From b6762a6a8be561191ed479d93db78e00c7292e50 Mon Sep 17 00:00:00 2001 From: Pieter Hintjens Date: Tue, 14 Oct 2014 16:29:54 +0200 Subject: [PATCH] Marked TCP and IPC filters as deprecated (ZAP) --- doc/zmq_setsockopt.txt | 188 +++++++++++++++++++++-------------------- include/zmq.h | 8 +- 2 files changed, 102 insertions(+), 94 deletions(-) diff --git a/doc/zmq_setsockopt.txt b/doc/zmq_setsockopt.txt index be01fe13..0025ef5f 100644 --- a/doc/zmq_setsockopt.txt +++ b/doc/zmq_setsockopt.txt @@ -283,77 +283,6 @@ Default value:: 0 (false) Applicable socket types:: all, only for connection-oriented transports. -ZMQ_IPC_FILTER_GID: Assign group ID filters to allow new IPC connections -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Assign an arbitrary number of filters that will be applied for each new IPC -transport connection on a listening socket. If no IPC filters are applied, then -the IPC transport allows connections from any process. If at least one UID, -GID, or PID filter is applied then new connection credentials should be -matched. To clear all GID filters call zmq_setsockopt(socket, -ZMQ_IPC_FILTER_GID, NULL, 0). - -NOTE: GID filters are only available on platforms supporting SO_PEERCRED or -LOCAL_PEERCRED socket options (currently only Linux and later versions of -OS X). - -[horizontal] -Option value type:: gid_t -Option value unit:: N/A -Default value:: no filters (allow from all) -Applicable socket types:: all listening sockets, when using IPC transports. - - -ZMQ_IPC_FILTER_PID: Assign process ID filters to allow new IPC connections -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Assign an arbitrary number of filters that will be applied for each new IPC -transport connection on a listening socket. If no IPC filters are applied, then -the IPC transport allows connections from any process. If at least one UID, -GID, or PID filter is applied then new connection credentials should be -matched. To clear all PID filters call zmq_setsockopt(socket, -ZMQ_IPC_FILTER_PID, NULL, 0). - -NOTE: PID filters are only available on platforms supporting the SO_PEERCRED -socket option (currently only Linux). - -[horizontal] -Option value type:: pid_t -Option value unit:: N/A -Default value:: no filters (allow from all) -Applicable socket types:: all listening sockets, when using IPC transports. - - -ZMQ_IPC_FILTER_UID: Assign user ID filters to allow new IPC connections -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Assign an arbitrary number of filters that will be applied for each new IPC -transport connection on a listening socket. If no IPC filters are applied, then -the IPC transport allows connections from any process. If at least one UID, -GID, or PID filter is applied then new connection credentials should be -matched. To clear all UID filters call zmq_setsockopt(socket, -ZMQ_IPC_FILTER_UID, NULL, 0). - -NOTE: UID filters are only available on platforms supporting SO_PEERCRED or -LOCAL_PEERCRED socket options (currently only Linux and later versions of -OS X). - -[horizontal] -Option value type:: uid_t -Option value unit:: N/A -Default value:: no filters (allow from all) -Applicable socket types:: all listening sockets, when using IPC transports. - - -ZMQ_IPV4ONLY: Use IPv4-only on socket -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Set the IPv4-only option for the socket. This option is deprecated. -Please use the ZMQ_IPV6 option. - -[horizontal] -Option value type:: int -Option value unit:: boolean -Default value:: 1 (true) -Applicable socket types:: all, when using TCP transports. - - ZMQ_IPV6: Enable IPv6 on socket ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Set the IPv6 option for the socket. A value of `1` means IPv6 is @@ -760,25 +689,6 @@ Default value:: N/A Applicable socket types:: ZMQ_SUB -ZMQ_TCP_ACCEPT_FILTER: Assign filters to allow new TCP connections -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Assign an arbitrary number of filters that will be applied for each new TCP -transport connection on a listening socket. If no filters are applied, then -the TCP transport allows connections from any IP address. If at least one -filter is applied then new connection source ip should be matched. To clear -all filters call zmq_setsockopt(socket, ZMQ_TCP_ACCEPT_FILTER, NULL, 0). -Filter is a null-terminated string with ipv6 or ipv4 CIDR. - -NOTE: This option is deprecated, please use authentication via the ZAP API -and IP address whitelisting / blacklisting. - -[horizontal] -Option value type:: binary data -Option value unit:: N/A -Default value:: no filters (allow from all) -Applicable socket types:: all listening sockets, when using TCP transports. - - ZMQ_TCP_KEEPALIVE: Override SO_KEEPALIVE socket option ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Override 'SO_KEEPALIVE' socket option (where supported by OS). @@ -886,6 +796,104 @@ Default value:: not set Applicable socket types:: all, when using TCP transport +ZMQ_TCP_ACCEPT_FILTER: Assign filters to allow new TCP connections +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Assign an arbitrary number of filters that will be applied for each new TCP +transport connection on a listening socket. If no