I am trying to set up multicast sources for an application on linux using source specific multicast (SSM) and the code is going ok (using the C interface) but I would like to verify that the system will behave as I expect it to.
Setup:
Multicast address - 233.X.X.X:9876
Source1 - 192.X.X.1
Source2 - 192.X.X.2
Interface1 - 192.X.X.100
Interface1 - 192.X.X.101
Steps
Configure so that only Source1 is sending to the multicast address
Start a reader (reader1) that binds to the multicast address and joins the multicast with ssm src as Source1 and interface as Interface1
Observe that data is seen on reader1
Do the same (reader2) but using Source2 and Interface2
Desired Outcome:
Reader1 can see the data from the multicast.
Reader2 can't see the data from the multicast.
I am concerned that the above will not be the case as in my testing using non source specific multicast an IP_ADD_MEMBERSHIP has global effect. So reader2's socket sees data because it is bound to the unique multicast address which has been joined to an interface seeing data. The info at this link under "Joining a Multicast" matches up with my observations.
It may well be that IP_ADD_SOURCE_MEMBERSHIP behaves differently to IP_ADD_MEMBERSHIP but the documentation is sparse and not specific in this regard.
Specific questions:
Is a multicast join using IP_ADD_SOURCE_MEMBERSHIP global i.e. will that cause any socket bind()'d to the multicast address to receive packets from that source.
How is SSM supposed to be used in general? does it make sense to have one multicast address with N sources?
I am inexperienced with network programming so please forgive any shortcomings in my understanding.
Thanks for any assistance.
I've worked through this and after obtaining a copy of Unix Network Programming the behaviour at least seems clear and understandable.
The answer is yes all multicast joins are global whether they be SSM or otherwise. The reason for this is that the join actually takes effect a couple of layers down from a process issuing a join request. Basically, it tells the IP layer to accept multicast packets from the source specified and provide them to any process bound to the socket with the multicast address.
SSM was actually introduced because of the limited address space of IPv4. When using multicast on the internet there are not nearly enough unique multicast addresses such that each person who want to use one could have a unique address. SSM pairs a source address with a multicast address which as a pair form a globally unique identifier i.e. shared multicast address e.g. 239.10.5.1 and source 192.168.1.5. So the reason that SSM exists is purely for this purpose of facilitating multicast in a limited address space. In the environment that our software is working in (Cisco) SSM is being used for redundancy and convenience of transmission, stacking multiple streams of data on the same IP:port combo and having downstream clients select the stream they want. This all works just fine until a given host wants access to more than one stream in the multicast, because they're all on the same multicast address all subscribed processes get all the data, and this is unavoidable due to the way the network stack works.
Final solution
Now that the behaviour has been understood the solution is straightforward, but does require additional code in each running process. Each process must filter the incoming data from the multicast address and only read data from the source(s) that they are interested in. I had hoped that there was some "magic" in built into SSM to do this automatically, but there is not. recvfrom() already provides the senders address so doing this is relatively low cost.
Related
I have a use case in which I join the membership using IP_ADD_MEMBERSHIP and after some time I have to IP_DROP_MEMBERSHIP (just before drop seq id was 1) and then again I join the membership using IP_ADD_MEMBERSHIP (for the same multicast group). I am noticing that I am getting the next packet (seqid = 2) which I think shouldn't be happening since as per my understanding IP_DROP_MEMBERSHIP should stop receiving the udp packets and flush the socket it is using and once I joined back it should be the latest packet available and to this behaviour is not consistent sometimes I am getting the latest packet only.
Please note that I do not wish to close the socket. Continue using the existing one.
Please help. I am using Centos 7.4
Try setting IP_MULTICAST_ALL to 0. It defaults to 1.
Explanation: With IP_MULTICAST_ALL 0 your OS will filter the incoming UDP packets to the groups you currently joined, which is what you expect in your description.
But this is not the default behavior on Linux.
The default (with IP_MULTICAST_ALL=1) is to receive any UDP packets which come into your socket. When you bound to 0.0.0.0 this will be all UDP packets the machine is receiving for that port, multicast and unicast, regardless whether you joined any multicast group or not. This means you will see all the artifacts of the difference between joining and leaving multicast group and the actual IGMP message sent by your machine, and you will also see all the artifacts and bugs of all the routers and switches you have in your local network. For example, when you leave a multicast group your OS may decide not to send the corresponding IGMP message at all, for example because some other socket is listening for this multicast address as well, or because the OS decides to leave with a delay. This is all perfectly allowed.
BTW, when you bind to the multicast address on Linux, this just has a filtering function and no binding function at all. You will then only receive UDP packets targeted at that particular multicast IP, regardless whether you also joined other multicast groups as well or not.
