Re: About server sockets and keeping control of port number
Patrick; Don't get trapped by the word 'socket'. A socket is an accounting and management data structure. Don't think of it like an electrical socket that is used up with a since instance. Looking at Comer's or Stevens' basic introductions to networking define the following. There is a data structure (socket) for each connection, as well as the listening connections, and those in the shutdown process. A connection is identified by: local IP local port remote IP remote port protocol By simply changing the remote port, the system distinquishes a different connection (socket). Waiting connections have no remote data. When a connection is accepted, a new socket structure is used that has the remote IP and port filled in. Viola, new socket.. new connection. There are also sockets for 'connection-less connections' such as UDP that have slightly different rules. As to the question about the ephemerial port during socket connection; that is trial and error. (My context is 'C' and C++ system calls). By placing the zero in the port number of the socket() you are asking for 'any' available port. But if you want all the connections originating from this program/system to be in specific range you have to poll that. As an example, all ephemeral ports are to be in the range 10100-10500. The simple approach is to request a socket using port 10100, if the return is PortInUse (system/lang specific), try 10101...10102.. You can make this more efficient by starting after the last port that worked successfuly. BUT! by restricting yourself to 401 ports (in this example) you leave yourself open to a resource exhaustion attack that causes your app to consume all the ports. Be prepared to handle the case where no ports are available to be used! Victor Probo Patrick wrote: Is there a way to find an unused local port for when I create a client socket, or is trial and error? -- P Patrick [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Here's a general question and it came about when I went to create a SSLServerSocket in JSS: How can I control what port is used by the socket returned by the accept method? (As you all know, after the server accepts a client connection, it creates a *brand new socket* which listens on *a brand new port*; this is so the server can continue listening to more clinet connections on the original socket...). Even in Sun's ServerSocket class, there seems to be no way... I know this is a fundamental socket programming issue, but I really never paid much attention to this issue until recently when my NSS app had a requirement for staying within a pre-determined range for dynamically allocated ports when creating any new socket... -- P
About JSS DBG binaries
How does one use the DEBUGGING code in JSS DBG binaries? Is there a call to set this up in the JVM? -- P
Re: About server sockets and keeping control of port number
Victor Probo wrote: Looking at Comer's or Stevens' basic introductions to networking define the following. There is a data structure (socket) for each connection, as well as the listening connections, and those in the shutdown process. A connection is identified by: local IP local port remote IP remote port protocol By simply changing the remote port, the system distinquishes a different connection (socket). Yes, this is the key. Wan-Teh
Re: About server sockets and keeping control of port number
Patrick wrote: Well, one can certainly pick which local port to bind to. In JSS for example, there are a few SSLSocket constructors that allow a localPort to be specified (See http://www.mozilla.org/projects/security/pki/jss/javadoc/org/mozilla/jss/ssl /SSLSocket.html#constructor_summary) Correct. But one does not need to bind a client-side socket. However one does not know in advance what local ports are unused. As it stands now, I pick a random port and try to bind. If I get a bind error, I try again with another randomly selected port number...This works but does look very smart. So Im thinking there's got to be a smarter way to do this... You have not stated why you want to bind a client-side socket. If you don't need to bind a client-side socket, I do have a smarter way to do this -- do not bind a client socket, let the OS pick an unused port for you, and call getsockname to find out which port the socket is bound to. Wan-Teh
Re: How to debug my pkcs11 token dll in Netscape CMS
hooway wrote: We are making a PKCS11 token dll for CMS server. But we met some problems. and cause windows shut down. We want to debug our dll to find the reason. But how to do it under CMS server. It's always working as a NT Service. Is there any method to force it working not in Service mode. I recommend that you debug your PKCS11 module using NSS's utility programs and its test client and server. When your code works correctly with certutil, it has a better chance of working with CMS. Also, PKCS#11 modules have a bit somewhere that says whether the module can be used in a multi-threaded environment or not. One thing for you to try is setting the bit tot he value that says that it does not support multi-threading. Then, NSS will single-thread all access to the token. If that fixes the problem, then you know the problem has to do with your module's use of locks. You could then try to fix that, or just leave it set as a single-threaded module. Please continue to post all followup messages to this newsgroup. THanks. -- Nelson Bolyard Disclaimer: I speak for myself, not for Netscape
Re: How to debug my pkcs11 token dll in Netscape CMS
hooway wrote: We are making a PKCS11 token dll for CMS server. But we met some problems. and cause windows shut down. We want to debug our dll to find the reason. But how to do it under CMS server. It's always working as a NT Service. Is there any method to force it working not in Service mode. I don't know if there is a way to make CMS not run in service mode, but you can still attach to an NT service in order to debug your code. As long as you are logged in as a user with sufficient local priviledges (ie. administrator), you can bring up the task manager, select the process, click mouse button 2, and select debug. Then you can use the debugger as you normally would, except you can't restart the program from the debugger if you stop it - you'll have to wait for the service to restart, and reatach, using the above procedure I described. You will still be able to save your breakpoints though. If the problem in your module happens on initialization, you will probably want to add some sort of sleep loop into your code so that you can attach and interrupt it by reassigning the value of a variable. You could also call DebugBreak in your init code, which will cause a pop-up dialog to come up on the machine, and let you attach to the process. Then just skip the Int 3 call and debug your code after it.
Re: About server sockets and keeping control of port number
I need to bind my client within a specific port range, a range that is a subset of the OS' range. That's why I cannot let the OS pick one at random. Unless of course, there's a way to configure the OS so that it picks ports from a specific range... -- P Wan-Teh Chang [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Patrick wrote: Well, one can certainly pick which local port to bind to. In JSS for example, there are a few SSLSocket constructors that allow a localPort to be specified (See http://www.mozilla.org/projects/security/pki/jss/javadoc/org/mozilla/jss/ssl /SSLSocket.html#constructor_summary) Correct. But one does not need to bind a client-side socket. However one does not know in advance what local ports are unused. As it stands now, I pick a random port and try to bind. If I get a bind error, I try again with another randomly selected port number...This works but does look very smart. So Im thinking there's got to be a smarter way to do this... You have not stated why you want to bind a client-side socket. If you don't need to bind a client-side socket, I do have a smarter way to do this -- do not bind a client socket, let the OS pick an unused port for you, and call getsockname to find out which port the socket is bound to. Wan-Teh
Re: About server sockets and keeping control of port number
Patrick wrote: I need to bind my client within a specific port range, a range that is a subset of the OS' range. That's why I cannot let the OS pick one at random. Unless of course, there's a way to configure the OS so that it picks ports from a specific range... This discussion is now officially OFF TOPIC for this mailing list. Let this be the last message in the thread, unless you want to stop talking about generic socket programming and start talking about JSS or NSS. Is this requirement so you can configure your firewall to only allow connections from those ports? It's a difficult requirement to satisfy, because the socket layer doesn't have a nice way to do it. That said, you don't have to resort to simple trial-and-error. Just keep track of what ports you are using. Every time your app binds to a local port, mark it as USED in some big bitmap. When you're done with it, mark it UNUSED. You still need to verify that the port is available, since some other part of the code may have grabbed it, or it may be in a wait state.
Re: About JSS DBG binaries
The DBG binaries are not optimized and have symbols in them. This makes it possible to step through the C code in the debugger of your choice. There is nothing to setup in the JVM. You just need to attach your debugger to the running JSS process. Set a breakpoint in a JSS native method or NSS function, and off you go. One thing to keep in mind is the symbols won't be available until after the shared libraries are loaded into the process. Patrick wrote: How does one use the DEBUGGING code in JSS DBG binaries? Is there a call to set this up in the JVM? -- P
