Hi Garrett, On Sun, Nov 16, 2014 at 12:24 AM, Garrett D'Amore <garrett@xxxxxxxxxx> wrote: > > Well, I’m assuming that you need to use either different TCP port numbers (or > addresses), or use a two tier hand off, if you want to work with separate > processes. (Imagine a gateway process that does the accept, a little bit of > logic, and then forks the actual actual application, choosing to exec() the > appropriate app based on the URI Path element. > Well, I believe we are doing everything to not to do this kind of things in nanomsg. E.g. we don't implement authentication of connection in handshake, but are trying to design security around encryption. But see below... > > I view tunneling as a less-than-wonderful approach in the general case, but > probably quite useful certain problem sets. I’d leave this well outside of > the protocol specification though, and instead leave it to applications. > Sure, with little refinement: "leave outside of *this* protocol specification". But I think it eventually should be a standardazed tool for this. >> >> 2. A gateway approach a/k/a zerogw or mongrel2. The process that >> accepts connections, authenticates, does DoS protection, and tunnels >> messages to nanomsg network. > > Instead of “tunnels”, think, *hands off*. E.g. the fork/exec of the actual > proper program, once the websocket connection is established. > Well for this to work we need more things: 1. We do not support fork(), which leaves nanomsg library operating in child. And presumably it's impossible. 2. We don't support accepting file descriptor instead of address, but probably should (it's useful for other things, like socket activation, or network namespaces) 3. We don't support getting file descriptor from nanomsg socket. And presumably should never do. It's also probably not very wise for performance (fork on every connect). It's also breaks every other aspect of design, I believe nanomsg assumes that connecting to the same address connects to the same process. -- Paul