How to intercept IP packets going to the kernel Linux - sockets

I need to create a TCP session "manually", without using the connect() function. I have tried to use RAW sockets. But in this case, I only get copies of the incoming IP packets. The original incoming packets slip through to the kernel and it generates an ACK response packet that damages my protocol.
Next, variant 2, I can write a virtual eth interface driver (kernel module) and route incoming traffic to it using iptables. But there is a patched non-original (non vanila) kernel on the machine. Normal linking of the module with the kernel is not possible.
Variant 3. I also tried not to assign an IP address to the NIC interface. In this case, the network TCP/IP layer module in the kernel is not activated and it is possible to generate and receive arbitrary IP packets on the link (ethernet) layer using the PF_PACKET socket domain type in the socket() function. But at this time, any other applications using the TCP/IP protocol can’t work.
How can this problem be solved in other ways?
It would be nice if it were possible to intercept packets going from the network interface to the kernel, that is, intercept the SKBuf buffer. But I don't know how to realize it.

Apparently you are trying to create a tunnel. Instead of trying to hijack an existing interface, the proper way to create a tunnel is to create a new interface, using a kernel module or TUN/TAP. However, tunnels are normally intended to receive traffic generated on the machine which runs the tunnel software, or at least routed through it. That means you will also have to set up the kernel to route the traffic to your tunnel.
You can create a new interface as a TUN/TAP interface. It is like a virtual ethernet driver except you don't need to write a new kernel module. It is designed for tunnels (hence the name).
The difference between TUN and TAP is that a TUN interface is an IP interface that receives IP packets from the kernel's IP routing system, and a TAP interface receives Ethernet packets (which may contain IP packets) so it can alternatively be part of a bridge (a virtual Ethernet switch - which only looks at the Ethernet header, not the IP header).
I think for your scenario, you will find it easiest to create a TAP interface, then create a bridge (virtual Ethernet switch) between the TAP interface, and the interface which the other host is connected to. Neither one needs an IP address - the kernel will happily pass Ethernet-layer traffic without attempting to process the IP information in the packet. Your tunnel software can then emulate a host - or tunnel to an actual host - or whatever you want it to do.
Or in visual form:
If you want the host to also be able to talk to the machine running the tunnel software - without going through the tunnel software - then you may choose to put an IP address on the bridge.

Related

Is it possible to connect to Modbus TCP via Ethernet?

Is it possible to connect the Ethernet port (of a Raspberry Pi) directly to a Modbus TCP RJ45 port (such that the devices can talk to each other)? Or is this not possible without a converter?
I am unsure if this is the correct forum, but I believe this should not be specific to the Raspberry pi.
Short answer - Yes... But....
As per the comments this is possible but there are a few things you will need to do (i.e. some configuration will be needed).
I think it's worth nothing that "Modbus TCP RJ45 port" is not really a meaningful term. Modbus is an application layer protocol; this depends upon a number of underlying layers:
Transport layer - TCP
Network layer - IP
Datalink Layer - Ethernet
Physical Layer - Ethernet cable with RJ45 connectors
You don't need to understand this in detail; the point is that before ModbusTCP will work you need to have a working TCP network (which all Modbus-TCP devices will support; generally via an RJ45 Ethernet connection). As such a better question probably is "If I run a CAT-5 cable between a Raspberry Pi and another device (Modbus TCP unit) will I be able to connect via TCP?" (a lot more people know about TCP/IP networking than Modbus!).
The first thing to consider is Ethernet. Running a cable directly between two older devices will often not work because they needed a crossover cable. Almost all modern equipment (including the Pi) supports Auto MDI-X which means the cable will just work. You can also connect the units via a switch (and doing this removes the need for Auto MDI-X).
Next you need to consider the IP layer. When you connect your Pi to your home network it will (usually!) be given an IP address by a DHCP service (usually running on your router). If you are connecting the Pi directly to the device then there will be no DHCP service so you will need to manually assign IP addresses to the devices (and ensure the subnet is correctly configured). A common way to check if an IP connection is working is to use the ping command.
With the lower layers working ModbusTCP will generally 'just work'. Many ModbusTCP devices also offer a browser based configuration and checking that you can access that is a good way to confirm that the network link is working.
One further question is probably "should I do this"; it's OK to hook things up this way to make some quick changes. However generally you will want the Pi to access other network resources so connecting everything to a router (home router will work; for remote devices a cell router is often used). You can either give the Modbus unit a static IP manually or use the routers configuration pages to assign it a static DHCP lease (otherwise it's IP might change from time to time).

