We've launched our new site at www.openlighting.org. This wiki will remain and be updated with more technical information.
Difference between revisions of "Open SLP Notes"
From wiki.openlighting.org
Line 61: | Line 61: | ||
Startup complete entering main run loop ... | Startup complete entering main run loop ... | ||
</pre> | </pre> | ||
+ | |||
+ | === Denial of Service against libslp === | ||
+ | |||
+ | libslp has code like this: | ||
+ | |||
+ | <pre> | ||
+ | if(FD_ISSET(sockets->sock[i],&readfds)) { | ||
+ | /* Peek at the first 16 bytes of the header */ | ||
+ | bytesread = recvfrom(sockets->sock[i], | ||
+ | peek, | ||
+ | 16, | ||
+ | MSG_PEEK, | ||
+ | (struct sockaddr *)peeraddr, | ||
+ | &peeraddrlen); | ||
+ | printf(" read %d bytes\n", bytesread); | ||
+ | if(bytesread == 16 || ...) { | ||
+ | |||
+ | } | ||
+ | } | ||
+ | </pre> | ||
+ | |||
+ | Which means if you send a UDP packet less than 16 bytes, libslp spins in a loop trying to receive the rest of the data. |
Revision as of 09:10, 26 June 2011
The last stable release of Open SLP was 1.2.1 in 2006. This page has my notes from getting this version working on a number of systems.
Registrations timing out too early
slpd ages the registration database every 15 seconds (#define SLPD_AGE_INTERVAL 15) rather than tracking per registration timeouts. This means that your entry can timeout up to 15 seconds before it was supposed to.
Besides fixing the slpd code, the only way around this is to re-register less than 15 seconds before the expiry interval. For this reason I recommend the absolute minimum SLP lifetime used is 30s.
Interface Selection on Mac OS X
On Mac, slpd relies on reverse dns for the machine's hostname returning an IP (stupid I know but that's how it is). Without reverse DNS the startup log will look like this:
Sun Jun 19 16:59:45 2011 SLPD daemon started **************************************** Command line = slpd Using configuration file = /opt/local/etc/slp.conf Using registration file = /opt/local/etc/slp.reg Listening on loopback... Multicast socket on 127.0.0.1 ready Unicast socket on 127.0.0.1 ready Agent Interfaces = 127.0.0.1 Agent URL = service:service-agent://127.0.0.1 Startup complete entering main run loop ...
If you don't have working reverse DNS for you domain, you can edit your /etc/hosts file. First get the full hostname & local address of the interface you want to use:
$ hostname simonn-macbookpro.local $ ifconfig en1 | grep "inet " | awk '{print $2}' 192.168.1.204
Then add a line like the following to /etc/hosts
192.168.1.204 simonn-macbookpro.local
Now SLP recognizes the interface correctly:
Sun Jun 19 17:03:42 2011 SLPD daemon started **************************************** Command line = slpd Using configuration file = /opt/local/etc/slp.conf Using registration file = /opt/local/etc/slp.reg Listening on loopback... Listening on 192.168.1.204 ... Multicast socket on 192.168.1.204 ready Unicast socket on 192.168.1.204 ready Agent Interfaces = 192.168.1.204 Agent URL = service:service-agent://192.168.1.204 Startup complete entering main run loop ...
Denial of Service against libslp
libslp has code like this:
if(FD_ISSET(sockets->sock[i],&readfds)) { /* Peek at the first 16 bytes of the header */ bytesread = recvfrom(sockets->sock[i], peek, 16, MSG_PEEK, (struct sockaddr *)peeraddr, &peeraddrlen); printf(" read %d bytes\n", bytesread); if(bytesread == 16 || ...) { } }
Which means if you send a UDP packet less than 16 bytes, libslp spins in a loop trying to receive the rest of the data.