Find UDP packet source address on multihomed host

Find UDP packet source address on multihomed host

Post by MB » Mon, 30 Jun 2008 11:55:10


My C++ Win32 program runs on a multihomed host and sends UDP packets using
the sendto () Winsock API. The UDP socket is bound to INADDR_ANY (0.0.0.0)
and is used to send packets to various destination addresses. Given a
particular destination IP-address, I need to programmatically determine the
network interface that will be used or, in other words, the source
IP-address of the UDP packet. How can this be done? Also, is there perhaps a
better newsgroup to ask this question in?
 
 
 

Find UDP packet source address on multihomed host

Post by » Mon, 30 Jun 2008 12:10:56

Hi blabla,

its much better to use any name than this, believe me!

You could ask your question in one of the networking
and driver development ngs. Try "Network
Monitor" or try "Wireshark", they will help you.

See this: http://www.yqcomputer.com/
And this: http://www.yqcomputer.com/

See also here:
http://www.yqcomputer.com/ #firewall

Best way is to opeate with filters,...

Regards

Kerem

--
--
-----------------------
Beste Gr黶se / Best regards / Votre bien devoue
Kerem G黰r黭c? Microsoft Live Space: http://www.yqcomputer.com/
Latest Open-Source Projects: http://www.yqcomputer.com/
-----------------------
"This reply is provided as is, without warranty express or implied."

"MB" < XXXX@XXXXX.COM > schrieb im Newsbeitrag

the
a

 
 
 

Find UDP packet source address on multihomed host

Post by Volodymyr » Mon, 30 Jun 2008 18:16:57

Kerem, the link with tdi filter is wrong, because at tdi level you cannot
get correct source ip data. 100 % correct data are obtained only at ndis
layer.

--
Volodymyr, blog: http://www.yqcomputer.com/
(This posting is provided "AS IS" with no warranties, and confers no
rights)


> Kerem G黰r黭c? > Microsoft Live Space: http://www.yqcomputer.com/
 
 
 

Find UDP packet source address on multihomed host

Post by Kerem Gr » Tue, 01 Jul 2008 04:04:21

Hi V.,

i remebered the driver also capable of dissecting
ip data and headers. If not, i must apologize here,..

I dont have the time to look through the complete
code, but having a look at its capabilities and at
some header files including this, it is very likely that
he will get the source and destination of his udp
data:

ipc.h
net.h

Also have a look at the tdifw.conf file, where you can
deny/allow UDP/TCP/ADRESSES/PROCESSES/USERS.

I think it will help him....

Regards

Kerem

--
-----------------------
Beste Gr黶se / Best regards / Votre bien devoue
Kerem G黰r黭c? Latest Project: http://www.yqcomputer.com/
Latest Open-Source Projects: http://www.yqcomputer.com/
-----------------------
"This reply is provided as is, without warranty express or implied."
"Volodymyr M. Shcherbyna" < XXXX@XXXXX.COM > schrieb im



>> Kerem G黰r黭c? >> Microsoft Live Space: http://www.yqcomputer.com/
 
 
 

Find UDP packet source address on multihomed host

Post by Volodymyr » Tue, 01 Jul 2008 16:01:31

ell, at TDI level one is able to issue an IRP to obtain
TDI_QUERY_ADDRESS_INFO to obtain source IP + Port information, but the
problem is that in 80 % of cases the source IP is always zero. The only
reliable solution is to get it at NDIS layer.

--
Volodymyr, blog: http://www.shcherbyna.com/
(This posting is provided "AS IS" with no warranties, and confers no
rights)

"Kerem G黰r黭c? < XXXX@XXXXX.COM > wrote in message
news:% XXXX@XXXXX.COM ...


 
 
 

Find UDP packet source address on multihomed host

Post by Waleri Tod » Wed, 02 Jul 2008 12:11:18

Wouldn't getsockname() do the trick?
 
 
 

Find UDP packet source address on multihomed host

Post by Ben Voigt » Wed, 02 Jul 2008 23:20:55


For a TCP socket, yes. Not for UDP sockets, though, which don't bind to a
single IP address.
 
 
 

Find UDP packet source address on multihomed host

Post by Ben Voigt » Wed, 02 Jul 2008 23:23:59


Did you check WSASendMsg and WSARecvMsg? The IP_PKTINFO structure
supposedly gives you access to the local address and interface.
 
 
 

Find UDP packet source address on multihomed host

Post by Volodymyr » Thu, 03 Jul 2008 17:26:27

Which I believe will contain source IP as 0.0.0.0 in most of the cases ...

--
Volodymyr, blog: http://www.yqcomputer.com/
(This posting is provided "AS IS" with no warranties, and confers no
rights)