 |
Robot Raconteur Core C++ Library
|
|
Robot Raconteur Core C++ Library
|
Transport for Transport Control Protocol Internet Protocol (TCP/IP) networks. More...
Public Member Functions | |
| TcpTransport (const boost::shared_ptr< RobotRaconteurNode > &node=RobotRaconteurNode::sp()) | |
| Construct a new TcpTransport. More... | |
| virtual int32_t | GetDefaultReceiveTimeout () |
| Get the default receive timeout. More... | |
| virtual void | SetDefaultReceiveTimeout (int32_t milliseconds) |
| Set the default receive timeout. More... | |
| virtual int32_t | GetDefaultConnectTimeout () |
| Get the default connect timeout. More... | |
| virtual void | SetDefaultConnectTimeout (int32_t milliseconds) |
| Set the default connect timeout. More... | |
| virtual void | StartServer (int32_t porte, bool localhost_only=false, boost::function< bool(const boost::asio::ip::tcp::endpoint &)> accept_filter=0) |
| Start the server on the specified TCP port. More... | |
| virtual void | StartServerUsingPortSharer () |
| Start the server using the TCP port sharer. More... | |
| virtual bool | IsPortSharerRunning () |
| Check if the port sharer is running. More... | |
| virtual void | StartServer (const std::vector< boost::asio::ip::tcp::endpoint > &listen_endpoints, boost::function< bool(const boost::asio::ip::tcp::endpoint &)> accept_filter=0) |
| Start the server on the specified TCP endpoints. More... | |
| virtual std::vector< boost::asio::ip::tcp::endpoint > | GetListenEndpoints () |
| Get the TCP endpoints the server is listening on. More... | |
| virtual std::vector< boost::asio::ip::tcp::endpoint > | GetResolvedListenEndpoints () |
| Get the TCP endpoints the server is listening with "all" addresses resolved to specific addresses. More... | |
| RR_OVIRTUAL std::vector< std::string > | GetServerListenUrls () RR_OVERRIDE |
| Get the TCP endpoints the server is listening on as Robot Raconteur candidate URLs. More... | |
| void | EnableNodeDiscoveryListening (uint32_t flags=(IPNodeDiscoveryFlags_LINK_LOCAL)) |
| Enable node discovery listening. More... | |
| void | DisableNodeDiscoveryListening () |
| Disable node discovery listening. | |
| void | EnableNodeAnnounce (uint32_t flags=(IPNodeDiscoveryFlags_LINK_LOCAL)) |
| Enable node discovery announce. More... | |
| void | DisableNodeAnnounce () |
| Disable node discovery announce. | |
| int32_t | GetNodeAnnouncePeriod () |
| Get the period between node announce. More... | |
| void | SetNodeAnnouncePeriod (int32_t millis) |
| Set the period between node announce. More... | |
| virtual int32_t | GetDefaultHeartbeatPeriod () |
| Get the default heartbeat period. More... | |
| virtual void | SetDefaultHeartbeatPeriod (int32_t milliseconds) |
| Set the default heartbeat period. More... | |
| virtual int32_t | GetMaxMessageSize () |
| Get the maximum serialized message size. More... | |
| virtual void | SetMaxMessageSize (int32_t size) |
| Set the maximum serialized message size. More... | |
| virtual int32_t | GetMaxConnectionCount () |
| Get the maximum number of concurrent connections. More... | |
| virtual void | SetMaxConnectionCount (int32_t count) |
| Set the maximum number of concurrent connections. More... | |
| virtual bool | GetRequireTls () |
| Get if all connections require TLS. More... | |
| virtual void | SetRequireTls (bool require_tls) |
| Set if all connections require TLS. More... | |
| virtual void | LoadTlsNodeCertificate () |
| Load the TLS certificate from the system. More... | |
| virtual bool | IsTlsNodeCertificateLoaded () |
| Check if TLS certificate is loaded. More... | |
| virtual bool | IsTransportConnectionSecure (uint32_t endpoint) |
| Check if specified endpoint is using TLS for its transport. More... | |
| virtual bool | IsTransportConnectionSecure (const boost::shared_ptr< Endpoint > &endpoint) |
| Check if specified endpoint is using TLS for its transport. More... | |
