C ++ Winsock API, how to get an IP client connection before accepting a connection?

Question

C ++ Winsock API, how to get an IP client connection before accepting a connection?

I use the Winsock API (not CAsyncSocket) to create a socket that listens for incoming connections.

When someone tries to connect, how can I get my IP address before accepting the connection? I am trying to get it to accept connections only from specific IP addresses.

thanks

+4

winsock

David Apr 4 '09 at 12:54

source share

4 answers

a_mole · Answer 1 · 2009-06-09T02:07:21+0000

Socket parameter SO_CONDITIONAL_ACCEPT. Here

In addition, he is confident that it is available in XP and Server 2003, and not just for Vista.

David · Answer 2 · 2009-04-04T01:45:24+0000

Two reasons why I do not want to accept the connection in order to check the remote IP address:

1). The client will see that there is a listening jack on this port. If I decide to reject the client connection, I would not want them to know that a socket is listening on this port.

2). This method is not so efficient and requires more use of CPU, RAM and network; so this is not good in the case of a denial of service attack.

Larryf · Answer 3 · 2009-04-08T18:42:45+0000

With ATM, the CONNECT ACK will come from the most recent switch, and not from the end client. Thus, you will need to call accept () on the socket, and then look at the address (based on the passed addr_family) and just close the socket at this point. By the time he reaches the requester, he is likely to simply be denied.

And I'm not sure how many resources you think it will take, but accepting the connection is very low and that will not be a problem. This is pretty easy to drop.

If you are caught in a DoS attack, your code MAY quit listening mode for a given time, so that an attacker just crashes if you are so worried about it.

Does it really matter if the client knows that the socket is listening? Try using telnet to connect to the local host on port 137 and see how fast file sharing is in Windows ... (If you even turned it on, and if I remembered the correct port number .. heh ..)

But at the SOCKET level, you cannot do what you want. You are talking about going to the TCP layer and looking at the incoming connection requests, and dealing with them.

It can be done, but you are talking about a kernel driver to do this. I'm not sure if you can do this in user mode at all.

If you want Kernel to help with this, let me know. I can give some examples or recommendations.

Only my own two cents, and IMVHO ...

Aziz · Answer 4 · 2009-04-04T00:57:24+0000

accept the connection, see the IP, if it is not allowed, close the connection

Edit

I assume you are talking about a TCP connection. When you listen to the port and the connection comes from the client, the API will perform a three-way handshake of TCP, and the client will know that this port is listening.

I am not sure if there is a way to prevent any packets from being sent (e.g. accepting a connection) so that you first look at the IP address and then decide.

The only way I can think of is to do packet filtering based on the source IP address at the network level (for example, using a firewall).

C ++ Winsock API, how to get an IP client connection before accepting a connection?

More articles: