Is it possible to interface a database containing IP address with RYU controller where the incoming packet IP address is compared and a result is sent to the controller as true or false?
you can use a Python package called NetworkX which will store the network topology as a graph and store all of the devices as nodes in that graph then you can get any information about the network such as a host IP.
https://networkx.github.io/
Related
Below is my scenario:
I am calling API Management from Logic APP.
I want to restrict IP Address so that only Logic App can call the API Management.
I am using the IP Filter as shown below for the IP Address mentioned here
<ip-filter action="allow | forbid">
<address>40.112.243.160</address>
<address>address</address>
</ip-filter>
But I am not able to figure out the IP Address that's coming in to API Management. Its different than the list of IP Address provided in this link. It starts with 10...*.
Am I missing anything here?
As far as I know, there is a list of outbound IP addresses for Azure Logic App per region. For more details, you can refer to the doc. If you want to avoid other users with the Logic App in the same region to have access to your resource or get a static single IP address, you can further use Azure API Management to act as a reverse proxy for the Logic App. And then use the policy in the APIM as below:
<ip-filter action="allow | forbid">
<address>address</address>
<address-range from="address" to="address" />
</ip-filter>
All logic apps in a region use the same ranges of IP addresses. To support the calls that logic apps directly make with HTTP, HTTP + Swagger, and other HTTP requests, set up your firewall configurations in your APIM so they include these outbound addresses, based on where your logic apps exist:
Here is the list of IP address of Logic App based on the region.
You could use the ip-filter policy filters (allows/denies) calls from specific IP addresses and/or address ranges in your APIM.
Policy statement
<ip-filter action="allow | forbid">
<address>address</address>
<address-range from="address" to="address" />
</ip-filter>
You could get your logic app ip address from this link. Then you could set APIM like:
<ip-filter action="allow">
<address>address1</address>
<address>address2</address>
<address>address3</address>
</ip-filter>
Update:
But I am not able to figure out the IP Address that's coming in to API Management. Its different than the list of IP Address provided in this link.
When you use logic app to call APIM, you could see the X-Forwarded-For attribute in output which is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer.
Here is my test snapshot. My logic app location is eastasia and my IP address is 13.75.94.173 which is inside the East Asia Outbound IP of Logic App.
Please if you can help me about my problem. On one side I have server with IP 172.27.13.2 connected to the WAN interface of router 172.27.13.1 ...Then on wireless LAN of my router 192.168.1.1 I have connected a few clients. Now I will write code in C where client are requesting some UDP streams from server, then server broadcasts streams to clients, and if some packets get lost clients must send NACK to server. My questions is:
Because server and clients are on different subnets how can I broadcast from server?
And how the client can send request and NACKs to server because they are in different subnets?
Are these problems can be solved by router configurations or in C code?
Thank you for helping
You cannot broadcast to different subnets. Routers do not usually forward broadcast packets to different subnets, unless you have a very special router that can be configured properly (e.g. Cisco ...). You could however use multicast for such a task. Here's a C example
Also check this: UDP broadcast packets across subnets
NOTE: some includes in the c example are missing, but they are easy to find
As both server & users are in different subnets .As router donot forward broadcast .But we have solution by modifying the router configuration .
If you have cisco router & users are connected on cisco switch ,you can use ip helper address command on switch on vlan .You can allow udp packet on router ACL
I have been working with Raw Berkeley Sockets in C, which allow the programmer to access Layer 2 (IP Headers) of the Internet Protocol Suite. I would like to know how the raw sockets handle transport on Layer 1 (Link Layer), specifically with regard to wireless local area networks.
For example, how does the socket know which network interface (eth0 or wlan0) to send the packet to?
If I am behind a wireless router, should I still fill the IP Source Address of my IP Header with my LAN address (192.168.1.1), or with the internet address (74.125.226.68) of my router?
If I do fill the IP Source address with my LAN address (192.168.1.1), does the IP Header get changed when it goes through the router, or does it stay that way, so that the receiving end of the packet attempts to send the response to a local host on its network?
