resolving names and ip addresses

dicky · 06-30-2004, 11:10 AM

Hi guys
I hope this is the right place to ask this. I have a project I need to code up and just want to sort some basic ground rules first.

I have various clients connecting to a port on a server. These clients have dynamic ip addresses so obviously they wil change each time they connect to the net.

Each client has a dns-name set up at a service such as www.no-ip.com and keeps thier actual ip updated against thier dns-name.

When a client connects to my port, I can see thier IP address.

I also have a list of all the allowed dns-names.

What I need to be able to do is either

a: resolve the connecting clients ip into thier dns name so I can compare with with my list of allowed dns-names

b: resolve each allowed dns-name into it's current ip every x minutes so I can compare the connecting ip address against the locally stored list of allowed ones.

Will either of these work (option a would be best if possible as there would be no x minute delay while my application updates it's stored ip data, but I could live with option b)

Could one of you outline roughly how I would acheive this?

TIA
dicky

kuphryn · 06-30-2004, 02:49 PM

One solution is via getaddrinfo() and getnameinfo().

Kuphryn

spoon_ · 06-30-2004, 03:06 PM

Something I put together (minor changes from another source) a LONG time ago.

Compiles fine with VC++6.

strHost should be an IP address.

Code:

char * Resolve(const char *strHost)
{
	char chAddress[32];
	struct hostent *hinfo = NULL;
	struct in_addr tempAddr;

	if(strHost == NULL)
	{
		memset(chAddress, 0, 32);
		gethostname(chAddress, 32);
		hinfo = gethostbyname(chAddress);

		if(hinfo == NULL)
		{
			return NULL;
		}
	}
	else
	{
		hinfo = gethostbyname(strHost);

		if(hinfo == NULL)
		{
			return NULL;
		}
	}

	memcpy(&tempAddr, hinfo->h_addr_list[0], sizeof(struct in_addr));
	return inet_ntoa(tempAddr);
}

anonytmouse · 07-01-2004, 01:59 AM

>> a: resolve the connecting clients ip into thier dns name so I can compare with with my list of allowed dns-names <<

No, this will not work. Reverse DNS lookup will give you something like x123-215-111-032.someisp.com rather than hostname.no-ip.com.

>> b: resolve each allowed dns-name into it's current ip every x minutes so I can compare the connecting ip address against the locally stored list of allowed ones. <<

This will generally work. Of course, you have the chance that the ip address will change in that time. Therefore, possibly, if the ip address is not found in your list, you should refresh the list in case one of the ip addresses has changed.

Much preferable, would be to alter your protocol to include identification info or use a parent protocol such as SSH, rather than relying on an ip address. It looks like this is meant as some type of access control. If so, I don't think using a dynamic dns host name would be very secure.

dicky · 07-01-2004, 12:24 PM

@anonytmouse
Yep you're right it is meant as a sort of access control. Problem is I'm working with already existing client and host software so can't mess about with the protocol, without re-writing the whole thing from scratch which I'm trying to avoid doing.

Basically client(s) connect to host on an open port number and ip address known to all the clients. Host replies to the client using thier IP address. The exisiting system has no form of access control and I need to add that.

If there is some way to add a transparent method or layer of control between the client and host (using something like secure shl or whatever would be great if it could be done) then I would be interesting to know in principle how to do this without affecting the data transfer back and forth between the exisiting programs.

It's the dynamic client ips causing me to worry, if they were fixed I'd just use a firewall on the host server.

dicky

anonytmouse · 07-01-2004, 03:32 PM

I had a look at SSH. It protects the connection, but it may allow the clients too much access to the server. Another possible option is an SSL tunnel.

SSH tunnel on Windows:
http://www.vbmysql.com/articles/ssh-tunnel-part2.html

SSL example:
http://www.stunnel.org/examples/generic_tunnel.html

06-30-2004, 11:10 AM	#1
dicky Registered User Join Date: Apr 2004 Posts: 11	resolving names and ip addresses Hi guys I hope this is the right place to ask this. I have a project I need to code up and just want to sort some basic ground rules first. I have various clients connecting to a port on a server. These clients have dynamic ip addresses so obviously they wil change each time they connect to the net. Each client has a dns-name set up at a service such as www.no-ip.com and keeps thier actual ip updated against thier dns-name. When a client connects to my port, I can see thier IP address. I also have a list of all the allowed dns-names. What I need to be able to do is either a: resolve the connecting clients ip into thier dns name so I can compare with with my list of allowed dns-names b: resolve each allowed dns-name into it's current ip every x minutes so I can compare the connecting ip address against the locally stored list of allowed ones. Will either of these work (option a would be best if possible as there would be no x minute delay while my application updates it's stored ip data, but I could live with option b) Could one of you outline roughly how I would acheive this? TIA dicky Last edited by dicky; 06-30-2004 at 11:20 AM.
dicky is offline

06-30-2004, 02:49 PM	#2
kuphryn Registered User Join Date: Nov 2001 Posts: 1,348	One solution is via getaddrinfo() and getnameinfo(). Kuphryn
kuphryn is offline

07-01-2004, 01:59 AM	#4
anonytmouse Yes, my avatar is stolen Join Date: Dec 2002 Posts: 2,544	>> a: resolve the connecting clients ip into thier dns name so I can compare with with my list of allowed dns-names << No, this will not work. Reverse DNS lookup will give you something like x123-215-111-032.someisp.com rather than hostname.no-ip.com. >> b: resolve each allowed dns-name into it's current ip every x minutes so I can compare the connecting ip address against the locally stored list of allowed ones. << This will generally work. Of course, you have the chance that the ip address will change in that time. Therefore, possibly, if the ip address is not found in your list, you should refresh the list in case one of the ip addresses has changed. Much preferable, would be to alter your protocol to include identification info or use a parent protocol such as SSH, rather than relying on an ip address. It looks like this is meant as some type of access control. If so, I don't think using a dynamic dns host name would be very secure.
anonytmouse is offline

07-01-2004, 12:24 PM	#5
dicky Registered User Join Date: Apr 2004 Posts: 11	@anonytmouse Yep you're right it is meant as a sort of access control. Problem is I'm working with already existing client and host software so can't mess about with the protocol, without re-writing the whole thing from scratch which I'm trying to avoid doing. Basically client(s) connect to host on an open port number and ip address known to all the clients. Host replies to the client using thier IP address. The exisiting system has no form of access control and I need to add that. If there is some way to add a transparent method or layer of control between the client and host (using something like secure shl or whatever would be great if it could be done) then I would be interesting to know in principle how to do this without affecting the data transfer back and forth between the exisiting programs. It's the dynamic client ips causing me to worry, if they were fixed I'd just use a firewall on the host server. dicky Last edited by dicky; 07-01-2004 at 12:29 PM.
dicky is offline

07-01-2004, 03:32 PM	#6
anonytmouse Yes, my avatar is stolen Join Date: Dec 2002 Posts: 2,544	I had a look at SSH. It protects the connection, but it may allow the clients too much access to the server. Another possible option is an SSL tunnel. SSH tunnel on Windows: http://www.vbmysql.com/articles/ssh-tunnel-part2.html SSL example: http://www.stunnel.org/examples/generic_tunnel.html
anonytmouse is offline

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
How to get multiple local IP addresses without gethostbyname()	Aidman	Linux Programming	1	09-11-2004 08:52 AM
MSN Vital Information	iain	A Brief History of Cprogramming.com	9	09-22-2001 08:55 PM