TCPListener：如何拒绝连接尝试 [英] TCPListener: How to refuse a connection attempt

问题描述

大家好，

我正在写一个小型服务器来检查我的程序的更新等。

这很好用，现在我正在尝试制作它更安全一点。我想要实现的是将某些IP地址列入黑名单。

目前我这样做：

Hello everyone,
I'm currently writing a small server to check for updates of my programs etc.
This works nicely and now I'm trying to make it a little more secure. What I want to implement is a blacklisting of certain IP adresses.
Currently I'm doing it like this:

Dim client As TcpClient = listener.AcceptTcpClient
blacklist = IO.File.ReadAllLines(Application.StartupPath & _
                                 "\Blacklist.txt")
If blacklist.Contains(GetIp(client).ToString) = False Then
     'IP not on blacklist, proceed with processing the client
     Dim t As New Thread(AddressOf HandleClient)
     Dim argus() As Object = {client, ClientIdentifier}
     t.Start(argus)
     threads.Add(t)
     clients.Add(client)
Else
    'Client is on blacklist, close the connection
    tb("Blacklisted IP tries to connect. Closing connection.")
    client.Close()
End If

现在这个工作正常，但令我困扰的是，即使客户端被列入黑名单，也必须接受TCP连接首先，在再次关闭之前建立连接。



我现在的问题是：有没有办法获得有关客户端的信息，然后才能被接受如果客户的IP被列入黑名单，我可以拒绝连接尝试吗？我似乎找不到使用手头工具的方法。



谢谢如果你对我的问题有任何疑问，请随时提出。



祝你好运

Jens

Now this works OK, but what bothers me is, that even though the client is blacklisted the TCP connection has to be accepted first and the connection is established before being closed again.

My question now is: Is there any way to get information about the client that is about to be accepted before it is accepted? And can I refuse the connection attempt if the client's IP is blacklisted? I can't seem to find a way with the tools at hand.

Thank you in advance for any answers and if you have further questions about my problem, please feel free to ask.

Best wishes
Jens

推荐答案

不幸的是，如果不首先接受套接字连接就无法做到这一点。你可以尝试获取网络信息关于哪些套接字处于SYN_SEND或SYN_RECEIVED状态，但是如果没有初始化套接字结构（构建TcpClient），则无法知道该连接是否是您正在接受的连接。

Unfortunately there is no way to do this without accepting the socket connection first. You could try getting network information about what sockets are in the SYN_SEND or SYN_RECEIVED state, but its impossible to know if that connection is the one you are in the process of accepting without initializing the socket structure (which the TcpClient is built on).

这篇关于TCPListener：如何拒绝连接尝试的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！