I am trying to do local port forwarding with libssh2.
I have a server (docker container) with openssh running a TCP echo service. I am using password login. I can ssh into the machine fine. I am able to use ssh -L 7894:127.0.0.1:1794 server to do port forwarding and the echo service works fine echoing back to netcat run with nc 127.0.0.1 7894 from my machine.
I am trying to write an application that uses libssh2 to replicate the above access to the TCP echo server.
libssh2_channel_forward_listen_ex fails with the error string set to "Unable to send global-request packet for forward listen request" and errno set to -7.
I have debugging enabled on openssh. Here is the tail of the log
2022-10-26 13:48:02.221353473 Accepted password for linuxserver.io from 172.17.0.1 port 59038 ssh2
2022-10-26 13:48:02.221354712 debug1: monitor_child_preauth: user linuxserver.io authenticated by privileged process
2022-10-26 13:48:02.221355826 debug3: mm_get_keystate: Waiting for new keys
2022-10-26 13:48:02.221356944 debug3: mm_request_receive_expect: entering, type 26
2022-10-26 13:48:02.221358009 debug3: mm_request_receive: entering
2022-10-26 13:48:02.225893485 debug3: mm_get_keystate: GOT new keys
2022-10-26 13:48:02.226000913 debug3: mm_auth_password: user authenticated [preauth]
2022-10-26 13:48:02.226070905 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
2022-10-26 13:48:02.226164806 debug3: ensure_minimum_time_since: elapsed 3.936ms, delaying 4.139ms (requested 8.076ms) [preauth]
2022-10-26 13:48:02.226271865 debug3: send packet: type 52 [preauth]
2022-10-26 13:48:02.226375237 debug3: mm_request_send: entering, type 26 [preauth]
2022-10-26 13:48:02.226423116 debug3: mm_send_keystate: Finished sending state [preauth]
2022-10-26 13:48:02.226827341 debug1: monitor_read_log: child log fd closed
2022-10-26 13:48:02.227487840 debug3: ssh_sandbox_parent_finish: finished
2022-10-26 13:48:02.228021181 User child is on pid 266
2022-10-26 13:48:02.228839803 debug3: monitor_apply_keystate: packet_set_state
2022-10-26 13:48:02.229331154 debug2: ssh_set_newkeys: mode 0
2022-10-26 13:48:02.229740053 debug1: rekey in after 4294967296 blocks
2022-10-26 13:48:02.230150994 debug2: ssh_set_newkeys: mode 1
2022-10-26 13:48:02.230567267 debug1: rekey out after 4294967296 blocks
2022-10-26 13:48:02.231008444 debug1: ssh_packet_set_postauth: called
2022-10-26 13:48:02.231441309 debug3: ssh_packet_set_state: done
2022-10-26 13:48:02.231937248 debug3: notify_hostkeys: key 0: ssh-rsa SHA256:/7FFzlIP6gEuh52lzVrSDATTQFj4wnH5ScMtaH+NpHM
2022-10-26 13:48:02.232015182 debug3: notify_hostkeys: key 1: ecdsa-sha2-nistp256 SHA256:njZFCzAT2OFVE0n/kJ6YdOVCF7iPGjyZmy5Lr+3DE2E
2022-10-26 13:48:02.232069432 debug3: notify_hostkeys: key 2: ssh-ed25519 SHA256:YP702pqTQF410dCkQgOsWD/pz+MXoVNv5EzQnxklFD4
2022-10-26 13:48:02.232091834 debug3: notify_hostkeys: sent 3 hostkeys
2022-10-26 13:48:02.232108621 debug3: send packet: type 80
2022-10-26 13:48:02.232146882 debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
2022-10-26 13:48:02.232166314 debug1: Entering interactive session for SSH2.
