Added intercept build file and sources

make-netcon.mk

@@ -0,0 +1,29 @@
+SHCC=gcc
+
+# intercept-specific
+intercept_CFLAGS = -c -fPIC -g -O2 -Wall -std=c99 -D_GNU_SOURCE -DNETCON_INTERCEPT
+LIB_NAME = intercept
+SHLIB_EXT=dylib
+SHLIB_MAJOR = 1
+SHLIB_MINOR = 8
+COMMON = common
+OBJS= netcon/intercept.o
+SHLIB = ${LIB_NAME}.${SHLIB_EXT}.${SHLIB_MAJOR}.${SHLIB_MINOR}
+SHLDFLAGS = -g -O2 -Wall -I. -nostdlib -shared
+LIBS = -ldl -lc -lrt -lpthread
+
+lib:
+	${SHCC} $(intercept_CFLAGS) -I. netcon/intercept.c -o netcon/intercept.o
+	${SHCC} $(intercept_CFLAGS) -I. netcon/common.c -o netcon/common.o
+	${SHCC} $(intercept_CFLAGS) -I. netcon/sendfd.c -o netcon/sendfd.o
+	${SHCC} $(SHLDFLAGS) netcon/intercept.o netcon/common.o netcon/sendfd.o -o netcon/libintercept.so.1.0 $(LIBS)
+
+install:
+	cp netcon/libintercept.so.1.0 /lib/libintercept.so.1.0
+	ln -sf /lib/libintercept.so.1.0 /lib/libintercept
+	/usr/bin/install -c netcon/intercept /usr/bin
+
+uninstall:
+	rm -r /lib/libintercept.so.1.0
+	rm -r /lib/libintercept
+	rm -r /usr/bin/intercept

netcon/common.c

@@ -0,0 +1,130 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+#include <stdio.h>
+#include <netdb.h>
+#include <stdarg.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+#include <arpa/inet.h>
+#include <netinet/in.h>
+#include <pthread.h>
+
+#include "common.h"
+
+void dwr(const char *fmt, ...);
+
+/* defined in intercept and service */
+extern FILE* logfile;
+extern char* logfilename;
+//extern flog = -1;
+
+extern pthread_mutex_t loglock;
+
+
+
+#ifdef NETCON_SERVICE
+   void dwr(int, const char *fmt, ...);
+
+   void dwr(const char *fmt, ...)
+   {
+      int saveerr;
+      va_list ap;
+      va_start(ap, fmt);
+      saveerr = errno;
+      dwr(-1, fmt, ap);
+      errno = saveerr;
+      va_end(ap);
+   }
+
+   void dwr(int pid, const char *fmt, ...)
+#endif
+#ifdef NETCON_INTERCEPT
+   void dwr(const char *fmt, ...)
+#endif
+{
+	va_list ap;
+	int saveerr;
+	char timestring[20];
+	time_t timestamp;
+
+	timestamp = time(NULL);
+	strftime(timestring, sizeof(timestring), "%H:%M:%S", localtime(&timestamp));
+
+  if(logfile)
+    fprintf(logfile, "%s ", timestring);
+  fprintf(stderr, "%s ", timestring);
+
+#ifdef NETCON_SERVICE
+	if(ns != NULL)
+	{
+    size_t num_intercepts = ns->intercepts.size();
+    size_t num_connections = ns->connections.size();
+    if(logfile)
+      fprintf(logfile, "[i/c/tid=%3lu|%3lu|%7d]", num_intercepts, num_connections, pid);
+    fprintf(stderr, "[i/c/tid=%3lu|%3lu|%7d]", num_intercepts, num_connections, pid);
+	}
+	else {
+    if(logfile)
+      fprintf(logfile, "[i/c/tid=%3d|%3d|%7d]", 0, 0, -1);
+    fprintf(stderr, "[i/c/tid=%3d|%3d|%7d]", 0, 0, -1);
+  }
+
+#endif
+
+#ifdef NETCON_INTERCEPT
+  //pthread_mutex_lock(&loglock);
+  int pid = getpid();
+  if(logfile)
+	  fprintf(logfile, "[tid=%7d]", pid);
+  fprintf(stderr, "[tid=%7d]", pid);
+  //pthread_mutex_unlock(&loglock);
+#endif
+
+	if(logfile)
+    fputs(" ", logfile);
+  fputs(" ", stderr);
+
+  /* logfile */
+	va_start(ap, fmt);
+	saveerr = errno;
+	if(logfile){
+    vfprintf(logfile, fmt, ap);
+    fflush(logfile);
+  }
+  va_end(ap);
+
+  /* console */
+  va_start(ap, fmt);
+  vfprintf(stderr, fmt, ap);
+	fflush(stderr);
+  errno = saveerr;
+	va_end(ap);
+}

