Date: 20 Feb 1998 16:49:43 -0600 From: Dave Marquardt <marquard@zilker.net> To: freebsd-hackers@FreeBSD.ORG Subject: Re: getting remote side of tcp connection's address before accept()? Message-ID: <85zpjl3n94.fsf@localhost.zilker.net> In-Reply-To: Paul Traina's message of "Fri, 20 Feb 1998 12:49:20 -0800" References: <199802202049.MAA06914@precipice.shockwave.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Paul Traina <pst@Shockwave.COM> writes: > I'd like to be able to refuse tcp connections to a particular daemon > from a certain list of addresses. > > What I'd ideally like to do is bind and listen on a socket, then > when a connection request comes in, check the remote peer's address > information, and allow the connection only if the address info > was correct. > > If I do it with a standard: > > bind > listen > accept > if (!good_address) > close > > The tcp connection is accepted and then closed. I want the TCP > connection to be refused, never accepted. > > Under ISO/TP4, the accept(2) and recvmsg(2) manual pages inply you > can pull this off by closing the accept'ed socket before ever doing > any real read/write operations to it. > > Has anyone ever pulled this off with tcp sockets? Well, this isn't possible using the same mechanism in the usual BSD code, unless you go into the protosw entry for TCP and turn on the PR_WANTRCVD flag (I think) and rebuild your kernel. Completely non-portable, obviously. You might read "TCP/IP Illustrated" by Stevens and Wright for more information on this. I'm completely unfamiliar with ipfw, but you might investigate it. -Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?85zpjl3n94.fsf>