client-server

ask_you

hello, i m developed a simple client-server application. now i want that in my server i don't accept connections from a list of IP addresses. how do i accomplish it. After accept() call i tried to check the IP of the connecting client and then used closesocket() to close the connection. But the problem is that the client gets connected as the connect() call from the client side works. i don't want that to happen. i want that the server should not accept connection from the list of IPs rather than accepting and then breaking. how do i achieve it? thanx in advance

munawar1968

Not possible if you use socket api. What you have to do is to detect the first SYN packet from client IP's and filter on that. 1. Use a firewall (external to your prog). 2. Code raw sockets... i.e be prepared to write your own TCP protocol :(

ask_you

can u provide me with some working example on raw socket? any links? thanks in advance

munawar1968

Raw sockets: look at ping.c sample in MSDN.. Raw packet capture library: http://www.winpcap.org The above two will help you detect a SYN pkt from clients. But you'll be wasting your time trying to code a conventional client-server prog using the above two methods.. you'll have to write the the entire TCP protocol suite yourself at the server end. Why dont you simply use a packet filter firewall at the server?

pierrekande

I suppose that you have a good level on networking programming then do this if not just forget about, sorry Normaly with Socket API it is not possible, because while calling accept() the client get connect. For that you need to use some firewall in your program for packet filter here is am easy way to do that: INTERFACE_HANDLE hInterface; // interface PFFORWARD_ACTION defaultAction=PF_ACTION_DROP; // create the interface // I create the interface. Predefined acctions, forward all. DWORD errorCode = PfCreateInterface(0,defaultAction,defaultAction,FALSE,TRUE,&hInterface); if(errorCode != NO_ERROR) { return -1; } // Bind the Ip Address with the interface PBYTE lIp = (PBYTE)&ip; //the ip address of your card errorCode = PfBindInterfaceToIPAddress(hInterface, PF_IPV4, lIp); if(errorCode != NO_ERROR) { PfDeleteInterface(hInterface); hInterface = NULL; return -1; } ///////////////////////////////////////////////////// now here do with the code { DWORD result; PIP_ADAPTER_INFO pAdapterInfo = NULL, aux; IP_ADDR_STRING *localIp; unsigned long len = 0; GetAdaptersInfo(pAdapterInfo, &len); pAdapterInfo = (PIP_ADAPTER_INFO) malloc (len); result = GetAdaptersInfo(pAdapterInfo, &len); if(result != ERROR_SUCCESS) { AfxMessageBox("Error getting adapters info."); return; } // Fill the real filter struct PF_FILTER_DESCRIPTOR ipFlt; ipFlt.dwFilterFlags = FD_FLAGS_NOSYN; ipFlt.dwRule = 0; ipFlt.pfatType = PF_IPV4; ipFlt.dwProtocol = protocol; // value is : TCP =6;UDP=17 or ICMP=1 ipFlt.fLateBound = 0; ipFlt.wSrcPort = srcPort; // source port ipFlt.wSrcPortHighRange = srcPort; // source port range ipFlt.wDstPort = dstPort; // destination port ipFlt.wDstPortHighRange = dstPort; // destination port range unsigned long lIpSrc = CharToIp(srcIp); //chartoIP convert (*.*.*.*) to long unsigned long lIpDst = CharToIp(dstIp); unsigned long lMaskSrc = CharToIp(srcMask); unsigned long lMaskDst = CharToIp(dstMask); ipFlt.SrcAddr = (PBYTE) &lIpSrc; ipFlt.SrcMask = (PBYTE) &lMaskSrc; ipFlt.DstAddr = (PBYTE) &lIpDst; ipFlt.DstMask = (PBYTE) &lMaskDst; DWORD errorCode; // I add the filter if(direction == IN_DIRECTION || direction == ANY_DIRECTION) errorCode = PfAddFiltersToInterface(hInterface,1,&ipFlt,0,NULL,NULL); if(direction == OUT_DIRECTION || direction == ANY_DIRECTION) errorCode = PfAddFiltersToInterface(hInterface,0,NULL,1,&ipFlt,NULL); } Not that when stopping your