当前位置：文江博客话题详情

Winsock，仅接受来自特定IP地址的请求

发布于 2024-09-10 07:32:33 字数 63 浏览 5 评论 0原文

如何使 Winsock 程序仅接受来自特定地址的连接请求？我希望完全忽略被拒绝的连接，而不是得到 TCP 拒绝。

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

玩套路吗 2024-09-17 07:32:34

要使 Winsock 程序仅接受来自特定 IP 地址的连接，请使用 WSAAccept()。首先，启用该功能：

SOCKET sd = socket(...);
listen(sd, ...);
DWORD nTrue = 1;
setsockopt(sd, SOL_SOCKET, SO_CONDITIONAL_ACCEPT, (char*)&nTrue, sizeof(nTrue));

然后，修改您的接受调用，使其看起来像这样：

sockaddr_in sin;
WSAAccept(sd, (sockaddr*)&sin, sizeof(sin), ConditionalAcceptChecker, 0);

ConditionalAcceptChecker 是您编写的一个函数，它决定堆栈是否接受或拒绝连接。如果拒绝，远程对等方将收到 TCP RST 数据包，因此它知道它被拒绝。

如果您希望网络堆栈静默地丢弃来自其他地址的连接尝试而不通知远程对等方，则必须在比 Winsock 更低的级别执行此操作。在 Vista 或 Windows Server 2008 及更高版本上，此命令将修改防火墙规则以达到您想要的效果：

netsh advfirewall firewall add rule name=MyProtocol dir=in remoteip=1.2.3.4
                                    localport=1234 protocol=tcp action=allow

这是一个命令，由于 Stack Overflow 上的格式限制而被分割。

它表示允许 IP 1.2.3.4 的远程计算机连接到本机上的 TCP 端口 1234。如果您在默认模式下启用了防火墙，该模式会拒绝未明确允许的流量，则来自所有其他计算机的连接尝试将被丢弃。

在旧版本的 Windows 上，回到 XP，有不同的“netsh 防火墙”语法来获得相同的效果。只需在命令提示符下键入“netsh firewall”即可开始浏览其内置帮助。

To make a Winsock program accept connections from only particular IP addresses, use the conditional accept mechanism of WSAAccept(). First, enable the feature:

SOCKET sd = socket(...);
listen(sd, ...);
DWORD nTrue = 1;
setsockopt(sd, SOL_SOCKET, SO_CONDITIONAL_ACCEPT, (char*)&nTrue, sizeof(nTrue));

Then, modify your accept call to look something like this:

sockaddr_in sin;
WSAAccept(sd, (sockaddr*)&sin, sizeof(sin), ConditionalAcceptChecker, 0);

ConditionalAcceptChecker is a function you write, which makes the decision about whether the stack will accept or reject the connection. If it rejects it, the remote peer gets a TCP RST packet, so it knows it was rejected.

If you want the network stack to silently drop connection attempts from other addresses without notifying the remote peer, you have to do that at a lower level than Winsock. On Vista or Windows Server 2008 and above, this command will modify the firewall rules to give the effect you want:

netsh advfirewall firewall add rule name=MyProtocol dir=in remoteip=1.2.3.4
                                    localport=1234 protocol=tcp action=allow

That's a single command, split due to formatting limitations on Stack Overflow.

What it says is that the remote machine at IP 1.2.3.4 is allowed to connect to TCP port 1234 on this machine. If you have the firewall enabled in its default mode, which rejects traffic not specifically allowed, connection attempts from all other machines will be dropped.

On older versions of Windows, going back to XP, there is a different "netsh firewall" syntax for getting the same effect. Just type "netsh firewall" at a command prompt to start walking through its built-in help.

回复收藏 0 原文

~没有更多了~