I create a Linux bridge and add two virtual interface to this bridge.
ip link add br0 address 01:02:03:04:00:00 type bridge
ip link add veth0 address 01:02:03:04:00:10 type dummy
ip link add veth1 address 01:02:03:04:00:20 type dummy
ip link set dev veth0 master br0
ip link set dev veth1 master br0
ip link set br0 up
ip link set veth0 up
ip link set veth1 up
Then write a raw socket listening program that bind the veth0.
socket = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL))
struct sockaddr_ll sockaddr;
memset(&sockaddr, 0x0, sizeof(sockaddr));
sockaddr.sll_family = AF_PACKET;
sockaddr.sll_protocol = htons(ETH_P_ALL);
sockaddr.sll_pkttype = PACKET_OUTGOING;
sockaddr.sll_ifindex = if_nametoindex("veth0");
bind(socket, (struct sockaddr*)&sockaddr, sizeof(sockaddr)
Then write a sender program that same way created as the listener, using veth1 interface. That program send eth frame.
struct ethhdr_frame* eth_packet;
eth_packet->h_dest = "01:02:03:04:00:10" //it not string, just show purpose
eth_packet->h_source = "01:02:03:04:00:20"
eth_packet->h_proto = 0x88b5
eth_packet->payload = "hello world!"
Now my problem is listener can't capture eth frame which is send by my sender. To find where is my packet dropped, I used ftrace filtered by br*, but even any bridge handler function wasn't call.
$cd /sys/kernel/debug/tracing
$echo br* > set_ftrace_filter
$echo function_graph > current_tracer
$echo 1 > tracing_on ; ./my_sender ; echo 0 > tracing_on
Related
I have packets coming from a specific device directly connected to my machine. When I do a tcpdump -i eno3 -n -n, I can see the packets:
23:58:22.831239 IP 192.168.0.3.6516 > 255.255.255.255.6516: UDP, length 130
eno3 is configured as 192.168.0.10/24
When I set the socket the typical way:
gOptions.sockfd = socket(AF_INET, SOCK_DGRAM, 0);
memset((void *)&gOptions.servaddr, 0, sizeof(struct sockaddr_in));
gOptions.servaddr.sin_family = AF_INET;
inet_pton(AF_INET, gOptions.sourceIP, &(gOptions.servaddr.sin_addr));
gOptions.servaddr.sin_port = htons(gOptions.udpPort);
bind(gOptions.sockfd, (struct sockaddr *)&gOptions.servaddr, sizeof(struct sockaddr_in));
And I use the sourceIP of "255.255.255.255" on port "6516" - it connects and reads.
What I want to do, however, is bind such that I am limiting my connection from the source IP - "192.168.0.3". I have figured out how to connect on the device using either device name ("eno3") of the iface of that device ("192.168.0.10") - but that doesn't help as I may have multiple devices connected to "192.168.0.10" that blab on that port, but I only want the packets from 192.168.0.3 for port 6516.
I thought s_addr - part of sin.addr - was the source IP... but it is not.
You can't bind() to a remote IP/port, only to a local IP/port. So, for what you have described, you need to bind() to the IP/port where the packets are being sent to (192.168.0.10:6516).
Now, you have two options to choose from. You can either:
use recvfrom() to receive packets, using its src_addr parameter to be given each sender's IP/port, and then you can discard packets that were not sent from the desired sender (192.168.0.3:6516).
or, use connect() to statically assign the desired sender's IP/port (192.168.0.3:6516), and then you can use recv() (not recvfrom()) to receive packets from only that sender.
I am developing a peer to peer call. I am using de.javawi.jstun.test .
I found this constructor in de.javawi.jstun.test.DiscoveryTest .
public DiscoveryTest(InetAddress sourceIaddress, int sourcePort, String stunServer, int stunServerPort) {
this.sourceIaddress = sourceIaddress;
this.sourcePort = sourcePort;
this.stunServer = stunServer;
this.stunServerPort = stunServerPort;
}
My question is What is the difference between the Source Port and the StunServerPort??
stunServerPort is the port the STUN server listens on for incoming binding requests. This is typically one of the standard STUN ports: 3478 or 3479.
sourcePort is the port the client behind a NAT has obtained locally to create a socket with. Most often, the client attempting to do P2P will ask the OS to randomly pick an available local port to send/receive from. You can probably pass 0 for sourcePort and let it pick the port for you as well. Or if you already have a socket, use the same port as your local, and DiscoveryTest will set the reuseaddr flag so it can have a socket co-exist.
let's two machines are directly connected on a Point-to-point link:
A -192.168.4.1/24---------------------------192.168.4.2/24--B
How A can send an IP packet to B through broadcast only ?
if A cooks up the packet with Dest mac = ff:ff:ff:ff:ff:ff and dest ip : 192.168.4.255, Would this make the packet destined to B ? If yes, Can somebody explains how this works ?