I would appreciate any insights in this area.
For example, how does the socket know which network interface (eth0 or wlan0) to send the packet to?
You can use the socket option SO_BINDTODEVICE to bind your socket to a specific interface. Otherwise, the operating system chooses one.
If I am behind a wireless router, should I still fill the IP Source Address of my IP Header with my LAN address (192.168.1.1), or with the internet address (74.125.226.68) of my router?
You should use your LAN address. The router is responsible to take care of NAT (network address translation) if necessary.
If I do fill the IP Source address with my LAN address (192.168.1.1), does the IP Header get changed when it goes through the router, or does it stay that way, so that the receiving end of the packet attempts to send the response to a local host on its network?
If NAT is enabled at the router, the source address is changed to reflect the router's external address. Otherwise, your packages are likely to be dropped by routers or firewalls, because your source address is invalid in their context.
My question is, how to connect to socket on romote mechine?
I can only connect sockets on same network..
I wrote a simple code (in c), that simulate a server (open socket and listen for client). in Mac.
I'm trying to connect this socket as a client from iPhone (with simple objectiv-c code).
If my internet on both, server and client, is on the same network (WiFi) and in client I trying to connect to 192.168.1.x, it's working.
But when, in client, I'm trying to connect via external IP (with the same port) connection is failed.
I never did this bofore. Maybe I miss somthing.. I've tried to turn my FireWall off. It did not help.
Thanks.
Edit: If it's not clear.. my Mac is connected by router.
In a setting like this, the "external IP" would typically be the IP of the router. In all likelihood you'll need to configure the router to forward the relevant port to the internal IP address.
It could also be the case that for the port forwarding to work, the request has to come in on the external (WAN) interface. This depends on how the router is configured. If that's the case, you'll need to make sure that you're accessing the external IP via the cellular network and not the Wi-Fi connection on your iPhone.
If you're connecting to your server via a local IP address (i.e., you're connecting to another machine on the same local router via a delegated DHCP address), then your issue is on the network, not the IP-stack of the local machine.
You'll need to look into your router settings ... many routers will block a number of services, especially those on custom ports, in order to prevent malicious attacks from sources external to the local network.
I'm new to this forum (at least at asking questions), so please be patient. I'm trying to write simple client-server applications to communicate using datagram (UDP) sockets, with C and Windows.
The scenario is very simple, I want to be able to send/receive data from a machine in some local network (behind a GATEWAY/NAT) to some host having public IP. I can send the data, but it seems impossible to receive any data back, because the remote server can't see the client's local IP.
I don't want the user to perform manual port forwarding on the GATEWAY, and I also don't want to use UPnP because of security issues (though it also should be enabled by the user).
I think it is possible because applications like Skype or Browsers can do it, but how ?
Are there some automatically forwarded ports or things like that ? I'm exhausted of searching the web ... PLEASE HELP !
For UDP connections, most home NAT gateways will automatically create a temporary reverse mapping for each outbound packet.
Consider a scenario where your client is running on the internal machine with IP address 192.168.4.5, sending a UDP packet from port 65000 to the external address 64.34.119.12:6789, via a gateway with external IP address 192.0.43.10. When the gateway sees your internal client send a UDP packet from 192.168.4.5:65000 to the external address, it will NAT it to an external address and port, like 192.0.43.10:5500. Your server will see a packet with a source address of 192.0.43.10:5500 and destination address 64.34.119.12:6789. The router also sets up a reverse mapping, so that if it sees a packet arrive on the external interface with a source of 64.34.119.12:6789 and a destination of 192.0.43.10:5500, it will redirect it back to 192.168.4.5:65000. This mapping typically times out after a short while.
This means that in simple cases, all you need to do is:
On the client, use the same port to send to the server and listen for responses;
On the server, respond to the client at the address and port that the client's packet was receieved from, using the same server port that recieved the packet;
Have the client send the initial packet in the conversation;
Don't leave the "connection" idle for more than a few minutes at a time.