I have a sockets program that requires port 1002 to be open and I wanna know how to port forward in C++ on windows so i may use this port freely?
Port forwarding is done upstream of the client system, typically on the router.
I believe some applications use Universal Plug and Play to communicate with the upstream router to open a port publicly but you'll have to do a lot of research to see how it's done: I haven't the slightest.
So, you need UPnP or NAT-PMP. Your system may have libraries for doing those protocols, or you can use muniupnp, which has both a server to run on a Linux or BSD box to test against, and a client library.
There is no guarantee that will work, so you may need to go further and use STUN, TURN or ICE. There's a library for doing those things here.
And always remember, sometimes it's just impossible. Implement IPv6 as well, sometimes that works when IPv4 doesn't. Encourage users to install v6 and Teredo.
Starting with Windows XP, Microsoft offers a UPnP library. It's actually fairly complicated to use as the library just offers the basics of communicating with network devices. You will have to study the various UPnP specifications in order to perform device-specific tasks such as port forwarding. Believe me, this is a lot of hard work to do to accomplish relatively little; better to just put it in your documentation somewhere that the user might have to consult their router manual in order to forward the necessary ports. This is what almost everybody does.
I believe the most popular approach is to write documentation that tells the user what port(s) to open on their firewall.
You can't port forward in a programming language, that is something that is set up on the router.
Related
I want to implement WiFi manager program which should handle the following.
notification on wi-fi access point has come or gone
provide information of available wifi access point
connect/disconnect with a given wi-fi access point
Which is the recommended C/C++ WiFi library for Linux to achieve this?
On Fedora (at least), the preferred way to interact with NetworkManager is via DBus.
While wireless-tools and the like will work — even direct kernel calls, if you must — there are a couple of problems:
You'll probably need superuser privileges
NetworkManager will probably have a panic attack and get into fights with you, unless you stop its service
The user's normal networking controls (e.g. desktop tray icons) are almost certainly configured to use NetworkManager.
You can send and receive DBus messages for all the tasks you mentioned, for WiFi as well as arbitrary other types of network interfaces. The API is published here, for version 0.8.
For newer operating systems, there are apparently changes in the API, with a migration guide.
Their wiki should be really helpful.
I know both Fedora and Ubuntu use NetworkManager by default; I believe many other systems do, as well, but don't have an exhaustive list.
Of course, if you're using an embedded system, custom distribution, or something, then your mileage may vary.
That would be wireless-tools
I would recommend using directly the NetworkManager Library.
You can use low-level D-Bus library or libnm-glib library, that makes communication easier: example add connection glib
For more info, you can take a look into the code of the command line client nmcli.
My main goal is to create an advanced program for manipulating the packets that route within my network via the router. Let my program have total control over the router. Set the download/upload speeds to my inputs, apply the effect to certain devices within in my network. Block upload or download traffic. Set second delay for either the upload or download speed. Specify % of loss packets, and the list goes on.
The problem is that I don't know where to start. I know most languages at the very most basic level. I'd like to create this program in either C, C++ or C# but I don't know yet. What else do I need to know before creating this program? Winsock or something? Winpcap APIs?
This goal is my motivation to learn programming to the extreme, and I'm really looking forward to it.
Thanks in advance!
Hmmm I guess you would want to look at pcap(?):
pcap
Check out:
http://beej.us/guide/bgnet/html/multi/index.html
'Beej's Guide to Network Programming
Using Internet Sockets'
All you could possibly need to know about programming sockets for capture and manipulation.
If I were you I'd write it in C, I'm writing a similar project at the moment in C++ and it's hell but too late to stop and start again.
Hope that helps.
Bear in mind that you either need a router that you can re-program or you need to use your PC as a router to do this.
Either way you want to look into how IPTABLES are implemented.
I've never seen Desktop Windows used as a router only Windows Server, though it may still be possible. libpcap is for packet capture, but not interception as I understand it. Programs like Wireshark use it to monitor copies of packets, but not to modify them. If you want to attempt this, my impression has been that there is a lot more documentation and tools for doing something like this with NetFilter/IPTables on Linux. You can even install something like OpenWRT on a compatible router and get a small, cheap Linux router, though having Desktop Linux will probably help for development. The NetFilter QUEUE library can be used with some IPTables firewall rules to redirects specific (or all) packets to a regular user program. That program can then read the packet and modify it or even request it to be dropped.
http://www.netfilter.org/projects/libnetfilter_queue/
If you want to manipulate network traffic on a Windows machine (as you mentioned), you will need some extra software. This operating system wont give you the full control over itself, which is fine for some reasons.
I think what you want to do, should be done with either winpcap or win10pcap if you are using Win10. These packages contains a windows driver and the libpcap user space library.
I'm using C++/boost::asio under Win7.
I'm trying to "sniff" trafic over a given TCP/IP port. Hence, I'd like to listen on that port, receive messages, analyze them, but also immidately allow them to flow further, as if I never intercepted them. I want them to sink into the program that normally listens and connects on that port. Imagine a transparent proxy, but not for HTTP.
I'd rather find a code-based solution, but barring that, maybe you would suggest a tool?
what you are trying to do is basically a firewall program.
On windows there is several approach to do that, you can hook winsock. The better (or not hacky) is to use TDI filter (you take a look a this) or to make a NDIS filter.
Microsoft also introduced new API, WPF and LSP. I think you have better to use it because the TDI filter and NDIS wrapper involve driver programming which complicated and can be time consuming.
If this is for a product you are developing you may want to take a look at the WinPcap library http://www.winpcap.org/ which you can embed into your own program.
