Thread: Multicast Problem - Operation Not Permitted

Hello. I'm attempting to understand network programming in particular Multicasting originally with Python but I hit upon a privilege problem when executing my Python scripts. To try and get round the problem I thought I'd try similar things in C but I still get the same problem i.e. Operation not permitted.

As my learning material I am using the book 'UNIX network programming Volume 1' from Addison Wesley and using code from chapter 21, Multicasting. At first I just simply wanted to send a multicast packet and watch the packets on the network using wireshark. The following is the some code I have taken from the above book, section 21.10 (I have commented out the functions to do with receive:

Code:

#include	"unp.h"

void	recv_all(int, socklen_t);
void	send_all(int, SA *, socklen_t);

int
main(int argc, char **argv)
{
	int					sendfd, recvfd;
	const int			on = 1;
	socklen_t			salen;
	struct sockaddr		*sasend, *sarecv;

	if (argc != 3)
		err_quit("usage: sendrecv <IP-multicast-address> <port#>");

	sendfd = Udp_client(argv[1], argv[2], (void **) &sasend, &salen);
	printf("Send socket is: %i\n",sendfd);
	//recvfd = Socket(sasend->sa_family, SOCK_DGRAM, 0);

	//Setsockopt(recvfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));

	//sarecv = Malloc(salen);
	//memcpy(sarecv, sasend, salen);
	//Bind(recvfd, sarecv, salen);

	//Mcast_join(recvfd, sasend, salen, NULL, 0);
	//Mcast_set_loop(sendfd, 0);

	//if (Fork() == 0)
	//	recv_all(recvfd, salen);		/* child -> receives */

	send_all(sendfd, sasend, salen);	/* parent -> sends */
}

The code for send_all():

Code:

#include	"unp.h"
#include	<sys/utsname.h>

#define	SENDRATE	5		/* send one datagram every five seconds */

void
send_all(int sendfd, SA *sadest, socklen_t salen)
{
	char		line[MAXLINE];		/* hostname and process ID */
	struct utsname	myname;

	if (uname(&myname) < 0)
		err_sys("uname error");;
	snprintf(line, sizeof(line), "%s, %d\n", myname.nodename, getpid());

	for ( ; ; ) {
		printf("Attempting to send.\n");
		Sendto(sendfd, line, strlen(line), 0, sadest, salen);

		sleep(SENDRATE);
	}
}

The code for Sendto() I cannot find as yet within the book, but I believe it is a wrapper function for the system function sendto().

Unfortunately, when I execute the compiled code I get the following error (even if I use 'sudo' too)

sendto error: Operation not permitted

Can anyone tell me how to get permissions to do this as even 'sudo' doesn't work.
(I'm using Ubuntu 10.04)

Have you checked your firewall/iptables? I guess this was your Python attempt then?

Originally Posted by rags_to_riches

Have you checked your firewall/iptables? I guess this was your Python attempt then?

Yes that was me.

I am just checking the iptable of my machine now and I see the following:

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 192.168.2.4 . tcp dpt:domain
ACCEPT udp -- 192.168.2.4 . udp dpt:domain
ACCEPT all -- anywhere anywhere
DROP all -- base-address.mcast.net/8 anywhere
DROP all -- anywhere base-address.mcast.net/8
DROP all -- 255.255.255.255 anywhere

That highlighted in bold means I cannot send to 'base-address.mcast.net/8 but what is that value ?

I've just discovered that while 224..0.0.251:3535 is not permitted, 225.0.0.37:12345 is !
(code example HERE, though the IP works with my code posted above too.

So as you say i need to look into(and learn) about the iptables in my machine.

So if an address is not allowed in the iptable, the C functions will return with an error? I just assumed they would silently fail..but perhaps I'm being misled by the term 'DROP' in iptables.

Yes, it was indeed my iptables that needed adjusting. Oddly though even though packets that are to be rejected are set to DROP, it appears this is reported back to the OS.

From reading a couple of books I have on the subject, DROP should drop the packets silently whereas REJECT should drop them but report this back to the OS. Can anyone clarify this?

CodeBugs,

According to the iptables man page, IPTABLES, the drop target will prevent the kernel (OS) from sending the packet up the protocol stack to the recipient application.

Reject, on the other hand, according to the same man page, IPTABLES, will not only prevent the packet from being moved up the protocol stack, but will also "...send back an error packet in response to the matched packet."

Otherwise they are equivalent. I'm not sure how you mean OS, and I don't get to use this material very much. It helps me to apply it. Did that answer your question?

Best Regards,

New Ink -- Henry