2022-10-26 13:48:02.232183856 debug1: server_init_dispatch
2022-10-26 13:48:02.232393938 Connection closed by 172.17.0.1 port 59038
2022-10-26 13:48:02.232422452 debug1: do_cleanup
2022-10-26 13:48:02.232439029 Transferred: sent 2096, received 1368 bytes
2022-10-26 13:48:02.232453748 Closing connection to 172.17.0.1 port 59038
2022-10-26 13:48:02.232524366 debug3: mm_request_send: entering, type 50
2022-10-26 13:48:02.232582535 debug3: mm_request_receive: entering
2022-10-26 13:48:02.232583894 debug3: monitor_read: checking request 50
2022-10-26 13:48:02.232585103 debug3: mm_answer_term: tearing down sessions
I also enabled debug tracing in libssh2. Here is the output from my application:
[libssh2] 0.225733 Conn: Requesting tcpip-forward session for 127.0.0.1:54814
[2022-10-26 08:48:02.226] [error] Failed to start the local-forward listener: Unable to send global-request packet for forward listen request (-7)
=> libssh2_transport_write plain (36 bytes)
0000: 50 00 00 00 0D 74 63 70 69 70 2D 66 6F 72 77 61 : P....tcpip-forwa
0010: 72 64 01 00 00 00 09 31 32 37 2E 30 2E 30 2E 31 : rd.....127.0.0.1
0020: 00 00 D6 1E : ....
[libssh2] 0.225763 Socket: Error sending 80 bytes: 9
[libssh2] 0.225765 Failure Event: -7 - Unable to send global-request packet for forward listen request
[libssh2] 0.225935 Transport: Disconnecting: reason=11, desc=Shutdown SSH session, lang=
=> libssh2_transport_write plain (33 bytes)
0000: 01 00 00 00 0B 00 00 00 14 53 68 75 74 64 6F 77 : .........Shutdow
0010: 6E 20 53 53 48 20 73 65 73 73 69 6F 6E 00 00 00 : n SSH session...
0020: 00 : .
=> libssh2_transport_write plain2 (0 bytes)
[libssh2] 0.225977 Socket: Error sending 80 bytes: 9
[libssh2] 0.225979 Transport: Freeing session resource
[libssh2] 0.225985 Transport: Extra packets left 0
[libssh2] 0.225987 Transport: unable to reset socket's blocking state
Process finished with exit code 1
I'd appreciate any help in resolving this!
Update:
Looks like Socket: Error sending 80 bytes: 9 is indicating a timeout error. I've tried adding libssh2_session_set_timeout(session, 0); but it did nothing.
Related
Hi, I have used postman to make a successful (response code 200) POST request, however the cURL code that it postman provides in its "code" section is failing:
This code is generating a 419 error ("unknown error"):
