linking node.js with libwrap

93 views
Skip to first unread message

dhruvbird

unread,
Nov 4, 2012, 4:24:47 PM11/4/12
to nod...@googlegroups.com
Hello,

Has anyone linked the node.js executable against libwrap so that node.js based servers can make use of the hosts.allow and hosts.deny files? As I understand, libwrap transparently allows/denies TCP connections based on these parameters. Please let me know if my understanding is correct and if anyone has been able to get the two to work correctly together.

Regards,
-Dhruv.

Ben Noordhuis

unread,
Nov 4, 2012, 5:19:26 PM11/4/12
to nod...@googlegroups.com
Not transparently. libwrap is a collection of functions that, among
other things, lets you parse hosts.* entries. You still need to call
those functions though, it doesn't do any LD_PRELOAD magic or anything
(which probably wouldn't work anyway - node.js often makes system
calls directly instead of going through the libc wrappers.)

dhruvbird

unread,
Nov 4, 2012, 8:49:02 PM11/4/12
to nod...@googlegroups.com


On Sunday, November 4, 2012 5:19:40 PM UTC-5, Ben Noordhuis wrote:
On Sun, Nov 4, 2012 at 10:24 PM, dhruvbird <dhru...@gmail.com> wrote:
> Hello,
>
> Has anyone linked the node.js executable against libwrap so that node.js
> based servers can make use of the hosts.allow and hosts.deny files? As I
> understand, libwrap transparently allows/denies TCP connections based on
> these parameters. Please let me know if my understanding is correct and if
> anyone has been able to get the two to work correctly together.
>
> Regards,
> -Dhruv.

Not transparently.  libwrap is a collection of functions that, among
other things, lets you parse hosts.* entries.  You still need to call
those functions though, it doesn't do any LD_PRELOAD magic or anything

Ah! I was under the impression that LD_PRELOAD (or some such thing would be needed and it world work magically). Thanks for clarifying!
 
(which probably wouldn't work anyway - node.js often makes system
calls directly instead of going through the libc wrappers.)

Based on this, I took a look at the tcp-wrappers code and it seems that they use sync-file-i/o routines to read the hosts.* files. Do you think it's a good idea to use this on a running server or maybe emulate the matching based on a pure js implementation (assuming that the format of hosts.* is simple enough to parse out).

Regards,
-Dhruv.


 

Ben Noordhuis

unread,
Nov 5, 2012, 12:50:58 PM11/5/12
to nod...@googlegroups.com
I'd probably opt for the JS only approach. The format is well
documented and not very complicated.
Reply all
Reply to author
Forward
0 new messages