[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Monotone-devel] Re: Unix domain sockets
|
From: |
William Uther |
|
Subject: |
[Monotone-devel] Re: Unix domain sockets |
|
Date: |
Sat, 14 Jul 2007 20:20:55 -0700 |
Richard Levitte wrote:
Yes, one: would it be possible to have the server accept connections
both on the usual port and through ssh+ux:?
It shouldn't be too hard. It's more of an interface issue. I'm
actually trying to re-work the interface now so that you can use the
--bind option multiple times, and have the list get passed to Netxx.
The only real issue is when 'find_key()' is being called. It wants
to know the machine name it should find the key for. Tricky when
there are multiple keys.
Brian May wrote:
What benefits do you get in using having socat talk to mtn via a Unix
domain socket instead of the tcp socket on localhost?
I guess there are:
* unix permission checking on socket, so you can restrict access to
certain users on remote machine.
* possibly better performance.
Yes. There is also the issue that if you use a tcp socket on
localhost, you still need a special client transport scheme to
connect to it. It has to either:
i) tunnel the port using ssh, then use a normal socket netsync to
the tunnelled port. That has security implications.
ii) ssh to the other machine then use netcat (or socat) at the
other end to connect to the port.
So, I don't think there are huge advantages of the way I chose, but I
don't think the other way is better either.
Another thought: maybe you could get it to work it with the patch for
openssh for forwarding unix domain socket connections (I haven't
tested it so I don't know how good this is) instead or relying on
socat - it seems slightly cleaner this way, although it won't work
without a patched ssh :-(.
Maybe. I'm planning to add another client side transport: local://
which just connects to a local domain socket. You could use the ssh
forwarding patches to forward the socket, then that scheme to access
the local end. Or you could use the ssh forwarding patches to
forward from a local tcp socket to the remote unix socket, but that
has security issues.
So, it'll be possible soon. The patched ssh is pretty rare though.
And it is easier to make a local socat than to patch the local ssh.
Zack Weinberg wrote:
It would also be handy (mainly for testing purposes) if a server and
client running on the *same machine* could be told to talk to each
other via a network socket. Something like what you have on the
server side, and on the client side, use file:///path to specify the
socket...?
Yeah - I'll introduce a local:// scheme to do that.
Be well,
Will :-}
- [Monotone-devel] Re: Unix domain sockets,
William Uther <=