curl -L -X POST 'https://screenpehots' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Cookie: __cfduid=d992d1c6e2c91c59803d953a83ad3dcee1589477309; XSRF-TOKEN=eyJpdiI6IlZOeGpmTVBZYzJnaFpIVXZudGtOM1E9PSIsInZhbHVlIjoiaXJnY2JMaXptTGNCb3U3bVgrUk9xeTJtV3RwSDdwSkN0M1BNSWpNa0tjK1RkUGtiKzlLdG8wbmp0WjZoTmZybyIsIm1hYyI6ImMxYjQyZjk5MTM2NDZmOTNhMGZjZjcyNjhjMTYyNWQ4OTQ4NzY2OWIyMjg1MjI5Mzk0OWZhYjQ2Y2ZhZGM1NjgifQ%3D%3D; laravel_session=eyJpdiI6ImtZdngwK3VXdjFHdjBVcmd3RG1LbGc9PSIsInZhbHVlIjoiN2NaWmJyYStmV3FJMU9LODdjcUZWTGdqV2dtQnBJbTdMaTRNbUZPTkdTXC9rSEVQTGc5dWlwOWZFMVhlTmNiQkEiLCJtYWMiOiIwZGIwMGEzYjA5ZDQ5YWFiMDE3ODJkMjdmZTg5MjUzNzQwZTAwMzUxODRhNTdhYzFiMmQ0MmViYWJlMzM5NDljIn0%3D' --data-urlencode '_token=6c8nSDhYEWVgx8O9pR0tKv70jTcl5zmmyLu3fMoO' --data-urlencode 'device=iphone' --data-urlencode 'url=http://www.amazon.com'
And this code generates a 405 ("method not allowed"):
curl -L -X POST 'https://screenpeek.io/shots' \
-H 'Content-Type: application/json' \
-H 'Cookie: __cfduid=d992d1c6e2c91c59803d953a83ad3dcee1589477309; XSRF-TOKEN=eyJpdiI6IjJCTGdcL0VTaEk1dCtcL1Z2ZXp0Zng5UT09IiwidmFsdWUiOiJOQzdHWFl2UlhcL3JISDNpdDdDMEpGZFVVczROOVVqT0U1cVFrN3RtK2ROdUlFV1U2cEl4MnRTZndtT2hENk5ONCIsIm1hYyI6IjJlNmIxZTQ2ZDE5NzA1OTg1NDEyNGYyNjdiOTEyMzdjM2Y0ZGZmMGY1OTMxMGI4OTVmMTk1ZTk1NjZmZWUzOGQifQ%3D%3D; laravel_session=eyJpdiI6ImI4U1lRamFOYnZqR0ZUU1dlZG1VeFE9PSIsInZhbHVlIjoiaExFSHJ2VjJRNnBPc2RWeWhVOWxMYmd1R2lscVpDdTdOMHhpY3ozNDFYZlFGSzlyZkV4VFhNUlB0aGpCbDFmdyIsIm1hYyI6ImFlNGM4M2Y4ZTBjMGQ3YWQ4MWIwZmQxMTAyNzcxMGFkNTU1ZjRkYTUwYWQ0YmQyNWFkNjgwZTQzY2I3MjMxNDEifQ%3D%3D' \
--data-raw '{
"_token": "6c8nSDhYEWVgx8O9pR0tKv70jTcl5zmmyLu3fMoO",
"device": "iphone",
"url": "http://www.amazon.com"
}'
I have attempted to debug the issue but still haven't managed to work out the cause...
== Info: TLSv1.3 (OUT), TLS handshake, Finished (20):
=> Send SSL data, 52 bytes (0x34)
0000: ...0<.\.#?......D:.a...Tsp...h.%.P.MZP...{..s..*....
== Info: SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
== Info: ALPN, server accepted to use http/1.1
== Info: Server certificate:
== Info: subject: C=US; ST=CA; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
== Info: start date: Feb 4 00:00:00 2020 GMT
== Info: expire date: Oct 9 12:00:00 2020 GMT
== Info: subjectAltName: host "screenpeek.io" matched cert's "screenpeek.io"
== Info: issuer: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=CloudFlare Inc ECC CA-2
== Info: SSL certificate verify ok.
