Hello all,
I am trying to receive (tcp/udp/sctp) traffic from all IPs and, eventually, all ports of an IPv6 address block using as few sockets as possible short of implementing my own network stack.
One possible solution was to associate an IP block to an interface then bind to that interface, hence the question. I am open to other suggestions as well.
I know already that:
- it can be done by adding each IP individually to the interface via 'ip add' or in code using the IF API.
and, not necessarily regarding the question that:
- restrict bind to an interface via ioctl
- bind to ANY IP to 1 PORT
The problem with first approach is that it is not scalable.
Thanks
I am working on a 12.04 LTS Ubuntu, but I prefer a generic approach on any NIX system with stable kernel (BSD-like or Linux, Solaris/Illumos if must, no comercial offerings).
Hm. There are plenty of solutions for this but no portable ones that I know of. It's not something a generic socket's really designed to do. Network devices filter out traffic that's not theirs, all the way down at the hardware level.
I foresee another problem. In the old days, a hub just copied traffic to everyone and let them sort it out (which is why network cards often filter out traffic for others in hardware), but most networks these days are switched. A switch wouldn't bother sending you a copy. Any traffic that doesn't have you as the destination mac address, you just wouldn't get. (except for broadcasts and the like of course.)
Thank you
Assuming only the traffic (which is destined to a contiguous address IPv6 block say a /64) reaches an interface (physical or virtual) by means of routing and/or filtering rules. The original question remains.
BTW: I know both BSD and Linux have ways of assigning IPs to an interface.
Let's stick with Linux for now.
I have a block of IPv6 addresess (say 1111::/64) that I routed and filtered such that only these addresses hit eth0.
then I know I can for instance say
ip addr add 1111::1/64 dev eth0
ip addr add 1111::2/64 dev eth0
and so on up to
ip addr add 1111::ffff:ffff:ffff:fffe dev eth0
which I believe it becomes unmanageable hence the original question.
Any other suggestion or hints besides using a raw socket and implementing my own stack which is doable but I do not really want to reinvent the wheel since all that is already in the kernel.
Thanks
On Linux, you would use an ioctl to put the network device into "promiscuous mode", where it would receive all packets, and use raw mode to read them from there.
Other operating systems will handle this differently.
You might take a look at darkstat, which implements generic traffic counting over an entire interface on Linux, OSX, Solaris, and Windows, probably in four different ways.
This does not bypass the switching issue. On a switched network, you won't get sent packets which aren't destined for you at all!
Hmm. Yeah assigning 18 quintillion addresses to an interface would take lots of time and RAM. I imagine it wouldn't work ..
I suppose with Linux you could use ip6tables and DNAT to rewrite the entire /64 to go to a single IP. You'd need a kernel more recent than 3.8 though. I believe ipv6 NAT was added in 3.9.0.