When i am using a c++ IPC library, it return a warning message "you are using multiple multicast interfaces. ; going to use [eth1][192.168.1.11]". Does it indicate it is using domain socket under the hood?
Not at all - where did you get that idea? "eth1" is the name of a (physical) network interface, and "192.168.1.11" is an IPv4 address, probably one that's bound to that interface. A UNIX domain socket would have a name that looks like a filesystem path.
Related
I have two programs (MS VC++) which using multicast - receiver and sender. I test it between desktop PC (Windows 7) and netbook (Windows XP) via WiFi. Desktop PC have WiFi dongle which working in AP mode. If I specify INADDR_ANY in the interface address in the sender program, I get a problem: multicast doesn't reach netbook from desktop PC. If I specify real address of this WiFi interface instead INADDR_ANY - it working fine.
So, I want that my sender program can working on all interfaces. How I can to do that? I have to initialize separate socket for each interface? Or may be it have more elegant possibility?
As previous people said, you have to select your output interface explicitly. If you want to multicast onto different interfaces concurrently, you'll need multiple sockets. In boost::asio, the corresponding call is:
boost::asio::ip::udp::socket* _write;
...
_write->set_option( ip::multicast::outbound_interface( ifAddr.to_v4()));
in C++ linux application, how can I get the network interface reffering to each IP on my machine?
IP contains: static IP and dynamic IP
Note: I can't use the system call getnameinfo
10x
You can use the getifaddrs call; however, note that this only retrieves one address per interface. If that's not sufficient, use the rtnetlink protocol over a netlink socket; libnetlink may make this easier.
It's quite tricky to do this, I believe you need to have root access. You need to issue an ioctl (something like SIOCGIFCONF) which then returns you a list of all interfaces, and then you can issue further ioctl calls to extract status information, etc.
I have a network application that I need to convert so that it works for ipv6 network. Could you please let me know what I need to do (replace socket APIs)?
One more thing, how can I test my application?
Thanks.
The core socket system calls are protocol neutral. You will need to use AF_INET6 instead of the standard AF_INET address family, as well as PF_INET6, sockaddr_in6 and others when appropriate.
I'd suggest having a read through the "ipv6" man page or the "socket interface extensions for ipv6" RFC: http://www.ietf.org/rfc/rfc3493.txt
Similar and possibly relevant question: is ipv6 backward compatable with ipv4?
3rd edition of "Unix Network Programming" has numerous examples and a whole chapter in IPv4/IPv6 interoperability.
For testing, you can create a bunch of virtual machines with Microsoft Virtual PC (or similar) and test the app between them - you can easily put them on a private network where they can only see each other.
Take a look at http://gsyc.escet.urjc.es/~eva/IPv6-web/ipv6.html - it is a rather comprehensive resource, and has some useful references to RFCs.
For the testing considerations, if your application will be dualstack, consider the following failure scenario: the IPv6 traffic may blackholed for various reasons, an example scenario being the user who uses 6to4 anycast tunneling but their traffic to/from 192.99.88.1 (anycast 6to4 relay address) is dropped. Try to test this case and ensure the application falls back gracefully without destroying the user experience, this will save a few support calls later.
(NB: I am talking specifically about blackholing because in the case of the "normal" errors like a routing problem the error will usually be returned rather fast. So you might consider putting inbetween the hosts some kind of router that you could configure to silently drop the packets)
Here's my question.
Right now I have a Linux server application (written using C++ - gcc) that communicates with a Windows C++ client application (Visual Studio 9, Qt 4.5.)
What is the very easiest way to add SSL support to both sides in order to secure the communication, without completely gutting the existing protocol?
It's a VOIP application that uses a combination of UDP and TCP to initially set up the connection and do port tunneling stuff, and then uses UDP for the streaming data.
I've had lots of problems in the past with creating the security certificates from scratch that were necessary to get this stuff working.
Existing working example code would be ideal.
Thank you!
SSL is very complex, so you're going to want to use a library.
There are several options, such as Keyczar, Botan, cryptlib, etc. Each and every one of those libraries (or the libraries suggested by others, such as Boost.Asio or OpenSSL) will have sample code for this.
Answering your second question (how to integrate a library into existing code without causing too much pain): it's going to depend on your current code. If you already have simple functions that call the Winsock or socket methods to send/receive ints, strings, etc. then you just need to rewrite the guts of those functions. And, of course, change the code that sets up the socket to begin with.
On the other hand, if you're calling the Winsock/socket functions directly then you'll probably want to write functions that have similar semantics but send the data encrypted, and replace your Winsock calls with those functions.
However, you may want to consider switching to something like Google Protocol Buffers or Apache Thrift (a.k.a. Facebook Thrift). Google's Protocol Buffers documentation says, "Prior to protocol buffers, there was a format for requests and responses that used hand marshalling/unmarshalling of requests and responses, and that supported a number of versions of the protocol. This resulted in some very ugly code. ..."
You're currently in the hand marshalling/unmarshalling phase. It can work, and in fact a project I work on does use this method. But it is a lot nicer to leave that to a library; especially a library that has already given some thought to updating the software in the future.
If you go this route you'll set up your network connections with an SSL library, and then you'll push your Thrift/Protocol Buffer data over those connections. That's it. It does involve extensive refactoring, but you'll end up with less code to maintain. When we introduced Protocol Buffers into the codebase of that project I mentioned, we were able to get rid of about 300 lines of marshalling/demarshalling code.
I recommend to use GnuTLS on both the client and the server side, only for the TCP connection. Forget about the UDP data for now. The GnuTLS documentation has example code for writing both clients and servers. Please understand that at least the server side (typically the TCP responder) needs to have a certificate; the client side can work with anonymous identification (although there is even an example without server certificate, using only DH key exchange - which would allow man-in-the-middle attacks).
In general, it is likely that you will have to understand the principles of SSL, no matter what library you use. Library alternatives are OpenSSL (both Unix and Windows), and SChannel (only Windows).
Have you tried the SSL support in Boost.Asio or ACE? Both use OpenSSL under-the-hood, and provide similar abstractions for TCP, UDP and SSL. Sample code is available in both the Boost.Asio and ACE distributions.
One thing you may need to keep in mind is that SSL is record-oriented instead of the stream-oriented (both TCP and UDP). This may affect how you multiplex events since you must, for example, read the full SSL record before you can call a read operation complete.
To help handle this with no changes to the application yo may want to look at the stunnel project (http://www.stunnel.org/). I don't think that it will handle the UDP for you though.
The yaSSL and CyaSSL embedded SSL/TLS libraries have worked well for me in the past. Being targeted at embedded systems, they are optimized for both speed and size. yaSSL is written in C++ and CyaSSL is written in C. In comparison, CyaSSL can be up to 20 times smaller than OpenSSL.
Both support the most current industry standards (up to TLS 1.2), offer some cool features such as stream ciphers, and are dual licensed under the GPLv2 and a commercial license (if you need commercial support).
They have an SSL tutorial which touches on adding CyaSSL into your pre-existing code as well: http://www.yassl.com/yaSSL/Docs-cyassl-manual-11-ssl-tutorial.html
Product Page: http://yassl.com/yaSSL/Products.html
Regards,
Chris
I need to do a number of network-related things in C++ that I would normally do with ifconfig in Linux, but I'd like to do it without parsing the output of a group of system calls. Which C or C++ libraries can I use to tell if a network adapter is up or down, read or change an adapter's IP address and netmask, and change the default DNS gateway?
Basically you need to make a bunch of ioctl calls using a socket handle (SIOCGIFADDR, SIOCADDRT). You can find sample programs that use it in the Linux kernel source under Documentation/networking. Some other links that might be helpful:
Network Interface operations on AIX
XBMC's implementation (check out CNetworkInterfaceLinux)
EDIT: Let me also add that if your target is desktop linux, then you can consider using the DBUS API to query network parameters using the NetworkManager.
http://people.redhat.com/dcbw/NetworkManager/NetworkManager DBUS API.txt (sorry there's some issue inserting links in edits)
You can always look at ifconfig's source code to see how they did it in the first place: http://archive.ubuntu.com/ubuntu/pool/main/n/net-tools/net-tools_1.60.orig.tar.gz
The NetworkManager service exposes an API over dbus for querying/manipulating the networking on many distributions these days. This may be too high-level for your purposes (e.g. you require finer control of the network, or dbus/NetworkManager are not available on the system...), but it may provide you with what you need.
Check out the dbus C++ bindings and the NetworkManager API (sorry, I can't find a better formatted version right now, but the information is there).