[Libwebsockets] Filtering on client IP

Thomas Spitz thomas.spitz at hestia-france.com
Thu Feb 23 07:41:52 CET 2017


Hello Andy, hello everyone,

I want to filter access to my application according to the IP source of my
client.
My application use both WSS and HTTP "protocol" therefore I would like to
filter access before lws switches to either WSS or HTTP "protocol".
Thus I tried to filter access in callback_http_dummy -> case
LWS_CALLBACK_FILTER_NETWORK_CONNECTION using ws_get_peer_simple(wsi, buf,
sizeof(buf)) but at that stage I get:
 lwsts[3404]: getpeername: Transport endpoint is not connected
whereas the same function gives the correct client IP when run in my WSS or
HTTP "protocol" callback...

I'm also surprised that case LWS_CALLBACK_FILTER_NETWORK_CONNECTION is
never triggered in my WSS or HTTP "protocol" callbacks.

Thanks again for this great library!

Best regards,
Thomas


<http://www.hestia-france.com/logiciels.html#Superviseur_domotique_Mitra>
<http://www.hestia-france.com>
Hestia France S.A.S
*Fabricant de systèmes domotiques et d'alarme pour l'habitat et le
tertiaire*
*Manufacturer of Home and Building Management System* *including alarm *
*security*

2, rue du Zécart - 59242 Templeuve - France
Tel: +33 (0)3 20 04 43 68 - Portable: +33 (0)6 26 87 13 93 - ID Skype:
hestia-france - Fax: +33 (0)3 20 64 55 02
Site web: www.hestia-france.com - Email : thomas.spitz at hestia-france.com
<hestia at hestia-france.com>

2014-01-02 15:14 GMT+01:00 Thomas Spitz <thomas.spitz at hestia-france.com>:

> Dear all,
>
> Is there someone who tried to filter client connection using their IP
> (using white and/or black list approach).
>
> In test-server.c I have uncommented the following line
>
>> libwebsockets_get_peer_addresses(context, wsi, (int)(long)in,
>> client_name, sizeof(client_name), client_ip, sizeof(client_ip));
>> fprintf(stderr, "Received network connect from %s (%s)\n", client_name,
>> client_ip);
>
> But all I get is :
>
>>  gethostbyaddr: Connection refused
>> Received network connect from  ()
>
>
> It seems that this line
>
>> host = gethostbyaddr((char *) &sin.sin_addr,
>> sizeof(sin.sin_addr), AF_INET);
>
> always returns NULL..
>
> I haven't investigate much yet...
>
> BR,
> Thomas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://libwebsockets.org/pipermail/libwebsockets/attachments/20170223/c3cb9c16/attachment.html>


More information about the Libwebsockets mailing list