filters are applied, then +the TCP transport allows connections from any IP address. If at least one +filter is applied then new connection source ip should be matched. To clear +all filters call zmq_setsockopt(socket, ZMQ_TCP_ACCEPT_FILTER, NULL, 0). +Filter is a null-terminated string with ipv6 or ipv4 CIDR. + +NOTE: This option is deprecated, please use authentication via the ZAP API +and IP address whitelisting / blacklisting. + +[horizontal] +Option value type:: binary data +Option value unit:: N/A +Default value:: no filters (allow from all) +Applicable socket types:: all listening sockets, when using TCP transports. + + +ZMQ_IPC_FILTER_GID: Assign group ID filters to allow new IPC connections +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Assign an arbitrary number of filters that will be applied for each new IPC +transport connection on a listening socket. If no IPC filters are applied, then +the IPC transport allows connections from any process. If at least one UID, +GID, or PID filter is applied then new connection credentials should be +matched. To clear all GID filters call zmq_setsockopt(socket, +ZMQ_IPC_FILTER_GID, NULL, 0). + +NOTE: GID filters are only available on platforms supporting SO_PEERCRED or +LOCAL_PEERCRED socket options (currently only Linux and later versions of +OS X). + +NOTE: This option is deprecated, please use authentication via the ZAP API +and IPC whitelisting / blacklisting. + +[horizontal] +Option value type:: gid_t +Option value unit:: N/A +Default value:: no filters (allow from all) +Applicable socket types:: all listening sockets, when using IPC transports. + + +ZMQ_IPC_FILTER_PID: Assign process ID filters to allow new IPC connections +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Assign an arbitrary number of filters that will be applied for each new IPC +transport connection on a listening socket. If no IPC filters are applied, then +the IPC transport allows connections from any process. If at least one UID, +GID, or PID filter is applied then new connection credentials should be +matched. To clear all PID filters call zmq_setsockopt(socket, +ZMQ_IPC_FILTER_PID, NULL, 0). + +NOTE: PID filters are only available on platforms supporting the SO_PEERCRED +socket option (currently only Linux). + +NOTE: This option is deprecated, please use authentication via the ZAP API +and IPC whitelisting / blacklisting. + +[horizontal] +Option value type:: pid_t +Option value unit:: N/A +Default value:: no filters (allow from all) +Applicable socket types:: all listening sockets, when using IPC transports. + + +ZMQ_IPC_FILTER_UID: Assign user ID filters to allow new IPC connections +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Assign an arbitrary number of filters that will be applied for each new IPC +transport connection on a listening socket. If no IPC filters are applied, then +the IPC transport allows connections from any process. If at least one UID, +GID, or PID filter is applied then new connection credentials should be +matched. To clear all UID filters call zmq_setsockopt(socket, +ZMQ_IPC_FILTER_UID, NULL, 0). + +NOTE: UID filters are only available on platforms supporting SO_PEERCRED or +LOCAL_PEERCRED socket options (currently only Linux and later versions of +OS X). + +NOTE: This option is deprecated, please use authentication via the ZAP API +and IPC whitelisting / blacklisting. + +[horizontal] +Option value type:: uid_t +Option value unit:: N/A +Default value:: no filters (allow from all) +Applicable socket types:: all listening sockets, when using IPC transports. + + +ZMQ_IPV4ONLY: Use IPv4-only on socket +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Set the IPv4-only option for the socket. This option is deprecated. +Please use the ZMQ_IPV6 option. + +[horizontal] +Option value type:: int +Option value unit:: boolean +Default value:: 1 (true) +Applicable socket types:: all, when using TCP transports. + RETURN VALUE ------------ The _zmq_setsockopt()_ function shall return zero if successful. Otherwise it diff --git a/include/zmq.h b/include/zmq.h index fdf2c65c..cb5b2462 100644 --- a/include/zmq.h +++ b/include/zmq.h @@ -276,7 +276,6 @@ ZMQ_EXPORT const char *zmq_msg_gets (zmq_msg_t *msg, const char *property); #define ZMQ_TCP_KEEPALIVE_CNT 35 #define ZMQ_TCP_KEEPALIVE_IDLE 36 #define ZMQ_TCP_KEEPALIVE_INTVL 37 -#define ZMQ_TCP_ACCEPT_FILTER 38 #define ZMQ_IMMEDIATE 39 #define ZMQ_XPUB_VERBOSE 40 #define ZMQ_ROUTER_RAW 41 @@ -296,9 +295,6 @@ ZMQ_EXPORT const char *zmq_msg_gets (zmq_msg_t *msg, const char *property); #define ZMQ_ZAP_DOMAIN 55 #define ZMQ_ROUTER_HANDOVER 56 #define ZMQ_TOS 57 -#define ZMQ_IPC_FILTER_PID 58 -#define ZMQ_IPC_FILTER_UID 59 -#define ZMQ_IPC_FILTER_GID 60 #define ZMQ_CONNECT_RID 61 #define ZMQ_GSSAPI_SERVER 62 #define ZMQ_GSSAPI_PRINCIPAL 63 @@ -325,6 +321,10 @@ ZMQ_EXPORT const char *zmq_msg_gets (zmq_msg_t *msg, const char *property); #define ZMQ_GSSAPI 3 /* Deprecated options and aliases */ +#define ZMQ_TCP_ACCEPT_FILTER 38 +#define ZMQ_IPC_FILTER_PID 58 +#define ZMQ_IPC_FILTER_UID 59 +#define ZMQ_IPC_FILTER_GID 60 #define ZMQ_IPV4ONLY 31 #define ZMQ_DELAY_ATTACH_ON_CONNECT ZMQ_IMMEDIATE #define ZMQ_NOBLOCK ZMQ_DONTWAIT