Given a local IP and port for an established TCP session, can I find out which side sent the initial SYN? That is, was this connection actively or passively opened? I need something that works in C/C++ on Linux. A hacky way might be to socket()/listen() and catch EADDRINUSE but I was hoping for something cleaner. I'm not even sure if the kernel tracks this once the session is established.
EDIT: I'd also prefer not to call out to netstat (or even ss) as both are too slow with many sockets open. This code will be called often.
Always the client makes an active connection, by sending a SYN(to the server). So, given a local IP and port number, check if its a listening socket using the following command:
netstat --listening | grep given_ip:given_port
If it is not listed here, then it is a client-side socket, thus initiates a SYN. If its there, then its a listening socket and hence it has received a SYN.
The corresponding code looks as follows:
system("netstat --listening | grep given_ip:given_port > tmp.txt");
int fd = open("tmp.txt", O_RDONLY);
char buf[100] ;
if(read(fd,buf,100)>0)
printf("The socket has received a SYN!");
else
printf("The socket has sent a SYN!");
EDIT:
If you feel netstat has poor speed to scan the entire ports, then the only way to achieve the fastness is to open a raw socket and set it to receive all the TCP packets.
Process only those packets which contain a SYN in them. Now, store both source address:port and destination address:port into two tables. One that is a sender of SYN and one that is a receiver.
Now, when you are given a port and ip-address, make a scan over the data stored so far. You can also use STL map of C++ to achieve faster results.
Since there can be many requests, the map may get filled up swiftly, making the look-ups slow. I advice you to process the FIN packets also and based on that remove the corresponding entries from the table.
Related
I'm trying to get the TCP header of a TCP connection in C++11. Reading through already existing StackOverflow questions (here, here, here and here) it seems like I have to open a RAW_SOCKET or to write a Linux Kernel Module (LKM) to have access to it.
From what I've understood, opening a raw socket means handling the whole TCP protocol (handshake, window size, etc...). Is there a way to obtain the TCP header and let the kernel manage the TCP protocol (either "by hand" or with some framework)?
I know I could use libpcap for capturing the packets, but this would mean for my application making somehow a match from the incoming packet in the TCP socket and the captured packet from libpcap. While this is a possible solution, it'd be a cumbersome one (and I wouldn't like to do that).
Any help is appreciated, thank you!
A "quick and dirty" approach might be using two connections, an external connection to the remote host and a pure internal one. Sure, this won't be the most efficient approach, but is easy (and fast) to implement (the core feature of QAD "solutions"...):
socket ext_raw ------- socket remote, TCP (likely, at least)
socket int_raw ---
| (loop back connection)
socket int_tcp ---
Any incoming messages at ext_raw and int_raw are just forwarded from one to the other (while incoming messages on ext_raw can be inspected for TCP headers), whereas all the normal TCP handling is done by the internal TCP socket. So in a way, you'll be tunneling the TCP connection through your two raw sockets...
I'm trying to set up a little test application on Linux (Ubuntu) based on some code I wrote (and that worked) for Winsock. As it stands now, it's just a little test that creates a socket (and seemingly successfully connects) only to hang eternally on recv() instead of receiving datagrams. It's a plain blocking socket.
Here's how I create it:
http://pastebin.com/kcCbgxbB
A few further things tested:
- Port is open.
- Other applications are able to receive data from the multicast address successfully.
So clearly I'm overlooking something. Help greatly appreciated :-)
In Unix systems, when using a socket for multicast you should bind to INADDR_ANY, not to a interface.
Multicast filtering by interface (i.e. not receive mcast from other interfaces than the specified one) is already in place because you are correctly filling imr_interface.
So, in the end a little system configuration and bugfixing went a long way:
a) As root, I'd had to do the following to disable the reverse packet filter:
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
+ The same for ethX.
b) Add a bogus route for the ethX (route add -net 224.0.0.0. netmask 224.0.0.0 ethX)
c) Bind the socket to the to-be-joined group's IP (otherwise any subsequent socket would get all packets from all groups I joined on that particular port).
d) Set the interface member of the ip_mreq struct to the IP of the adapter we're receiving on.
And then all was fine and dandy, test runs fast & smooth (pulling 125 multicast transport streams # around 800-900 mbit - sure this can be smarter, but still). Thanks for all the pointers.
Is there a way to check if the send buffer of an TCP Connection is completely empty?
I haven't found anything until now and just want to make sure a connection is not closed by my server while there are still data being transmitted to a certain client.
I'm using poll to check if I'm able to send data on a non-blocking socket. But by that I'm not able to find out if EVERYTHING has been sent in buffer, am I?
In Linux, you can query a socket's send queue with ioctl(sd, SIOCOUTQ, &bytes). See man ioctl for details.
The information is not completely reliable in the sense that it is possible that the data has been received by the remote host, since the buffer cannot be emptied until an ACK is received. You probably should not use it to add another level of flow-control on top of TCP.
If the remote host actually closes the connection (or half-closes it), then the socket become unwriteable, regardless of how much data might have been in the buffer. You can detect this condition by writing 0 bytes to the socket.
