[Bro-Dev] 0MQ security considerations

Robin Sommer robin at icir.org
Mon Jul 4 21:58:53 PDT 2011

Thanks a lot for the summary and for trying this, even if eventually

On Mon, Jul 04, 2011 at 16:40 -0500, you wrote:

> upon reconnection.  In 0MQ, the 'tcp' transport is considered a "disconnected"
> TCP transport, meaning that the connectivity state of peers is transparent
> to applications.

Oh, that's actually something that could bite us in another way as
well. When Bro starts talking to Bro, there's some state that's
exchanged initially just after the connection has been setup and
before "normal" messages start being exchanged. If we don't learn
about a reconnect (which is I how interpret your statement above), we
can't do that state exchange.

This *may* be something we could get around by changing parts of the
protocol but (1) that would make switching to 0mq quite a bit more
complicated, and (2) I'm not sure right now whether it would work at

Is there a way around this, like not doing transparent reconnects and
setting up new connections instead?


Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL    * Fax   +1 (510) 666-2956 *   www.icir.org

More information about the bro-dev mailing list