If you just need to analyze for yourself, use one of the tools that uses WinPcap, I have had great success with WireShark; but check out the WinPcap site for other tools
You cannot use boost::asio (or any other socket based library) for this as it consumes all the traffic.
I have a network application that I need to convert so that it works for ipv6 network. Could you please let me know what I need to do (replace socket APIs)?
One more thing, how can I test my application?
Thanks.
The core socket system calls are protocol neutral. You will need to use AF_INET6 instead of the standard AF_INET address family, as well as PF_INET6, sockaddr_in6 and others when appropriate.
I'd suggest having a read through the "ipv6" man page or the "socket interface extensions for ipv6" RFC: http://www.ietf.org/rfc/rfc3493.txt
Similar and possibly relevant question: is ipv6 backward compatable with ipv4?
3rd edition of "Unix Network Programming" has numerous examples and a whole chapter in IPv4/IPv6 interoperability.
For testing, you can create a bunch of virtual machines with Microsoft Virtual PC (or similar) and test the app between them - you can easily put them on a private network where they can only see each other.
Take a look at http://gsyc.escet.urjc.es/~eva/IPv6-web/ipv6.html - it is a rather comprehensive resource, and has some useful references to RFCs.
For the testing considerations, if your application will be dualstack, consider the following failure scenario: the IPv6 traffic may blackholed for various reasons, an example scenario being the user who uses 6to4 anycast tunneling but their traffic to/from 192.99.88.1 (anycast 6to4 relay address) is dropped. Try to test this case and ensure the application falls back gracefully without destroying the user experience, this will save a few support calls later.
(NB: I am talking specifically about blackholing because in the case of the "normal" errors like a routing problem the error will usually be returned rather fast. So you might consider putting inbetween the hosts some kind of router that you could configure to silently drop the packets)
Here's my question.
Right now I have a Linux server application (written using C++ - gcc) that communicates with a Windows C++ client application (Visual Studio 9, Qt 4.5.)
What is the very easiest way to add SSL support to both sides in order to secure the communication, without completely gutting the existing protocol?
It's a VOIP application that uses a combination of UDP and TCP to initially set up the connection and do port tunneling stuff, and then uses UDP for the streaming data.
I've had lots of problems in the past with creating the security certificates from scratch that were necessary to get this stuff working.
Existing working example code would be ideal.
Thank you!
SSL is very complex, so you're going to want to use a library.
There are several options, such as Keyczar, Botan, cryptlib, etc. Each and every one of those libraries (or the libraries suggested by others, such as Boost.Asio or OpenSSL) will have sample code for this.
Answering your second question (how to integrate a library into existing code without causing too much pain): it's going to depend on your current code. If you already have simple functions that call the Winsock or socket methods to send/receive ints, strings, etc. then you just need to rewrite the guts of those functions. And, of course, change the code that sets up the socket to begin with.
On the other hand, if you're calling the Winsock/socket functions directly then you'll probably want to write functions that have similar semantics but send the data encrypted, and replace your Winsock calls with those functions.
However, you may want to consider switching to something like Google Protocol Buffers or Apache Thrift (a.k.a. Facebook Thrift). Google's Protocol Buffers documentation says, "Prior to protocol buffers, there was a format for requests and responses that used hand marshalling/unmarshalling of requests and responses, and that supported a number of versions of the protocol. This resulted in some very ugly code. ..."
You're currently in the hand marshalling/unmarshalling phase. It can work, and in fact a project I work on does use this method. But it is a lot nicer to leave that to a library; especially a library that has already given some thought to updating the software in the future.
If you go this route you'll set up your network connections with an SSL library, and then you'll push your Thrift/Protocol Buffer data over those connections. That's it. It does involve extensive refactoring, but you'll end up with less code to maintain. When we introduced Protocol Buffers into the codebase of that project I mentioned, we were able to get rid of about 300 lines of marshalling/demarshalling code.
I recommend to use GnuTLS on both the client and the server side, only for the TCP connection. Forget about the UDP data for now. The GnuTLS documentation has example code for writing both clients and servers. Please understand that at least the server side (typically the TCP responder) needs to have a certificate; the client side can work with anonymous identification (although there is even an example without server certificate, using only DH key exchange - which would allow man-in-the-middle attacks).
In general, it is likely that you will have to understand the principles of SSL, no matter what library you use. Library alternatives are OpenSSL (both Unix and Windows), and SChannel (only Windows).
Have you tried the SSL support in Boost.Asio or ACE? Both use OpenSSL under-the-hood, and provide similar abstractions for TCP, UDP and SSL. Sample code is available in both the Boost.Asio and ACE distributions.
One thing you may need to keep in mind is that SSL is record-oriented instead of the stream-oriented (both TCP and UDP). This may affect how you multiplex events since you must, for example, read the full SSL record before you can call a read operation complete.
To help handle this with no changes to the application yo may want to look at the stunnel project (http://www.stunnel.org/). I don't think that it will handle the UDP for you though.
The yaSSL and CyaSSL embedded SSL/TLS libraries have worked well for me in the past. Being targeted at embedded systems, they are optimized for both speed and size. yaSSL is written in C++ and CyaSSL is written in C. In comparison, CyaSSL can be up to 20 times smaller than OpenSSL.
Both support the most current industry standards (up to TLS 1.2), offer some cool features such as stream ciphers, and are dual licensed under the GPLv2 and a commercial license (if you need commercial support).
They have an SSL tutorial which touches on adding CyaSSL into your pre-existing code as well: http://www.yassl.com/yaSSL/Docs-cyassl-manual-11-ssl-tutorial.html
Product Page: http://yassl.com/yaSSL/Products.html
Regards,
Chris