I figured out - we can send the packet with dest IP = 192.168.4.255. In addition, set the broadcast privileges on socket using
int on=1;
setsockopt(igmp_sockfd, SOL_SOCKET, SO_BROADCAST, &on, sizeof(on));
It will work.
Can I detect whether a client application uses an UDP-socket or a connected UDP-socket?
If yes, how? If no, why?
As I said in my comment above, code call connect on a UDP socket. That enforces only traffic to/from the connection address is allowed (and all other packets get dropped) and allows you to use send instead of sendto, but the traffic is still UDP.
But you can use the netstat command from the command line to see if the datagram socket has a remote address association:
For example, imagine if the code did this:
// create a datagram socket that listens on port 12345
sock = socket(AF_INET, SOCK_DGRAM, 0);
port = 12345;
addrLocal.sin_family = AF_INET;
addrLocal.sin_port = htons(port);
result = bind(sock, (sockaddr*)&addrLocal, sizeof(addrLocal));
// associate the socket only with packets arriving from 1.2.3.4:6666
addrRemote.sin_family = AF_INET;
addrRemote.sin_port = htons(6666);
addrRemote.sin_addr.s_addr = ipaddress; // e.g. "1.2.3.4"
result = connect(sock, (sockaddr*)&addrRemote, sizeof(addrRemote));
A corresponding netstat -a -u will reveal the following:
ubuntu#ip-10-0-0-15:~$ netstat -u -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 ip-10-0-0-15:12345 1.2.3.4:6666 ESTABLISHED
The presence of a value that isn't *:* in the Foreign Address column for the UDP socket will reveal if the socket has connection address associated with it.
I wrote a simple server application in C. This server do nothing except print the received message, then exit. Here is the code
int listenfd,connfd,n;
struct sockaddr_in servaddr,cliaddr;
socklen_t clilen;
char *mesg = (char*) malloc(1000*sizeof(char));
listenfd=socket(PF_INET,SOCK_STREAM,0);
bzero(&servaddr,sizeof(servaddr));
servaddr.sin_family = AF_INET;
servaddr.sin_addr.s_addr = INADDR_ANY;
servaddr.sin_port=htons(20600);
bind(listenfd,(struct sockaddr *)&servaddr,sizeof(servaddr));
listen(listenfd,5);
clilen=sizeof(cliaddr);
connfd = accept(listenfd,(struct sockaddr *)&cliaddr,&clilen);
n = (int) recvfrom(connfd,mesg,1000,0,(struct sockaddr *)&cliaddr,&clilen);
sendto(connfd,mesg,n,0,(struct sockaddr *)&cliaddr,sizeof(cliaddr));
printf("-------------------------------------------------------\n");
mesg[n] = 0;
printf("Received the following:\n");
printf("%s\n",mesg);
printf("-------------------------------------------------------\n");
close(connfd);
close(listenfd);
I managed to establish a connection using telnet and running
telnet 192.168.1.2 20600
where 192.168.1.2 is the local ip of the server.
The machine runs behind a router ZyXel p-660HW-61 (192.168.0.1).
The problem is I cannot reach the server if I specify the public ip of the machine (151.53.150.45).
I set NAT configuration to the server local ip on all port from 20000 to 21000
http://img593.imageshack.us/img593/3959/schermata20110405a22492.png
port 20600 seems to be open, according to canyouseeme.org/ and yougetsignal.com/tools/open-ports/ (in fact I can read in the console that a packet has been received), but if I run
telnet 151.53.150.45 20600
I get a "Connection Refused" error.
Firewall is disabled, both on the router and on the server machine (that is the same running telnet).
Any help?
If you are typing:
telnet 151.53.150.45 20600
from the LAN rather than from the WAN, then your NAT most probably does not handle hairpin situations properly. This means it only expects you to use the translated address from the WAN.
The solution is check whether you can change the configuration of your NAT to enable usage of translated address on the LAN too (it is sometimes a requirement for P2P systems). If such functionalities are not available, then you need a new NAT.