[zeromq-dev] Getting connection info from pipe_t?

Merijn Verstraaten merijn at inconsistent.nl
Sat Nov 17 20:11:36 CET 2012

On Nov 17, 2012, at 19:54 , Ian Barber wrote:
> On Sat, Nov 17, 2012 at 6:44 PM, Merijn Verstraaten <merijn at inconsistent.nl> wrote:
> On a side note, I agree that not having providing this information to external users of the library, but I'm unsure why that information shouldn't be made available inside ZMQ? It makes disconnecting/filtering connections significantly harder...
> It's part to do with the (positive) aim of separating transports. Coming up with generalisations that effectively capture PGM, IPC, TCP and inproc connections (and whatever is added in the future) is challenging. Things that make the library work better on one of those than others are likely to help specific use cases in the short term, but hurt the consistency of the developer experience in the long term, so it's important to tread carefully.

Granted, but without some sort of way to disconnect malicious connections it's not really viable to run a router accessible to the public internet, as anyone can connect and keep the connection open, consuming resources.

I guess the best (protocol agnostic) way forward would be:
1) Accept connection
2) Wait for an identity (disconnect on some timeout to free resources)
3) Verify identity using some application provided checking function (lacking any other information about a pipe the only useful authentication I can think of is having the server distribute cryptographically signed identities and then have the router call a function that checks whether this identity was signed by someone trusted)
4) Accept or disconnect based on checker result

I guess disconnecting can simply be done by calling terminate on the relevant pipe?

Semi-related: How does ZMQ deal with connections that just send garbage? i.e. imagine I open a (bsd) socket connection to a ZMQ port and dump data that doesn't conform to the ZMQ wire format, what happens? Data discarded, connection dropped, something else?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20121117/fc7a17b2/attachment.htm>

More information about the zeromq-dev mailing list