Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Verify TCP connection is from same machine by MAC address

Tags:

c

linux

sockets

mac-address

Please don't criticise the solution. It's not my design and yes, it sucks.

On a computer running Linux, and using C, we need to verify that a TCP connection made to a process is from the same machine. Doing it by IP address is problematic since the OS is generating two IP addresses and the process only knows one. Anyway, verifying by IP address is a bit poor.

We want to do the verification by comparing the "remote" MAC address to the local MAC address. We already get the local MAC address. All I need to know is how to get the "remote" MAC address. It's in the packet that gets sent when forming the connection (and in all subsequent ones too). How do we drag it out of the ethernet layer?

Before anyone says this again, I KNOW you cannot get the MAC address of the remote host if it's not on the same subnet/LAN. That's fine. Presumably we'll get something like 00:00:00:00:00:00 and since that is different to the local MAC address it will be different - just what we want.

--

So, to summarise, we have a TCP connection socket fd, we've received a data packet, how do we then find the MAC address of the remote host, the MAC address that was in the packet's header?

like image 876
AlastairG Avatar asked Aug 03 '11 13:08

AlastairG

2 Answers

If I understand correctly, you are not trying to tell remote machines apart, but to use the idea that the source and destination MAC would match on traffic sent from a machine to itself in order to allow only local traffic.

This seems rather roundabout, and has been pointed out, insecure.

A somewhat better idea might be to have the TCP client listen only on the loopback interface (127.0.0.1) and not on INADDR_ANY. Or go a step further and use a unix-domain socket instead of a TCP one (a common method used by X servers today to prevent the possibility of remote connections)

like image 125
Chris Stratton Avatar answered Nov 03 '22 00:11

Chris Stratton

The MAC address of a live same-subnet TCP connection will almost certainly be in the ARP cache.

On Linux, you could examine the ARP cache by looking in /proc/net/arp. Here is what it looks like on my Ubuntu box:

aix@aix:~$ cat /proc/net/arp
IP address       HW type     Flags       HW address            Mask     Device
10.0.0.32        0x1         0x2         00:1e:4f:f5:be:dc     *        eth0
10.10.10.1       0x1         0x2         00:1f:6c:3e:02:e3     *        eth0

There's probably some callable API that you could use to get to the same data if you're averse to parsing the pseudo-file.

like image 32
NPE Avatar answered Nov 03 '22 00:11

NPE
Sign in to Comment

Related questions

Passing array of character strings to function
What is the limit of optimization using SIMD?
Makefile circular dependency
Average execution time
Need help optimizing algorithm - sum of all prime numbers under two million
Splitting a line in C/C++ using whitespace as delimiter [duplicate]
Can we benchmark how fast CUDA or OpenCL is compared to CPU performance?
Polymorphism in C
Why should we nullify pointer after freeing memory by free()? [duplicate]
Cuda code #define error, expected a ")"
Creating an array of int arrays in C?
Is the memcpy() function reentrant?
Decimal to octal in C
Can this be atomically executed?
Linux programming: which device a file is in
How to resolve REG_EIP undeclared (First use in this function ) error on Linux 32 bit machine?
How do you determine the path of the file that a symlink points to?
Difference between mutex lock and pthread_join
Strange behavior of float in function definition. And declaration-definition mismatch, yet it works, how?
About the delivery of standard signals

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!