=> Send SSL data, 5 bytes (0x5)
0000: ....Q
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send header, 739 bytes (0x2e3)
0000: POST /shots HTTP/1.1
0016: Host: screenpeek.io
002b: User-Agent: curl/7.65.3
0044: Accept: */*
0051: Content-Type: application/x-www-form-urlencoded
0082: Cookie: __cfduid=d992d1c6e2c91c59803d953a83ad3dcee1589477309; XS
00c2: RF-TOKEN=eyJpdiI6IlZOeGpmTVBZYzJnaFpIVXZudGtOM1E9PSIsInZhbHVlIjo
0102: iaXJnY2JMaXptTGNCb3U3bVgrUk9xeTJtV3RwSDdwSkN0M1BNSWpNa0tjK1RkUGt
0142: iKzlLdG8wbmp0WjZoTmZybyIsIm1hYyI6ImMxYjQyZjk5MTM2NDZmOTNhMGZjZjc
0182: yNjhjMTYyNWQ4OTQ4NzY2OWIyMjg1MjI5Mzk0OWZhYjQ2Y2ZhZGM1NjgifQ%3D%3
01c2: D; laravel_session=eyJpdiI6ImtZdngwK3VXdjFHdjBVcmd3RG1LbGc9PSIsI
0202: nZhbHVlIjoiN2NaWmJyYStmV3FJMU9LODdjcUZWTGdqV2dtQnBJbTdMaTRNbUZPT
0242: kdTXC9rSEVQTGc5dWlwOWZFMVhlTmNiQkEiLCJtYWMiOiIwZGIwMGEzYjA5ZDQ5Y
0282: WFiMDE3ODJkMjdmZTg5MjUzNzQwZTAwMzUxODRhNTdhYzFiMmQ0MmViYWJlMzM5N
02c2: DljIn0%3D
02cd: Content-Length: 93
02e1:
=> Send data, 93 bytes (0x5d)
0000: _token=6c8nSDhYEWVgx8O9pR0tKv70jTcl5zmmyLu3fMoO&device=iphone&ur
0040: l=http%3A%2F%2Fwww.amazon.com
== Info: upload completely sent off: 93 out of 93 bytes
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
<= Recv SSL data, 230 bytes (0xe6)
0000: ....... .\H....8-......#m.H........W.oC.|...#..eC`>g..'.!..C.{K
0040: .Mc..L.4 .9=....!...e......m.L.&7.v.xN(..k........*.I..|.y.oW..
0080: a..rqHW(w.(.RR{U...$..T...'..2*.4.h.R.AENM..n...%q....X.(g......
00c0: 2ZS.j...Y^.L.R.e._....e.......R.......
== Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
<= Recv SSL data, 230 bytes (0xe6)
0000: ....... ;5.;....8-......#m.H....w.r.8..!../.....X.......&.......
0040: urh.... .,.x$\6Q....7....4?r....l.'.v,..|...o.+.;..0....>L.....9
0080: .6..^....X.~.i......:.......VV|.....P.......6,C....&x.p.*....R..
00c0: ..[8.h4.o.^.R;....v...ZT...7X..O......
== Info: old SSL session ID is stale, removing
<= Recv SSL data, 5 bytes (0x5)
0000: ....j
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: Mark bundle as not supporting multiuse
<= Recv header, 20 bytes (0x14)
0000: HTTP/1.1 302 Found
<= Recv header, 37 bytes (0x25)
0000: Date: Thu, 14 May 2020 18:16:08 GMT
<= Recv header, 40 bytes (0x28)
0000: Content-Type: text/html; charset=UTF-8
<= Recv header, 28 bytes (0x1c)
0000: Transfer-Encoding: chunked
<= Recv header, 24 bytes (0x18)
0000: Connection: keep-alive
<= Recv header, 34 bytes (0x22)
0000: Cache-Control: no-cache, private
<= Recv header, 46 bytes (0x2e)
0000: Location: https://screenpeek.io/shots/qkjrm1
