Re: comm_failure for large sequences using giopbetween two machines

From: Michael Meeks <michael ximian com>
To: Bowie Owens <bowie owens csiro au>
Cc: orbit <orbit-list gnome org>
Subject: Re: comm_failure for large sequences using giopbetween two machines
Date: 20 Jun 2003 17:20:31 +0100

Hi Bowie,

On Fri, 2003-06-20 at 06:15, Bowie Owens wrote:
> I can probably get a few hours to look into it. I would like to get this 
> resolved, since I want to keep ORBit a viable option for the project I 
> am working on. The alternative is omniORB which is just so much larger 
> and slower.

	Well - you could just set that limit higher; I believe it's
configurable; if you want a quick hack.

> Let us see if I have this right. The is_auth flag for the connection is 
> set initally based on the connection protocol:
> cnx->is_auth       = (proto->flags & LINK_PROTOCOL_SECURE);
>
> The problem is the flag is never upgraded for IPv4 (and other insecure 
> connection protocols), so we never trust the sender.

	I think we should prolly do that, if they've validated once - it's the
same random key each time so ...

>  What needs to 
> happen is the when we receive a message from a connection we check if 
> the object key is valid and if so set is_auth flag to true. (If it isn't 
> a valid object key that generate some kind of error?)

	We just bin the message - it's someone trying to hack us; and/or
possibly we return an exception - I forget.

>  The trick is the 
> message header contains the length of the message but not the object 
> key. So we need to get at least the first part of the message body to be 
> able to check the object key.  That raises two questions: how do I get 
> more of the message without messing up the buffer state?

	The problem is - we can't; you just get to wait for it to come in;
anything else would cause us to block which is a DOS in itself ;-)

>  and how do I 
> establish if the object key is valid? I'm not that familiar with ORBit's 
> internals so any hints would be most appreciated.

	Of course - for a reply, it'll differ from an incoming request. For a
reply we only need to grok the reply number out of the header; and check
the cnx. is correct - see giop-recv-buffer.c (handle_reply). If it's an
incoming request, we need to try and de-marshal the object key [ which
could in theory be unfeasibly long too ]; prolly it's length should be
limited to the barrier we're have currently anyway - then you need to do
poa/orbit-adaptor.c (ORBit_adaptor_find) to see if we in fact do have an
adaptor for that key.

	HTH,

		Michael.

-- 
 michael@ximian.com  <><, Pseudo Engineer, itinerant idiot

References:
- comm_failure for large sequences using giop between two machines
  - From: Bowie Owens
- Re: comm_failure for large sequences using giop between twomachines
  - From: Michael Meeks
- Re: comm_failure for large sequences using giop between two machines
  - From: Bowie Owens
- Re: comm_failure for large sequences using giop betweentwo machines
  - From: Michael Meeks
- Re: comm_failure for large sequences using giop between two machines
  - From: Bowie Owens

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]