Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use ip:port as client identificator #2

Open
jfriesse opened this issue Sep 16, 2016 · 2 comments
Open

Use ip:port as client identificator #2

jfriesse opened this issue Sep 16, 2016 · 2 comments
Milestone
0.0.5

Comments

@jfriesse
Copy link
Owner

Currently it's not possible to run omping server and two clients from same IP. Main problem is, that client is identified only by IP address and not UDP IP:port.

This means, that rhlist must be changed to list of server info and list of clients info. List of clients info doesn't change much, but list of server info (about clients) must be dynamically expendable. This also means (because of memory reasons) to implement some kind of garbage collector which will free long time unused client info after some period of time (few minutes but should be tunable).
@jfriesse jfriesse added this to the 0.0.5 milestone Sep 16, 2016
@jfriesse jfriesse mentioned this issue Sep 16, 2016
Closed
@jfriesse jfriesse mentioned this issue Mar 26, 2020
Closed
@Napsty
Copy link

Napsty commented Mar 26, 2020

From troglobit/omping#3

Yep, that explanation makes sense. But if I understand correctly, by using different ports (second server instance listening on another port, second client connecting to this port) this could be worked around? Or did I misunderstand this?

And to avoid that an unwanted client shoots down the master add an optional auth mechanism (kind of similar to what keepalived is doing)? I'm not a C programmer so it would take me two years to wrap my head around it but maybe you'd already know how to do this?

@jfriesse
Copy link
Owner Author

@Napsty Yep, second server instance would solve the problem, but it would be far from perfect - client would need to specify port and also what if there are two such clients running? Basically idea is to allow something like:

$ omping -O server local_ip &
$ omping -O client local_ip &
$ omping -O client local_ip &
...

running without any problem. This is impossible with current implementation.

auth mechanism (or encryption) is neat idea, but it is not defined in the rfc (https://tools.ietf.org/html/rfc6450), so it would need to be implementation specific addition. I'm not sure how exactly this is solved by keepalived, but RFC defines DOS protection in quite simple way - there is configurable maximum number of clients, timeout (so if client doesn't send request for timeout time it is disconnected), client and server id, and list of allowed ips/ranges.

Actually omping initial implementation was really designed to have a omping which behaves both as a client and server. I've implemented server mode just because it seemed to be easy ... and it turned out to be not so much true :)

@jfriesse jfriesse mentioned this issue Aug 30, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.0.5
Development

No branches or pull requests
2 participants
@jfriesse @Napsty