| virtual bool | IsTransportConnectionSecure (const boost::shared_ptr< RRObject > &obj) |
| Check if specified endpoint is using TLS for its transport. More... | |
| virtual bool | IsTransportConnectionSecure (const boost::shared_ptr< ITransportConnection > &transport) |
| Check if specified endpoint is using TLS for its transport. More... | |
| virtual bool | IsSecurePeerIdentityVerified (uint32_t endpoint) |
| Check if specified endpoint peer is using TLS and has been verified using a certificate. More... | |
| virtual bool | IsSecurePeerIdentityVerified (const boost::shared_ptr< Endpoint > &endpoint) |
| Check if specified endpoint peer is using TLS and has been verified using a certificate. More... | |
| virtual bool | IsSecurePeerIdentityVerified (const boost::shared_ptr< RRObject > &obj) |
| Check if specified endpoint peer is using TLS and has been verified using a certificate. More... | |
| virtual bool | IsSecurePeerIdentityVerified (const boost::shared_ptr< ITransportConnection > &transport) |
| Check if specified endpoint peer is using TLS and has been verified using a certificate. More... | |
| virtual std::string | GetSecurePeerIdentity (uint32_t endpoint) |
| Get the identity of the peer if secured using TLS. More... | |
| virtual std::string | GetSecurePeerIdentity (const boost::shared_ptr< Endpoint > &endpoint) |
| Get the identity of the peer if secured using TLS. More... | |
| virtual std::string | GetSecurePeerIdentity (const boost::shared_ptr< RRObject > &obj) |
| Get the identity of the peer if secured using TLS. More... | |
| virtual std::string | GetSecurePeerIdentity (const boost::shared_ptr< ITransportConnection > &transport) |
| Get the identity of the peer if secured using TLS. More... | |
| virtual bool | GetAcceptWebSockets () |
| Get if the transport will accept incoming HTTP WebSocket connections. More... | |
| virtual void | SetAcceptWebSockets (bool value) |
| Set if the transport will accept incoming HTTP websocket connections. More... | |
| virtual std::vector< std::string > | GetWebSocketAllowedOrigins () |
| Get the currently configured WebSocket origins. More... | |
| virtual void | AddWebSocketAllowedOrigin (boost::string_ref origin) |
| Add a WebSocket allowed origin. More... | |
| virtual void | RemoveWebSocketAllowedOrigin (boost::string_ref origin) |
| Remove a previously added WebSocket origin. More... | |
| virtual bool | GetDisableMessage4 () |
| Get disable Message Format Version 4. More... | |
| virtual void | SetDisableMessage4 (bool d) |
| Set disable Message Format Version 4. More... | |
| virtual bool | GetDisableStringTable () |
| Get disable string table. More... | |
| virtual void | SetDisableStringTable (bool d) |
| Set disable string table. More... | |
| virtual bool | GetDisableAsyncMessageIO () |
| Get if async message io is disabled. More... | |
| virtual void | SetDisableAsyncMessageIO (bool d) |
| Set if async message io is disabled. More... | |
Transport for Transport Control Protocol Internet Protocol (TCP/IP) networks.
It is recommended that ClientNodeSetup, ServerNodeSetup, or SecureServerNodeSetup be used to construct this class.
See robotraconteur_url for more information on URLs.
The TcpTransport implements transport connections over TCP/IP networks. TCP/IP is the most common protocol used for Internet and Local Area Network (LAN) communication, including Ethernet and WiFi connections. The Transport Control Protocol (TCP) is a reliable stream protocol that establishes connections between devices using IP address and port pairs. Each adapter has an assigned address, and applications create connections on different ports. TcpTransport listens to the port specified in StartServer(), and the client uses a URL containing the IP address and port of the listening transport. The TcpTransport uses the established connection to pass messages between nodes.