netcon/common.h

@@ -0,0 +1,34 @@
+
+#ifndef _COMMON_H_
+#define _COMMON_H_
+
+//#include <unistd.h>
+#include <sys/ioctl.h>
+#include <stdlib.h>
+#include <sys/wait.h>
+#include <stdarg.h>
+#include <sys/stat.h>
+#include <sys/ipc.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <time.h>
+#include <assert.h>
+#include <signal.h>
+#include <sys/socket.h>
+
+
+void set_log_options(int, char *, int);
+void show_msg(int level, char *, ...);
+unsigned int resolve_ip(char *, int, int);
+
+
+#define MSGERR    0
+#define MSGDEBUG  1
+
+
+#endif

netcon/defs.h

@@ -0,0 +1,60 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+
+/* Maximum number of socket connections allowed in service */
+#define MAX_SOCKETS               1024
+/* Maximum number of harnesses allowed to be connected to this service */
+#define MAX_INTERCEPTS            256
+
+#define SELECT_PERF_WARNING       1000
+
+#define CMD_SIZE                  32
+#define DATA_IDX                  CMD_SIZE
+#define CMD_IDX                   0
+#define BUF_SZ                    1024
+
+/* number or times an intercept will attempt to connect to the service */
+#define SERVICE_CONNECT_ATTEMPTS  3
+
+/* how long we wait when polling various I/O sources in the core I/O loop */
+#define INTERCEPT_POLL_TIMEOUT    0
+
+/* how often we want lwIP to poll our callback.
+ - We use this to resume pending data transfers */
+#define APPLICATION_POLL_FREQ     1
+
+/* for passing applications as arguments to the service */
+#define APP_ARGUMENT_LENGTH       128
+
+
+#define DEFAULT_RPC_PIPE_IDX      0
+
+/* display various types of detectable lwip/service/intercept problems */
+#define NETCON_WARNINGS           1
+
+typedef int rpc_len_type;

netcon/intercept

@@ -0,0 +1,54 @@
+#!/bin/sh
+# usage:
+# /usr/bin/intercept program <args>
+
+if [ $# = 0 ] ; then
+   echo "$0: insufficient arguments"
+   exit
+fi
+
+case "$1" in
+	on)
+		if [ -z "$LD_PRELOAD" ]
+			then
+				export LD_PRELOAD="/lib/libintercept.so.1.0"
+			else
+				echo $LD_PRELOAD | grep -q "/lib/libintercept\.so.1.0" || \
+				export LD_PRELOAD="/lib/libintercept.so $LD_PRELOAD"
+		fi
+	;;
+	off)
+		export LD_PRELOAD=`echo -n $LD_PRELOAD | sed 's/\/lib\/libintercept.so.1.0 \?//'`
+		if [ -z "$LD_PRELOAD" ]
+			then
+				unset LD_PRELOAD
+		fi
+	;;
+	show|sh)
+		echo "LD_PRELOAD=\"$LD_PRELOAD\""
+	;;
+	-h|-?)
+      echo ""
+   ;;
+	*)
+		if [ -z "$LD_PRELOAD" ]
+		then
+			export LD_PRELOAD="/lib/libintercept.so.1.0"
+		else
+			echo $LD_PRELOAD | grep -q "/lib/libintercept\.so.1.0" || \
+			export LD_PRELOAD="/lib/libintercept.so.1.0 $LD_PRELOAD"
+		fi
+
+		if [ $# = 0 ]
+		then
+			${SHELL:-/bin/sh}
+		fi
+
+		if [ $# -gt 0 ]
+		then
+			exec "$@"
+		fi
+	;;
+esac
+
+#EOF

netcon/intercept.c

@@ -40,7 +40,6 @@ char *progname = "";
 #include <sys/time.h>
 #include <pwd.h>
 #include <errno.h>
-#include <common.h>
 #include <stdarg.h>
 #include <netdb.h>
 #include <string.h>
@@ -55,7 +54,7 @@ char *progname = "";
 #include <arpa/inet.h>
 
 #include <poll.h>
-
+#include <pthread.h>
 #include <unistd.h>
 
 /* For NPs */
@@ -69,13 +68,12 @@ char *progname = "";
 #ifdef USE_SOCKS_DNS
 #include <resolv.h>
 #endif
-#include <intercept.h>
 
