Using socket programming APIs (e.g., socket(), connect(), accept() ...), how can I know if a TCP connection is between two processes on the same machine? Say, I have the socket file descriptor, and the remote ip. Can I simply inspect if the remote ip is 127.0.0.1?
There's no really reliable way to determine this - you can connect to local processes using a globally routed IP address (ie, local processes can use IPs other than 127.0.0.1). It's also possible for a process to run in a different virtual machine on the same physical hardware, if you're in a virtualized environment.
Note, however, that if the remote IP (via getpeername) or local IP (via getsockname) starts with 127 (including 127.0.0.1), then it is indeed a local connection; however, you can't rule out the possibility that it might be a local connection if it's a different pair of addresses.
Use getsockname() and getpeername() to retreive the two IPs associated with the connection, then use gethostname() and gethostbyname() (or other platform-specific APIs, like GetAdaptersInfo() and GetAdapterAddresses() on Windows) to determine the IPs that belong to the local machine, then you can compare the connection IPs to the local machine IPs to see if they both match. A machine can have multiple IPs assigned to it, and multiple IPs on the same machine can communicate with each other.
Here is the approach I have used. The idea is to attempt to bind a listener to that IP address and use the failure/success codes to decide whether the address is local.
I am not claiming this is particularly efficient, but it should be fairly reliable, and for my application it was appropriate.
#include <sys/socket.h>
#include <errno.h>
/* ...probably need some other headers I am forgetting... */
int
is_local(const struct sockaddr *addr, socklen_t addr_len)
{
const char *func = "is_local()";
int result = 0;
int tmp = socket(addr->sa_family, SOCK_STREAM, 0);
if (tmp < 0) {
printf("%s: socket(%d,SOCK_STREAM,0) failed, errno %d\n",
func, addr->sa_family);
goto out;
}
/* If bind() succeeds, or if it fails because the address is in
use, then the address must be local to this system. */
if (bind(tmp, addr, addr_len) < 0) {
if (errno == EADDRINUSE)
result = 1;
else if (errno == EADDRNOTAVAIL)
; /* do nothing; address is remote */
else
printf("%s: bind() unexpected error %d\n", func, errno);
}
else {
result = 1;
}
close(tmp);
out:
return result;
}
You call it like this:
struct sockaddr_storage client_addr;
socklen_t client_addr_len = sizeof(client_addr);
int fd = accept(listener, &client_addr, &client_addr_len);
if (is_local((struct sockaddr *)&client_addr, client_addr_len))
/* peer is local */
If you already have the remote ip address, you can check if it is the loopback address or if it is the ip address of the host, because, as cnicutar points out, it doesn't have to be over the loopback address to be a local connection.
Related
I have been stuck with this problem for ages...
So I coded a game with multiplayer using the BSD sockets/Winsock 2 TCP. My server is up and working, I can connect to it locally (indirectly by filling in my own external ip). Everything seems to be fine. I tested with canyouseeme.org whether my ip and server port were properly port forwarded, and it was perfectly working. Then I sent my client to a friend to test it out by connecting to the server, and it failed all the time. I expected him to have connected, but I could not see anything on the server side (while canyouseenme.org even popped up as invalid client). I do not get it, do I have to do something special for external connecting in TCP?
Here is my connect function:
int CConnectSocket(CSocket s, unsigned short port, char* ipaddress)
{
SOCKADDR_IN target;
target.sin_family = AF_INET;
target.sin_port = htons(port);
target.sin_addr.s_addr = htonl(inet_addr(ipaddress));
if (connect(s, (SOCKADDR*)&target, sizeof(target)) == SOCKET_ERROR)
{
if (WSAGetLastError() == WSAEISCONN)
return CTCP_DONE;
else if (WSAGetLastError() != WSAEWOULDBLOCK && WSAGetLastError() != WSAEALREADY)
{
strcpy(inerr, "CConnectSocket: Failed to connect the socket. Error ");
char f[6];
sprintf(f, "%d", WSAGetLastError());
strcat(inerr, f);
return CTCP_ERROR;
}
return CTCP_WAIT;
}
return CTCP_DONE;
}
I keep looping this function until CTCP_DONE is returned (meaning I connected). My friend reported he timed out (so it returned CTCP_WAIT for too long). Again, I'm sure the client is the fault because my server was able to accept an external connection from canyouseeme.org. The IP address and port I fill in work because I can connect locally. If I change the port, local connection doesn't work anymore (proof that it is a correct argument). Changing the IP does yield the same result.
