[zeromq-dev] Peer ip address ?

Andrew Hume andrew at research.att.com
Wed Jan 15 19:49:15 CET 2014


again, why all this fuss?
whatever answer it might be, it is neither necessary nor sufficient to do
what raptor wanted.

and as dijkstra said, if you don’t need the answer to be correct, then
there are far quicker ways to compute the answer.


On Jan 15, 2014, at 10:38 AM, Lindley French <lindleyf at gmail.com> wrote:

> >The main objection for not providing the IP address seem to be that zeromq work on top of protocols which may not be >TCP/IP.
> 
> That's easy to solve----make it a "get remote endpoint" function or something, that returns an endpoint string of some type, which is tcp://ip:port in the case of TCP. The harder part is how to identify which peer you're interested in. It's obvious enough for a ROUTER, but the others are less clear. The query might need to be available per-message.
> 
> On Wed, Jan 15, 2014 at 1:31 PM, Andrew Hume <andrew at research.att.com> wrote:
> unfortunately, as he said, third party code might not do this,
> and its prone to the service lying.
> 
> i would also point out, it is really nontrivial for client code to figure out
> what its IP address is (in general)! especially in cases where there are multiple interfaces.
> and the ip address the zeromq connection came in on might well be not the
> official (or well-known) IP address.
> 
> On Jan 15, 2014, at 10:11 AM, Trevor Bernard <trevor.bernard at gmail.com> wrote:
> 
>> Simple solution is have the downstream service identify itself in the
>> handshake with it's IP address
>> 
>> On Wed, Jan 15, 2014 at 2:01 PM, Andrew Hume <andrew at research.att.com> wrote:
>>> every time i have wanted this, it turned out that it was a stupid way to do
>>> what i really wanted.
>>> to me, it comes down to this:
>>> 
>>> 1) do you really care? surprisingly, the answer is often, not really.
>>> if you do care, then you HAVE to authenticate.
>>> 2) using IP addresses as a proxy for authentication and authorization is a
>>> dodgy business;
>>> it is more or less convenient but full of surprises and wouldn’t pass muster
>>> where i
>>> work in a security audit (which i assume you will have if you need to log ip
>>> addresses).
>>> 
>>> On Jan 15, 2014, at 8:14 AM, mraptor <mraptor at gmail.com> wrote:
>>> 
>>> hi I was looking for a way to find the peer/client ip address.
>>> All of the replies I've seen so far say it is not possible to get the IP
>>> address of the peer in ZeroMQ.
>>> 
>>> The main objection for not providing the IP address seem to be that zeromq
>>> work on top of protocols which may not be TCP/IP.
>>> 
>>> The solution pointed by most of the people seems to be to figure out the IP
>>> address at the client and pass it as a part of the message.
>>> 
>>> I'm currently needing the IP address for logging purposes and in the future
>>> for filtering and routing.
>>> Two problems arise :
>>> 
>>> 1. What happens if you don't have access to the client code i.e. it is
>>> written by third party
>>> 2. Second allowing the client to provide the IP address could be major
>>> security breach, because if it is up to the client, they can place whatever
>>> IP they want, how would you know ?
>>> 
>>> How do you solve those problems ?  Unless zeromq, already have some means of
>>> getting the peer IP, the discussions about this were from 2011 ?
>>> 
>>> thank you
>>> _______________________________________________
>>> zeromq-dev mailing list
>>> zeromq-dev at lists.zeromq.org
>>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>> 
>>> 
>>> 
>>> -----------------------
>>> Andrew Hume
>>> 949-707-1964 (VO and best)
>>> 732-420-0907 (NJ)
>>> andrew at research.att.com
>>> 
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> zeromq-dev mailing list
>>> zeromq-dev at lists.zeromq.org
>>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>> 
>> _______________________________________________
>> zeromq-dev mailing list
>> zeromq-dev at lists.zeromq.org
>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>> 
> 
> 
> -----------------------
> Andrew Hume
> 949-707-1964 (VO and best)
> 732-420-0907 (NJ)
> andrew at research.att.com
> 
> 
> 
> 
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
> 
> 
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev


-----------------------
Andrew Hume
949-707-1964 (VO and best)
732-420-0907 (NJ)
andrew at research.att.com



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20140115/f9affaff/attachment.htm>


More information about the zeromq-dev mailing list