0

I have created a server socket, and specified the port 12345 to listen to, and have allowed connection requests to it to go through any of the IP address available on the system by passing INADDR_ANY to bind(). This is the values of the server socket:

enter image description here

My question is, can I specify what IP address and Port number is allowed to send me a connection request (i.e. the values in the Foreign Address in the image above)?

Tom
  • 1,344
  • 9
  • 27

4 Answers4

1

You can't specify that "once and for all" when opening the listening socket, but you can reject individual connections if they are not originating from the IP you want. The WSAAccept function lets you specify a condition function which decides if the connection should be accepted or not.

This works on its own, but I'm not sure if rejecting a connection this way is the same as accepting it and closing it immediately, maybe you need to set the socket option SO_CONDITIONAL_ACCEPT too, to reject a connection before it is opened.
See also this Q/A.

Community
  • 1
  • 1
alain
  • 11,939
  • 2
  • 31
  • 51
1

There are two principal cases for matching the sockets in the local passive OPENs and an foreign active OPENs. In the first case, the local passive OPENs has fully specified the foreign socket. In this case, the match must be exact. In the second case, the local passive OPENs has left the foreign socket unspecified. In this case, any foreign socket is acceptable as long as the local sockets match. Other possibilities include partially restricted matches.

This is an introduction in RFC793. In the actual implementation, such as @alain, you can use SO_CONDITIONAL_ACCEPT in Windows system; there is no such API in Linux system, you can judge whether IP and Port are allowed after calling accept, and you are not allowed to disconnect directly.

Community
  • 1
  • 1
chunqiulfq
  • 43
  • 5
0

Yes you can. That's why there are firewalls. You can configure certain rules like only allow a certain ip-address to connect. Windows has an integrated firewall and your router is equipped too.

You cannot specify these restriction within you program.

Shiro
  • 2,610
  • 2
  • 20
  • 36
  • 1) *"Also INADDR_ANY will bind your socket to every available interface, its meaning is not 'every ip-address is allowed'."* I said: *"and have allowed connection requests to it to go through any of the IP address available on the system"* which means that if I have 2 IP addresses on the system (i.e. two interfaces) then the other end can choose any of them to send the connection request to. 2) *"Yes you can. That's why there are firewalls"* I meant can I specify these restrictions when creating the server socket. – Tom Jul 02 '16 at 20:27
  • You cannot specify these restrictions in your program, but of course you could check the client ip and then decide to reject it. I misunderstood you there, removed that part from my post. – Shiro Jul 02 '16 at 20:32
  • So when you call **netstat** and view the *LISTENING* rows, you will always see *0.0.0.0:0* in the Foreign Address column? – Tom Jul 02 '16 at 20:39
  • Yes. "[::]:0" is also a possibility which is the IPv6 equivalent of 0.0.0.0.0. – Shiro Jul 02 '16 at 20:44
  • Interesting! I used to think that the Foreign Address column can have other values just like the Local Address column can have other values. Thanks for your help. – Tom Jul 02 '16 at 20:53
  • @Shiro It can. That's only what it shows for the listening socket. When there is an established connection there will be another line showing the client's foreign address. – user207421 Jul 02 '16 at 22:06
  • @EJP "So when you call netstat and view the LISTENING rows, you will always see 0.0.0.0:0...". OP was asking about sockets that are listening. – Shiro Jul 02 '16 at 22:17
0

When you accept the connection, you get the foreign IP Address. If you don't like the connection you are free to close the accepting socket.

theB
  • 6,450
  • 1
  • 28
  • 38
doron
  • 27,972
  • 12
  • 65
  • 103