+#include "intercept.h"
+#include "common.h"
 #include "defs.h"
 #include "utils.c"
 
-#include <pthread.h>
-
 /* Global Declarations */
 #ifdef USE_SOCKS_DNS
 static int (*realresinit)(void);

netcon/intercept.h

@@ -0,0 +1,233 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+
+#ifndef _HARNESS_H
+#define _HARNESS_H	1
+
+#include <sys/socket.h>
+
+
+/* Userland RPC codes */
+#define RPC_UNDEFINED			 			0
+#define RPC_CONNECT				 			1
+#define RPC_CONNECT_SOCKARG		 	2
+#define RPC_SELECT			 				3
+#define RPC_POLL				 				4
+#define RPC_CLOSE				 				5
+#define RPC_READ				 				6
+#define RPC_WRITE				 				7
+#define RPC_BIND				 				8
+#define RPC_ACCEPT			 				9
+#define RPC_LISTEN			 				10
+#define RPC_SOCKET			 				11
+#define RPC_SHUTDOWN		 				12
+
+/* Administration RPC codes */
+#define RPC_FD_MAP_COMPLETION		20	// Give the service the value we "see" for the new buffer fd
+#define RPC_RETVAL							21	// not RPC per se, but something we should codify
+#define RPC_KILL_INTERCEPT			22  // Tells the service we need to shut down all connections
+
+/* Connection statuses */
+#define UNSTARTED								0
+#define CONNECTING			 				1
+#define CONNECTED				 				2
+#define SENDING					 				3
+#define RECEIVING				 				4
+#define SENTV4REQ				 				5
+#define GOTV4REQ				 				6
+#define SENTV5METHOD			 			7
+#define GOTV5METHOD				 			8
+#define SENTV5AUTH			 				9
+#define GOTV5AUTH				 				10
+#define SENTV5CONNECT			 			11
+#define GOTV5CONNECT			 			12
+#define DONE					 					13
+#define FAILED				 					14
+
+/* Flags to indicate what events a
+   socket was select()ed for */
+#define READ					 					(POLLIN|POLLRDNORM)
+#define WRITE					 					(POLLOUT|POLLWRNORM|POLLWRBAND)
+#define EXCEPT				 					(POLLRDBAND|POLLPRI)
+#define READWRITE				 				(READ|WRITE)
+#define READWRITEEXCEPT			 		(READ|WRITE|EXCEPT)
+
+
+/* for AF_UNIX sockets */
+#define MAX_PATH_NAME_SIZE 64
+
+// bind
+#define BIND_SIG int sockfd, const struct sockaddr *addr, socklen_t addrlen
+struct bind_st
+{
+	int sockfd;
+	struct sockaddr addr;
+	socklen_t addrlen;
+	int __tid;
+};
+
+
+// connect
+#define CONNECT_SIG int __fd, const struct sockaddr * __addr, socklen_t __len
+struct connect_st
+{
+	int __fd;
+	struct sockaddr __addr;
+	socklen_t __len;
+	int __tid;
+};
+
+
+// close
+#define CLOSE_SIG int fd
+struct close_st
+{
+	int fd;
+};
+
+
+// read
+#define DEFAULT_READ_BUFFER_SIZE	1024 * 63
+// read buffer sizes (on test machine) min: 4096    default: 87380   max:6147872
+#define READ_SIG int __fd, void *__buf, size_t __nbytes
+struct read_st
+{
+	int fd;
+	size_t count;
+	unsigned char buf[DEFAULT_READ_BUFFER_SIZE];
+};
+
+
+
+#define DEFAULT_WRITE_BUFFER_SIZE	1024 * 63
+// write buffer sizes (on test machine) min: 4096    default: 16384   max:4194304
+#define WRITE_SIG int __fd, const void *__buf, size_t __n
+struct write_st
+{
+	int fd;
+	size_t count;
+	char buf[DEFAULT_WRITE_BUFFER_SIZE];
+};
+
+
+#define LISTEN_SIG int sockfd, int backlog
+struct listen_st
+{
+	int sockfd;
+	int backlog;
+	int __tid;
+};
+
+
+
+#define SOCKET_SIG int socket_family, int socket_type, int protocol
+struct socket_st
+{
+  int socket_family;
+  int socket_type;
+  int protocol;
+	int __tid;
+};
+
+
+#define ACCEPT4_SIG int sockfd, struct sockaddr *addr, socklen_t *addrlen, int flags
+
+
+#define ACCEPT_SIG int sockfd, struct sockaddr *addr, socklen_t *addrlen
+struct accept_st
+{
+	int sockfd;
+	struct sockaddr addr;
+	socklen_t addrlen;
+	int __tid;
+};
+
+
+#define SHUTDOWN_SIG int socket, int how
+struct shutdown_st
+{
+	int socket;
+	int how;
+};
+
+#define CONNECT_SOCKARG struct sockaddr *
+#define SELECT_SIG int n, fd_set *readfds, fd_set *writefds, fd_set *exceptfds, struct timeval *timeout
+#define POLL_SIG struct pollfd *__fds, nfds_t __nfds, int __timeout
+#define IOCTL_SIG int __fd, unsigned long int __request, ...
+#define FCNTL_SIG int __fd, int __cmd, ...
+#define CLONE_SIG int (*fn) (void *arg), void *child_stack, int flags, void *arg
+#define DAEMON_SIG int nochdir, int noclose
+
+
+#define SETSOCKOPT_SIG int socket, int level, int option_name, const void *option_value, socklen_t option_len
+#define GETSOCKOPT_SIG int sockfd, int level, int optname, void *optval, socklen_t *optlen
+
+
+/* LWIP error beautification */
+const char *lwiperror(int n)
+{
+	switch(n)
+	{
+		case 0:
+			return "ERR_OK";
+		case -1:
+			return "ERR_MEM (out of memory)";
+		case -2:
+			return "ERR_BUF (buffer error)";
+		case -3:
+			return "ERR_TIMEOUT (timeout)";
+		case -4:
+			return "ERR_RTE (routing problem)";
+		case -5:
+			return "ERR_INPROGRESS (operation in progress)";
+		case -6:
+			return "ERR_VAL (illegal value)";
+		case -7:
+			return "ERR_WOULDBLOCK (operation would block)";
+		case -8:
+			return "ERR_USE (address in use)";
+		case -9:
+			return "ERR_ISCONN (already connected)";
+		case -10:
+			return "Fatal: ERR_ABRT (connection aborted)";
+		case -11:
+			return "Fatal: ERR_RST (connection reset)";
+		case -12:
+			return "Fatal: ERR_CLSD (connection closed)";
+		case -13:
+			return "Fatal: ERR_CONN (not connected)";
+		case -14:
+			return "Fatal: ERR_ARG (illegal argument)";
+		case -15:
+			return "Fatal: ERR_IF (low level netif error)";
+		default:
+			return "UNKNOWN_RET_VAL";
+	}
+}
+
+#endif

