I was wondering if there is a way to use DPDK to make TCP connection in user space without having to copy packet from memory??
I am fairly new to this and I do not know where to start, any advice on how to start would be helpful. I have tried googling for some hints or if anyone has asked and I have not been able to find a lot of resources.
DPDK is a set of libraries and drivers for fast packet processing. It does not have TCP/IP stack out of the box.
So to make a TCP connection you need a TCP/IP stack on top of the DPDK. There are a variety of stacks, for example:
F-Stack http://www.f-stack.org/
TLDK https://wiki.fd.io/view/TLDK
and many others...
So just pick whatever you like and start the journey...
Related
(Remaining segment of original Question)
I'm a bit confused on logistics of a software firewall app on a client side computer that blocks incoming on a port. Texts generally depict a Server initiating the bind to a port then setting up listening. Then clients can attempt to connect to this server, upon which the Server assigns the Client another free port number to form the connection protocol tuple.
But how does an app on a client setup or bind to a port to monitor and/or block it?
UPDATE EDIT ADD:
I looked at the links 4dc0 gave in comment and they were helpful.
So I deleted certain segments of my original question as answered to a point that they are mute issue of concern.
After doing more reading I found in the context of servers, 0.0.0.0 means all IPv4 addresses on the local machine. So this led me in a new direction of decipher.
so I looked at this, >netstat -a -n -o -b
I like the -b switch cause some PIDs don't show in task man svcs.
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:49168 0.0.0.0:0 LISTENING 2020
listening
[NortonSecurity.exe]
TCP 0.0.0.0:49169 0.0.0.0:0 LISTENING 2020
[NortonSecurity.exe]
TCP 192.168.1.5:49170 13.91.60.30:443 ESTABLISHED 2020
[NortonSecurity.exe]
TCP 192.168.1.5:51220 50.23.246.167:80 TIME_WAIT 0
TCP 192.168.1.5:51223 151.101.1.69:443 ESTABLISHED 5504
[firefox.exe]
This was interesting but I still needed help deciphering the full impact. I did more searching and found this link,
How do multiple clients connect simultaneously to one port, say 80, on a server?
While a different Title persey it gave me a lot of insight into this and more directions to search from here. Additionally it gave a good book link which in the used sellers section was affordable.
I can see many reasons why someone qualified would not reply to a post like this. However my naivety in posting the question was surpassed only by my desire to get more insight into these facets. Admittedly I was not seeking to write code for such, but desired a deeper understanding of it. As I searched through one clue to the next I realized the depth and scope of what I sought. And after some effort I did find enough to give me an idea of what's going. In case anyone comes by here with same curiosities I'm posting up a few of the better links I found.
Some links are dated but contain paradigm related content of application based filtering, tracking, layer 3, 4, and/or drivers via the NDIS firewall paradigms.
https://www.symantec.com/connect/articles/software-firewalls-made-straw-part-1-2
https://learn.microsoft.com/en-us/windows-hardware/drivers/network/ndis-driver-stack
https://learn.microsoft.com/en-us/windows-hardware/drivers/netcx/
https://www.codeproject.com/Articles/3405/Developing-Firewalls-for-Windows-2000-XP
https://www.codeproject.com/Articles/5602/Simple-Packet-Filter-Firewall
https://www.novell.com/documentation/nbm38/?page=/documentation/nbm38/overview/data/ae70q0b.html
http://programmerworld.net/personal/firewall.htm
Good recommended book
https://www.amazon.com/exec/obidos/tg/detail/-/0471205443/qid=1094828844/sr=1-1/ref=sr_1_1/103-9352427-0026242?v=glance&s=books&tag=hardfocom-20
I am trying to program a script to interface two applications, so I need to understand a few basic concepts, if someone could please help me grasp them:
When an application's manual says: This app listens to localhost:9763, it means it receives live data from the same machine on port number 9763. Is this correct?
So, if an application's manual says: Listen on UDP port 6004, it means I have to specify localhost:6004 similar to the first point?
Or does the first point (localhost:9763) imply that TCP/IP is being used, but the second point is on UDP?
Generally speaking, if an app says it is listening on a particular port and doesn't specify TCP or UDP, that usually means TCP. If you're not sure, you can probably figure it out based on what that particular app does and how it does it.
I've searched this subject in stackoverflow and found out that a telnet library would help, and I found a telnet lib here: C# Telnet Library
but I don't know how I can use a telnet library to open a port in my router. I'm using an AT&T 2wire router. Any hints on how I can do this?
You can't. The 2wire router is an island unto itself, if it decides to block a port nothing external can (or should) be able to change that. You are on the wrong track, and would need to restate your goals in order to get a useful answer.
UPnP and other "Hole Punching" techniques do exist: but you'll be in a world of hurt if you try to reply on them for any widespread deployment.
Perhaps you meant to open a connection to a remote server and then establish two way communication. That is easy... and how other games and tools get the job done.
Technically speaking you should not be able to. You shouldn't have outside programatic access to a router to open a port if it's blocked.
If what you mean is opening a port for communication (that is not blocked) then you can simply create Sockets with the address and port (ex. localhost 7777) to establish inter process communication or simply communication with another server.
As I mentioned in a comment below there are ports that are available for use (in C# this can be easily tested, a quick google search will find you many snippets of code for testing if a port is open). A simple approach is to simply start at port 1024 (I believe this is the correct lower bound for ports that should be used by applications, someone correct me if I'm wrong) and just start counting up until you find a port that is available, if you find you've reached some upper limit you can simply report that a connection cannot be made. I hope this clears up a little more and if I have time I will try to find some code I have for this and edit it in but honestly a quick search can net you similar code for checking ports in C#.
I have two applications (.exe) that are running on the same machine (Windows XP x86) and I know are communicating with eachother (I dont know how, I didn't write them). I would like to find a way to sniff the communication between the applications. Is there a way to do this?
I've done some messing with ProMon and i can probably figure it out from there but I'm wondering if there is something a little more specific to this purpose. ProMon can be a bit intimidating.
First, you could watch your two applications with a system call tracer like StraceNT (or see this question). With some luck, you should be able to figure out whether the processes communicate through a local socket, a TCP connection (via localhost undoubtedly), a pipe, a named file, or shared memory.
You can also run netstat while the applications are running to see if they are opening any network ports.
Once you know what you're looking for, you can choose a more specific monitoring tool. If it's network communication (even over a loopback interface), you could try capturing the data with something like WinDump. If the communication is via shared memory, you could attach a debugger to one of the two processes and inspect the shared memory periodically.
I am willing to build a prototype of network appliance.
This appliance is suppose to transparently manipulate Ethernet packets. It suppose to have two network interface cards having one card connected to the outside leg (i.e. eth0) and the other to the inside leg (i.e. eth1).
In a typical network layout as in the attached image, it will be placed between the router and the LAN's switch.
My plans are to write a software that hooks at the kernel driver level and do whatever I need to do to incoming and outgoing packets.
For instance, an "outgoing" packet (at eth1) would be manipulated and passed over to the other NIC (eth0) which then should be transported over to the next hope
My questions are:
Is this doable?
Those NIC's will have no IP address, is that should be a problem?
Thanks in advance for your answers.
(And no, there is no such device yet in the market, so please, "why reinvent the wheel" style of answers are irrelevant)
typical network diagram http://img163.imageshack.us/img163/1249/stackpost.png
I'd suggest libipq, which seems to do just what you want:
Netfilter provides a mechanism for passing packets out of the stack for queueing to userspace, then receiving these packets back into the kernel with a verdict specifying what to do with the packets (such as ACCEPT or DROP). These packets may also be modified in userspace prior to reinjection back into the kernel.
Apparently, it can be done.
I am actually trying to build a prototype of it using scapy
as long as the NICs are set to promiscous mode, they catch packets on the network without the need of an IP address set on them. I know it can be done as there are a lot of companies that produce the same type of equipment (I.E: Juniper Networks, Cisco, F5, Fortinet ect.)