Next: How to compile?, Previous: Top, Up: Top [Contents]
LibNetBlock is a set of replacements for those function that could be used to access the network. These functions include: ‘socket’, ‘sendmsg’ + ‘recvmsg’, ‘execve’ (thus the whole ‘exec*’ family) with the ‘system’ function (can be used to launch bad programs), the ‘bind’ family, a bunch of file opening functions (‘fopen’, ‘fopen64’, ‘open’, ‘open64’, ‘freopen’, ‘freopen64’, ‘openat’, ‘openat64’) which can be used to access files under /dev/net and /proc, some of the function from the libpcap library, to prevent raw opening of network devices.
You can think of LibNetBlock as a simple layer-7 (L7) firewall that simply blocks the network access for the program it controls.
There is NO NEED to rebuild your software, because LibNetBlock is a pre-loadable library, meaning you just need to RUN the software with LibNetBlock loaded.
Intercepting the raw ‘syscall()’ function is impossible, because the number of parameters varies from one syscall to another.
However, there are limitations. LibNetBlock can do nothing if:
LibNetBlock is also a library for programmers - look inside ${includedir}/ (default is /usr/local/include) for a header file with all the functions - libnetblock.h, and look inside ${libdir}/ (default is /usr/local/lib) for an "import library" - libnetblock.a.
NOTE To use LibNetBlock as a development library, pass --enable-public-interface
to ./configure and include the header BEFORE
any system headers. Compile-time errors may occur otherwise. Remember to link your
program with LibNetBlock - adding -lnetblock (optionally preceded with
-L ${libdir}) to GCC is enough. See the
chapter on developing to learn how to use LibNetBlock (Developing).
LibNetBlock’s homepage is https://libnetblock.sourceforge.io.
Next: How to compile?, Previous: Top, Up: Top [Contents]