How to bind socket to a specific network interface and to any ports and any IP on that interface

I have a hardware attached to my RPI board running Linux distro. This hardware & its associated Host stack has created a network interface called wpan0 and assigned some IPV6 addresses to it (I am able to ping the IPV6 address from a remote device in the same network)
Now, I want to enable data communication to this interface to any IPV6 IP assigned to the interface. How do I create and bind a socket to this interface? Also, I want to listen to any ports on this interface. How to achieve this?
How you create a socket depends on the language you use (you didn't specify), but when you want to bind a socket to ANY interface the IPv4 way is to listen to IP 0.0.0.0, the IPv6 equivalent is ::/0, that means all zeros/0 bits CIDR mask.
Redirecting all ports to one is less of a code issue and requires some hands on with IPTables and Prerouting (you can write some code that appends that to your conf file though), here is an example:
https://serverfault.com/questions/616535/iptables-destination-ip-and-port

Can I bind a client socket to an ip not belongs to any interfaces?

For a client socket, I can use bind() to bind it to a specific source Ip address to select a specific interface. Or I can use connect() directly then it will pick the source ip based on routing table.
I wonder can I bind a client socket to an ip not belongs to any interfaces ? E.g.: I have two interfaces:
eth0 : ip0
eth1 : ip1
(1) If I bind the client socket to ip2. Is this feasible ?
(2) If (1) is feasible, assuming client socket sent packets thru eth0. Then I configure the iptables in this client host, to forward all incoming packets to ip0 (eth0). In this case, if there are packets sent back from server side with destination ip address is ip2 (assuming this packet will reach my client host). Will my client socket receive the packet ?
Thanks in advance.
I don't really understand your question, but here goes:
For client sockets, you typically want the the OS and its routing table to pick the best interface for you using any available port. In which case, you bind to INADDR_ANY (0) and port 0. Or don't explicitly call bind at at all. Just call connect() and it will do the right thing.
If you need the client connection to occur through a specific interface, then bind the socket to a specific IP address. And then the OS will attempt to use that interface for the subsequent connect call and all traffic after that.
Attempting to bind the socket to an IP that doesn't belong to a local interface is surely going to result in an error.
Not sure what you mean about the iptables stuff. Sounds dicey.
Please have a look at:
https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfwd.html#ipfreebind
MAN:
https://man7.org/linux/man-pages/man7/ip.7.html
IP_FREEBIND (since Linux 2.4)
If enabled, this boolean option allows binding to an IP
address that is nonlocal or does not (yet) exist. This
permits listening on a socket, without requiring the
underlying network interface or the specified dynamic IP
address to be up at the time that the application is
trying to bind to it. This option is the per-socket
equivalent of the ip_nonlocal_bind /proc interface
described below.

Windows 7 temporarily routes UDP packets for local network to default gateway

I have a Windows service running on a multi-homed Windows 7 machine communicating via UDP to a machine on the local network. This works fine, except sometimes during Windows startup the network traffic is temporarily (30 seconds) being routed to the default gateway, resulting in UDP packet loss. This packet loss is not necessarily a problem, but leads to an unnecessarily long startup time of the application.
The service binds to the socket using INADDR_ANY. Now when I change this to bind to the IP address of the control network NIC (192.168.32.1) I don't observe the problem. However I don't understand why the binding matters in this situation, and also I don't understand why the problem is there only temporarily. Do any of you have an explanation for this?
Besides my curiosity to find the root cause of this issue, I would also like to get an answer to this question so I can remove the bind to the specific IP address from my code. This decouples my application code from the network layout.
Network details:
Machine A, Windows 7, two NICs:
NIC #1 (ext network): 192.168.116.x/23 (DHCP), gateway 192.168.117.1
NIC #2 (int network): 192.168.32.1/26 (fixed)
Machine B, VxWorks, one NIC:
NIC #1 (int network): 192.168.32.16/26 (DHCP, assigned by Machine A)
When using INADDR_ANY, you bind your socket to the default IP address - the one with the lowest interface address. From the symptomps you are describing, it seems like this interface is not yet configured during startup, which makes sense.
The question is, why do you bind sending socket to any address at all. Implicit binding during send should be OK for you, I imagine?

Sniffing data on uClinux local loopback

I am looking for a way to monitor/sniff local loopback traffic inside a uClinux embedded device. I have several processes that communicate via the local loopback and want to capture this traffic on an outside machine. So I want to direct a copy of all local loopback traffic out the "real" Ethernet to a specific IP address, namely that of my Windows PC running a sniffer.
Is this possible, maybe with iptables or something? The traffic is all UDP, between a few dozen ports. If not, I was thinking about writing some code to open a raw socket, read in the packets in question and forward them to my fixed IP address. Would it work to capture local loopback traffic with a raw socket?