While searching the web looking for a networking library I came across the two and I began reading what the were about. Correct me if I am wrong but my understanding is that Opentnl is for sending stuff between a client and a server while Openssl is for securing that connection. In the case that this conclusion is correct, would it be possible to use the two in Union? ( With some work implementing of course.)
Sure, it is possible. You can use the encryption API in OpenSSL and build your own encrypted data to communicate via the Torque Net lib. It isn't something you can just plug in, and isn't as simple as the TCP socket stuff in OpenSSL, but I've done something similar to write a UDP based VPN with SSLeay (predecessor to OpenSSL). As an example, you can initialize a "session" of your own using RSA, then encrypt/decrypt from a buffer with AES (or some other algorithm that has hardware support for least latency).
I don't actually know much about TNL, it may already include some encryption support. I'd check that first.
Related
Is it possible to use Protobuf with UDP in gRPC?
The gRPC interface seems to be entirely based on TCP connections. The only example for UDP that I could find is the one in the gRPC source code in the following three files , but this example seems to be quite different than what gRPC's RPC layer offers, for example it has no notion of stubs, and it doesn't use Protobuf and instead use raw payload, etc.
src/core/lib/iomgr/udp_server.h
src/core/lib/iomgr/udp_server.cc
test/core/iomgr/udp_server_test.cc
July 9th, 2015 (grpc-go#241)
No, we need a reliable channel and UDP is not supported. There has been discussion with playing with things like QUIC, but we aren't currently trying it out and it would be even longer before we decided whether we would support it.
May 15th, 2018 (grpc#9493)
Closing this - we have no plan to support unreliable packets at the moment. If we have any particular protocol that can fit the use cases listed above, we will probably do a grfc first..
August 6th, 2018 (grpc-go#241)
We are working on new interface/abstractions between the grpc & transport packages to make it possible for custom transports (UDP could be one of them) to be implemented.
Incidentally, Cap'n Proto has UDP on their roadmap. I thought it was a joke at first, but it's real (...unless I'm still being trolled 😂), and written by the original author of proto2 at Google
Sorry, UDP support in gRPC is not enabled. As you observed, there is no way to actually access the limited udp support that currently exists. I do not know when or if this will change.
For my scientific collaboration, I wrote a C++ server/client (terminal server for linux, and cross-platform GUI client using Qt) that is mainly meant to transfer data from multiple clients around the world to store it on one server for analysis (pretty much like LIGO and Virgo that caught gravitational waves). For the communication low-level protocol I used boost::asio::ssl.
The "odd" part: In my programs, I created my own half-duplex messaging protocol between the server and the client from scratch. The messaging was in string form containing the version of the protocol, endianness of the computer, length of the message, type of the message (login/file/error/etc...), an MD5 hash for verification of the completeness of the transferred data. I got highly criticized on Stackoverflow chat when I said I did this. The part that got specially criticized is: Writing my own messaging protocol.
Now I created this, and I know there should be better protocols that are already written that I shouldn't rewrite it from scratch. However, I wanted to learn how to do this myself, and I did, and the program works, and my collaboration is satisfied, and the sky is blue with birds singing.
My question: If I am to rewrite this program again, what kind of libraries should I use? I'm looking for a protocol, using which I can send messages/data and get the server to respond with messages/data, including username/password to authenticate the user before any communication is transferred? How would you have done it?
PS: Please consider this question coming from a beginner in writing network and internet wide programs. And please don't hesitate to ask for more details.
I am implementing a messaging system using C++ and Qt. After much thought, I have determined that multicasting or a multicast-style technique will work best to solve my problem. However, I have learned about UDP's unreliability and believe it to be unacceptable.
My requirements are as follows:
Messages are to be sent in a binary serialized form.
From any given node on the network, I must be able to send messages to the other nodes.
Message delivery must be insured.
I have heard of OpenPGM and NORM as alternatives for UDP. If anyone has experience with either of these, could you please share?
I am also open to the possibility of implementing "reliable" multicast by myself, in the application layer, but I would prefer not to if there is a library that already implements this.
I am using C++ and Qt, therefore .NET or Java-based solutions are not acceptable unless they are open-source and I may port them to C++.
Thank you very much.
EDIT 20120816T1853 MDT: An additional question: would either PGM or NORM have to be implemented at the hardware/IP level? Or can they be overlayed on top of existing protocols?
We have implemented our own reliable multicast protocol over UDP called RSP, since we needed something cross-platform and at the time couldn't find a good solution between Linux and Windows. The Windows PGM implementation disconnects slow clients which leave the send window, whereas our implementation throttles the sender similar to TCP. Afaik OpenPGM can be configured to do the same.
The open source NORM at http://cs.itd.nrl.navy.mil/work/norm can be built as a library and has C++ API with Python and Java language bindings. If you ping the developer (me) via the mailing list, I can help get you started.
There is a large RFC division of reliable multicast protocols, and many implementations out there. It's a long time since I looked at this but there are TRAM, LRMP, ...