netcon/sendfd.c

@@ -0,0 +1,107 @@
+
+#include <stdlib.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <sys/socket.h>
+
+/* Functions used to pass file descriptors between processes */
+
+ssize_t sock_fd_write(int sock, int fd);
+ssize_t sock_fd_read(int sock, void *buf, ssize_t bufsize, int *fd);
+
+ssize_t sock_fd_write(int sock, int fd)
+{
+	ssize_t size;
+	struct msghdr msg;
+	struct iovec iov;
+	char buf = '\0';
+	int buflen = 1;
+
+	union
+	{
+		  struct cmsghdr  cmsghdr;
+		  char control[CMSG_SPACE(sizeof (int))];
+	} cmsgu;
+	struct cmsghdr *cmsg;
+
+	iov.iov_base = &buf;
+	iov.iov_len = buflen;
+
+	msg.msg_name = NULL;
+	msg.msg_namelen = 0;
+	msg.msg_iov = &iov;
+	msg.msg_iovlen = 1;
+
+	if (fd != -1) {
+		  msg.msg_control = cmsgu.control;
+		  msg.msg_controllen = sizeof(cmsgu.control);
+		  cmsg = CMSG_FIRSTHDR(&msg);
+		  cmsg->cmsg_len = CMSG_LEN(sizeof (int));
+		  cmsg->cmsg_level = SOL_SOCKET;
+		  cmsg->cmsg_type = SCM_RIGHTS;
+		  *((int *) CMSG_DATA(cmsg)) = fd;
+	} else {
+		  msg.msg_control = NULL;
+		  msg.msg_controllen = 0;
+	}
+
+	size = sendmsg(sock, &msg, 0);
+	if (size < 0)
+		  perror ("sendmsg");
+	return size;
+}
+
+
+ssize_t sock_fd_read(int sock, void *buf, ssize_t bufsize, int *fd)
+{
+    ssize_t size;
+
+    if (fd) {
+        struct msghdr msg;
+        struct iovec iov;
+        union
+				{
+            struct cmsghdr cmsghdr;
+            char control[CMSG_SPACE(sizeof (int))];
+        } cmsgu;
+        struct cmsghdr *cmsg;
+
+        iov.iov_base = buf;
+        iov.iov_len = bufsize;
+
+        msg.msg_name = NULL;
+        msg.msg_namelen = 0;
+        msg.msg_iov = &iov;
+        msg.msg_iovlen = 1;
+        msg.msg_control = cmsgu.control;
+        msg.msg_controllen = sizeof(cmsgu.control);
+        size = recvmsg (sock, &msg, 0);
+        if (size < 0) {
+            perror ("recvmsg");
+            exit(1);
+        }
+        cmsg = CMSG_FIRSTHDR(&msg);
+        if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(int))) {
+            if (cmsg->cmsg_level != SOL_SOCKET) {
+                fprintf (stderr, "invalid cmsg_level %d\n",
+                     cmsg->cmsg_level);
+                exit(1);
+            }
+            if (cmsg->cmsg_type != SCM_RIGHTS) {
+                fprintf (stderr, "invalid cmsg_type %d\n",
+                     cmsg->cmsg_type);
+                exit(1);
+            }
+
+            *fd = *((int *) CMSG_DATA(cmsg));
+        } else
+            *fd = -1;
+    } else {
+        size = read (sock, buf, bufsize);
+        if (size < 0) {
+            perror("read");
+            exit(1);
+        }
+    }
+    return size;
+}

