MCTUser Manual

mctd(1)

Name

mctd — MCT daemon

Synopsis

mctd 

[ -u user ] [ -l ident ] [ -r dir ] [ -d ] [ -p file ] [ -i socket ] [ -s ] [ -t ]

mctd 

{ -h | -v }

Description

The MCT daemon provides bridging of traffic arbitrary pairs of sockets. Packets are read from sockets which are bound to an address, and are written to sockets which are connected to a different address. These addresses are not specific to any particular protocol family.

Addresses are bridged in source-destination pairs. There may be zero or more bridges extant.

Bridges may be of either SOCK_STREAM or SOCK_DGRAM type. The source and destination ends of a bridge are required to be of the same type. For streams traffic may be bi-directional, as per the typical behaviours for connection orientated sockets. The effect of bidirectionally for datagrams may be achieved by creating two bridges, using the same opposing addresses for each direction.

Both incoming and outgoing sockets may be joined to arbitrary numbers of multicast groups should their protocol family permit.

The daemon provides control by way of an IPC interface which both accepts commands (such as socket creation) and broadcasts events (such as unexpected occurrences). The IPC protocol is internal. An interface is provided by mct.

Options

-u user

Drop privileges. Both UID and GID are taken from the given user, and supplemental groups are removed. User names are resolved by getpwnam.

Defaults to nobody if -r is given.

-l ident

Syslog ident. Log messages are written to stderr by default.

Defaults to mctd if -d is given.

-r dir

Change root directory. This requires the appropriate privileges, which are dropped after chroot has taken place as per -u.

All paths are resolved before the call to chroot.

The default is to not change the root directory.

-d

Become a daemon. The program calls fork twice, is inherited by init, and its stdio closed.

The default is not to become a daemon.

-p file

Write a PID file. This option has no effect unless -d is also given. The PID written is that of the process after it has become a daemon.

The default is /var/run/mctd.pid.

-i socket

IPC path. This is the address of a socket in the PF_LOCAL domain. The socket is created as a path on the file system if it begins with a leading / (forward slash); otherwise, the path is created in the abstract namespace. The latter may not be available for all POSIX systems.

If created on the file system, the IPC socket is unlinked on exit, unless the -r option is given.

The default is bp/mctd.

-s

The TOS (type of service) for incoming packets is copied to outgoing packets by default. This includes the precedence value. The -s option disables copying, and the outgoing TOS is made the link default.

The link default varies per OS.

Coping TOS is not provided for all protocol families. For those which are not supported, the TOS is made the link default. For those which do not provide a TOS field or equivalent, incoming TOS values are discarded and the -s option has no effect.

-t

The TTL (time to live) for incoming packets is copied to outgoing packets by default. The -t option disables copying, and the outgoing TTL is made the link default.

The link default varies per OS.

Coping TTL is not provided for all protocol families. For those which are not supported, the TTL is made the link default. For those which do not provide a TTL field or equivalent, incoming TTL values are discarded and the -t option has no effect.

-h

Print a quick reference to these options, and exit.

-v

Print the program version, and exit.

Exit Status

Exits >0 if an error occurs. mctd does not exit during normal use, unless killed explicitly.

Files

bp/mctd AF_LOCAL abstract space

Default IPC address.

/var/run/mctd.pid

Default PID file.

Caveats

Currently the only socket types supported for bridging are SOCK_STREAM and SOCK_DGRAM.

See Also

mctl, mct, socket, unix.

Security

Access control is provided by file system permissions for the IPC path.

The daemon may be run as root if required (e.g. for binding to privileged ports), but if so should be run with the -r option. When using -r the directory given for chroot should be empty, and not writable by the unprivileged -u user. On many systems /var/empty is provided for this purpose.

History

mctd was designed and implemented by Katherine Flavel for Bubblephone Ltd.

Initial development of MCT was funded by 2iC Ltd.