<= Recv header, 334 bytes (0x14e)
0000: Set-Cookie: XSRF-TOKEN=eyJpdiI6IlZoRVE3aVZXRGtwSkpSOUJSMFhwMUE9P
0040: SIsInZhbHVlIjoiaW1CVUIyakN4b0R2Y0MyMWRQb2xqRGI3c083ZVFWZmdiZEU0d
0080: k9CdmkrcFBXdkhoSEs4UytuTUxkV3k0Q1I1UCIsIm1hYyI6IjUwNzBmYmY0OWFlN
00c0: DJiNTM1ZmM3NDlhODUxZTQwMTZiMGRiMjNjNmY1NWU5NGQzZWQwNzcwYmQyODVmY
0100: WQ0NzMifQ%3D%3D; expires=Thu, 14-May-2020 20:16:08 GMT; Max-Age=
0140: 7200; path=/
<= Recv header, 29 bytes (0x1d)
0000: X-Frame-Options: SAMEORIGIN
<= Recv header, 33 bytes (0x21)
0000: X-XSS-Protection: 1; mode=block
<= Recv header, 33 bytes (0x21)
0000: X-Content-Type-Options: nosniff
<= Recv header, 26 bytes (0x1a)
0000: CF-Cache-Status: DYNAMIC
<= Recv header, 349 bytes (0x15d)
0000: set-cookie: laravel_session=eyJpdiI6InZBR3ZyK3VBRWtPWkhZR0huOUQx
0040: QlE9PSIsInZhbHVlIjoiVXFMaUlyM3lMeGNrVzgrUHl0YjZYSlYwM0E1TlJyYlJw
0080: Yll2R3F6aGdKQnFnNFFZcE5ZK1M2QVdxbXdUcng3MyIsIm1hYyI6IjcwNmQzNjEx
00c0: ZTg3MzZmOWNhM2M4YjFkODVhMjVjYjYzMTc2N2QyZTllMzczZDIxMzIwZWM2ZThj
0100: YzFiZWM5NTQifQ%3D%3D; expires=Thu, 14-May-2020 20:16:08 GMT; Max
0140: -Age=7200; path=/; httponly
<= Recv header, 100 bytes (0x64)
0000: Expect-CT: max-age=604800, report-uri="https://report-uri.cloudf
0040: lare.com/cdn-cgi/beacon/expect-ct"
<= Recv header, 20 bytes (0x14)
0000: Server: cloudflare
<= Recv header, 30 bytes (0x1e)
0000: CF-RAY: 59369bcb4cfbe664-LHR
<= Recv header, 49 bytes (0x31)
0000: cf-request-id: 02b5ffb30d0000e664ac8a1200000001
<= Recv header, 2 bytes (0x2)
0000:
== Info: Ignoring the response-body
<= Recv data, 135 bytes (0x87)
0000: 17c
0005: <!DOCTYPE html>.<html>. <head>. <meta charset="UTF-8"
0045: />. <meta http-equiv="refresh" content="0;url=https://scr
0085: ee
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
<= Recv data, 252 bytes (0xfc)
0000: npeek.io/shots/qkjrm1" />.. <title>Redirecting to https:/
0040: /screenpeek.io/shots/qkjrm1</title>. </head>. <body>.
0080: Redirecting to <a href="https://screenpeek.io/shots/qkjrm1">h
00c0: ttps://screenpeek.io/shots/qkjrm1</a>.. </body>.</html>
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
<= Recv data, 5 bytes (0x5)
0000: 0
0003:
== Info: Connection #0 to host screenpeek.io left intact
== Info: Issue another request to this URL: 'https://screenpeek.io/shots/qkjrm1'
== Info: Switch from POST to GET
== Info: Found bundle for host screenpeek.io: 0x7f8d17c16740 [serially]
== Info: Re-using existing connection! (#0) with host screenpeek.io
== Info: Connected to screenpeek.io (104.24.101.9) port 443 (#0)
=> Send SSL data, 5 bytes (0x5)
0000: .....
