[zeromq-dev] ELI5: Why can't I get the IP address of the machine that sent a message?
Goswin von Brederlow
goswin-v-b at web.de
Thu Sep 25 04:45:54 CEST 2014
On Wed, Sep 24, 2014 at 07:03:25PM -0700, Michel Pelletier wrote:
> IP addresses are easily spoofed, they should not be used as a security
> mechanism. If you want security, you have to either trust all your
> networks or use curvemq security or some other authentication
> mechanism like a vpn.
>
> 0mq doesn't expose the IP because this is an implementation detail of
> the tcp transport.
>
> -Michel
>
> On Wed, Sep 24, 2014 at 6:57 PM, Scott <alcoholiday at gmail.com> wrote:
> > Hi folks,
> >
> > We had a problem a while back where some 'unknown machine' was sending
> > malformed messages and causing our ZMQ based app to lose it's mind. It took
> > a while to figure that out... And then once a developer on our team found
> > the nastygram he had trouble figuring out what machine was doing this.
> >
> > Is there a design reason that we lose this information in the area between
> > plain ol sockets and ZMQ messages getting delivered to the application?
> >
> > Thanks for your patience and such a great library!
> >
> > -Scott
As a side note: The monitoring interface exposes the IP address. You
can use that to monitor who connects (for logging purposes).
The other interface is: [1] 27/ZAP - ZeroMQ Authentication Protocol
On every connect a ZAP request is generated that includes the
"address, the origin network IP address". And you can set a used id
and metadata in the reply. For example you could use the NULL
(default) machanism and set the user id to the address from the
request.
When you receive a problematic message you can then use
zmq_msg_gets("User-Id") to retrieve the addess of the peer as set in
the ZAP handler.
MfG
Goswin
[1] http://rfc.zeromq.org/spec:27
More information about the zeromq-dev
mailing list