Show TOC

Function documentationBinding Ports < 1024 on UNIX Locate this document in the navigation structure

 

With the Internet Communication Manager (ICM) /SAP Web Dispatcher you can bind ports with numbers 0 up to and including 1023 (“well known ports”) on Unix systems too. The external binding program icmbnd, included in the standard delivery, is used for this.

Usually the ICM / Web dispatcher itself binds the ports. If you want to use icmbnd to bind configured ports, use the option EXTBIND=1 in the parameter specification for icm/server_port_<xx> in the profile.

Integration

On UNIX systems only users with superuser authorizations (“root”) can bind ports < 1024. For this reason either the ICM process must be provided with these authorizations, or the port must be bound by an external program and then the listen socket transferred to the ICM.

Features

For security reasons the ICM should run with the standard authorizations of the <sid>adm SAP system user. With these authorizations all ports > 1023 can be bound, provided they are not already bound by another program. To bind ports < 1024 the ICM starts icmbnd directly, icmbnd binds the port, and the listen socket is forwarded to the ICM. icmbnd must have the following superuser authorizations:

Syntax Syntax

  1. chown root:sapsys icmbnd 
  2. chmod 4750 icmbnd
End of the code.

With the command ls -al you can see the authorizations for icmbnd. They should look like:

rwsr-x     1 root     sapsys   1048044 Mar 20 16:19 icmbnd

Activating External Binding

To ensure the ICM itself does not attempt to bind the port, you specify an additional option when you are configuring ports with icm/server_port_<xx>: EXTBIND=1

The format of this parameter is:

PROT=<protocol>, PORT=<port / service> [, TIMEOUT=<keepalive timeout>, EXTBIND=1]

TIMEOUT and EXTBIND are optional.

Example Example

icm/server_port_1 = PROT=HTTP, PORT=80, TIMEOUT=30, EXTBIND=1

End of the example.

Note Note

  • Usually icmbnd is called directly from the ICM, though the program can also be called from external systems to make new ports known to the ICM. icmbnd can also be used to bind ports >= 1024, but then the startup time of the ICM is longer.

  • icmbnd.exe is also available for Windows. However, since the user <sid>adm can bind any number of ports on this system, there is no need to use icmbnd here.

End of the note.
Binding Program icmbnd

icmbnd is the ICM help program for binding ports.

It recognizes the following parameters:

icmbnd -S <server port> -l <listen port> -p <protocol> -k <keep alive> -t <trace level> -f <trace file>] -v[ersion]

icmbnd can of course also be used to bind ports >= 1024, this does though increase the ICM startup time.

To find the executable icmbnd, one of the following parameters must be set in the profile.

  • SAPSYSTEMNAME: Three letter system ID of the SAP system

  • exe/icmbnd: File path for icmbnd

  • DIR_EXECUTABLE: File path to the directory of the executable programs.

Parameter

This program has the following parameters:

Parameter

Description

Optional/mandatory

-S <server port>

ICM administration port through which the listen socket of icmbnd is transferred to the ICM.

Mandatory

-l <listen port>

Port that is to be connected by icmbnd. This can be a port number or a port name (for example, HTTP, SMTP, NNTP).

Mandatory

-p <Protocol>

Protocol specification for the port you want to bound (for example, HTTP, HTTPS, SMTP).

Mandatory

-k <keep alive>>

Specification of the keep alive timeout (in seconds) for the port you want to bind. If this parameter is not specified, the ICM standard value is used.

Optional

-t <trace lLevel>

Specification of trace level (1-3). The standard value is 1.

Optional

-f <trace file>>

Specification of the name of the trace file to be used. The default value is dev_icmbnd.

Optional

-v [version]

icmbnd outputs the current version information and then terminates.

Optional
Error Messages

The following errors may occur and are logged by icmbnd:

  • Missing argument for option <option>

    A required argument has not been entered in the command field.

  • Illegal option <option>

    An invalid argument has been entered.

  • Missing values for service, listen port or protocol

    One of the (mandatory) options -s -l or -p has not been specified.

  • IcmConnect to port %d failed (rc=%d)

    A connection to the ICM to port number of argument –S <server port> could not be created. Please check the specification of parameter -S <server port>.

  • NiBuf2Listen failed(rc=%d)

    The listen port could not be bound. Either the authorizations for binding ports are missing or the port is already bound by a another program.

  • IcmBndSendHdl failed (rc = %d)

    NiSendHandle failed (rc = %d)

    The listen socket could not be transferred to the ICM (communication error).

More Information

For more information see the following pages:

chown, chmod, getuid, setreuid, seteuid, setfsuid