More than once I picked myself wanting to have an easy way to edit packets on-the-fly in my LAN, so I thought it was time for me to make some "machinery" to do the job. I think WFP would do exactly what I needed.
Not only I wanted to filter and edit packets off the computer my program would be running, but I would also like to ARP poison a machine in my LAN and edit the packets routed through the other one (I don't know wheter I could do this using WFP; that's another part of my question. If anyone knows, please tell me).
The problem is I'm not being able to download Visual C++, and I need it to use the WFP (it's part of the Windows SDK, which is not fully available for MinGW; porting the headers myself is generally a headache). Also I simply would like to know how to do that in Linux.
Anyone?
(Complementary question at ServerFault.com: https://serverfault.com/questions/74915/best-way-to-live-edit-packets-from-another-computer)
The most common way to capture and store packets in linux is through libpcap. You can use standard sockets to send the packets or generic libraries (boost::asio).
You can accomplish the same using wireshark. I believe wireshark will allow replay and/or injection.
As far as arp poisoning, you will probably have to do that directly with arp packets yourself.
Here's my question.
Right now I have a Linux server application (written using C++ - gcc) that communicates with a Windows C++ client application (Visual Studio 9, Qt 4.5.)
What is the very easiest way to add SSL support to both sides in order to secure the communication, without completely gutting the existing protocol?
It's a VOIP application that uses a combination of UDP and TCP to initially set up the connection and do port tunneling stuff, and then uses UDP for the streaming data.
I've had lots of problems in the past with creating the security certificates from scratch that were necessary to get this stuff working.
Existing working example code would be ideal.
Thank you!
SSL is very complex, so you're going to want to use a library.
There are several options, such as Keyczar, Botan, cryptlib, etc. Each and every one of those libraries (or the libraries suggested by others, such as Boost.Asio or OpenSSL) will have sample code for this.
Answering your second question (how to integrate a library into existing code without causing too much pain): it's going to depend on your current code. If you already have simple functions that call the Winsock or socket methods to send/receive ints, strings, etc. then you just need to rewrite the guts of those functions. And, of course, change the code that sets up the socket to begin with.
On the other hand, if you're calling the Winsock/socket functions directly then you'll probably want to write functions that have similar semantics but send the data encrypted, and replace your Winsock calls with those functions.
However, you may want to consider switching to something like Google Protocol Buffers or Apache Thrift (a.k.a. Facebook Thrift). Google's Protocol Buffers documentation says, "Prior to protocol buffers, there was a format for requests and responses that used hand marshalling/unmarshalling of requests and responses, and that supported a number of versions of the protocol. This resulted in some very ugly code. ..."
You're currently in the hand marshalling/unmarshalling phase. It can work, and in fact a project I work on does use this method. But it is a lot nicer to leave that to a library; especially a library that has already given some thought to updating the software in the future.
If you go this route you'll set up your network connections with an SSL library, and then you'll push your Thrift/Protocol Buffer data over those connections. That's it. It does involve extensive refactoring, but you'll end up with less code to maintain. When we introduced Protocol Buffers into the codebase of that project I mentioned, we were able to get rid of about 300 lines of marshalling/demarshalling code.
I recommend to use GnuTLS on both the client and the server side, only for the TCP connection. Forget about the UDP data for now. The GnuTLS documentation has example code for writing both clients and servers. Please understand that at least the server side (typically the TCP responder) needs to have a certificate; the client side can work with anonymous identification (although there is even an example without server certificate, using only DH key exchange - which would allow man-in-the-middle attacks).
In general, it is likely that you will have to understand the principles of SSL, no matter what library you use. Library alternatives are OpenSSL (both Unix and Windows), and SChannel (only Windows).
Have you tried the SSL support in Boost.Asio or ACE? Both use OpenSSL under-the-hood, and provide similar abstractions for TCP, UDP and SSL. Sample code is available in both the Boost.Asio and ACE distributions.
One thing you may need to keep in mind is that SSL is record-oriented instead of the stream-oriented (both TCP and UDP). This may affect how you multiplex events since you must, for example, read the full SSL record before you can call a read operation complete.
To help handle this with no changes to the application yo may want to look at the stunnel project (http://www.stunnel.org/). I don't think that it will handle the UDP for you though.
The yaSSL and CyaSSL embedded SSL/TLS libraries have worked well for me in the past. Being targeted at embedded systems, they are optimized for both speed and size. yaSSL is written in C++ and CyaSSL is written in C. In comparison, CyaSSL can be up to 20 times smaller than OpenSSL.
Both support the most current industry standards (up to TLS 1.2), offer some cool features such as stream ciphers, and are dual licensed under the GPLv2 and a commercial license (if you need commercial support).
They have an SSL tutorial which touches on adding CyaSSL into your pre-existing code as well: http://www.yassl.com/yaSSL/Docs-cyassl-manual-11-ssl-tutorial.html
Product Page: http://yassl.com/yaSSL/Products.html
Regards,
Chris