in reply to local socket

If the listening process binds the socket to localhost, then it will only accept connections from the local computer.

Here's an example, using IO::Socket: 

#!/usr/local/bin/perl -w

use strict;

use IO::Socket;

my $sock = IO::Socket::INET->new(Listen => 1,
                                 LocalAddr => 'localhost',
                                 LocalPort => 43546,
                                 Proto => 'tcp',
                                 Reuse => 1,
                                );

my $NL = "\015\012";

while (my $client = $sock->accept()) {
    print $client "Hello.  To close connection, type quit$NL";
    while (<$client>) {
        tr/\015\012//d;
        print "Client said $_\n";
        print $client "You said $_$NL";
        last if /^quit/i;
    }
    print "Client quit.\n";
    print $client "Bye!$NL";
    close $client;
}

[download]
Start this running, then try connecting from various computers. You'll only be able to connect from the local computer, and only when connecting specifically to 'localhost'. (Exit the server with a kill signal, e.g. Ctrl-C)

Replies are listed 'Best First'.
Re: Re: local socket
by Punto (Scribe) on Jun 05, 2001 at 08:47 UTC
    Hi. thanks for your reply, it's very useful.

    But I was looking for one of those sockets that are like files, on the filesystem, wich would be great, because I need to set restrictions on them (after all, I'm using it to pass commands to a running program)
    I think I saw mysql using them. Do you know anything about it?

    Thanks..

[reply]
      IO::Socket::UNIX
[reply]
Re: Re: local socket
by John M. Dlugosz (Monsignor) on Jun 04, 2001 at 19:27 UTC
    Chipmunk, that's interesting. I checked the IO::Socket::INET documentation and related pages, plus perlfunc and perlipc, but can't find a description of restricting a listener. I didn't know sockets could do that at all! Can you point to more info on that?
[reply]
      I don't remember where I learned about restricting sockets to specific addresses, and I can't find any really descriptive information on it. Very frustrating... :(

      Here is a relevant snippet from perlipc: 

             And here's a corresponding server to go along with it.
       We'll leave the address as INADDR_ANY so that the kernel
       can choose the appropriate interface on multihomed hosts.
       If you want sit on a particular interface (like the
       external side of a gateway or firewall machine), you
       should fill this in with your real address instead.

      [download]
      And here's something from Socket: 
             INADDR_ANY
            Note: does not return a number, but a packed string.
 
            Returns the 4-byte wildcard ip address which
            specifies any of the hosts ip addresses. (A
            particular machine can have more than one ip address,
            each address corresponding to a particular network
            interface. This wildcard address allows you to bind
            to all of them simultaneously.)  Normally equivalent
            to inet_aton('0.0.0.0').

      [download]
      Let's say you have a machine that has two IP addresses: mymachine.example.com and foo.bar.baz.com. A server program which binds to the address mymachine.example.com will only accept connections made to mymachine.example.com. A program which binds to foo.bar.baz.com will only accept connections to foo.bar.baz.com, and a program that binds to localhost will only accept connections to localhost (which must, of course, also be from localhost).

      On the other hand, a server program which binds to INADDR_ANY will accept connections made to any address that happens to resolve to the machine in question, including mymachine.example.com, foo.bar.baz.com, and localhost. That's usually what you want.

[reply]
[d/l]
[select]
        OK, thanks. It's a mostly-ignored argument to bind(). It never occured to me to use it to select for localhost.

        Now I wonder if more than one listener can exist at the same time on the same port, with mutually exclusive addresses? So get one listener optomized for local connections, and one that works for all clients.

        —John

[reply]
[d/l]

In Section Seekers of Perl Wisdom