The TCP implementation normally completes the TCP 3-way handshake before the user process even has access to the connection, and the accept()
function merely gets the next connection off the queue. So it is too late to pretend that the server is down. This works the same way for regular TCP data; the TCP implementation does not wait for the application to actually recv()
the data before a TCP ACK is sent. This keeps the other side from needlessly retransmitting packets that were received correctly, and allows the throughput to remain high, even when the application is bogged down with other things. In the case of new connections (SYN packets), this also allows the kernel to protect itself (and the application) from SYN flood attacks.
Although not portable, many platforms provide some sort of firewall capability that will allow filtering incoming connections based on IP address/port. However that is usually configured system-wide and not by an individual application.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…