Re: socket send help

Gabriel Genellina wrote:
James Mills escribió:
Bryan Olson wrote:
I thought a firewall would block an attempt to bind to any routeable
address, but not to localhost. So using INADDR_ANY would be rejected.

No.

My understanding is that firewalls block network traffic, not system calls.

This is correct. Firewalls (real firewalls) can only act on incoming
and outgoing traffic on the IP level.

That's true for hardware firewalls (those found in a router, by example). They can at most analyze traffic at the application layer but have no idea of the applications (processes) behind.
A "software firewall" may react not just to traffic but to *who* is doing that; it may block *processes* when they try to bind/listen to any port, even before any packet is sent or received. See http://www.securityfocus.com/infocus/1839
(One may argue whether those are *real* firewalls or not, but that's their common name...)

Even if one's 'firewall' product is one of "the rather useless ones that merely hook socket calls" (in the words of the linked article), I still don't see failing a bind() to INADDR_ANY while allowing a bind() to 127.0.0.1. INADDR_ANY means all available adapters. If some physical network adapter should be unavailable while the loopback is allowed, fine; passing INADDR_ANY should work and bind to the loopback adapter.

(Also note that I'm far for being an expert on these topics)

Sure. I was mostly just making a couple points because at one time they confused me. Python's socket.bind() treats the empty string as INADDR_ANY, which means all available adapters. It's a fine address parameter for bind(), and ought to work at least as well as any. The time to bind() to localhost is when we specifically do not want to be available on an external network adapter.

Now don't get me started on the vagaries of passing INADDR_ANY to connect().

--
--Bryan
.

Relevant Pages

  • Re: UDP question.
    ... >> My two adapters has two different IP address, and I bind one IP ... >> do you mean that I alloc two socket and bind different IP is not ... > sending a packet *to* 1.2.4.5, it will go out the first interface. ... not real bind the adapter? ...
    (Linux-Kernel)
  • Re: How to know if a network adapter is connected
    ... This is the only way I know to identify the network adapter, ... Yes i agree but if the adapter is not connected to the network, the bind() function return SOCKET_ERROR. ... So i need to bind every socket each time i call the recv ...
    (microsoft.public.windowsce.embedded.vc)
  • Re: UDP question.
    ... >>> My two adapters has two different IP address, and I bind one IP ... >>> do you mean that I alloc two socket and bind different IP is not ... >> interface address it came from. ... why dont you try a different subnet for the other adapter & its dest. ...
    (Linux-Kernel)
  • Re: [DESPERATE] Turn on/off Bluetooth, WiFi and an RFID tag reader.
    ... setting a bit in the registry for the target adapter and then calling NDIS ... To do a NDIS bind or NDIS unbind you can use these API: ... ref string wszAdapterInstanceName, ...
    (microsoft.public.windowsce.app.development)
  • Re: disable a network connection
    ... Then make shortcuts with command line parameters to enable or disable your adapter. ... Some firewalls appear to allow that, ...
    (microsoft.public.win32.programmer.networks)