1

I am working a C program that is uses sockets to implement tcp networking in a server application that I am working on. I was wondering is it possible to disable the tcp/ip stack of the kernel so my system do not interfere with incoming connection sync requests and IP packets.

Or I must compile kernel to disable it please tell if this is the case.

On this question How to create a custom packet in c?

it says

Also note that if you are trying to send raw tcp/udp packets, one problem you will have is disabling the network stack automatically processing the reply (either by treating it as addressed to an existing IP address or attempting to forward it).

If thats the case then how can it be possible.

Or is there any tool or program in Linux that can be used to achieve this like this comment Disable TCP/IP Stack from user-space

There is of course the counterintuitive approach of using additional networking functionality to disable normal networking functionality: netfilter. There are a few iptables matches/targets which might prove beneficial to you (e.g., the “owner” match that may deny or accept based on PID or UID). This still means the functionality is in the kernel, it just limits it.

if someone knows from right above then how can this be done are there any commands?

user786
  • 3,902
  • 4
  • 40
  • 72
  • 1
    I would suggest using netfilter to send the relevant received packets to user space, thereby bypassing normal TCP processing for those packets. https://home.regit.org/netfilter-en/using-nfqueue-and-libnetfilter_queue/ – JimD. May 10 '21 at 01:57
  • @JimD. Can I get ethernet frames in netfilter `C` program? – user786 May 13 '21 at 04:59
  • I'm not sure. Do you really need the ethernet encapsulation or is the IP packet good enough, which for sure you can get. @user786 – JimD. May 13 '21 at 09:35
  • Ok, I remember now. netfilter operates post IP defragmentation, so it will give you entire IP packets, not fragments. If you want the ethernet frames, you are effectively going to have to implement IP (including fragment reassembly) in addition to TCP and netfilter is not for you. – JimD. May 13 '21 at 09:41
  • @JimD. Why do I need to implement tcp? Can I create tcp socket and listener plus ethernet frames sniffer and do reponse i.e. using raw sockets. This way I am thinking I will have all the headers plus connected client. Just transmitting packet with html payload . Does it sound right? Implementing tcp will require me to have a reference code to have seen tcp implemented in C. I searched a lot but there is none on github. – user786 May 13 '21 at 11:13
  • I'm confused about what your are trying to do. I understood your question to mean that you wanted to implement TCP in C and that you were going to use a raw socket to read and write frames, but that your problem was that the native TCP stack would also process the replies. Netfilter can help you do this if you are willing to read and write IP packets. If you want to read and write raw ethernet frames, then you will have to implement IP, for example, because raw ethernet frames will contain IP fragments that you won't even be able to tell if they are part of your TCP flow until reassembled. – JimD. May 14 '21 at 02:00
  • Ok, I think what you want to do is open a regular socket and listen for, e.g., an http request and then send a reply using a raw socket. To do so, you will have to have follow the original TCP connection to know was sequence number to send and ack, and since the native TCP stack did not send it you will have to handle retransmission. If the response is lengthy, you will have to implement congestion control. If you get an ICMP Fragmentation Required you will have to process it. You will have to have some sort of TCP implementation to reply with TCP. – JimD. May 14 '21 at 02:22
  • @JimD. Can I do port forwarding to stop the kernel from replying from one port to my server app port on same system. If there any command? – user786 May 14 '21 at 05:32
  • 1
    Simplest thing to do is to use the iptables DROP target. But then when client sends a SYN, you will have to send back a SYN,ACK. Somebody has to implement TCP. – JimD. May 14 '21 at 05:57
  • @JimD. Thanks this sounds good. Is it common to implement tcp in application? I mean if ppl do this then there must be something out there on github. – user786 May 14 '21 at 06:18
  • I don't have any experience with it, but here is one: https://github.com/jserv/nstack The keywords you want to search for are: user space tcp stack. – JimD. May 14 '21 at 07:52
  • @JimD. Thank u very much for search term. I think it solved my problem. Thanks again. And are there any `tls` implementation as well? – user786 May 14 '21 at 08:04
  • libssl https://wiki.openssl.org/index.php/Libssl_API – JimD. May 14 '21 at 09:18

1 Answers1

1

Well, you could compile yourself a kernel without networking :)

A couple of options

  1. Check out the DPDK project (https://www.linuxjournal.com/content/userspace-networking-dpdk). DPDK passes the Physical NIC to User space via UIO driver to igb_uio|uio_pci_generic|vfio-pci. Thus eliminates Kernel Stack.
  2. Use XDP supported NIC with either Zero-Copy or Driver-mode. with eBPF running one can push the received packets directly to User space bypassing the kernel stack.

Unless this is a homework project, remember: don't invent, reuse.

[EDIT-based on comment] Userspace TCP-IP stack have custom sock-API to read/write into the socket. So with either LD_PRELOAD or source file change, one can use the same application.

Vipin Varghese
  • 4,540
  • 2
  • 9
  • 25
Tommy Reynolds
  • 109
  • 1
  • If I compile kernel without networking then can I still be able to use socket api with RAW sockets or Packet MMAP? To send and receive packets? – user786 May 09 '21 at 18:33