Which is why STUN was created. http://tools.ietf.org/html/rfc5389
On Wed, Jan 15, 2014 at 8:31 PM, Andrew Hume <[email protected]>wrote: > unfortunately, as he said, third party code might not do this, > and its prone to the service lying. > > i would also point out, it is really nontrivial for client code to figure > out > what its IP address is (in general)! especially in cases where there are > multiple interfaces. > and the ip address the zeromq connection came in on might well be not the > official (or well-known) IP address. > > On Jan 15, 2014, at 10:11 AM, Trevor Bernard <[email protected]> > wrote: > > Simple solution is have the downstream service identify itself in the > handshake with it's IP address > > On Wed, Jan 15, 2014 at 2:01 PM, Andrew Hume <[email protected]> > wrote: > > every time i have wanted this, it turned out that it was a stupid way to do > what i really wanted. > to me, it comes down to this: > > 1) do you really care? surprisingly, the answer is often, not really. > if you do care, then you HAVE to authenticate. > 2) using IP addresses as a proxy for authentication and authorization is a > dodgy business; > it is more or less convenient but full of surprises and wouldn’t pass > muster > where i > work in a security audit (which i assume you will have if you need to log > ip > addresses). > > On Jan 15, 2014, at 8:14 AM, mraptor <[email protected]> wrote: > > hi I was looking for a way to find the peer/client ip address. > All of the replies I've seen so far say it is not possible to get the IP > address of the peer in ZeroMQ. > > The main objection for not providing the IP address seem to be that zeromq > work on top of protocols which may not be TCP/IP. > > The solution pointed by most of the people seems to be to figure out the IP > address at the client and pass it as a part of the message. > > I'm currently needing the IP address for logging purposes and in the future > for filtering and routing. > Two problems arise : > > 1. What happens if you don't have access to the client code i.e. it is > written by third party > 2. Second allowing the client to provide the IP address could be major > security breach, because if it is up to the client, they can place whatever > IP they want, how would you know ? > > How do you solve those problems ? Unless zeromq, already have some means > of > getting the peer IP, the discussions about this were from 2011 ? > > thank you > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > > > > ----------------------- > Andrew Hume > 949-707-1964 (VO and best) > 732-420-0907 (NJ) > [email protected] > > > > > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > > > > ----------------------- > Andrew Hume > 949-707-1964 (VO and best) > 732-420-0907 (NJ) > [email protected] > > > > > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > > -- Aurélien Vallée Phone +33 9 77 19 85 61
_______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
