New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

core: Unidirectional routing mode #132

dw opened this Issue Mar 12, 2018 · 0 comments


None yet
1 participant
Copy link

dw commented Mar 12, 2018

For an existing application like Ansible where we are aiming to provide a drop-in replacement for its lower layers, some of Mitogen's functionality is not only unnecessary, but may cause it fail a security review because of the new communication modes that are enabled.

The most obvious of these is the ability for siblings to momentarily be able to communicate. Even if the library is otherwise secure, it is possible to have an existing Ansible configuration that, for example, deploys to 2 simultaneous regions, where those regions are intended to have zero connectivity between each other.

One very simple (and actually quite comforting) change to the library would be to prevent children from communicating with anyone except their parents. This supports all the communication styles required for Ansible today, along with all of the features I'd like to implement in future.

This ticket is to add some kind of routing policy to the library, to control where a child can deliver messages.


  • "Unidirectional routing" doesn't quite describe the feature. Needs a better name

Implementation choices:

  • A simple all-or-nothing mode set globally during bootstrap, that prevents any child from communicating with any context except for indirect parents
  • A per-stream or per-context mode that would permit configuration like above, but additionally allow for exceptions, such as would be required for running fakessh or forwarding sockets between siblings

"EASY" label guide:

  • is pretty much the only place that needs some extra logic, the remainder of the work is deciding on how to pass the configured mode around
  • is probably one of those places -- the mode needs to passed as a parameter to ExternalContext.main(), and subsequently used to configure the Router it instantiates.

@dw dw added this to the ansible_mitogen 0.0.1 milestone Mar 12, 2018

@dw dw added the security label Mar 12, 2018

dw added a commit that referenced this issue May 8, 2018

@dw dw closed this in bd2cc08 May 8, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment