Checking if a TCP/UDP connection is actually local
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Checking if a TCP/UDP connection is actually local
Hi everyone,
I want to be able to tell if the endpoint of a UDP or TCP connection is actually on the same machine. Using the Linux Security Module, I'm able to check the destination IP of all outgoing traffic, but I'm not sure how to get a machine's IP from inside the kernel (to compare with the destination IP) . Does anyone know how to do this?
I'm not sure exactly what you mean, but if the connection is to the destination computer, it is a 'loopback' (assuming the same interface on the same system) and the destination IP will show up as an IP starting with '127'. To get the IP addresses of the network interfaces on your machine, type 'ifconfig'. If you have more than one interface and only want to see the IP address of one of your interfaces type 'ifconfig eth0' where 'eth0' is the name of the card. Could also be 'eth1' or 'wlan0' and so on and so forth depending upon your distro and hardware. Hope that helps!
Thanks for your input, but I think I was unclear with what I'm trying to do.
I'm trying to write a kernel module that blocks certain kinds of IPC's between processes. One of those IPC's I wish to block are TCP/UDP connections that are actually local (the source and destination addresses actually refer to the EXACT same machine). I could check for an IP starting with 127, but I also want to be able to catch the case where the client fills in my machine's ACTUAL IP address (ie: it sets the address field to 123.123.123.123 instead of 127.0.0.1). This is the reason I want to be able to find the IP address(es) of a machine. And I need to be able to do this from a kernel module . Any ideas?
Or, alternatively, does anyone know HOW ifconfig does its job? I tried using strace on it but I'm too much of a newbie to see what structures and key functions the system calls access to get the information.
Does the machine have more than one NIC. You can disable loopback without writing a module IIRC. I'm not sure that it will block requests to the real IP from the same machine, you could always block incoming connections from 'localhost' on your firewall.
The problem is I can't use netstat to get this information IN the kernel itself. I'm coding inside the linux kernel. I really don't want to call a fork and execve to get netstat running to get the information I want :S.
Netstat must have some way of asking the kernel for the information...I want to know how it's doing this :S. I've tried using strace and looking through the system calls it does but I can't pinpoint exactly where the local IP address(es) are found . I need to know where in the kernel code the lookup of a machine's IP address is done (and what data structures it uses). Does anyone know where INSIDE the linux kernel code this is done?
And yes, the machine does have more than one NIC . Actually, blocking requests to the real IP from the same machine is EXACTLY my problem. I need to know given this destination address, is it mine?
First of all I would suggest you report this thread for closure (see the "Report" button) and after it's closed open a thread in either the kernel or Programming forum for this topic (and link back to it). Not only are those more appropriate fora but creating a new thread "the right way" should rid you of any userland-related answers and focus on in-kernel work.
Asserting a packet came in from the wire first (socket buffer), and Linux being efficient, it'll cache info where it can. So I think you're looking for the (RIB/FIB) route caches (of which stuff is exported to /proc for userland reading). How SKBs work says that in sk_buff you have dst_entry (packet route). So searching LXR for "struct dst_entry" could be a start else maybe the "protocol independent destination cache definitions" from include/net/dst.h. Stuff related to route caches should probably have something like "rt_cache", "rt_dst" or alike anyway, or else terms like "cache lookup" or "routing table" (yielding anything in include/net/) could be interesting (to you that is ;-p).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.