The IP protocol is available in two major versions, IPv4 and IPv6. The most common is IPv4, and its 32 bit address is typically written as four numbers, ie 172.17.12.174. IPv4 has a number of critical limitations, the greatest being its 2^32 address limit (approximately 4 billion). This is a problem when there are tens of billions of internet connected devices already present. IPv6 introduces a 128 bit address space, which allows for approximately 3.4×10^38 possible addresses. The major advantage for Robot Raconteur is the introduction of "link-local" addresses. These addresses begin with "FE80::" and finish with an "EUI-64" address, which is tied to the MAC address of the adaptor. IPv4 addresses need to be assigned to devices locally, and have a tendency to change. IPv6 addresses are permanently assigned to the adapter itself, meaning that network configuration for LAN communication is essentially automatic. Robot Raconteur will prefer IPv6 connections when possible for this reason.
The TcpTransport is capable of using "raw" streams that implement the Robot Raconteur message protocols, or to use HTTP WebSockets. HTTP WebSockets allow Robot Raconteur to communicate seamlessly with browsers and HTTP servers without requiring additional plugins. WebSockets provide additional security using "origins". See AddWebSocketAllowedOrigin() for more information.
The TcpTransport supports TLS encryption using certificates. See tls_security for more information on TLS. The TcpTransport supports four modes of TLS encryption:
| Scheme | Description | Direction |
|---|---|---|
| rrs+tcp | "Raw" protocol with TLS | Both |
| rr+wss | Websocket over HTTPS | Client Only |
| rrs+ws | Websocket with RobotRaconteur TLS over HTTP | Both |
| rrs+wss | Websocket with RobotRaconteur TLS over HTTPS | Client Only |
The different combinations of TLS and HTTPS for websockets are used for different scenarios. Robot Raconteur Core can initiate HTTPS connections, but cannot accept them. Accepting HTTPS connections requires a certificate issued by an authority like GoDaddy or Digicert, and is typically used with an HTTP server running RobotRaconteurWeb.
TLS certificates for Robot Raconteur nodes are issued by Wason Technology, LLC using a root certificate that is "burned in" to Robot Raconteur Core. All devices running Robot Raconteur will support this certificate chain.
Discovery for the TcpTransport is accomplished using User Defined Protocol (UDP) multicast and/or broadcast packets. Broadcast packets are sent to all connected devices, while multicast is sent to devices that have registered to receive them. Unlike TCP, the packets sent to broadcast or multicast are sent to the entire network. This allows for devices to find each other on the network.
For IPv4, the broadcast address 255.255.255.255 on port 48653 is used for discovery. By default, IPv4 is disabled in favor of IPv6. IPv6 uses the multicast following multicast addresses:
| Address | Scope | Port | Default? |
|---|---|---|---|
| FF01::BA86 | Node-Local | 48653 | Disabled |
| FF02::BA86 | Link-Local | 48653 | Enabled |
| FF05::BA86 | Site-Local | 48653 | Disabled |
By default, discovery will only occur on the link-local IPv6 scope. This will find nodes on the local subnet, but will not attempt to pass through any routers.
| RobotRaconteur::TcpTransport::TcpTransport | ( | const boost::shared_ptr< RobotRaconteurNode > & | node = RobotRaconteurNode::sp() | ) |
Construct a new TcpTransport.
Must use boost::make_shared<TcpTransport>()
The use of RobotRaconteurNodeSetup and subclasses is recommended to construct transports.
The transport must be registered with the node using RobotRaconteurNode::RegisterTransport() after construction.
| node | The node that will use the transport. Default is the singleton node |
|
virtual |
Add a WebSocket allowed origin.
WebSockets are vulnerable to an attack method called "cross-site scripting" (XSS). In XSS, a malicious website will attempt to create a connection to an arbitrary website or local device and attempt to hack or otherwise interact with it. WebSockets protect against this attack using an "Origin" HTTP header field specified in the header upon connection. This header field contains the domain name, the IP address, and/or the port of the web page that is attempting to initiate the connection. This header field is filled by the browser, and cannot be modified by the web page. If the web page is loaded from the local filesystem, the origin will be the empty string ("") or null ("null"). The Robot Raconteur Core library uses the empty string origin when initiating WebSocket connections. By default, it accepts the following origins:
"https://(*).robotraconteur.com:443"
Note: forward-slash-star is not a valid comment, assume (*) is *
The star symbol can be used for a subdomain wildcard when matching origins.
