Thread: HELP socket programming!!

  1. #1
    Registered User
    Join Date
    Aug 2009
    Posts
    16

    Question HELP socket programming!!

    Hi I am Rishi studying in Loughborough University UK, I have got a project to do where I have to use libtrace library to get the standard 5 tuple values(Source and Destination Address, Source and Destination Port, and the sequence No.) for determining the flows in a Pcap file I have been provided its a passive analysis of packet. I have all those 5 tuples with me and I have used struct sockaddr and struct sock addr_in for getting the source address whereas I have used sa_data for getting the destination address, getting the port and sequence no. is not tough using the libtrace library .

    I am new to Linux for the first thing and I havent used socket programming before m a newbie now what I want to do in order to determine the flows in the packet is to compare all the 5 tuple values of the packet so that I am able to distinguish the flows later in incoming and outgoing flows, but I dont know how to make the pointer to point at the next source and destination address and also the port No.'s. I would be really obliged if anyone can help me with this.

    Thanks and Regards
    Rishi.

  2. #2
    Registered User
    Join Date
    May 2009
    Posts
    60
    linked list?

  3. #3
    Registered User
    Join Date
    Aug 2009
    Posts
    16
    Would you please elucidate that ..... what exactly do you mean to say .....??

  4. #4
    Registered User
    Join Date
    Sep 2004
    Location
    California
    Posts
    3,268
    I'm not sure what you are asking for. The only part of your post that resembled a question or problem is this:
    I dont know how to make the pointer to point at the next source and destination address and also the port No.'s
    Not much to go off of there. Can you post a little code which better illustrates the problem you are having? It doesn't need to be complete, just something that helps us to better understand what you need.
    bit∙hub [bit-huhb] n. A source and destination for information.

  5. #5
    Registered User
    Join Date
    Aug 2009
    Posts
    16
    Code:
    sa = trace_get_source_address(packet, &addr);
    	printf("packet is type %d af_inet=%d\n", sa->sa_family, AF_INET);
    	if (sa->sa_family == AF_INET) {
    	  /* ipv4 packet */
    	  struct sockaddr_in *sa_in = (struct sockaddr_in *) sa;
    	  printf("Source Address:%s\n", inet_ntoa(sa_in->sin_addr));
    	  // buffer[20]= 0;
     
    	} else if (sa->sa_family == AF_INET6) {
    	  /* ipv6 packet */
    	} else {
    	  /* unknown packet */
    	}
    	sport=trace_get_source_port(packet);
    	printf("Source Port is: %d\n", htons(sport));
    	bind(sockfd, (struct sockaddr *)&sa, sizeof(struct sockaddr));
    
    	sd=trace_get_destination_address(packet, &daddr);
    	sd->sa_data;
    	struct sockaddr_in *sd_in = (struct sockaddr_in *) sd;
    	printf("Destination Adress:%s\n", inet_ntoa(sd_in->sin_addr));
    	 
    	dport=trace_get_destination_port(packet);
    	printf("Destination port is: %d\n", htons(&dport));
    	bind(sockfd_d, (struct sockaddr *)&sd, sizeof(struct sockaddr));
    
    	
    	libtrace_tcp_t *t=trace_get_tcp(packet);
    	printf("Sequence No. for this packet is: %u\n", ntohl(t->seq));
    	while(i<count)
    	{i++;
    		/*sa_p = sa.sa_in->sin_addr;
    		sd_p1 = &sd;
    		sport_p == sport;
    		dport_p == dport;*/
    		//libtrace_tcp_t *t_p = *t;
    		
    		while(i<count) 
    		{
    			if(sockfd=sockfd++ && sockfd_d == sockfd_d++)
    			{
    				//x=sockfd++;
    			
    				if((sport=sport++) && (dport=dport++))
    				{
    					if(t = t++)
    			                {
    					count_flow++;
    						
    					}
    				}
    			}
    		i++;		
    		}
    	}
    	printf("No. of flows in the packet are: %d\n", count_flow);



    Above is the piece of code and I am having problem:

    Code:
    if(sockfd=sockfd++ && sockfd_d == sockfd_d++)
    
    if((sport=sport++) && (dport=dport++))
    
    if(t = t++)

    I have tried lots of things but all proved futile then I used this bind it works fine with the socket address but port address itself is integer. Now I dont know my code runs fine but it returns the same no. of flows as the no. of packets means something is going wrong with it. Please help somebody.

  6. #6
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Quote Originally Posted by Rishi. View Post
    I am new to Linux for the first thing and I havent used socket programming
    You are new to programming, period. That is fine, but you are very "long-winded".

    Quote Originally Posted by bithub View Post
    I'm not sure what you are asking for. The only part of your post that resembled a question or problem is this:
    Quote Originally Posted by Rishi. View Post
    I dont know how to make the pointer to point at the next source and destination address and also the port No.'s. I would be really obliged if anyone can help me with this.
    Not much to go off of there. Can you post a little code which better illustrates the problem you are having? It doesn't need to be complete, just something that helps us to better understand what you need.
    bithub is correct. Reading your post was like working in an autoshop and listening to someone explain how their uncle is getting married tomorrow and some people are coming to the wedding on train A while other people are coming on train B, and that you finally got the DJ booked at the last minute which is good because you have to have music. Also, you are of course wearing your favourite suit but your girlfriend does not like it because she thinks it will clash with her dress while you are sure that it will be fine. The food will be a surprise arranged by your uncle himself, who always puts on a good spread and you haven't eaten in two days just to save up. Finally, the question remains: Is there a bathroom in the autoshop and can I use it?

    Sure. But you are not doing yourself any favours adding all the irrelevant (but exciting!) extra information when you want to use a toilet. So if you do post some code, please do not post all of the code you have written so far.

