Re: comm_failure for large sequences using giop between two machines
- From: Bowie Owens <bowie owens csiro au>
- To: Michael Meeks <michael ximian com>
- Cc: orbit <orbit-list gnome org>
- Subject: Re: comm_failure for large sequences using giop between two machines
- Date: Fri, 20 Jun 2003 15:15:00 +1000
Michael Meeks wrote:
> Oh dear; ok - so, I think the 'is_auth' flag needs to be set on the
>connection the first time we receive a valid object key from it [ this
>is how we do security ]. Better still, we could do this by grokking the
>first fragment / few tens of bytes of the message - and then allow the
>buffers to accumulate if it is for a valid object key.
>>These artificial limits pose a bit of a problem for the project I am
>>working on. Since the client and server may need to send and receive
>>very large sequences. Unfortunately, there is no way to predict
>>beforehand an upper limit on the size of the sequences.
> Right; so - this is in some ways a shortish term solution - although I
>think we should have a configurable limit for messages [ I believe we do
>in HEAD - via. some ORB parameter - I think you can also make it
>ulimited somehow via that parameter too.
> Ultimately we need to re-hash the code slightly so we know when we can
>detect whether the invocation is valid, and thus authenticated as early
>as possible; rather than when we've read the whole message.
> Are you interested in looking into that ?
I can probably get a few hours to look into it. I would like to get this
resolved, since I want to keep ORBit a viable option for the project I
am working on. The alternative is omniORB which is just so much larger
Let us see if I have this right. The is_auth flag for the connection is
set initally based on the connection protocol:
cnx->is_auth = (proto->flags & LINK_PROTOCOL_SECURE);
The problem is the flag is never upgraded for IPv4 (and other insecure
connection protocols), so we never trust the sender. What needs to
happen is the when we receive a message from a connection we check if
the object key is valid and if so set is_auth flag to true. (If it isn't
a valid object key that generate some kind of error?) The trick is the
message header contains the length of the message but not the object
key. So we need to get at least the first part of the message body to be
able to check the object key. That raises two questions: how do I get
more of the message without messing up the buffer state? and how do I
establish if the object key is valid? I'm not that familiar with ORBit's
internals so any hints would be most appreciated.
CSIRO Mathematical & Information Sciences
phone : +61 3 9545 8055
fax : +61 3 9545 8080
mobile : 0425 729 875
email : Bowie.Owens@csiro.au
] [Thread Prev