i'm trying to set up a secure client-server connection (for now without
encryption) and want to verify if the x+1'th message received is from
the same sender as the x'th message

i've tried to print the MAC address via the ioctl, both it complains
that the protocol family isn't supported

/*  ****************************************
*************** */
//...

recv_sd = accept(listen_sd, (struct sockaddr*) &client, &len);

struct arpreq arpreq_;
bzero(&arpreq_, sizeof(struct arpreq));

if( ( n = ioctl(recv_sd, SIOCGARP, &arpreq_) ) < 0 ){
sendErrorMessage("ioctl error", __FUNCTION__, TCL_ERROR, 1);
}

unsigned char *ptr = &arpreq_.arp_ha.sa_data[0];
printf("MAC: %x:%x:%x:%x:%x:%x\n", *ptr, *(ptr+1), *(ptr+2), *(ptr+3),
*(ptr+4), *(ptr+5));

//...
/*  ****************************************
*************** */

the client's protocol family is AF_INET and ioctl needs AF_UNRES
is there maybe a way to "convert" a socket's family?

[ Post a follow-up to this message ]

"k:arel" <karelnijs@gmail.com> writes:

> i'm trying to set up a secure client-server connection (for now without
> encryption) and want to verify if the x+1'th message received is from
> the same sender as the x'th message
>
> i've tried to print the MAC address via the ioctl, both it complains
> that the protocol family isn't supported

You can't rely on MAC addresses (or any other addresses) for
security.  If you need security, use something like SSL.

--
Måns Rullgård
mru@inprovide.com

[ Post a follow-up to this message ]

"k:arel" <karelnijs@gmail.com> wrote in message
news:1130357139.665773.34850@g44g2000cwa.googlegroups.com...

> i'm trying to set up a secure client-server connection (for now without
> encryption)

Umm, then what make it secure?

> and want to verify if the x+1'th message received is from
> the same sender as the x'th message

Okay, then you need some way to identify the sender.

> i've tried to print the MAC address via the ioctl, both it complains
> that the protocol family isn't supported

There are many problems with this approach:

1) The MAC address could easily be known to an attacker. An attacker can
easily spoof his MAC address.

2) The MAC address identifies the sender of the *ethernet* packet, not
the IP packet. The ethernet packet is often sent by a router or gateway. An
attacker could easily send packets through the same gateway and thus get the
same MAC address.

When you say you want a "secure" connection. What do you mean by
"secure"? What is it supposed to be impossible (or difficult) for an
attacker to do?

DS

[ Post a follow-up to this message ]

>i'm trying to set up a secure client-server connection (for now without
>encryption) and want to verify if the x+1'th message received is from
>the same sender as the x'th message

Between what and what?  If it's not on your LAN, you'll just see
the MAC address of your router for the entire Internet except
your LAN.

Gordon L. Burditt

[ Post a follow-up to this message ]

You guys are right. Actually, it =EDs basis networking theory and i
didn't thought of it.

I'm writing a thesis about securing a home made protocol for a remote
control application (run by a Tcl GUI).
Yesterday, i was doing a security analysis and picking out the weak
points. So i came up with that it would be good to take some
countermeasures against spoofing

my analysis will be online soon, but will be written in Dutch :-(

[ Post a follow-up to this message ]