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send header, 726 bytes (0x2d6)
0000: POST /shots/qkjrm1 HTTP/1.1
001d: Host: screenpeek.io
0032: User-Agent: curl/7.65.3
004b: Accept: */*
0058: Content-Type: application/x-www-form-urlencoded
0089: Cookie: __cfduid=d992d1c6e2c91c59803d953a83ad3dcee1589477309; XS
00c9: RF-TOKEN=eyJpdiI6IlZOeGpmTVBZYzJnaFpIVXZudGtOM1E9PSIsInZhbHVlIjo
0109: iaXJnY2JMaXptTGNCb3U3bVgrUk9xeTJtV3RwSDdwSkN0M1BNSWpNa0tjK1RkUGt
0149: iKzlLdG8wbmp0WjZoTmZybyIsIm1hYyI6ImMxYjQyZjk5MTM2NDZmOTNhMGZjZjc
0189: yNjhjMTYyNWQ4OTQ4NzY2OWIyMjg1MjI5Mzk0OWZhYjQ2Y2ZhZGM1NjgifQ%3D%3
01c9: D; laravel_session=eyJpdiI6ImtZdngwK3VXdjFHdjBVcmd3RG1LbGc9PSIsI
0209: nZhbHVlIjoiN2NaWmJyYStmV3FJMU9LODdjcUZWTGdqV2dtQnBJbTdMaTRNbUZPT
0249: kdTXC9rSEVQTGc5dWlwOWZFMVhlTmNiQkEiLCJtYWMiOiIwZGIwMGEzYjA5ZDQ5Y
0289: WFiMDE3ODJkMjdmZTg5MjUzNzQwZTAwMzUxODRhNTdhYzFiMmQ0MmViYWJlMzM5N
02c9: DljIn0%3D
02d4:
<= Recv SSL data, 5 bytes (0x5)
0000: ....G
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: Mark bundle as not supporting multiuse
<= Recv header, 33 bytes (0x21)
0000: HTTP/1.1 405 Method Not Allowed
<= Recv header, 37 bytes (0x25)
0000: Date: Thu, 14 May 2020 18:16:08 GMT
<= Recv header, 40 bytes (0x28)
0000: Content-Type: text/html; charset=UTF-8
<= Recv header, 28 bytes (0x1c)
0000: Transfer-Encoding: chunked
<= Recv header, 24 bytes (0x18)
0000: Connection: keep-alive
<= Recv header, 18 bytes (0x12)
0000: allow: GET, HEAD
<= Recv header, 34 bytes (0x22)
0000: Cache-Control: no-cache, private
<= Recv header, 26 bytes (0x1a)
0000: CF-Cache-Status: DYNAMIC
<= Recv header, 100 bytes (0x64)
0000: Expect-CT: max-age=604800, report-uri="https://report-uri.cloudf
0040: lare.com/cdn-cgi/beacon/expect-ct"
<= Recv header, 20 bytes (0x14)
0000: Server: cloudflare
<= Recv header, 30 bytes (0x1e)
0000: CF-RAY: 59369bcc4f39e664-LHR
<= Recv header, 49 bytes (0x31)
0000: cf-request-id: 02b5ffb3b10000e664ac8a7200000001
<= Recv header, 2 bytes (0x2)
0000:
<= Recv data, 637 bytes (0x27d)
0000: 276
0005: <!DOCTYPE html>.<html>. <head>. <meta charset="UTF-8"
0045: />. <meta name="robots" content="noindex,nofollow" />.
0085: <style> body { background-color: #fff; color
00c5: : #222; font: 16px/1.5 -apple-system, BlinkMacSystemFont, "Segoe
0105: UI", Roboto, "Helvetica Neue", Arial, sans-serif; margin: 0; }.
0145: .container { margin: 30px; max-width: 600px; }.
0185: h1 { color: #dc3545; font-size: 24px; }</style>.