Additional allowed origins can be added using this function, or the --robotraconteur-tcp-ws-add-origin= command line option if the RobotRaconteurNodeSetup classes are being used.
| origin | The origin to add |
| void RobotRaconteur::TcpTransport::EnableNodeAnnounce | ( | uint32_t | flags = (IPNodeDiscoveryFlags_LINK_LOCAL) | ) |
Enable node discovery announce.
By default enables announce on IPv6 link-local scope
| flags | The flags specifying the scope |
| void RobotRaconteur::TcpTransport::EnableNodeDiscoveryListening | ( | uint32_t | flags = (IPNodeDiscoveryFlags_LINK_LOCAL) | ) |
Enable node discovery listening.
By default enables listining on IPv6 link-local scope
| flags | The flags specifying the scope |
|
virtual |
Get if the transport will accept incoming HTTP WebSocket connections.
Default: true
|
virtual |
Get the default connect timeout.
If the connection is not completed within the timeout, the connection attempt will be aborted.
|
virtual |
Get the default heartbeat period.
The heartbeat is used to keep the connection alive if no communication is occuring between nodes.
Default: 5 seconds
|
virtual |
Get the default receive timeout.
If no messages are received within the timeout, the connection is assumed to be lost.
Default: 15 seconds
|
virtual |
Get if async message io is disabled.
Async message io has better memory handling, at the expense of slightly higher latency.
Default: Async io enabled
|
virtual |
Get disable Message Format Version 4.
Message Format Version 2 will be used
Default: Message V4 is enabled
|
virtual |
Get disable string table.
Default: false
RobotRaconteurNodeSetup and its subclasses will disable the string table by default
|
virtual |
Get the TCP endpoints the server is listening on.
|
virtual |
Get the maximum number of concurrent connections.
Default: 0 for unlimited
|
virtual |
Get the maximum serialized message size.
Default: 10 MB
| int32_t RobotRaconteur::TcpTransport::GetNodeAnnouncePeriod | ( | ) |
Get the period between node announce.
Default 55 seconds
|
virtual |
Get if all connections require TLS.
|
virtual |
Get the TCP endpoints the server is listening with "all" addresses resolved to specific addresses.
|
virtual |
Get the identity of the peer if secured using TLS.
Get the identity of a peer verified using TLS certificates. Returns a NodeID in string format. Will throw AuthenticationException if the peer has not been verified.
| endpoint | The endpoint to check |
|
virtual |
Get the identity of the peer if secured using TLS.
Get the identity of a peer verified using TLS certificates. Returns a NodeID in string format. Will throw AuthenticationException if the peer has not been verified.
| endpoint | The endpoint to check |
|
virtual |
Get the identity of the peer if secured using TLS.
Get the identity of a peer verified using TLS certificates. Returns a NodeID in string format. Will throw AuthenticationException if the peer has not been verified.
| endpoint | The endpoint to check |
|
virtual |
Get the identity of the peer if secured using TLS.
Get the identity of a peer verified using TLS certificates. Returns a NodeID in string format. Will throw AuthenticationException if the peer has not been verified.
| endpoint | The endpoint to check |
|
virtual |
Get the TCP endpoints the server is listening on as Robot Raconteur candidate URLs.
Implements RobotRaconteur::Transport.
|
virtual |
Get the currently configured WebSocket origins.
See AddWebSocketAllowedOrigin()
|
virtual |
Check if the port sharer is running.
|
virtual |
Check if specified endpoint peer is using TLS and has been verified using a certificate.
Checks if the peer server node has a valid certificate, or if the peer client has been verified using mutual authentication.
Throws ConnectionException if the endpoint is invalid or the connection is not using TcpTransport
| endpoint | The endpoint to check |
|
virtual |
Check if specified endpoint peer is using TLS and has been verified using a certificate.
Checks if the peer server node has a valid certificate, or if the peer client has been verified using mutual authentication.
Throws ConnectionException if the endpoint is invalid or the connection is not using TcpTransport
| endpoint | The endpoint to check |
|
virtual |
Check if specified endpoint peer is using TLS and has been verified using a certificate.