    [edit] sorry, I got so excited writing this myself I missed your last post. Will look...
    Last edited by MK27; 08-12-2009 at 12:50 PM.
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  7. #7
    and the Hat of Guessing tabstop's Avatar
    Join Date
    Nov 2007
    Posts
    14,336
    In an attempt to answer what your question could possibly be, you can't just lean on the = key and sometimes type = and sometimes type == (and I suppose sometimes type ==========). They mean different things, and you should take pains to use the right one.

  8. #8
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Okay, here's a few basic things:
    Code:
    if(sockfd=sockfd++ && sockfd_d == sockfd_d++)
    			{
    				if((sport=sport++) && (dport=dport++))
    				{
    Most of those (the ones in red) are not conditions at all, they are assignments (= instead of ==). That is possibly okay, except the second set which thus has no condition at all -- it is just a pair of assignment. It's not clear that's what you want since there is an "if", and the left side of the assignment is pointless (just use "dport++" instead of "dport=dport++".

    However, most significantly, the condition in magenta is by definition always true. If sock_fd is 4, or 666, or 12 million, it will still always == itself. "sock_fd++" increments the value AFTER this comparison is made. "++sock_fd" would increment it first, but then the condition would, by definition, NEVER be true.

    So I'm not sure what you are trying to do here, but it looks as if you have maybe gone the wrong way somehow. I have used pcap, but not libtrace, and I understand the basics of socket programming and packet analysis.
    Last edited by MK27; 08-12-2009 at 01:11 PM.
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  9. #9
    Registered User
    Join Date
    Aug 2009
    Posts
    16
    Thanks tabstop and MK27 for replying .... I really appreciate .... MK27 M sorry for using excessive words instead should have asked the way for the "toilet". Well, I have got all the values needed for analysing a packet. I have a pcap file and I have to jump from one source address to the next packets source address checking if they are same and I have to do it for the whole pcap file I have been provided. But I dont know how to make the pointer to point at the next packet for comparison.

  10. #10
    Registered User
    Join Date
    Aug 2009
    Posts
    16
    And m comparing all these values to find out the no. of flows and then distinguish them for incoming flows and outgoing flows, between two addresses.

  11. #11
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Quote Originally Posted by Rishi. View Post
    But I dont know how to make the pointer to point at the next packet for comparison.
    If you are referring to all the port numbers you were trying to process: those are not pointers!

    I have written a packet sniffer using pcap, but I am not familiar with this "pcap" file you are referring to. What is it?

    Are you using pcap_loop()?

    Quote Originally Posted by Rishi. View Post
    And m comparing all these values to find out the no. of flows and then distinguish them for incoming flows and outgoing flows, between two addresses.
    Where did you acquire the socket file descriptors? (I'm guessing that's what sock_fd etc are.)

    What do you mean by "flow" -- or more specifically, what makes one flow separate from another -- the local address (source or destination) or is a flow from one specific address to another specific address? I presume that is why you are concerned with the port numbers, but you may have to collect a list of the actual ports as they are referred to (unless pcap does that). You certainly should not just iterate thru all possible port numbers.

    Networking stuff in C is tricky IMO, so don't feel too bad And sorry if I seemed "rude" earlier.
    Last edited by MK27; 08-12-2009 at 04:36 PM.
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  12. #12
    Registered User
    Join Date
    Aug 2009
    Posts
    16
    Thanks again for replying, As I said earlier m writing a code for passive analysis of packets. I have a bundle of packets and they are in ".pcap" format. I am not trying to go through all the port No.'s but instead checking the whole .pcap file for the same port No.'s. A Flow is a
    stream of data for one established connection from source to destination. Flows are bidirectional what distinguish from one flow to another is the 5 tuple value I had spoken about earlier.

    I am not using libpcap and any of its function, m using libtrace. I have solved the problem for the pointer thanks MK27 your suggestion was really helpful now the only problem m getting is with comparing sequence No.'s. I have tried a lot of things but everything proved futile. Below is the piece of code.

    Code:
    	while(i<count)
    	{
    		while(x<count) 
    		{
    			//count_flow +=1;
    			if(sockfd==++sockfd && sockfd_d == ++sockfd_d)
    			{
    				x=++sockfd;
    			
    				if((sport_p==++sport_p) && (dport_p==++dport_p))
    				{//x=int(sport_p++);
    				//t_p=int(sport);
    				//printf("both the port locations are: %d, %d", x, t_p);
    				
    	                                if((*y=*t) == (*z=*(++t)))
    					{//printf("%d, %d,", t, ++t);
    						count_flow++;
    						
    					}
    				}
    			}
    		x++;		
    		}
    		i++;
    	}

  13. #13
    Registered User
    Join Date
    Aug 2009
    Posts
    16
    The sequence no. part is:

    Code:
    if((*y=*t) == (*z=*(++t)))
    					{//printf("%d, %d,", t, ++t);
    						count_flow++;
    						
    					}

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Function call from another .c module
    By Ali.B in forum C Programming
    Replies: 14
    Last Post: 08-03-2009, 11:45 AM
  2. Problem with socket descriptors
    By McKracken in forum C Programming
    Replies: 1
    Last Post: 07-22-2009, 08:51 AM
  3. socket programming question, closing sockets...
    By ursula in forum Networking/Device Communication
    Replies: 2
    Last Post: 05-31-2009, 05:17 PM
  4. when to close a socket
    By Wisefool in forum Networking/Device Communication
    Replies: 5
    Last Post: 11-02-2003, 10:33 AM
  5. socket newbie, losing a few chars from server to client
    By registering in forum Linux Programming
    Replies: 2
    Last Post: 06-07-2003, 11:48 AM

Tags for this Thread