implement ROS_IP=localhost behavior for roscpp, and for outbound rospy connections #452
Conversation
…onnections to other hosts
…nings to print out
…ocalhost is set, and only connect to local interfaces if so. this is the behavior implied by the ROS_IP documentation, which was previously only implemented for inbound connections.
|
Test passed. |
|
Anywhere that we check for |
| { | ||
| // we must verify that the requested connection is to localhost | ||
| char our_hostname[256] = {0}; | ||
| gethostname(our_hostname, sizeof(our_hostname)-1); |
There was a problem hiding this comment.
What about the case where we're asked to connect to a node via one of our own non-loopback IP addresses? E.g., we're in 'localhost' mode and we hear about a publisher at '192.168.1.100', which is our own address? That connection should be allowed. I think that we need to iterate over all of our own IP addresses, plus our hostname (maybe fully-qualified and not?), plus the special cases of 'localhost', '127.*', etc. Basically, we need to match on any host/address string that legitimately matches our machine.
Looking at the Python version, it seems that we need some form of rosgraph.network.is_local_address().
Same for the UDP case below.
|
According to the docs (http://wiki.ros.org/ROS/EnvironmentVariables#ROS_IP.2BAC8-ROS_HOSTNAME)
So I don't think that setting |
|
OK thanks for the feedback. I thought that localhost was being treated as a
|
…ache them to compare against incoming connection requests.
|
not sure what the Jenkins failures mean, but anyway I think that I have incorporated the feedback and it is not quite as ugly as my first attempt. I added a new file, transport.cpp, which factors all of this into one place. The local hostname/addresses are cached in the Transport class and spun through when needed. |
|
Test passed. |
| /* | ||
| * Software License Agreement (BSD License) | ||
| * | ||
| * Copyright (c) 2014, Open Source Robotics Foundation |
There was a problem hiding this comment.
Open Source Robotics Foundation, Inc.
| return true; // hooray | ||
| } | ||
| ROS_WARN("ROS_HOSTNAME / ROS_IP is set to only allow local connections, so " | ||
| "a requested connection to %s is being rejected.", host.c_str()); |
There was a problem hiding this comment.
Please put single quotes around the %s to make it more readable:
.. connection to '%s' is being ...
There was a problem hiding this comment.
Thank you; these changes are now incorporated into the PR.
On Mon, Jun 30, 2014 at 1:54 PM, Dirk Thomas notifications@github.com
wrote:
In clients/roscpp/src/libros/transport/transport.cpp:
+bool Transport::isHostAllowed(const std::string &host)
+{
- if (!only_localhost_allowed_)
- return true; // doesn't matter; we'll connect to anybody
- if (host.length() >= 4 && host.substr(0, 4) == std::string("127."))
- return true; // ipv4 localhost
- // now, loop through the list of valid hostnames and see if we find it
- for (std::vectorstd::string::iterator it = allowed_hosts_.begin();
it != allowed_hosts_.end(); ++it)- {
- if (host == *it)
return true; // hooray- }
- ROS_WARN("ROS_HOSTNAME / ROS_IP is set to only allow local connections, so "
"a requested connection to %s is being rejected.", host.c_str());Please put single quotes around the %s to make it more readable:
.. connection to '%s' is being ...
—
Reply to this email directly or view it on GitHub
https://github.com/ros/ros_comm/pull/452/files#r14375058.
| }; | ||
|
|
||
| } | ||
|
|
||
| #endif // ROSCPP_TRANSPORT_H | ||
|
|
There was a problem hiding this comment.
The file already has a trailing newline. Please remove the additional one.
There was a problem hiding this comment.
done
On Mon, Jun 30, 2014 at 2:25 PM, Dirk Thomas notifications@github.com
wrote:
In clients/roscpp/include/ros/transport/transport.h:
};
}
#endif // ROSCPP_TRANSPORT_H
+The file already has a trailing newline. Please remove the additional one.
—
Reply to this email directly or view it on GitHub
https://github.com/ros/ros_comm/pull/452/files#r14376694.
|
Test passed. |
| if (ros_hostname_env && !strcmp(ros_hostname_env, "localhost")) | ||
| only_localhost_allowed_ = true; | ||
| else if (ros_ip_env && !strncmp(ros_ip_env, "127.", 4)) | ||
| only_localhost_allowed_ = true; |
There was a problem hiding this comment.
This line also needs to work with IPv6 addresses.
| @@ -518,6 +518,16 @@ def connect(self, dest_addr, dest_port, endpoint_id, timeout=None): | |||
| @type timeout: float | |||
| @raise TransportInitError: if unable to create connection | |||
| """ | |||
| # first make sure that if ROS_IP=localhost, we will not attempt | |||
There was a problem hiding this comment.
Sorry, for bother about more details... but the comment should refer to ROS_HOSTNAME.
|
Test failed. Update: this failure is due to a flaky unit test and I will therefore ignore it and still merge the patch. |
|
+1 for Indigo |
|
Squashed and merged in 8713a1e |
|
@CodeBot9000 Can you please update the documentation in the wiki to clarify the previous behavior as well as the new behavior as of Indigo (and post the link to the wiki changes here)? |
|
Test passed. |
The wiki doc for ROS_IP: http://wiki.ros.org/ROS/EnvironmentVariables says that setting ROS_IP=localhost will "prevent remote components from being able to talk to your local component." This can be useful in some settings. However, this behavior was previously only implemented for inbound rospy topic connections and services. This pull request implements it for inbound and outbound roscpp connections, and for outbound rospy connections.