[zeromq-dev] Getting connection info from pipe_t?

Ian Barber ian.barber at gmail.com
Sat Nov 17 20:19:45 CET 2012


On Sat, Nov 17, 2012 at 7:11 PM, Merijn Verstraaten
<merijn at inconsistent.nl>wrote:

> On Nov 17, 2012, at 19:54 , Ian Barber wrote:
>
> On Sat, Nov 17, 2012 at 6:44 PM, Merijn Verstraaten <
> merijn at inconsistent.nl> wrote:
>
>>
>> On a side note, I agree that not having providing this information to
>> external users of the library, but I'm unsure why that information
>> shouldn't be made available inside ZMQ? It makes disconnecting/filtering
>> connections significantly harder...
>>
>>
>>
> It's part to do with the (positive) aim of separating transports. Coming
> up with generalisations that effectively capture PGM, IPC, TCP and inproc
> connections (and whatever is added in the future) is challenging. Things
> that make the library work better on one of those than others are likely to
> help specific use cases in the short term, but hurt the consistency of the
> developer experience in the long term, so it's important to tread carefully.
>
>
> Granted, but without some sort of way to disconnect malicious connections
> it's not really viable to run a router accessible to the public internet,
> as anyone can connect and keep the connection open, consuming resources.
>
> I guess the best (protocol agnostic) way forward would be:
> 1) Accept connection
> 2) Wait for an identity (disconnect on some timeout to free resources)
> 3) Verify identity using some application provided checking function
> (lacking any other information about a pipe the only useful authentication
> I can think of is having the server distribute cryptographically signed
> identities and then have the router call a function that checks whether
> this identity was signed by someone trusted)
> 4) Accept or disconnect based on checker resul
>

Yep, I think that is a very valid approach.


> Semi-related: How does ZMQ deal with connections that just send garbage?
> i.e. imagine I open a (bsd) socket connection to a ZMQ port and dump data
> that doesn't conform to the ZMQ wire format, what happens? Data discarded,
> connection dropped, something else?
>

IIRC, that's it. If the data isn't as expected, it's dropped and connection
dropped.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20121117/c5fb3024/attachment.htm>


More information about the zeromq-dev mailing list