Re: [Obsbox-devel] bind management port to 127.0.0.1

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Greetings,

On 4 Nov 2002, Robert Kaye wrote:

> On Mon, 2002-11-04 at 05:43, Kristoff Bonne wrote:
>> For the time being, it seams to work OK. (I use it because I'm a network
>> engineer at an ISP here in Belgium and I need a test-application for IP
>> multicasting and IP-multicast peering with other ISPs).
> Cool!

BTW. Another problem that popped up was copyrights on the music being
broadcasted. (you know, music-companies, etc.).

In the end, I found there exists something called a "open music license",
the music-equivalent of the open software license. Isn't the internet
great. ;-)

>> As the box is connected on the 'unprotected internet'; I'm a bit worried
>> about the management-port service (at TCP port 4420).
>> The way it is configured, it seams to be 'wide open' for anybody to
>> connect to.
>> Is it possible to configure obsbox that it is 'bind' to IP-address
>> 127.0.0.1 (so you can only connect to it; when using that IP_address; so
>> -in this case- only when you are on the box itself).
> You can do this in one of two ways:
> 1. Use tcp_wrappers to restrict who accesses the port outside of
> changing the code in Obseqieum. I think this is the preferred method for
> doing this -- its the most flexible.
True, but a quick hack in the code is faster. ;-)

> 2. Do as you suggest and hack the Obs to code to only listen on one IP:
>> I've been browsing throu the code-source but I'm not a C++ programmer;
>> so I'm a bit lost. But, I know that in "standard" C; using the 'standard
>> socket-library' when you set up a 'listening TCP-socket' it is possible to
>> define to what IP_address/interface it is bound to.
>> Is there somewhere an option to (either) configure this into the code; or
>> can somebody say where I can change this?
> In this case C++ is not any different from C -- its uses the same socket
> calls. Check out net/Server.cpp line 92 -- I believe you could set
> sa.sin_addr to 127.0.0.1 and it should restrict it to that port.
> I think. :-)

Yep, that's it. This is what I changed:

    sa.sin_family= AF_INET;
    sa.sin_port= htons(iPort);

/* patch begins here */
if (! inet_aton (127.0.0.1, (struct in_addr *) &sa.sin_addr.s_addr)) {
        g_pLog->Log_v("Server: IP address format error for 127.0.0.1\n");
   return e_FailCreateSocket;
};
/* patch  ends  here */

    iSocket = socket(AF_INET,SOCK_STREAM,0);
    if (iSocket < 0)

Perhaps it would be a good idea to put this somewhere in the config-file
(end make up a better 'error_clause' for this ;-) )

An additional question:
From what I understand from the case, the my-sql database is only there
for the web-interface (i.e. the cgi-bin perl-scripts). Is this correct?

I've done some perl-coding also myself (for network management reasons);
and also used perl/db interfaces. Appart from postgresql, I also use
'dbm'-file (local database-files). There's a perl library specially for
this (DBass); just as for mysql and postgresql.

As -it seams to me- the actual data in the database is minimal so; a
complete RDBS (like mysql) does look a bit like overkill for this.
Couldn't you replace the mysql databases with something less demanding?

Just a general question.
But, I did actually had quite a lot of problems with getting code
compiled; getting the correct mysql-libraries; setting up the correct
access-control in the database, etc.

Cheerio! Kr. Bonne.
-- 
KB905-RIPE                                       Belgacom  IP networking
(c=be,a=rtt,p=belgacomgroup,s=Bonne,g=Kristoff)  Internet, IP and IP/VPN
kri...@sk...                         Faxbox :  +32 2 2435122