[nanomsg] Re: Adding support for TLS

  • From: Alex Elsayed <eternaleye@xxxxxxxxx>
  • To: nanomsg@xxxxxxxxxxxxx
  • Date: Mon, 24 Mar 2014 14:39:47 -0700

Garrett D'Amore wrote:

> On Mar 23, 2014, at 10:23 PM, Martin Sustrik
> <sustrik@xxxxxxxxxx> wrote:
>> On 24/03/14 02:34, Garrett D'Amore wrote:

<snip>

>>> (Indeed, I’ve considered writing snoop or tcpdump extensions to
>>> decode the handshake… I think this would be useful to
>>> administrators trying to figure out what is going on.
>> 
>> I once implemented a plug-in for wireshark (AMQP) and IIRC it was an
>> easy enough task to do.
>> 
>> As for SP, there are some problems though:
>> 
>> 1. The TCP wire format is so "packed" that it's impossible to
>> distinguish message boundaries unless you are following the connection
>> from it's very beginning. Catching up in the middle of a stream can be
>> tricky (unless you make an assumptio that messages are aligned with
>> TCP packets of course).
>> 
>> 2. Similar problem with different SP protocols: You know which one is
>> used only if you sniff the beginning of TCP connection. Later on
>> there's no way to tell.
> 
> Yeah I didn’t think about that.  Still, you often are sniffing at the
> start of the connection.  If you are catching up in the middle of the
> connection, you’re hosed, but I think this is common with other protocols.
>  For example, web socket, even HTTP, you don’t get useful information
> except during the initial handshake phase.  Folks doing debugging with
> these tools probably are used to this limitation.

Well, that's what tools like mitmproxy are for.



Other related posts: