Personal tools
The Open Lighting Project has moved!

We've launched our new site at www.openlighting.org. This wiki will remain and be updated with more technical information.

Difference between revisions of "Open SLP Notes"

From wiki.openlighting.org

Jump to: navigation, search
Line 61: Line 61:
 
Startup complete entering main run loop ...
 
Startup complete entering main run loop ...
 
</pre>
 
</pre>
 +
 +
=== Denial of Service against libslp ===
 +
 +
libslp has code like this:
 +
 +
<pre>
 +
if(FD_ISSET(sockets->sock[i],&readfds)) { 
 +
  /* Peek at the first 16 bytes of the header */
 +
  bytesread = recvfrom(sockets->sock[i],
 +
                                    peek,
 +
                                    16,
 +
                                    MSG_PEEK,
 +
                                    (struct sockaddr *)peeraddr,
 +
                                    &peeraddrlen);
 +
  printf("  read %d bytes\n", bytesread);
 +
  if(bytesread == 16 || ...) {
 +
 +
  }
 +
}
 +
</pre>
 +
 +
Which means if you send a UDP packet less than 16 bytes, libslp spins in a loop trying to receive the rest of the data.

Revision as of 09:10, 26 June 2011

The last stable release of Open SLP was 1.2.1 in 2006. This page has my notes from getting this version working on a number of systems.


Registrations timing out too early

slpd ages the registration database every 15 seconds (#define SLPD_AGE_INTERVAL 15) rather than tracking per registration timeouts. This means that your entry can timeout up to 15 seconds before it was supposed to.

Besides fixing the slpd code, the only way around this is to re-register less than 15 seconds before the expiry interval. For this reason I recommend the absolute minimum SLP lifetime used is 30s.


Interface Selection on Mac OS X

On Mac, slpd relies on reverse dns for the machine's hostname returning an IP (stupid I know but that's how it is). Without reverse DNS the startup log will look like this:

Sun Jun 19 16:59:45 2011
SLPD daemon started
****************************************
Command line = slpd
Using configuration file = /opt/local/etc/slp.conf
Using registration file = /opt/local/etc/slp.reg
Listening on loopback...
Multicast socket on 127.0.0.1 ready
Unicast socket on 127.0.0.1 ready
Agent Interfaces = 127.0.0.1
Agent URL = service:service-agent://127.0.0.1
Startup complete entering main run loop ...

If you don't have working reverse DNS for you domain, you can edit your /etc/hosts file. First get the full hostname & local address of the interface you want to use:

$ hostname 
simonn-macbookpro.local
$ ifconfig  en1 | grep "inet " | awk '{print $2}'
192.168.1.204

Then add a line like the following to /etc/hosts

192.168.1.204 simonn-macbookpro.local

Now SLP recognizes the interface correctly:


Sun Jun 19 17:03:42 2011
SLPD daemon started
****************************************
Command line = slpd
Using configuration file = /opt/local/etc/slp.conf
Using registration file = /opt/local/etc/slp.reg
Listening on loopback...
Listening on 192.168.1.204 ...
Multicast socket on 192.168.1.204 ready
Unicast socket on 192.168.1.204 ready
Agent Interfaces = 192.168.1.204
Agent URL = service:service-agent://192.168.1.204
Startup complete entering main run loop ...

Denial of Service against libslp

libslp has code like this:

if(FD_ISSET(sockets->sock[i],&readfds)) {   
  /* Peek at the first 16 bytes of the header */
  bytesread = recvfrom(sockets->sock[i],
                                    peek,
                                    16,
                                    MSG_PEEK,
                                    (struct sockaddr *)peeraddr,
                                    &peeraddrlen);
  printf("  read %d bytes\n", bytesread);
  if(bytesread == 16 || ...) {

  }
}

Which means if you send a UDP packet less than 16 bytes, libslp spins in a loop trying to receive the rest of the data.