i'm trying to set up a secure client-server connection (for now without
encryption) and want to verify if the x+1'th message received is from
the same sender as the x'th message

i've tried to print the MAC address via the ioctl, both it complains
that the protocol family isn't supported

/* ******************************************************* */
//...

recv_sd = accept(listen_sd, (struct sockaddr*) &client, &len);

struct arpreq arpreq_;
bzero(&arpreq_, sizeof(struct arpreq));

if( ( n = ioctl(recv_sd, SIOCGARP, &arpreq_) ) < 0 ){
	sendErrorMessage("ioctl error", __FUNCTION__, TCL_ERROR, 1);
}

unsigned char *ptr = &arpreq_.arp_ha.sa_data[0];
printf("MAC: %x:%x:%x:%x:%x:%x\n", *ptr, *(ptr+1), *(ptr+2), *(ptr+3),
*(ptr+4), *(ptr+5));

//...
/* ******************************************************* */

the client's protocol family is AF_INET and ioctl needs AF_UNRES
is there maybe a way to "convert" a socket's family?

"k:arel" <karelnijs@gmail.com> writes:

> i'm trying to set up a secure client-server connection (for now without
> encryption) and want to verify if the x+1'th message received is from
> the same sender as the x'th message
>
> i've tried to print the MAC address via the ioctl, both it complains
> that the protocol family isn't supported

You can't rely on MAC addresses (or any other addresses) for
security.  If you need security, use something like SSL.

-- 
M�ns Rullg�rd
mru@inprovide.com

"k:arel" <karelnijs@gmail.com> wrote in message 
news:1130357139.665773.34850@g44g2000cwa.googlegroups.com...

> i'm trying to set up a secure client-server connection (for now without
> encryption)

    Umm, then what make it secure?

> and want to verify if the x+1'th message received is from
> the same sender as the x'th message

    Okay, then you need some way to identify the sender.

> i've tried to print the MAC address via the ioctl, both it complains
> that the protocol family isn't supported

    There are many problems with this approach:

    1) The MAC address could easily be known to an attacker. An attacker can 
easily spoof his MAC address.

    2) The MAC address identifies the sender of the *ethernet* packet, not 
the IP packet. The ethernet packet is often sent by a router or gateway. An 
attacker could easily send packets through the same gateway and thus get the 
same MAC address.

    When you say you want a "secure" connection. What do you mean by 
"secure"? What is it supposed to be impossible (or difficult) for an 
attacker to do?

    DS

>i'm trying to set up a secure client-server connection (for now without
>encryption) and want to verify if the x+1'th message received is from
>the same sender as the x'th message

Between what and what?  If it's not on your LAN, you'll just see
the MAC address of your router for the entire Internet except
your LAN.

						Gordon L. Burditt

You guys are right. Actually, it =EDs basis networking theory and i
didn't thought of it.

I'm writing a thesis about securing a home made protocol for a remote
control application (run by a Tcl GUI).
Yesterday, i was doing a security analysis and picking out the weak
points. So i came up with that it would be good to take some
countermeasures against spoofing

my analysis will be online soon, but will be written in Dutch :-(