I appreciate any help! Hopefully I can solve this problem and begin the multiplayer.
EDIT
void CEngine::CSetSockAddr(CSockAddr* address, unsigned short port, char* ipaddress)
{
memset(address, 0, sizeof(CSockAddr));
address->sin_family = AF_INET;
address->sin_port = htons(port);
address->sin_addr.s_addr = htonl(inet_addr(ipaddress));
}
This is my socket address function. When I remove the htonl function, it works at my friend's side, but no at my side any more (I also host the server). My friend BTW uses XP, but since I called to use 2.2 WinSock that should be no issue. At least I hope that the setup function for WinSock guarantees a 2.2 implementation if it returns true.
EDIT 2
Hello guys,
I have got everything up and working now. It seems that if I add htonl I can connect as the host with the external IP rather than connecting with the loopback 127.0.0.0.1 or sth like that. So now I would like to know, how do I detect whether I am connecting to a server that I host? That would be a nice trick. Happy new year all!
Is very difficult to help you without a console... but you can talk with your friend and try this:
From your friend's PC, make a ping against your server.
If you recieve an answer, use tracert or traceroute to find out what's the problem
What's the route model of your friend? probably it has a System Event Log where you can check for rejected connections.
Luck!
You need to remove the htonl() call when calling inet_addr(). connect() expects the IP to be in network byte order, and inet_addr() returns the IP in network byte order, so there is no need to swap the bytes, on any platform.
Try this:
int CConnectSocket(CSocket s, unsigned short port, char* ipaddress)
{
SOCKADDR_IN target = {0};
target.sin_family = AF_INET;
target.sin_port = htons(port);
target.sin_addr.s_addr = inet_addr(ipaddress);
if (connect(s, (SOCKADDR*)&target, sizeof(target)) == SOCKET_ERROR)
{
int err = WSAGetLastError();
switch (err)
{
case WSAEISCONN:
return CTCP_DONE;
case WSAEWOULDBLOCK:
case WSAEALREADY:
return CTCP_WAIT;
default:
sprintf(inerr, "CConnectSocket: Failed to connect the socket. Error %d", err);
return CTCP_ERROR;
}
}
return CTCP_DONE;
}
I have a socket server that listens and accepts connections from client, which works as follow:
... do some pre-processing (socket, binds, etc)
//listen to client
if (listen(sockfd, BACKLOG) == -1) {
perror("listen");
exit(1);
}
printf("server: waiting for connections...\n");
while(1) { // main accept() loop
sin_size = sizeof client_addr;
new_fd = accept(sockfd, (struct sockaddr *)&their_addr, &sin_size);
if (new_fd == -1) {
perror("accept");
continue;
}
//do something .....
.....
}
How can I restrict the server so it only accepts connection from specific IP addresses? For instance, I can create a text file containing a white list of IP addresses to accept, in the following format:
202.168.2.5 - 202.168.2.127
92.104.3.1 - 92.104.4.254
//and so on
So basically I want to reject connection from all the IP addresses not included in the whitelist. If the socket library API does not support this, I am okay with the idea of accepting the connections first, then just immediately close the socketfd if the peeraddress is not in the whitelist. But how to perform this, how can I check that a specific IP address is within the range specified in my whitelist? Any examples would be appreciated.
You want to call getpeername to get the address information from the client. Then check if their IP address is found in the whitelist. If not, disconnect them.
In order to check that their ip address lies within a given range, you want to convert the address bytes into one number. You can do that with the following:
unsigned int n = bytes[0] << 24 | bytes[1] << 16 | bytes[2] << 8 | bytes[3];
If the lower bound of the address range is A, and the upper bound is B, and the client's ip address is X, then they are white listed if (A <= X && X <= B).