Regarding "flushing" a socket: The packet queues behind a socket are completely out of scope for your application. You cannot influence the queue state or behavior (except for reading from the queue or not) and you cannot expect any particular behavior.
In practice I would suggest:
- Bind to 0.0.0.0.
- Join and leave multicast groups appropriately.
- Inspect the target address of each UDP packet you receive and do any filtering yourself. Use IP_PKTINFO to get the destination address for each packet.
- Do not rely at all at routers and switches having any obvious and deterministic multicast routing behavior. Most of them have minute long timeouts for leaving multicast groups. This means that even when you left a multicast group (and even when you did not join) you may continue to receive multicast traffic for a couple of minutes. This masks bugs in your code and will cause a headache when trying to debug this.
This way you will not have to rely on any OS dependent behavior and you have full control of what you receive and what not.
I need to create two sockets listening on the same IP:port but on different interfaces:
socket0 receives UDP traffic sent to 224.2.2.2:5000 on interface eth0
socket1 receives UDP traffic sent to 224.2.2.2:5000 on interface eth1
It seemed pretty straight forward until I realized that Linux merges all of that into the same traffic. For example, say there's only traffic on eth1 and there's no activity on eth0. When I first create socket0 it won't be receiving any data but as soon as I create socket1 (and join the multicast group) then socket0 will also start receiving the same data. I found this link that explains this.
Now this actually makes sense to me because the only moment when I specify the network interface is when joining the multicast group setsockopt(socket,IPPROTO_IP,IP_ADD_MEMBERSHIP,...) with ip_mreq.imr_interface.s_addr. I believe this specifies which interface joins the group but has nothing to do with from which interface your socket will receive from.
What I tried so far is binding the sockets to the multicast address and port, which behaves like mentioned above. I've tried binding to the interface address but that doesn't work on Linux (it seems to do so on Windows though), you don't receive any traffic on the socket. And finally, I've tried binding to INADDR_ANY but this isn't what I want since I will receive any other data sent to the port regardless of the destination IP, say unicast for example, and it will still not stop multicast data from other interfaces.
I cannot use SO_BINDTODEVICE since it requires root privileges.
So what I want to know is if this is possible at all. If it can't be done then that's fine, I'll take that as an answer and move on, I just haven't been able to find any way around it. Oh, and I've tagged the question as C because that's what we're using, but I'm thinking it really might not be specific to the language.
I haven't included the code for this because I believe it's more of a theoretical question rather than a problem with the source code. We've been working with sockets (multicast or otherwise) for a while now without any problems, it's just this is the first time we've had to deal with multiple interfaces. But if you think it might help I can write some minimal working example.
Edit about the possible duplicate:
I think the usecase I'm trying to achieve here is different. The socket is supposed to receive data from the same multicast group and port (224.2.2.2:5000 in the example above) but only from one specific interface. To put it another way, both interfaces are receiving data from the same multicast group (but different networks, so data is different) and I need each socket to only listen on one interface.
I think that question is about multiple groups on same port, rather than same group from different interfaces. Unless there's something I'm not seeing there that might actually help me with this.
Yes, you can do what you want on Linux, without root privileges:
Bind to INADDR_ANY and set the IP_PKTINFO socket option. You then have to use recvmsg() to receive your multicast UDP packets and to scan for the IP_PKTINFO control message. This gives you some side band information of the received UDP packet:
struct in_pktinfo {
unsigned int ipi_ifindex; /* Interface index */
struct in_addr ipi_spec_dst; /* Local address */
struct in_addr ipi_addr; /* Header Destination address */
};
The ipi_ifindex is the interface index the packet was received on. (You can turn this into an interface name using if_indextoname() or the other way round with if_nametoindex().
As you said on Windows the same network functions have different semantics, especially for UDP and even more for multicast.
The Linux bind() semantics for the IP address for UDP sockets are mostly useless. It is essentially just a destination address filter. You will almost always want to bind to INADDR_ANY for UDP sockets since you either do not care to which address a packet was sent or you want to receive packets for multiple addresses (e.g. receiving unicast and multicast).
What exactly does SOL_IP mean as the API level of the setsockopt function
and what exactly does the IPT_SO_SET_REPLACE switch do?
I tried to search for both in Google but I found nothing.
Please help me understand them (if you can expand and explain with examples I'd really appreciate it)
SOL_IP is the network layer being addressed by the socket option. For example, an ordinary TCP socket encompasses the TCP layer, then the IP layer under it, and so forth. setsockopt is used to pass miscellaneous instructions down to a particular layer to request some service, feature or operation: basically anything that you might need to configure that doesn't directly match up with a system call. (The "API level" referred to in the man page is basically the same thing that I'm calling "layer" here.)
