Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NSM URL and liblo shortcomings #54

Open
diovudau opened this issue Aug 3, 2020 · 3 comments
Open

NSM URL and liblo shortcomings #54

diovudau opened this issue Aug 3, 2020 · 3 comments

Comments

@diovudau
Copy link
Contributor

diovudau commented Aug 3, 2020
edited
Loading

At the moment it is not possible to let nsmd run under an url of the users choice.
@SpotlightKid researched the following

  • liblo with IPv6 does not work reliably. nsmd/libo-server started with ipv6 will only listen on ipv6. Clients that connect with ipv4 will not connect (e.g. jackpatch. but the pynsm clients will. This can lead to confusion because it seems like it is partially working)
  • liblo OSC server cannot be instructed to bind to a specific hostname or network interface. It binds to all available interfaces.
  • you cannot get nsmd to only listen on/to localhost, only 0.0.0.0 etc.
  • the port can be chosen
    ** nsmd only offers --osc-port
    ** nsm-legacy-gui offers --nsm-url but that is only to connect to a running server. If not existent it will not start one
  • Unrelated, but also important: historically liblo was bad with tcp/ip, therefor nsmd chose UDP in 2012. It needs to be reviewed if this is still a problem because TCP is the better protocoll for session management.

Besides security issues (which may or may not be relevant for an audio-production system, that is not the question here) this may lead to problems with more advanced network setups
@SpotlightKid
Copy link

SpotlightKid commented Aug 3, 2020
edited
Loading

Reference for liblo not allowing to which address to bind to:

https://sourceforge.net/p/liblo/mailman/message/34989152/
http://liblo.sourceforge.net/docs/group__liblolowlevel.html#ga4afa474b11ed0d4511857ae79c56aaa1

@cbix
Copy link

cbix commented Dec 11, 2020

This is a security issue. Not having any authentication in place, users will need to configure a local firewall or someone can control their nsmd from outside.

(Also a friendly reminder that NAT is not considered a firewall for good reasons ;))

@mxmilkiib mxmilkiib mentioned this issue Feb 21, 2021
Closed
@nedko
Copy link
Contributor

nedko commented Aug 20, 2022

@diovudau "historically liblo was bad with tcp/ip, therefor nsmd chose UDP in 2012. It needs to be reviewed if this is still a problem because TCP is the better protocoll for session management." could you please hive more insight for "liblo was bad with tcp"? I recall Jonathan favouring UDP but I havent been able to catch the reasoning behind this. It may be as little as that for non-multihost setups in protected Intranet environment there are no issues with using UDP for localhost IPC.

I would also like to propose pynsm not to favour UDP (as it currently does https://github.com/jackaudio/new-session-manager/blob/master/extras/pynsm/nsmclient.py ), as IMO it is/was intentionally worded that NSM clients have obey session-manager-supplied URLs and I would extend this to assumption that clients should use the same transport protocol as server (be it TCP, UDP, or unix pipe). OTOH if pynsm/nsmclient.py it is used only for localhost communication, UDP is fine. For new-session-manager it may be perfectly OK to have single host setups. For ladish I will avoid UDP packet loss deployments, for the sake of session loading reliability.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nedko @diovudau @cbix @SpotlightKid