NetMQ中如何识别传入连接的物理地址? [英] How to identify the physical address of incoming connections in NetMQ?
问题描述
在 NetMQ 的路由器-经销商示例中,我们看到客户可以设置自己的身份.这对于记录目的很有用.但是,如果我只控制服务器(路由器)的代码而不控制客户端(经销商)的代码呢?如果某些客户端不想以对我的服务器有意义的方式设置身份怎么办?当客户没有在消息或身份中明确提供给我时,我如何在我的日志中包含物理地址?
In the router-dealer example for NetMQ, we see that clients can set their own identity. This can be useful for logging purposes. However, what if I only control code for the server (router) and not the code for the clients (dealers)? What if some clients don't bother to set the identity in a way that is meaningful for my server? How do I include the physical address in my logs, when the client doesn't specifically give it to me in the message or identity?
如果你只知道基于 ZeroMQ 的其他实现的答案,我会很感兴趣听到它,但最终我想要一些可以在 NetMQ 中完成的东西.
If you only know the answer based on some other implementation of ZeroMQ, I will be interested to hear it, but ultimately I want something that can be accomplished in NetMQ.
推荐答案
如何在 NetMQ 中识别传入连接的物理地址?
好吧,似乎没有魔法可以做到这一点:
Well, there seems to be no magic ready to do this:
虽然处于 v4.2+ 之前的状态的 API-s 已经为设置身份启用了一些帮助,这为应用程序级代码提供了一些机会来了解某些消息的来源"(参考文档所有较低级别的细节和限制)并非所有可扩展的正式通信模式原型都可以使用它.
While API-s in pre-v4.2+ state have already enabled some help for settings identities, that make some chances for application-level code to become aware of some of the messages' "origin" ( ref. documentation for all lower level details and limitations ) not all Scalable Formal Communication Pattern Archetype can use this.
接下来,整个马戏团还依赖于将这样一条辅助"信息包含(和/或不包含)信息流处理中的自由意志.因此,身份框架的概念有点弱原则,您的侧应用程序级代码只能希望和祈祷接收一些,但原则上不能保证接收任何此类,因为零远程执行策略似乎2018/Q2 在 API v4.2 下可用.
Next, the whole circus also depends on a free-will to include ( and/or not to include ) such a "helper" piece of information into the processing of the flow of messages. So, the concept of identity-frame(s) is sort of a weak-principle and your side application-level code can only hope and pray to receive some, but principally has no warranty for receiving any such, as zero remote enforcement policy seems available for this under API v4.2 in 2018/Q2.
当客户没有在消息或身份中明确提供给我时,我如何在我的日志中包含物理地址?
How do I include the physical address in my logs, when the client doesn't specifically give it to me in the message or identity?
[法律方面]相信有完全合法的公平理由这样做,
对人权的基本尊重
提供一个人的身份与否
是应用在这里,是不是?
除了 GDPR 和其他隐私保护法律框架之外,即使被评估为技术挑战,这部分也更加困难,至少在 2018 年第 2 季度有许多可用的传输类:
这些:{ inproc://|ipc://|tcp://|pgm://|epgm://|vmci://},所以任何一方都很难配备一些魔术嗅探器来检测任何/所有上述所需的软知识映射(实际发送或未发送的身份字符串) 与实际的传输类解码器一起嗅探.
Besides the GDPR and other privacy protecting legal framework, this part is way harder even if assessed as just a technical challenge, there are many transport-classes available, as of 2018-Q2 at least:
these : { inproc:// | ipc:// | tcp:// | pgm:// | epgm:// | vmci:// }, so either side would hardly be equipped with some magic-sniffer to detect any / all of the above required mappings of soft-knowledge ( the actually sent or not sent identity-strings ) with the actual transport-class decoder to sniff with.
接下来,并不是所有的连接都可以轻松嗅探,是吗?
Next, not all connections are easily sniff-able, are they?
最终我想要一些可以在 NetMQ 中完成的东西.
鉴于您的声明,您的控制域不包含一般distributed-system 的问题没有什么要做,除了巨大的 MITM/intel 间谍级努力被激励开发所有传输类覆盖对可能的多对多连接网格已经很复杂的拓扑结构进行隐私穿透筛选,但对任何伪造"身份和许多其他问题具有更高的鲁棒性,以使这些努力具有功能性、通用性、不显眼且足够强大,因此为了让他们有意义
(
如果还不知道,请注意——如[ 不到五秒的零MQ层次结构 ] Section -- one ZeroMQ-Context()-instance 可能有 many zmq.Socket()-instances,每个可能有许多-AccessPoint-s,每个可能使用不同的传输类并且可能得到.bind()/.connect()-ed 到许多不同的远程对等 AccessPoint-s,确实是一团糟的拓扑形态:o)
)
Given your statement, that your domain of control does not contain the remote ( client-side ) agents in a general distributed-system there is not much about to do, except an enormous MITM/intel spying-grade efforts were motivated to develop an all transport-classes covering privacy penetrating screening over the already complex topologies of possible many-to-many connection meshes, yet with an added level of robustness against any "faked" identities and many other problems to make such efforts functional, universal, unobtrusive and yet robust enough, so as to make 'em meaningful
(
if not aware yet, kindly notice -- as depicted in [ ZeroMQ hierarchy in less than a five seconds ] Section -- one ZeroMQ-Context()-instance may have many zmq.Socket()-instances, each of which may have many-AccessPoint-s, each of which may use a different transport-class and may get .bind()/.connect()-ed to many different remote peer AccessPoint-s, so indeed a wild mess of topology morphologies are out there :o)
)
这篇关于NetMQ中如何识别传入连接的物理地址?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
