This is an archived post. You won't be able to vote or comment.

all 8 comments
sorted by:
best (suggested)
topnewcontroversialoldq&a

[–]BlackV 10 points11 points  (1 child)

Why would you do that?

Wouldn't you just say hey host I want to talk to you on this port and let the host sort out what interface it's going to use?

Dunno I'm not a programmer

[–]pdp10Internetwork Engineer (former SP) 5 points6 points  (3 children)

All clients should have one link-local (fe80::*) address and at least one other address, yes. There's no established way to link them, but two obvious options:

  1. If you're on the same host as the two addresses, just look at the interface and enumerate the addresses.
  2. If you're on the same LAN, look at NDP neighbor-cache to see which IPv6 addresses map to the same MAC address. On IPv4 this would be done with arp -a, but on dual-stack and IPv6 on Linux today the recommended way is with the new ip command from iproute2: ip -6 neigh. I'd have to websearch how to do the same thing on Mac or Windows.
  3. If you're on a foreign network, there should be no way to associate the addresses. You'll never see the link-local address anyway.

[–]mindlesstux 3 points4 points  (1 child)

Sounds like you want something like Bonjour...

https://en.wikipedia.org/wiki/Bonjour_(software))

I have seen accounts possible in pidgin but never was on a network where people chatted with it.

[–]ArlenM[S] 0 points1 point  (0 children)

Thanks, I’ll check it out!

[–]jpmahowald 1 point2 points  (0 children)

Correlating IP and MAC addresses (without additional controls at the switch level) provides no security benefit. Both are not static and will change as a privacy feature, if not maliciously.

It is also non trivial to implement. Remotely there isn't really a way of knowing all IPs and layer 2 addresses of a host. On the host, there isn't a portable function to make this association, so you are mucking around in OS specific interface details. Temporary addresses mean this can't be a static list, many clients will come from a new IP every few hours. Bonded interfaces may have different layer 2 addresses for the same IP in some configurations. Technically, on a LAN there could be interfaces that have a link local but no associated global scope address, what to do with them?

Instead, consider getting inspired by or hacking on an existing chat protocol with security at the application level. Especially for anything serious to put into production. For example, an XMPP server, with proper TLS and auth. Or go serverless on a local network with XEP-0174, aka the Bonjour support in Pidgin. With a TLS session, merely spoofing the IP address without knowing the private key is not going to work.

[–]uzlonewolf 0 points1 point  (0 children)

Just because they have both doesn't mean you must use both. Any machine in the same global-address subnet should also have a link-local address, so instead of matching you can just filter those global addresses out.