If each range of ip addresses tests false, then they aren't on the white list and you should disconnect them.
Not sure what the question is here, or rather what the problem is. The client's address will be in their_addr, so just search your whitelist for that. If not found, close. You will probably want to either convert their_addr into the same format as your whitelist entries, or possibly vice versa.
On Windows only, you can use WSAAccept() instead of accept(). WSAAccept() has a parameter that you can pass a callback function to. Before a new connection is accepted, the callback is invoked with the addresses and QOS values for that connection. The callback can then return CF_ACCEPT, CF_DEFER, or CF_REJECT as needed.
Can an IP address and a port number together uniquely identify a process ID?
I'm looking for a way to get the corresponding process ID, given an IP address and a port number, but I'm not sure whether such ip/port pairs can uniquely identify one pid.
Not necessarily. If a socket is opened/accepted in a process, and it then forks, the child process also has the socket open, so the IP address and port number are used by two processes.
As Jonathan pointed out, the relation is not necessarily unique. For instance, there are server implementations (apache/prefork) which use child processes to handle requests concurrently.
But you can get the list of processes using a specific port/address anyway (although there might be multiple entries for a single port/address pair), perhaps in your specific case this is a viable solution:
In Windows, for example, you can use the GetExtendedTcpTable function, setting the TableClass parameter to one of the TCP_TABLE_OWNER_MODULE_* values. This returns a table containing local and remote address/port and process ID for all current TCP endpoints.
On Linux there are certainly similar ways (although I do not know by heart how to do it...), since this is exactly what the netstat -p program does.
At a time, only one process can bind to a given port, hence given a port we can have at most one process listening on it.
Yes multiple processes can send & receive through the same port but only one process binds to a port.
e.g. in the following code one gets a "server:bind: Address Already in use" error. Then, if we run lsof -i:2100 we get only one process id listening on port 2100.
#define SERVERPORT "2100"
#define BUF_MAX 1024
#define BACKLOG 10
int data_connection(char* portno)
{
struct addrinfo hints,*res,*clientinfo;
int rv,datafd,yes=1,new_fd;
char buf[BUF_MAX];
struct sockaddr_storage their_addr;
socklen_t addr_size;
memset(&hints,0,sizeof(hints));
hints.ai_family=AF_UNSPEC;
hints.ai_socktype=SOCK_STREAM;//connnection oriented.
hints.ai_flags=AI_PASSIVE;
if ((rv = getaddrinfo(NULL, portno, &hints, &res)) != 0) {
fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(rv));
return 1;
}
for(clientinfo=res;clientinfo!=NULL;clientinfo=clientinfo->ai_next)
{
if((datafd=socket(clientinfo->ai_family,clientinfo->ai_socktype,clientinfo->ai_protocol))==-1)
{
perror("server:datasocket");
continue;
}
break;
}
if(setsockopt(datafd,SOL_SOCKET,SO_REUSEADDR,&yes,sizeof(int))==-1)
{
perror("setsockopt");
exit(1);
}
if(bind(datafd,clientinfo->ai_addr,clientinfo->ai_addrlen)<0)
{
perror("server:bind");
exit(1);
}
if(listen(datafd,BACKLOG)<0)
{
perror("server:listen");
exit(1);
}
addr_size=sizeof(their_addr);
if((new_fd=accept(datafd,(struct sockaddr*)&their_addr,&addr_size))<0)
{
perror("server:accept");
exit(1);
}
close(datafd);
datafd=new_fd;
return datafd;
}
int main()
{
int datafd;
fork();
datafd=data_connection(SERVERPORT);
}
On a windows machine, you can obtain the process ID for a listening application. See this question.
To add a Windows specific counter example:
Windows has a http.sys (the kernel-mode HTTP protocol listener) service which enables port sharing by different applications.