The more difficult (and often more likely) condition is the remote host becoming unreachable, because of network issues or because it crashes. In that case, data will pile up in the send buffer, but that can also happen because the remote host's receive buffer is full (perhaps because the process reading the buffer doesn't have enough resources to process its input). In the case of network routing issues, you might get a router notification (an ICMP error), which should make the socket unwritable; unfortunately, there are many network errors which just result in black holes.
I'm writing an application that is split into two parts for Mac OS X - a daemon and an agent. I'm using a standard unix socket to communicate between the daemon and the agents. That is, the socket is created with PF_UNIX and SOCK_STREAM.
When agents are created (whenever a user logs in), one of the first things it does is to connect to the socket. This seems to work perfectly for the first agent. However, when the second agent connects, the daemon experiences the following issue:
I'm using select() to check for data that can be read. The select() call succeeds, and indicates that there is data to be read. However, when i call recv() it returns with -1, and errno is set to 35, or "Resource temporarily unavailable".
Now, I would expect this for a non-blocking socket, but I have triple-checked - I never set the socket to be non-blocking.
As far as I can tell, this only happens when a second agent connects to the same unix socket. If I limit myself to one daemon and one agent then everything seems to work perfectly. What could be causing this odd behaviour?
It sounds a bit like you're trying to read from the wrong client fd. It's hard to tell without seeing your code, but it also sounds a bit that way from your description.
So just in case, here's how it works. Your server is ending up with three file descriptors, the socket it first starts listening on, and then one file descriptor for each connected client. When there's something to read on the original socket, that means there's a new client; it sounds like you have this part right. Each connected client then gives you its own independent fd to read/write from. Calling select() will return if any of these is ready to read; you then have to check each fd in the readfds variable from select with FD_ISSET() to see if it actually has data to read.
You can see a basic example of this type of code here.
I need to be able to send and receive UDP packets on the same port.
I am able to listen, on say port 5000, but my send uses a random high port.
The system I am working written in VB with does this and my need is to write a UDP responder for debugging various protocol issues.
I am using the Open Source C++ Sockets Library from http://www.alhem.net (Anders Hedstrom) and have been able to use the UdpSocket::Bind() to receive incoming UDP packets using the virtual function UdpSocket::OnRawData(), but have been unable to cause the UdpSocket::Open() (calls connect) to make the UdpSocket::Send() use the port chosen in Bind() (it uses random high number port instead).
Moving the Open() function doesn't help. I have posted a request on their forum - but believe from what I have read that it should be possible to do this, and I'm probably not understanding how to use UDP.
Does anyone have any ideas on what I should try?
--thanks--
System consists of a number of nodes
listening on same port (different ip
addr's). System [A] sends datagram to
System [B]. System [B] asynchronously
responds and send datagram(s) back to
[A] all using same port. Even if [B]
identifies [A]'s port, [A] is not
listening on that port
I'm not sure I understand the "all using the same port" phrase in that sentence. If A sends a datagram to B, B will know A's IP and port right away (a quick check of your library documentation reveals OnRawData has a struct sockaddr *sa parameter, if you cast it to sockaddr_in* you'll be able to extract the IP:port pair). You can use that IP:port to send datagrams to and A will receive them. A is not "listening" on that port in the sense that it haven't called listen() on the socket, but since A owns a socket that is bound to that port (whether explicitly by calling bind() or assigned random port by the OS) it will receive the data.
Now if you want ALL your communication between nodes to go through your fixed port, you can do that. You just have to send all your datagrams through your "listening" socket. If every node "listens" on the same port, it means every node owns a socket that is bound to that port. If you want datagrams sent from A to B to appear coming from this fixed port you have to send them through that socket. I'm guessing that's why bind() doesn't work for your sending socket - A has a socket bound to port X, then you create another socket and try to bind it to the same port X, bind() fails since the port is already taken (and you don't check for errors :), and then the OS assigns random free port above 1024.
Note 1: I use "listening" in quotes everywhere, because the concept is not very clear in the context of UDP sockets. Once you have created socket and bound it to a port, either by calling bind() explicitly or by sending data and letting the OS bind it to a port, you can receive data from everywhere through it. No listen() or accept() calls needed.
Note 2: You say that UdpSocket::Open() calls connect(), but that doesn't make much sense - connect() does very little for UDP sockets - it merely establishes a default address so you can use send() instead of sendto() and not specify address on every send.
Hope that clears things up.
Edit to address OP's comment: I've never used this library but according their UdpSocket documentation there are 4 overloads of the Bind() method and every single one of them accepts port in some way. None of them works for you?
A bidirectional communication link always involves two participants: a server-side and a client-side.
The client expects to communicate to a server on a defined port: that's why on the server-side one must bind() to a socket.
On the client-side, one must open a socket to the server: it doesn't really matter which socket is chosen (except for the need for it to be free).
In other words, don't try to specify a socket on the client-side: the network protocol stack will assign it to your client.