_LOCK(fd, FD_RDWR, NULL)) == 0) {
                ret = _thread_sys_getsockopt(fd, level, optname, optval, optlen)
;

---
etc...


It sounds like you're attempting an interesting (and ambitious) project - might I ask what you're trying to achieve?  I presume you're fully familar with 'TCPIP protocols - the implementations' by Stevens - if not I'd get a copy quick!

Rgds & good luck, M
0
 
jellis613Author Commented:
Thanks, It seems that the code that we are looking for is not in upper level code like socket.c, setsockopt, etc...we are going to need to make some changes at the kernel level to achieve our goal.

What we are trying to do is set up an ip-filter at the kernel level of openBSD. To do this we must implement a new socket option which takes a list of ip-addresses for which to drop UDP (not TCP) packets. We would pass this list of addresses through the setsockopt function.

We are right now unable to locate:
- where socket options are implemented in the kernel code (and where we could add in a new option)
- an example of a place where a packet drop/send decision are made at the kernel level
- the selection mechanism that sorts through socket option calls and implements the desired socket option (like for those that are listed in socket.h)

0
 
CrossleyCommented:
Thanks for the extra info - interesting.

I think if I were you I would be trying to find a way of achieving this that didn't involve hacking the kernel though...  you could certainly trivially achieve the filtering effect you describe via OpenBSD's built in kernel-level packet filter ('pf').  If you aren't already familiar with it, I would strongly recommend reading the manpage.  In fact, if you have a look at the source for pf you will see how it links into the kernel to decide how to drop/send a packet.

I presume you have a compelling reason to want to set the 'deny' list via a socket option (compatability with an existing application?  Remote control?).  One thing you might want to consider is an auxiliary program that listens on a different socket on the same port, and talks appropriately to the PF daemon.

Rgds, M
0
 
CrossleyCommented:
Further to the above you can control pf (e.g. to add/delete filter rules) via ioctls to the /dev/pf device.  See http://www.openbsd.org/cgi-bin/man.cgi?query=pf&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html  for details.

The normal means of generating these ioctls is with the userland pfctl command, but you could equally well do it with a program of course.

If you are definate about trying to do your job via a new socket option, then IMHO I think you should leave the actual filtering to pf, and make the objective of your patching activities with socket.c etc to generate the necessary ioctl calls....

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now