I am trying to write a program to simulate some virtual network interfaces. My program runs on a Linux PC, denoted A, connected to a router, denoted R, and A has one physical network interface eth0 with an IPv4 address, say, 192.168.1.2. My program can obtain multiple different IPv4 addresses from the router via DHCP, say, 192.168.1.3, 192.168.1.4, ... (I have done this part by making up some virtual MAC address). What I need to do next is that, when another physical PC, denoted B, which is also connected to the router R, tries to communicate with one of the IPv4 addresses obtained by my program (not the one assigned to the physical interface, eth0, of A), say, 192.168.1.3 it should appear to B that 192.168.1.3 is a "real" network interface. For example, if B ping 192.168.1.3, it should be able to receive response from 192.168.1.3 (even thought the packet actually pass through A's physical network interface eht0). In addition, my program should be able to extract the IP packet on the virtual interface where the whole packet is received.
In other words, what my program wants to accomplish is like the "Bridged Network" in virtual machines like VirutalBox or VMWare Player.
Can someone please tell me what I should start with? Should I use TAP? Are there any existing libraries which I could use? Or should I just create a link layer socket for my purpose? (I read "Datalink Access" in Richard Stevens's Unix Network Programming, but the info is not quite detailed.)
Thanks,
Tom
From my understanding of your requirement, you can use the subinterfaces. You can split the eth0 to multiple interfaces like eth0:1 eth0:2 etc. Then you can assign IP for each of these interfaces and use them as regular interfaces. You can run run tcpdump/wireshark on these subinterfaces and capture the packets as you wish.
Related
I'll start with stating that I know very little about networking and the whole OSI model.
My goal is to create a tiny network(for now my laptop and a raspberry Pi) using an unmanaged network switch. On higher layer transmissions(level 3+) I would simply set the destination IP address for a packet. From what I've read on Wikipedia a network switch operates at the data link layer which means it uses MAC addresses.
How does one send data to a device on a local area network when it's connecting with something that only supports MAC addresses. More importantly, how does one do it from a high level language like Java or C#?
TL;DR The the OSI model is about abstraction and programing languages use operating system calls to implement this abstraction. The Rasberry Pi is running a full OS and will send and receive network data addressed to its assigned IP address. You do not need to specify MAC address.
You want to communicate with a Raspberry Pi from your Laptop. To do this you first connect them to the dumb switch and assign both devices an IP address in the same subnet, on physical interfaces connected to the dumb switch. Let say that your laptop's physical ethernet connection is assigned 10.0.0.1/24 and Rasberry Pi's physical ethernet connection is assigned 10.0.0.2/24 (If you do not understand my notation look at CIDR). IP addresses are Layer 3 constructs. Now your application will use an Operating System socket to create a TCP or UDP connection(see UDP java example here) with a layer 4 address (application port). Everything higher than Layer 4 is handled by your application.
Layer 2 and lower is handled by the OS. When your application tries to send data through the socket, the Operating System determines which physical interface to send data from by looking at the destination IP address. This lookup uses the OS Routing Table. Assuming you have a normal routing table, the OS will pick the interface that has ab IP with the same subnet as the destination IP. So if you send data to 10.0.0.2, your OS will send data from 10.0.0.1 because it has the same subnet of 10.0.0. Now the OS has selected an interface, it still does not know what Layer 2 MAC address to send the Layer 3 IP packet to. The main reason the OS does not know this is because IP addresses can change, but Layer 2 MAC addresses should not. Anyhow the OS sends out an ARP request which tries to get the MAC address for an IP address. If the devices are connected properly, the OS gets a MAC address for the desired IP address and begins to send data to that MAC address. The switch (smart or dumb) makes sure the message gets to the desired MAC address. At the receiving end, the OS receives the packet and send the data in the packet to sockets bound to the Layer 4 address (application port).
Side note: it is technically possible to send data to just a MAC address using RAW sockets but it is extremely technical.
Liam Kelly's answer provides great insight on abstraction of data sending. I will try to provide complementary information.
