Re: Conditional Accept and Overlapped I/O Question
From: BELUCHIN (BELUCHIN_at_discussions.microsoft.com)
Date: 10/01/04
- Next message: MichaelDH: "DHCP Server Management API - DhcpEnumSubnetClients"
- Previous message: Mathew Bosher: "Re: RPC - ImportBegin() / ImportNext()"
- In reply to: Alun Jones [MSFT]: "Re: Conditional Accept and Overlapped I/O Question"
- Next in thread: BELUCHIN: "Re: Conditional Accept and Overlapped I/O Question"
- Reply: BELUCHIN: "Re: Conditional Accept and Overlapped I/O Question"
- Reply: Alun Jones [MSFT]: "Re: Conditional Accept and Overlapped I/O Question"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 1 Oct 2004 03:59:02 -0700
Thanks for your prompt reply.
In our system, it is imperative to hide the listening port on the server
from the client under certain circumstances. We will try to implement option
number 2 that you suggested, that is, to not use the completion ports for the
listening socket.
Even though we have many incoming connections, we are certain that the
connection requests will come in from the same thread on the client side. A
single thread on the server side with a blocking WSAAccept should be
sufficient to deal with the incoming connections.
I'll drop a quick note after the trial.
"Alun Jones [MSFT]" wrote:
> "BELUCHIN" <BELUCHIN@discussions.microsoft.com> wrote in message
> news:962B933E-CE94-42B2-A30F-65DB60718246@microsoft.com...
> > Any thoughts on how to achieve conditional accept on sockets handled
> through
> > completion ports?
>
> Two ways:
>
> 1. Don't do conditional accepts, and just close the socket after it's
> accepted, if you wish to reject the connection. This is how most other
> platforms work.
> 2. Don't do IOCP on the listening socket - have a thread that blocks on
> WSAAccept(); or use asynchronous notifications (WSAAsyncSelect), event
> notifications (WSAEventSelect) or regular select() to tell you when the
> listening socket is ready for you to accept() on it.
>
> The general advice is not to use WSAAccept with SO_CONDITIONAL_ACCEPT,
> because it prevents the normal processes that deal with denial-of-service
> attacks (SYN flooding). Windows is the only platform where you have the
> ability to reset the connection this way, so the clients you are dealing
> with should be comfortable with being connected, and then disconnected. You
> also have the chance to send a brief message explaining why the
> disconnection is being made, once you've accepted the connection.
>
> If your concern is to hide that you are listening on a port, that's what a
> firewall is for.
>
> Alun.
> ~~~~
>
>
>
- Next message: MichaelDH: "DHCP Server Management API - DhcpEnumSubnetClients"
- Previous message: Mathew Bosher: "Re: RPC - ImportBegin() / ImportNext()"
- In reply to: Alun Jones [MSFT]: "Re: Conditional Accept and Overlapped I/O Question"
- Next in thread: BELUCHIN: "Re: Conditional Accept and Overlapped I/O Question"
- Reply: BELUCHIN: "Re: Conditional Accept and Overlapped I/O Question"
- Reply: Alun Jones [MSFT]: "Re: Conditional Accept and Overlapped I/O Question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