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/net-tcp-port-sharing
I tried to find the IP address that my UDP socket is bound to (assuming I don't want to use another method to find the computer's IP address). How can this be done? The code below works for the PORT number, but always returns 0.0.0.0 for the address:
struct sockaddr_in sin;
int addrlen = sizeof(sin);
if(getsockname(clientSock, (struct sockaddr *)&sin, &addrlen) == 0 &&
sin.sin_family == AF_INET &&
addrlen == sizeof(sin)){
printf("RETURNING ADDR: %s: len = %d\n", inet_ntoa(sin.sin_addr),
strlen(inet_ntoa(sin.sin_addr)));
}
The socket was bound using the following code:
sockaddr_in local;
local.sin_family = AF_INET;
local.sin_addr.s_addr = INADDR_ANY;//inet_addr("127.0.0.1");
local.sin_port = 0; //assign given port
result = bind(clientSock, (sockaddr*)&local, sizeof(local));
Thank you for any and all help. I appreciate your time!
0.0.0.0 is INADDR_ANY, meaning the socket is bound to all local addresses on the host, not just one address. You are asking for one address, but you are not bound to one address, so getsockname() cannot report a specific address.
If you want getsockname() to report a specific address, you have to bind() to that specific address. So use GetAdaptersAddresses to enumerate all interfaces on the local host and bind() a separate socket to each address, instead of binding INADDR_ANY on a single socket.
Otherwise, you can bind() a single socket to INADDR_ANY, and then use WSARecvMsg() (instead of recv(), recvfrom(), or WSARecvFrom()) to read the incoming packets. WSARecvMsg() can report details about each packet's arrival interface and destination address, if you enable the appropriate options with setsockopt().
In my Linux C++ application I'm using getpeername and getsockname.
when IPv6 enabled on the OS, both getpeername and getsockname return only port!
code:
int GetSockAndPeer(int sock)
{
struct sockaddr_storage ss;
socklen_t salen = sizeof(ss);
struct sockaddr *sa;
struct addrinfo hints, *paddr, *paddrp;
sa = (struct sockaddr *)&ss;
if (getpeername(sock, sa, &salen) != 0)
{
return -1;
}
if (getsockname(sock, sa, &salen) != 0)
{
return -1;
}
}
sa variable hold after the systemcalls in sa_data only the sa_data[0] and sa_data[1] which means port. all the other bytes are 0;
Any help???
Related to RFC2553 you have to use the IN6_IS_ADDR_V4MAPPED and IN6_IS_ADDR_V4COMPAT macros to identify if there is any usable IPv4 information available within yours socket_storage, or to be exact the sockaddr_in6 structure:
struct sockaddr_in6 {
sa_family_t sin6_family; /* AF_INET6 */
in_port_t sin6_port; /* transport layer port # */
uint32_t sin6_flowinfo; /* IPv6 traffic class & flow info */
struct in6_addr sin6_addr; /* IPv6 address */
uint32_t sin6_scope_id; /* set of interfaces for a scope */
};
If both macros returns true, the IPv4 address is in sockaddr_in6.sin6_addr[12-15]:
printf("%u.%u.%u.%u\n", sockaddr_in6.sin6_addr[12], sockaddr_in6.sin6_addr[13], \
sockaddr_in6.sin6_addr[14], sockaddr_in6.sin6_addr[15])
It's important to remember that, unless a socket is connected (or, for a connectionless socket, has transferred data), there may not be any IP addresses, local or remote, associated with the socket.
Let's say the computer is multihomed and has both local and Internet IP addresses. Maybe even multiple local network IP addresses. If you choose to bind a socket to "any" local address (using an INADDR_ANY-type flag), or never call bind() in the first place, the socket API does not have a single local IP address associated with the socket, just a port number at the most. When you call connect() on a socket, the system chooses which local IP to use based on who you are connecting to. So if you connect to a machine over the Internet, your Internet IP is associated with the socket, and if you connect to a machine on the local network, your LAN IP address is used.
So may sure that you connect() to a remote computer or bind() to a specific local IP before you use getsockname(). I wonder if enabling IPv6 has caused your machine to see multiple potential local IPs to use. Obviously you much be connected to a machine to use getpeername().