Network switch operation
While most switches operate at data level, there are some that can perform some operation at higher levels:
layer 3: Within the confines of the Ethernet physical layer, a layer-3 switch can perform some or all of the functions normally
performed by a router.
layer 4: [...] capability for network address translation, but then adds some type of load distribution based on TCP sessions.
layer 7: [...] distribute the load based on uniform resource locators (URLs), or by using some installation-specific technique to
recognize application-level transactions.
RAW sockets usage
As already specified, these require fairly advanced programming skills. They are also severely restricted in non-server versions of modern Windows Operating Systems (source) due to security concerns:
TCP data cannot be sent over raw sockets.
UDP datagrams with an invalid source address cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must
exist on a network interface or the datagram is dropped. This change
was made to limit the ability of malicious code to create
distributed denial-of-service attacks and limits the ability to send
spoofed packets (TCP/IP packets with a forged source IP address).
A call to the bind function with a raw socket for the IPPROTO_TCP protocol is not allowed.
Suggestion
If .NET is a viable option for you, I would take Pcap.Net for a spin, as it allows various operations at packet level using high level programming (including LINQ).
Hello Networking Gurus,
I have a question about IP duplication and how this impact the associated switches (layer 2). Sorry, I don't have any resources available to test this. It would be great if someone can shed some lights of their experience on this.
If I have two servers (Linux), say A & B, serving exactly same contents and for some reason they both are assigned same IP address. To be more specific, if A already has an address IP.100 and B has another address IP.200. Now at this point everything seems working and the switch has proper MAC addresses stored. If, later, B also gets the address IP.100, how would this affect the switch's ARP cache? When B gets the new address I assume it broadcasts ARP? to inform the associated switch.
So the question is, Does the switch stores both machines' entries? or overwrites the existing with new? Is there any standard behaviour or proprietary switches reacts differently?
If a client, with no ARP cache, tries to connect to IP.100, which machine would it be forwarded to? A or B or none? If A OR B, can I say from client point-of-view, that there's no outage? (Assume this is a static website, with no login sessions etc)
Feel free to point any relevant documentation.
Thank you in advance.
In theory, you shouldn’t have two hosts talking on the same IP, unless they are participating in routing. Eg any-cast. As things will break.
Each host will have its own MAC address. If the switch is only doing layer two forwarding, then the switch only keeps track of MAC addresses. It is the end hosts or routers that track ARP entries.
If you move IP 100 to B, then the hosts will update their own ARP table.
But if A and B have 100 at the same time, this will cause issues.
Switch will not see any IP's and do not have arp cache for forwarding packets , it will had only mac address table map macs to ports and macs in your case will be unique
I actually think this is how multicast works.
Hosts obtain a multicast address and all of the devices share that same multicast address.
A switch will gather collections of Mac addresses to that same multicast in it's mac table.
I could be wrong though....Still learning.
2 computers are in different subnets.
Both are Windows machines.
There are 2-5 IGMP-ready routers between them.
They can connect each other over multicast protocol (they have joined the same multicast group and they know about each other's existance).
How to establish a reliable TCP connection between them without any public server?
Programming language: C++, WinAPI
(I need a TCP connection to send some big critical data, which I can not entrust to UDP)
You haven't specified a programming language, so this whole question may be off-topic.
Subnets are not the problem. Routability is the problem. Either there is routing set up or there isn't. If they are, for example, both behind NAT boxes, then you're at the mercy of the configuration of the nat boxes. If they are merely on two different subnets of a routed network, it's the job of the network admin to have set up routing. So, each has an IP address, and either can address the other.
On one machine, you are going to create a socket, bind it to some port of your choice, and listen. On the other, you will connect to the first machine's IP + the selected port.
edit
I'm going to try again, but I feel like there's a giant conceptual gap here.
Once upon a time, the TCP/IP was invented. In the original conception, every item on the network has an IPV4 address, and every machine could reach every other machine, via routing, except for machines in the 'private' address space (10.x, etc).