netcon/sendfd.h

@@ -0,0 +1,3 @@
+
+ssize_t sock_fd_write(int sock, int fd);
+ssize_t sock_fd_read(int sock, void *buf, ssize_t bufsize, int *fd);

netcon/utils.c

@@ -0,0 +1,93 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+void get_path_from_pid(char* dest, int pid)
+{
+  char ppath[50];
+  sprintf(ppath, "/proc/%d/exe", pid);
+  if (readlink (ppath, dest, 50) != -1){
+  }
+}
+
+void print_ip(int ip)
+{
+  unsigned char bytes[4];
+  bytes[0] = ip & 0xFF;
+  bytes[1] = (ip >> 8) & 0xFF;
+  bytes[2] = (ip >> 16) & 0xFF;
+  bytes[3] = (ip >> 24) & 0xFF;
+  printf("%d.%d.%d.%d\n", bytes[0], bytes[1], bytes[2], bytes[3]);
+  //return buf;
+}
+
+
+/* --- */
+
+
+#ifdef NETCON_SERVICE
+ip_addr_t convert_ip(struct sockaddr_in * addr)
+{
+  ip_addr_t conn_addr;
+  struct sockaddr_in *ipv4 = addr;
+  short a = ip4_addr1(&(ipv4->sin_addr));
+  short b = ip4_addr2(&(ipv4->sin_addr));
+  short c = ip4_addr3(&(ipv4->sin_addr));
+  short d = ip4_addr4(&(ipv4->sin_addr));
+  IP4_ADDR(&conn_addr, a,b,c,d);
+  return conn_addr;
+}
+
+ip_addr_t ip_addr_sin(register struct sockaddr_in *sin) {
+   ip_addr_t ip;
+   *((struct sockaddr_in*) &ip) = *sin;
+   return ip;
+}
+#endif
+
+
+/* --- */
+
+
+#ifdef NETCON_INTERCEPT
+
+typedef unsigned char u8_t;
+
+#define 	ip4_addr1(ipaddr)   (((u8_t*)(ipaddr))[0])
+#define 	ip4_addr2(ipaddr)   (((u8_t*)(ipaddr))[1])
+#define 	ip4_addr3(ipaddr)   (((u8_t*)(ipaddr))[2])
+#define 	ip4_addr4(ipaddr)   (((u8_t*)(ipaddr))[3])
+
+int is_local(struct sockaddr_in* addr)
+{
+  struct sockaddr_in *ipv4 = addr;
+  short a = ip4_addr1(&(ipv4->sin_addr));
+  short b = ip4_addr2(&(ipv4->sin_addr));
+  short c = ip4_addr3(&(ipv4->sin_addr));
+  short d = ip4_addr4(&(ipv4->sin_addr));
+  return (a==127 && b == 0 && c == 0 && d == 1);
+}
+#endif