Network anomaly Detection

Source: Internet
Author: User
Tags get ip

Network Exception checking 2

Author Cpplive | Posted on 2012-02-17

Article Category: C language, Linux, Windows, applications and programming, networking

First, the purpose of this article

In practical project applications involving network programming, the TCP long connection may be disconnected normally or abnormally at any time because the network is unlikely to be in an ideal state, and if it is not processed, it may cause many potential problems for the program. The purpose of writing this document is to address the network program may encounter a variety of problems, come out with you to discuss the specific problems of the solution, at the same time I will be a number of early research solutions listed, to stimulate the hope that we can brainstorm, to find a more reasonable solution.

Second, the network disconnection time

1. Normal network disconnection

(1) CS Party call Close

(2) CS Party program Normal exit, such as CTRL + C event can be detected by the system, the corresponding socket will also be marked as disconnected by the system.

2. Abnormal network disconnection

(1) CS side network cable is dialed out

(2) routing failure between CS, physical connection disconnection

(3) CS side power off or when the machine

(4) CS side wireless signal is poor or the wireless interface is turned off

(5) CS side Change IP event can not be detected by the system, this time reading data will not be error, will only be blocked; Write data will not return an error until the buffer is full. If a disconnect event cannot be detected in time, there may be a fatal error for some scenarios. such as the service side maintenance of the client online information error.

Third, the network disconnection commonly used detection method

1. Handle Normal network disconnection

(1) Select captures readable events, read returns 0

(2) Epoll capture readable event, read returns 0

(3) Active read return error

(4) Active write return error

2. Handling Abnormal network disconnection

(1) Application layer keepalive detection

In the application layer protocol, it is the most common and safest way to join the heartbeat handshake mechanism to maintain the connectivity between server and client. The client periodically sends a probe packet to the server, and if the service side responds, the server is online, otherwise it is processed offline, and the server can also process the client without sending the probe packet for a long time. The scheme is supported by all systems, has good cross-platform performance, and can be detected by network failure on the end. The disadvantage is that it requires the application layer protocol support, the program needs to maintain the long-term heartbeat handshake package, relatively cumbersome.

(2) Transmission layer keepalive detection

In addition to the application layer KeepAlive detection mechanism, TCP internal integration of the KeepAlive mechanism, the default shutdown, it is convenient to open it. It can be detected by a network fault on the side and itself. But not all systems are supported, and some systems, although supported but affect all sockets, consume additional bandwidth and traffic, and are not recommended for use.

View Plaincopy to Clipboardprint?
  1. Enable the heartbeat mechanism, if you want to turn it off, place KeepAlive 0
  2. SetSockOpt (fd,sol_socket,so_keepalive, (void*) &keepalive,sizeof (KEEPALIVE));
  3. Enable the heartbeat mechanism to start idle time between the first heartbeat detection packet sent
  4. SetSockOpt (Fd,sol_tcp,tcp_keepidle, (void *) &start,sizeof (start));
  5. Two heartbeat detection packets between the time interval
  6. SetSockOpt (FD,SOL_TCP,TCP_KEEPINTVL, (void *) &interval,sizeof (interval));
  7. Number of probes, which will be detected as TCP disconnects
  8. SetSockOpt (fd,sol_tcp,tcp_keepcnt, (void *) &count,sizeof (count));

(3) Network layer keepalive detection

The ping command is almost the network connectivity Detection command for all platforms, taking the network layer ICMP protocol, consider using the Popen function to call the system's own Ping command to encapsulate the network connectivity detection function. It is actually a KeepAlive mechanism of the network layer.

View Plaincopy to Clipboardprint?
  1. int Checkconnect (char *dst, int cnt)
  2. {
  3. FILE *stream;
  4. sprintf (Cmdbuf, "ping%s-c%d-i 0.2 | grep time= |  Wc-l ", DST, CNT);
  5. stream = Popen (Cmdbuf, "R");
  6. Fread (Recvbuf, sizeof (char), sizeof (RECVBUF)-1, stream);
  7. Pclose (stream);
  8. if (atoi (RECVBUF) > 0) return 0;
  9. return-1;
  10. }

DST specifies the destination address to be detected, CNT specifies the number of ping attempts, and the-I parameter specifies the time-out for the ping attempt.

(4) Application layer monitoring kernel message mechanism

NetLink is a special socket that is unique to 2.6.14 and later Linux, through which application-level programs can easily customize specific messages to the kernel, such as the offline network card. You can also set or query configuration, such as IP, routing, network traffic information, and so on.

A. Create a NetLink socket:

    1. FD = socket (Af_netlink, Sock_raw, Netlink_route);

b, bound routing multicast Group, monitoring network card information:

View Plaincopy to Clipboardprint?
    1. addr.nl_family = Af_netlink;
    2. Addr.nl_groups = Rtnlgrp_link; //Specify receive routing multicast group messages
    3. Bind (FD, (struct sockaddr*) &addr, sizeof (addr));

c, listening socket, once readable, parsing its content, real-time monitoring network card on the offline event.

Advantages: High real-time, easy to use.

Disadvantage: Poor cross-platform, can only detect their own network failure.

(5) Application Layer network card information polling mechanism

The network card information polling mechanism is to periodically invoke the IOCTL function to perform the following actions:

View Plaincopy to Clipboardprint?
  1. struct ifconf ifc;
  2. struct Ifreq ifrcopy;
  3. Get NIC Information list
  4. IOCTL (FD, siocgifconf, (char *) &IFC);
  5. Get the status of the NIC on the Downline
  6. IOCTL (FD, Siocgifflags, &ifrcopy);
  7. Get MAC Address
  8. IOCTL (FD, SIOCGIFHWADDR, (char *) (&ifrcopy);
  9. Get IP Address
  10. IOCTL (FD, SIOCGIFADDR, (char *) &ifrcopy);
  11. Get broadcast Address
  12. IOCTL (FD, SIOCGIFBRDADDR, &ifrcopy));

Disadvantages:

A, cross-platform poor.

Can be successfully ported to Linux,Android,Windows platform, but due to the IPhone platform to get Mac and IP parameters different, need special treatment.

b, real-time and flexibility is not high.

C, consume resources, affect performance.

D, can only detect their own network failure.

Network anomaly Detection

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.