In the very early days, the only 'subnets' were 'class A, class B, class C'. Later the idea of subdividing a network via bitmasks was added. The concept of 'subnet' is just a way of describing a piece of network in which all the hosts can deliver packets to each other by one hop over some transport or another. In a properly configured network, this is only of concern to operating system drivers. Ordinary programs just address packets over the network and they arrive.
The implementation of this connectivity was always via routing protocol. If you have a (physical) ethernet A over here, and a (physical) ethernet B over there, connected by some sort of point-to-point link, the machines on A need to know where to send packets for B. Or, to be exact, they need to know where to send 'not-A' packets, and whatever they send them needs to know where to send 'B' packets. In simple cases, this is arranged via explicit configuration: routing rules stuffed into router boxes or even computers with multiple physical interfaces. In more complex cases, routing boxes intercommunicate via protocols like EGP or BGP or IGMP to learn the network topology.
If you use the Windows 'route' command, you will see the 'default route' that the system uses to send packets that need to leave the local subnet. It is generally the address of the router box responsible for moving information from the local subnet to everywhere else.
The whole goal of this routing is to arrange that a packet sent from a.b.c.d to e.f.g.h will get there. TCP is no different than UDP, except that you can't get there by multicast or broadcast: you need to know the exact address of your correspondent.
DNS was invented to allow hosts to learn each other's IP addresses without having human being send them around in email messages.
All this stops working when people start using NAT and firewalls to turn off routing. The whole idea of NAT is that the computers behind the NAT box are not addressable at all. They all appear to have one IP address. They can send stuff out, but they can only receive stuff if the NAT box has gone to extra trouble to map them a port.
From your original message, I sort of doubt that NAT is in use here. I just don't understand your comment 'I don't have access to the network.' You say that you've sent UDP packets here and there. So how did you do that? What addresses did you use?
im wondering if it's possible to create p2p chat application without server(so there is no need in external static ip.Is it true?)?
EddieC is right if the computers are located inside the same sub-network (LAN) or if the computers'ip is their interface to the Internet (WAN public ip). In that case, you can just use the ip's and ports directly.
However, usually, knowing the computers ip is not enough because the machines are located behind routers inside sub-networks. Thus, because the computers are hidden behind the routers, you will have to configure the routers to foward the packets to the right computers as function of the ports used.
Have a look at : http://wiki.vuze.com/w/Port_forwarding
If you do not want to use ip's because they are dynamic, you can configure urls with Dynamic DNS services.
Good luck
It is possible. But you must have someway for one computer to tell the other computer what their IP number is. You could email it to your friend or call them on the phone or post it on a message board.
If this program only has to work on a local network (LAN), there is something called broadcasting which might be of interest to you. It allows a packet to be sent out to every device on the network without having to know their IPs (then other instances of your program could reply with the IP of their machines so you could set up proper connections).
This won't work over the internet, though (imagine being able to broadcast to every computer connected to the internet!).
i was learning socket programming in unix using c/c++.
I am confused with one function call bind(params..).
Actually it takes the adreess structure "sockaddr_in" and we can create the structure in the following way
sockaddr_in.*** = somthing..
sockaddr_in..s_addr htonl(INADDR_ANY)
**Passing INADDR_ANY will alow to bind all local addresses**
My question is , why do we need to use "INADDR_ANY" ?
In my knowledge every machine can has only one unique IP Address. In this way there is only one address associated with the machien. Thye bind call should directly bind the socket to the single available address.
Please explain what are the different scenarios and why is it so?
A machine usually has an IP address for each connected network interface plus 127.0.0.1 for localhost (loopback). For example, a laptop might be connected to a wireless network as 10.0.1.25 and also to a wired network as 10.0.2.4. Servers often have an interface to an internal network as well as a public network.
It's possible for a machine to have more than one IP address, either because it has multiple network cards or through software. INADDR_ANY lets you bind a socket to all of the machine's IP addresses.
Not true. Most machines are Multi-Homed, that means, they have more than one IP address.
For example, the network address and 127.0.0.1.