Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Core >> Core APIs

TCP connection establishment

I want to implement a connection filtering using sockets (Socket and ServerSocket classes). The idea is to block connections on the server for those clients that are not allowed.

How could I implement this behavior in a way that clients would not see the difference between a normal server and my server with the filter capability?

I tried to change the behavior of the accept() method on the ServerSocket to:

1) accept the connection;

2) check if the IP address, of the just created socket, is a valid one;

3) close the socket if the IP address is invalid and return to step 1;

4) return the valid socket if its IP address is a valid one.

But this is not the behavior I want, because in this way, clients will get a valid socket object for a while (during the process of steps 2 and 3), giving the possibility for its use. And just after some time the server will close this socket (if the client is blocked).

So, my question is:

How could I block incoming connections on a server during the TCP connection establishment transparently for clients?

Note: The solution can not modify anything on the client side!

Juliano

[1195 byte] By [Juliano_Vacaroa] at [2007-10-3 4:48:53]
«« Is there an object like StringBuffer, but for binary data?
»» where can I can source code for older versions of j2ee?
# 1

The client will have a valid socket but if the server never reads from it what damage is done?

It sounds like you want the connection, i.e. the construction of the Socket() at the client to fail if the server doesn't like the incoming connection. You can't get this effect in Java, you need a full-blown firewall for that.

ejpa at 2007-7-14 22:53:21 > top of Java-index,Core,Core APIs...
# 2
when you receive a connection request.Scan for the ipaddress in the header without downloading the body.Accept connection only when the ipaddress is valid.try using JPCAP api for capturing packets.Message was edited by: saikannan
saikannana at 2007-7-14 22:53:21 > top of Java-index,Core,Core APIs...
# 3

> when you receive a connection request.Scan for the

> ipaddress in the header without downloading the

> body.Accept connection only when the ipaddress is

> valid.

You can't do that in Java.

> try using JPCAP api for capturing packets.

Can you write packets with JPCap?

ejpa at 2007-7-14 22:53:21 > top of Java-index,Core,Core APIs...
# 4

First of all, thanks for all help

Indeed, I did not mention the complete scenario. I need to emulate a node crash (the server) in a RMI environment. The server cannot crash really, but just pass this idea for some clients.

So, when I try to emulate this behavior using my solution the exception raised on the client is java.rmi.UnmarshalException instead of java.rmi.ConnectException, that is the exception raised when a real crash occurs.

OK, I will try another solution. Maybe changing something on the client side too.

Thanks again

Juliano

Juliano_Vacaroa at 2007-7-14 22:53:21 > top of Java-index,Core,Core APIs...
# 5
Unexport the server.
ejpa at 2007-7-14 22:53:21 > top of Java-index,Core,Core APIs...
# 6
Unfortunately unexporting the server would block access for all clients, and I need to block access for only SOME clients. In fact I have to emulate a link crash to a group of hosts, and not a complete node crash.
Juliano_Vacaroa at 2007-7-14 22:53:21 > top of Java-index,Core,Core APIs...
# 7
You can't emulate connection refused from within Java. You can emulate a 'connection reset', by calling Socket.setSoLinger(false,0) and then closing it.Otherwise you'll just have to pull a plug somewhere.
ejpa at 2007-7-14 22:53:21 > top of Java-index,Core,Core APIs...
Core
Core APIs

Core New Topic

Core Hot Topic

Core

All Classified