Checks if the peer server node has a valid certificate, or if the peer client has been verified using mutual authentication.
Throws ConnectionException if the endpoint is invalid or the connection is not using TcpTransport
| endpoint | The endpoint to check |
|
virtual |
Check if specified endpoint peer is using TLS and has been verified using a certificate.
Checks if the peer server node has a valid certificate, or if the peer client has been verified using mutual authentication.
Throws ConnectionException if the endpoint is invalid or the connection is not using TcpTransport
| endpoint | The endpoint to check |
|
virtual |
Check if TLS certificate is loaded.
|
virtual |
Check if specified endpoint is using TLS for its transport.
Throws ConnectionException if the endpoint is invalid or the connection is not using TcpTransport
| endpoint | The endpoint to check |
|
virtual |
Check if specified endpoint is using TLS for its transport.
Throws ConnectionException if the endpoint is invalid or the connection is not using TcpTransport
| endpoint | The endpoint to check |
|
virtual |
Check if specified endpoint is using TLS for its transport.
Throws ConnectionException if the endpoint is invalid or the connection is not using TcpTransport
| endpoint | The endpoint to check |
|
virtual |
Check if specified endpoint is using TLS for its transport.
Throws ConnectionException if the endpoint is invalid or the connection is not using TcpTransport
| endpoint | The endpoint to check |
|
virtual |
Load the TLS certificate from the system.
The TLS certificate is stored on the filesystem. See tls_security for more information on storage location.
|
virtual |
Remove a previously added WebSocket origin.
See AddWebSocketAllowedOrigin()
| origin | The origin to remove |
|
virtual |
Set if the transport will accept incoming HTTP websocket connections.
Default: true
| value | If true, the transport will accept incoming WebSocket connections |
|
virtual |
Set the default connect timeout.
If the connection is not completed within the timeout, the connection attempt will be aborted.
Default: 5 seconds
| milliseconds | The timeout in milliseconds |
|
virtual |
Set the default heartbeat period.
The heartbeat is used to keep the connection alive if no communication is occuring between nodes.
Default: 5 seconds
| milliseconds | The heartbeat in milliseconds |
|
virtual |
Set the default receive timeout.
If no messages are received within the timeout, the connection is assumed to be lost.
Default: 15 seconds
| milliseconds | The timeout in milliseconds |
|
virtual |
Set if async message io is disabled.
Async message io has better memory handling, at the expense of slightly higher latency.
Default: Async io enabled
| d | If true, async io is disabled |
|
virtual |
Set disable Message Format Version 4.
Message Format Version 2 will be used
Default: Message V4 is enabled
| d | If true, Message V4 is disabled |
|
virtual |
Set disable string table.
Default: false
RobotRaconteurNodeSetup and its subclasses will disable the string table by default
| d | If true, string table is disabled |
|
virtual |
Set the maximum number of concurrent connections.
Default: 0 for unlimited
| count | The number of connections |
|
virtual |
Set the maximum serialized message size.
Default: 10 MB
| size | The size in bytes |
| void RobotRaconteur::TcpTransport::SetNodeAnnouncePeriod | ( | int32_t | millis | ) |
Set the period between node announce.
Default 55 seconds
| millis | The period in milliseconds |
|
virtual |
Set if all connections require TLS.
| require_tls | If true, all connections require TLS |
|
virtual |
Start the server on the specified TCP endpoints.
The official Robot Raconteur port 48653 is reserved for the port sharer
| listen_endpoints | The endpoints to listen on. May be IPv4 or IPv6 |
| accept_filter | An optional function that returns true if the endpoint should be accepted |
|
virtual |
Start the server on the specified TCP port.
The official Robot Raconteur port 48653 is reserved for the port sharer
| porte | The port to listen on |
| localhost_only | true to only listen on localhost |
| accept_filter | An optional function that returns true if the endpoint should be accepted |
|
virtual |
Start the server using the TCP port sharer.
The TCP port sharer is a utility program that accepts incoming connections on the official Robot Raconteur port 48653 and forwards to nodes based on the NodeID and/or NodeName requested by the client
1.9.1