[zeromq-dev] Peer ip address ?

Andrew Hume andrew at research.att.com
Wed Jan 15 19:31:20 CET 2014


unfortunately, as he said, third party code might not do this,
and its prone to the service lying.

i would also point out, it is really nontrivial for client code to figure out
what its IP address is (in general)! especially in cases where there are multiple interfaces.
and the ip address the zeromq connection came in on might well be not the
official (or well-known) IP address.

On Jan 15, 2014, at 10:11 AM, Trevor Bernard <trevor.bernard at gmail.com> wrote:

> Simple solution is have the downstream service identify itself in the
> handshake with it's IP address
> 
> On Wed, Jan 15, 2014 at 2:01 PM, Andrew Hume <andrew at research.att.com> wrote:
>> every time i have wanted this, it turned out that it was a stupid way to do
>> what i really wanted.
>> to me, it comes down to this:
>> 
>> 1) do you really care? surprisingly, the answer is often, not really.
>> if you do care, then you HAVE to authenticate.
>> 2) using IP addresses as a proxy for authentication and authorization is a
>> dodgy business;
>> it is more or less convenient but full of surprises and wouldn’t pass muster
>> where i
>> work in a security audit (which i assume you will have if you need to log ip
>> addresses).
>> 
>> On Jan 15, 2014, at 8:14 AM, mraptor <mraptor at gmail.com> wrote:
>> 
>> hi I was looking for a way to find the peer/client ip address.
>> All of the replies I've seen so far say it is not possible to get the IP
>> address of the peer in ZeroMQ.
>> 
>> The main objection for not providing the IP address seem to be that zeromq
>> work on top of protocols which may not be TCP/IP.
>> 
>> The solution pointed by most of the people seems to be to figure out the IP
>> address at the client and pass it as a part of the message.
>> 
>> I'm currently needing the IP address for logging purposes and in the future
>> for filtering and routing.
>> Two problems arise :
>> 
>> 1. What happens if you don't have access to the client code i.e. it is
>> written by third party
>> 2. Second allowing the client to provide the IP address could be major
>> security breach, because if it is up to the client, they can place whatever
>> IP they want, how would you know ?
>> 
>> How do you solve those problems ?  Unless zeromq, already have some means of
>> getting the peer IP, the discussions about this were from 2011 ?
>> 
>> thank you
>> _______________________________________________
>> zeromq-dev mailing list
>> zeromq-dev at lists.zeromq.org
>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>> 
>> 
>> 
>> -----------------------
>> Andrew Hume
>> 949-707-1964 (VO and best)
>> 732-420-0907 (NJ)
>> andrew at research.att.com
>> 
>> 
>> 
>> 
>> _______________________________________________
>> zeromq-dev mailing list
>> zeromq-dev at lists.zeromq.org
>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>> 
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
> 


-----------------------
Andrew Hume
949-707-1964 (VO and best)
732-420-0907 (NJ)
andrew at research.att.com



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20140115/2c990cbb/attachment.htm>


More information about the zeromq-dev mailing list