Thread: resolving names and ip addresses

  1. #1
    Registered User
    Join Date
    Apr 2004
    Posts
    11

    resolving names and ip addresses

    Hi guys
    I hope this is the right place to ask this. I have a project I need to code up and just want to sort some basic ground rules first.

    I have various clients connecting to a port on a server. These clients have dynamic ip addresses so obviously they wil change each time they connect to the net.

    Each client has a dns-name set up at a service such as www.no-ip.com and keeps thier actual ip updated against thier dns-name.

    When a client connects to my port, I can see thier IP address.

    I also have a list of all the allowed dns-names.

    What I need to be able to do is either

    a: resolve the connecting clients ip into thier dns name so I can compare with with my list of allowed dns-names

    b: resolve each allowed dns-name into it's current ip every x minutes so I can compare the connecting ip address against the locally stored list of allowed ones.

    Will either of these work (option a would be best if possible as there would be no x minute delay while my application updates it's stored ip data, but I could live with option b)

    Could one of you outline roughly how I would acheive this?


    TIA
    dicky
    Last edited by dicky; 06-30-2004 at 11:20 AM.

  2. #2
    Registered User
    Join Date
    Nov 2001
    Posts
    1,348
    One solution is via getaddrinfo() and getnameinfo().

    Kuphryn

  3. #3
    Climber spoon_'s Avatar
    Join Date
    Jun 2002
    Location
    ATL
    Posts
    182
    Something I put together (minor changes from another source) a LONG time ago.

    Compiles fine with VC++6.

    strHost should be an IP address.

    Code:
    char * Resolve(const char *strHost)
    {
    	char chAddress[32];
    	struct hostent *hinfo = NULL;
    	struct in_addr tempAddr;
    
    	if(strHost == NULL)
    	{
    		memset(chAddress, 0, 32);
    		gethostname(chAddress, 32);
    		hinfo = gethostbyname(chAddress);
    
    		if(hinfo == NULL)
    		{
    			return NULL;
    		}
    	}
    	else
    	{
    		hinfo = gethostbyname(strHost);
    
    		if(hinfo == NULL)
    		{
    			return NULL;
    		}
    	}
    
    	memcpy(&tempAddr, hinfo->h_addr_list[0], sizeof(struct in_addr));
    	return inet_ntoa(tempAddr);
    }
    {RTFM, KISS}

  4. #4
    Yes, my avatar is stolen anonytmouse's Avatar
    Join Date
    Dec 2002
    Posts
    2,544
    >> a: resolve the connecting clients ip into thier dns name so I can compare with with my list of allowed dns-names <<

    No, this will not work. Reverse DNS lookup will give you something like x123-215-111-032.someisp.com rather than hostname.no-ip.com.

    >> b: resolve each allowed dns-name into it's current ip every x minutes so I can compare the connecting ip address against the locally stored list of allowed ones. <<

    This will generally work. Of course, you have the chance that the ip address will change in that time. Therefore, possibly, if the ip address is not found in your list, you should refresh the list in case one of the ip addresses has changed.

    Much preferable, would be to alter your protocol to include identification info or use a parent protocol such as SSH, rather than relying on an ip address. It looks like this is meant as some type of access control. If so, I don't think using a dynamic dns host name would be very secure.

  5. #5
    Registered User
    Join Date
    Apr 2004
    Posts
    11
    @anonytmouse
    Yep you're right it is meant as a sort of access control. Problem is I'm working with already existing client and host software so can't mess about with the protocol, without re-writing the whole thing from scratch which I'm trying to avoid doing.

    Basically client(s) connect to host on an open port number and ip address known to all the clients. Host replies to the client using thier IP address. The exisiting system has no form of access control and I need to add that.

    If there is some way to add a transparent method or layer of control between the client and host (using something like secure shl or whatever would be great if it could be done) then I would be interesting to know in principle how to do this without affecting the data transfer back and forth between the exisiting programs.

    It's the dynamic client ips causing me to worry, if they were fixed I'd just use a firewall on the host server.

    dicky
    Last edited by dicky; 07-01-2004 at 12:29 PM.

  6. #6
    Yes, my avatar is stolen anonytmouse's Avatar
    Join Date
    Dec 2002
    Posts
    2,544
    I had a look at SSH. It protects the connection, but it may allow the clients too much access to the server. Another possible option is an SSL tunnel.

    SSH tunnel on Windows:
    http://www.vbmysql.com/articles/ssh-tunnel-part2.html

    SSL example:
    http://www.stunnel.org/examples/generic_tunnel.html

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Replies: 1
    Last Post: 09-11-2004, 08:52 AM
  2. MSN Vital Information
    By iain in forum A Brief History of Cprogramming.com
    Replies: 9
    Last Post: 09-22-2001, 08:55 PM