01c5: </head>. <body>. <div class="contai
0205: ner">. <h1>Whoops, looks like something went
0245: wrong.</h1>. </div>. </body>.</html>
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
<= Recv data, 5 bytes (0x5)
0000: 0
0003:
== Info: Connection #0 to host screenpeek.io left intactz
I am new in DICOM and DCMTK. I was trying to retrieve dcm files from a private PACS server(172.18.1.1) with movescu command in Windows platform. The incoming and outgoing message were normal but no data was received in the specified directory.The command is as following:
movescu.exe -d -S -aec GEPACS -aet TEST1 -od c:\windows\dcmtk\dcm 172.18.1.1 4100 -k QueryRetrieveLevel=STUDY -k StudyInstanceUID=1.2.840.113619.186.351258914078.20100708160459594.417
The output message is as follow:
>D: $dcmtk: movescu v3.6.3 2018-02-05 $
>D:
>D: Request Parameters:
>D: ====================== BEGIN A-ASSOCIATE-RQ =====================
>D: Our Implementation Class UI>D: 1.2.276.0.7230010.3.0.3.6.3
>D: Our Implementation Version Name: OFFIS_DCMTK_363
>D: Their Implementation Class UI>D:
>D: Their Implementation Version Name:
>D: Application Context Name: 1.2.840.10008.3.1.1.1
>D: Calling Application Name: TEST1
>D: Called Application Name: GEPACS
>D: Responding Application Name: GEPACS
>D: Our Max PDU Receive Size: 16384
>D: Their Max PDU Receive Size: 0
>D: Presentation Contexts:
>D: Context I>D: 1 (Proposed)
>D: Abstract Syntax: =FINDStudyRootQueryRetrieveInformationModel
>D: Proposed SCP/SCU Role: Default
>D: Proposed Transfer Syntax(es):
>D: =LittleEndianExplicit
>D: =BigEndianExplicit
>D: =LittleEndianImplicit
>D: Context I>D: 3 (Proposed)
>D: Abstract Syntax: =MOVEStudyRootQueryRetrieveInformationModel
>D: Proposed SCP/SCU Role: Default
>D: Proposed Transfer Syntax(es):
>D: =LittleEndianExplicit
>D: =BigEndianExplicit
>D: =LittleEndianImplicit
>D: Requested Extended Negotiation: none
>D: Accepted Extended Negotiation: none
>D: Requested User Identity Negotiation: none
>D: User Identity Negotiation Response: none
>D: ======================= END A-ASSOCIATE-RQ ======================
>I: Requesting Association
>D: setting network send timeout to 60 seconds
>D: setting network receive timeout to 60 seconds
>D: Constructing Associate RQ PDU
>D: PDU Type: Associate Accept, PDU Length: 208 + 6 bytes PDU header
>D: 02 00 00 00 00 d0 00 01 00 00 47 45 50 41 43 53
>D: 20 20 20 20 20 20 20 20 20 20 41 45 5f 41 52 43
>D: 48 31 20 20 20 20 20 20 20 20 00 00 00 00 00 00
>D: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>D: 00 00 00 00 00 00 00 00 00 00 10 00 00 15 31 2e
>D: 32 2e 38 34 30 2e 31 30 30 30 38 2e 33 2e 31 2e
>D: 31 2e 31 21 00 00 1b 01 00 00 00 40 00 00 13 31
>D: 2e 32 2e 38 34 30 2e 31 30 30 30 38 2e 31 2e 32
>D: 2e 31 21 00 00 1b 03 00 00 00 40 00 00 13 31 2e
>D: 32 2e 38 34 30 2e 31 30 30 30 38 2e 31 2e 32 2e
>D: 31 50 00 00 31 51 00 00 04 00 00 70 00 52 00 00
>D: 13 31 2e 32 2e 38 34 30 2e 31 31 33 36 31 39 2e
>D: 36 2e 39 34 55 00 00 0e 43 45 4e 54 52 49 43 49
>D: 54 59 5f 34 2e 30
>D: Parsing an A-ASSOCIATE PDU
>D: Association Parameters Negotiate>D:
>D: ====================== BEGIN A-ASSOCIATE-AC =====================
>D: Our Implementation Class UI>D: 1.2.276.0.7230010.3.0.3.6.3
>D: Our Implementation Version Name: OFFIS_DCMTK_363
>D: Their Implementation Class UI>D: 1.2.840.113619.6.94
>D: Their Implementation Version Name: CENTRICITY_4.0
>D: Application Context Name: 1.2.840.10008.3.1.1.1
>D: Calling Application Name: TEST1
>D: Called Application Nae: GEPACS
>D: Responding Application Name: GEPACS
