Hi, On Fri, Aug 16, 2013 at 8:15 AM, Martin Sustrik <sustrik@xxxxxxxxxx> wrote: > On 14/08/13 22:08, Paul Colomiets wrote: > >> Isn't the good way to solve the problem is to declare that your >> service requires ports 5550-5650? One may declare that port 5555 used >> for requests 5556 for heartbeats and 5557-5650 are reserved for future >> use. > > > That's like asking for a carte blanche: "Please open these 100 ports for me. > I don't know what I'll use them for yet, but they may come handy in the > future." Not sure it's much different from opening a TCPMUX port. > Yes. This is a key point. From point of view of security it's the same. From point of view of network management different ports are better (e.g. to understand which service is being DoS-attacked, etc.) But anyway, as far as I understand there is a external daemon for handing TCPMUX, and the job of nanomsg is to be able to receive socket using SCM_RIGHTS. So, I think we can allow nanomsg to nn_listen() and nn_connect() to an "fd://1234". So it can serve other purposes too: 1. Bind privileged port, pass it as file descriptor 2. Use nanomsg over unix pipe 3. Share listening socket between (forked) processes 4. Accept socket via SCM_RIGHTS and pass it to nanomsg This way we allow the functionality but does not hardcode the nanomsg to a specific implementation of TCPMUX (there is no standard for local communication with TCPMUX-daemon, right?) Thoughts? > Btw, for the sake of discussion, the guys at IETF pointed me to this > document: > > http://tools.ietf.org/id/draft-touch-tcp-portnames-00.txt > The change to TCP is not going to happen, but it contains nice summary of current state of affairs. Also it's unclear why it haven't done for IPv6 :( BTW, with the IPv6 the port problem does not exists, because everybody can have any number of ip addresses with single port, right? Also there is mentioned RPCBIND. As far as I understand it can help us to build complex projects with multiple services with the configuration along the lines of: project: foo hosts: [10.0.0.1, 10.0.0.2, 10.0.0.3] That having the service ports for hundreds of internal services discovered by RPCBIND. Have it ever been considered for nanomsg? Or does it fall out of scope of the library? -- Paul