Some that you often see in linux programs (and examples of use) include:
SOL_PACKET (configure packet ring, add/drop multicast group memberships)
SOL_IP (set/configure various IP packet options, IP layer behaviors, [as here] netfilter module options)
SOL_TCP (TCP_NODELAY, TCP-specific keepalive params)
SOL_SOCKET (REUSEADDR, keepalives)
The layers you can address in a setsockopt depend on the kind of socket that you created. Here, it's the IP layer being addressed.
In this case, the option being passed down is IPT_SO_SET_REPLACE -- it's not a "core" IP option, but is provided by the IP Tables module, which (IIUC) links itself into the network stack via the "netfilters" interface. I'm not familiar with IP Tables details, but the option appears to be an instruction to IP Tables to replace a set of rule table entries. I think using it would require pretty intimate knowledge of IP Tables to use this socket option.
Just to focus on IPT_SO_SET_REPLACE option.
It is to replace the iptable with a new chain rule (see -R option):
https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html
http://ipset.netfilter.org/iptables.man.html
The above are the command line option to use. If you want to see the C program, just "apt-get source iptables" to get the source code, and then view libiptc/libiptc.c to see how SO_SET_REPLACE is used:
ret = setsockopt(handle->sockfd, TC_IPPROTO, SO_SET_REPLACE, repl,
sizeof(*repl) + repl->size);
if (ret < 0)
goto out_free_newcounters;
Which is essentially is to replace the new chain rule, by creating and compiling a new iptable.
More info:
https://en.wikipedia.org/wiki/Iptables
I have a C Linux program that uses raw sockets to read incoming tcp/udp packets.
I would like to apply a filter so that only packets sent from a certain IP address reach my socket.
Is it possibile or am I supposed to receive necessarily every packets and then check source address field? I'm a bit concerned about cpu usage in the latter case.
Thank you.
It also depends on the processor that is being used by you. Some processor have features such as built-in hardware to filter packets based on rules involving input port, source ip address and type of protocol(TCP / UDP / etc..). This in-turn can reduce the load as hardware filtering has better performance than software filtering.
I want to make a chat room using raw socket in C. I have following problems:
Q 1 : Can I use select function to handle multiple connections in case of raw sockets ?
Q 2 : Port nos in sockets are real ports or logically implemented for various applications on transport layer??
Q 3 : I am having one computer only so using lo ( local loop) as my interface. So the process which is initiating the chat has send first and then receive call, so it's receiving it's own data. How to restrict it?
Any help would be appreciated since that would help me in increasing my confidence on raw sockets.
Thanks :)
If you want this to be a real, usable chat system, stop. Don't use raw sockets. Huge mistake.
If you are just playing around because you want to put “raw sockets” under the “Experience” section of your résumé, you may read on.
You can use the select function to detect when a raw socket has a packet available to receive, and when it can accept a packet to transmit. You can pass multiple file descriptors to a single call to select if you want to check multiple raw sockets (or whatever) simultaneously.
Port numbers are part of the TCP and UDP protocols (and some other transport layer protocols). The kernel doesn't look for port numbers when receiving packets for raw sockets.
The raw(7) man page‚ states:
All packets or errors matching the protocol number specified for the raw socket are passed to this socket.
And it also states:
A raw socket can be bound to a specific local address using the bind(2) call. If it isn't bound, all packets with the specified IP protocol are received.
Therefore you probably want to at least use different IP addresses for each end of the “connection”, and bind each end to its address.
“But!” you say, “I'm using loopback! I can only use the 127.0.0.1 address!” Not so, my friend. The entire 127.0.0.0/8 address block is reserved for loopback addresses; 127.0.0.1 is merely the most commonly-used loopback address. Linux (but perhaps not other systems) responds to every address in the loopback block. Try this in one window:
nc -v -l 10150
And then in another window:
nc -s 127.0.0.1 127.0.0.2 10150
You will see that you have created a TCP connection from 127.0.0.1 to 127.0.0.2. I think you can also bind your raw sockets to separate addresses. Then, when you receive a packet, you can check whether it's from the other end's IP address to decide whether to process or discard it.
Just curious, why do you want to use raw sockets? Raw sockets (AF_INET, SOCK_RAW) allow you to send out "raw" packets, where you are responsible for crafting everything but the MAC and IP layers.
A1: There are no "connections" with raw sockets. Just packets.
A2: There are no "ports" with raw sockets. Just packets. "Port numbers" as we know them are part of the TCP or UDP protocols, both of which are above the level at which we work with raw sockets.
A3: This is not specific to raw sockets - you would have this issue regardless of your protocol selection. To really answer this, we would need to know much more about your proposed protocol, since right now, you're simply blasting out raw IP packets.