Linux TCP服务器:在接受连接之前读取客户端的IP地址
嗨,当您运行 TCP 服务器(用 C 编写,使用 Berkeley Socket API)时,是否可以读取客户端的 IP 地址?实际接受连接之前的 IP 地址/端口?
据我所知,你必须 首先接受连接,然后关闭,如果您因其 IP 地址而不想与给定客户端通信。
伪代码(我正在寻找 peek 和 refuse 方法):
int serverfd = listen(...);
for(;;) {
struct sockaddr_in clientAddr;
peek(serverfd, &clientAddr, sizeof(clientAddr));
if(isLegit(&clientAddr)) {
int clientfd = accept(serverfd, &clientAddr, sizeof(clientAddr));
handleClient(clientfd);
} else {
refuse(serverfd, &clientAddr, sizeof(clientAddr));
}
}
Related: C++ Winsock API how to get connecting client IP before accepting the connection?
Hi, when you are running a TCP server (written in C, using the Berkeley Socket API) is it possible to read a client's IP address/port before actually accepting the connection?
As far as I know you have to accept the connection first and shutdown it directly thereafter, if you don't want to communicate with a given client because of its IP address.
Pseudo-code (I am looking for the peek and refuse method):
int serverfd = listen(...);
for(;;) {
struct sockaddr_in clientAddr;
peek(serverfd, &clientAddr, sizeof(clientAddr));
if(isLegit(&clientAddr)) {
int clientfd = accept(serverfd, &clientAddr, sizeof(clientAddr));
handleClient(clientfd);
} else {
refuse(serverfd, &clientAddr, sizeof(clientAddr));
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我认为你想要做的就是阻止 TCP 协商在与特定 IP 匹配时发生。据我所知,这在套接字层是不可能的。 TCP 协商将会发生,当您接受套接字时,协商已经发生。
从技术上讲,您可能可以以某种方式查看该状态信息,但是,它不会执行您期望的操作。接受套接字是内核(已经完成工作)和想要读取数据的程序之间的接口。最简单的方法是接受套接字,如果不需要,则启动它。
如果你想从一开始就阻止 TCP 协商的发生,你需要使用 iptables。
I think what your trying to do is prevent the TCP negotiation from occurring if it matches a specific IP. As far as I know, that is not possible at the sockets layer. The TCP negotiation will occur, and by the time you come to accept the socket, the negotiation has already happened.
Technically it is possible that you could somehow peek at that state information, but, it wouldn't be doing what you expect it to do. Accepting the socket is the interface between the kernel, which already did the work, and your program which would like to read the data. The easiest thing to do is accept the socket, and boot it if you don't want it.
If you want to prevent the TCP negotiation from occurring in the first place, you need to use iptables.
没有这样的 API 可用于带有 BSD 套接字的 TCP。建议:使用 tcp-wrappers 或 iptables 来完成繁重的工作。一种比另一种更自动。
UDP允许您使用MSG_PEEK,这可能会让您通过recvfrom看到它来自谁,但无论如何您仍然必须读取数据包,所以这没有胜利。
No such API is available for TCP w/ BSD sockets. Suggestions: use tcp-wrappers or iptables to do the heavy lifting. One is more automatic than the other.
UDP allows you to use MSG_PEEK which might let you see who it is from with recvfrom, but you are still going to have to read the packet off anyway, so that is no win.