What is the best/easiest way to block a specific IP address with Jetty 8? Apparently the HTAccessHandler no longer works for the current version (source: http://jetty.4.n6.nabble.com/jira-Created-JETTY-962-Clean-room-implementation-of-org-mortbay-jetty-securtiy-HTAccessHandler-td41205.html) so I was wondering if there is a built-in solution short of writing a custom Filter/Servlet?
Use the IPAccessHandler in jetty-server:
http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/jetty-server/src/main/java/org/eclipse/jetty/server/handler/IPAccessHandler.java
Related
I'm writing a program that uses winpcap to capture some specific network traffic that is sent out by our switches.
However, wireless devices will never receive those packet so I'm trying to figure out how to determine if a network adapter is wireless or wired (so that I can then skip capturing on the wireless adapters altogether).
My first thought is to check the medium of the interface chosen (currently chosen based on the IP address of that adapter - the logic is that if it has an IP address, it is connected). The problem is, is that pcap_datalink() will return DLT_EN10MB, whether its wired or wireless.
The next thought was to try pcap_can_set_rfmon(), which should tell me if the device cannot be set to monitoring mode (and therefore if it is or isn't wired). However, I seem to get a 2019 linking error when I try to use this, which seems to be supposedly to do with the function not being supported on Windows without Airpcap?
I don't really see what else to try but it would be great if someone had any pointers. I'm wondering how difficult and convoluted it would end up becoming if I had to start using NDIS to determine what each adapter on a system is and then match that up to the device names used by WinPCap.. surely this is something I could keep in-house with lib/WinPCap?
Thanks!
I have a solution of sorts, just for Windows systems.
For an adapter that I want to select, based on the network it is connected to, I can compare the IP address associated with that adapter with each of the IP addresses in objects generated by GetAdaptersInfo. If they match, then I can see whether or not the "Type" on that same object is ethernet.
if ((pAdapterInfo->Type == MIB_IF_TYPE_ETHERNET) && (WINVER > _WIN32_WINNT_WS03))
{
}
I also check the Windows version; since it is only from Vista (Winver 6+) onwards that IF_TYPE_IEEE80211 is returned in the adapter is wireless.
It doesn't use WinPCap, but then again I'm not sure its possible to. Since I already am using these Windows libraries elsewhere, I figured that this is a platform-specific compromise I'll make. Hopefully that helps someone else one day!
in C++ linux application, how can I get the network interface reffering to each IP on my machine?
IP contains: static IP and dynamic IP
Note: I can't use the system call getnameinfo
10x
You can use the getifaddrs call; however, note that this only retrieves one address per interface. If that's not sufficient, use the rtnetlink protocol over a netlink socket; libnetlink may make this easier.
It's quite tricky to do this, I believe you need to have root access. You need to issue an ioctl (something like SIOCGIFCONF) which then returns you a list of all interfaces, and then you can issue further ioctl calls to extract status information, etc.
I have a network application that I need to convert so that it works for ipv6 network. Could you please let me know what I need to do (replace socket APIs)?
One more thing, how can I test my application?
Thanks.
The core socket system calls are protocol neutral. You will need to use AF_INET6 instead of the standard AF_INET address family, as well as PF_INET6, sockaddr_in6 and others when appropriate.
I'd suggest having a read through the "ipv6" man page or the "socket interface extensions for ipv6" RFC: http://www.ietf.org/rfc/rfc3493.txt
Similar and possibly relevant question: is ipv6 backward compatable with ipv4?
3rd edition of "Unix Network Programming" has numerous examples and a whole chapter in IPv4/IPv6 interoperability.
For testing, you can create a bunch of virtual machines with Microsoft Virtual PC (or similar) and test the app between them - you can easily put them on a private network where they can only see each other.
Take a look at http://gsyc.escet.urjc.es/~eva/IPv6-web/ipv6.html - it is a rather comprehensive resource, and has some useful references to RFCs.
For the testing considerations, if your application will be dualstack, consider the following failure scenario: the IPv6 traffic may blackholed for various reasons, an example scenario being the user who uses 6to4 anycast tunneling but their traffic to/from 192.99.88.1 (anycast 6to4 relay address) is dropped. Try to test this case and ensure the application falls back gracefully without destroying the user experience, this will save a few support calls later.
(NB: I am talking specifically about blackholing because in the case of the "normal" errors like a routing problem the error will usually be returned rather fast. So you might consider putting inbetween the hosts some kind of router that you could configure to silently drop the packets)
I'm playing around with retrieving the MAC address from the NIC - there are a variety of ways to get it, this article covers the most common:
http://www.codeguru.com/Cpp/I-N/network/networkinformation/article.php/c5451
I'm currently using the GetAdaptersInfo method, which seems the most bulletproof, but if the MAC address has been set via the registry:
http://www.mydigitallife.info/2008/06/30/how-to-change-or-spoof-mac-address-in-windows-xp-vista-server-20032008-mac-os-x-unix-and-linux/
Then it reports the MAC address that it has been changed to. The only way I've found to actually get the true MAC is to remove the registry entry, restart the NIC, get the MAC via GetAdaptersInfo, then replace the registry entry, and restart the NIC. While it gets the job done, it's hardly transparent to the user.
Is there any other methods that anyone is familiar with, that will return the hardware MAC regardless of what the registry is set to? Ideally I'd like a solution that works on XP on up.
Thanks in advance!
My guess is that in the linked CodeGuru article, the Miniport solution is likely to overcome the problem you describe, albeit painful to implement. The reason I think this is that I have used the GetAdaptersInfo solution myself in the past, and noticed that the MAC address will change without reboot when an adapter is added, e.g. a Bluetooth adapter providing PAN services.
Perhaps rather than rebooting after changing the registry setting, you could try stopping and restarting the relevent network services. You could easily check this manually prior to looking for a programmatic solution.
(n.b. the above is all guess work. If you try it and it works, perhaps add a post for those trying to do the same in future).
Parse the output of ipconfig /all
You can use WMI to enumerate the Win32_NetworkAdapter instances and look at the MACAddress property. The main issue with this technique is finding the appropriate adapter instance if you have multiple active adapters installed, e.g. on a laptop which also has a wireless connection.
I need to do a number of network-related things in C++ that I would normally do with ifconfig in Linux, but I'd like to do it without parsing the output of a group of system calls. Which C or C++ libraries can I use to tell if a network adapter is up or down, read or change an adapter's IP address and netmask, and change the default DNS gateway?
Basically you need to make a bunch of ioctl calls using a socket handle (SIOCGIFADDR, SIOCADDRT). You can find sample programs that use it in the Linux kernel source under Documentation/networking. Some other links that might be helpful:
Network Interface operations on AIX
XBMC's implementation (check out CNetworkInterfaceLinux)
EDIT: Let me also add that if your target is desktop linux, then you can consider using the DBUS API to query network parameters using the NetworkManager.
http://people.redhat.com/dcbw/NetworkManager/NetworkManager DBUS API.txt (sorry there's some issue inserting links in edits)
You can always look at ifconfig's source code to see how they did it in the first place: http://archive.ubuntu.com/ubuntu/pool/main/n/net-tools/net-tools_1.60.orig.tar.gz
The NetworkManager service exposes an API over dbus for querying/manipulating the networking on many distributions these days. This may be too high-level for your purposes (e.g. you require finer control of the network, or dbus/NetworkManager are not available on the system...), but it may provide you with what you need.
Check out the dbus C++ bindings and the NetworkManager API (sorry, I can't find a better formatted version right now, but the information is there).