>D: Our Max PDU Receive Size: 16384
>D: Their Max PDU Receive Size: 28672
>D: Presentation Contexts:
>D: Context I>D: 1 (Accepted)
>D: Abstract Syntax: =FINDStudyRootQueryRetrieveInformationModel
>D: Proposed SCP/SCU Role: Default
>D: Accepted SCP/SCU Role: Default
>D: Accepted Transfer Syntax: =LittleEndianExplicit
>D: Context I>D: 3 (Accepted)
>D: Abstract Syntax: =MOVEStudyRootQueryRetrieveInformationModel
>D: Proposed SCP/SCU Role: Default
>D: Accepted SCP/SCU Role: Default
>D: Accepted Transfer Syntax: =LittleEndianExplicit
>D: Requested Extended Negotiation: none
>D: Accepted Extended Negotiation: none
>D: Requested User Identity Negotiation: none
>D: User Identity Negotiation Response: none
>D: ======================= END A-ASSOCIATE-AC ======================
>I: Association Accepted (Max Send PDV: 28660)
>I: Sending Move Request
>D: ===================== OUTGOING DIMSE MESSAGE ====================
>D: Message Type : C-MOVE RQ
>D: Presentation Context ID : 3
>D: Message ID : 1
>D: Affected SOP Class UID : MOVEStudyRootQueryRetrieveInformationModel
>D: Data Set : present
>D: Priority : medium
>D: Move Destination : TEST1
>D: ======================= END DIMSE MESSAGE =======================
>I: Request Identifiers:
>I:
>I: # Dicom-Data-Set
>I: # Used TransferSyntax: Little Endian Explicit
>I: (0008,0052) CS [STUDY] # 6, 1 QueryRetrieveLevel
>I: (0020,000d) UI [1.2.840.113619.186.351258914078.20100708160459594.417] # 54, 1 StudyInstanceUID
>I:
>D: DcmDataset::read() TransferSyntax="Little Endian Implicit"
>I: Received Final Move Response
>D: ===================== INCOMING DIMSE MESSAGE ====================
>D: Message Type : C-MOVE RSP
>D: Message ID Being Responded To : 1
>D: Affected SOP Class UID : MOVEStudyRootQueryRetrieveInformationModel
>D: Remaining Suboperations : none
>D: Completed Suboperations : 6
>D: Failed Suboperations : 0
>D: Warning Suboperations : 0
>D: Data Set : none
>D: DIMSE Status : 0x0000: Success
>D: ======================= END DIMSE MESSAGE =======================
>I: Releasing Association
And also I tried to add --port 104 or -aem TEST1, but failed either.
The default "move destination" (option -aem) of movescu is "MOVESCU". Does your PACS know anything about this AE title? It seems that the 6 DICOM SOP Instances ("Completed Suboperations: 6") were sent successfully to this AE (Application Entity). The output directory (option -od) is only used when movescu also acts as a Storage SCP, i.e. if option --port (or +P) is used.
And also I tried to add --port 104 or -aem TEST1, but failed either.
Did you configure your PACS to map the AE title "TEST1" to the IP address of the system movescu is running on and to port 104?
It seems that the C-MOVE operation is successful:
>I: Received Final Move Response
>D: ===================== INCOMING DIMSE MESSAGE ====================
>D: Message Type : C-MOVE RSP
>D: Message ID Being Responded To : 1
>D: Affected SOP Class UID : MOVEStudyRootQueryRetrieveInformationModel
>D: Remaining Suboperations : none
>D: Completed Suboperations : 6
>D: Failed Suboperations : 0
>D: Warning Suboperations : 0
>D: Data Set : none
>D: DIMSE Status : 0x0000: Success
>D: ======================= END DIMSE MESSAGE =======================
According to the message from the server, 6 Sub-Operations were successsfully completed (i.e. 6 images were moved to the move destination), and the Status is "Success". Thus, I would suspect that the AET "TEST1" maps to a different system, not yours.
As J. Riesmeier suggested, you should check the IP and Port configuration for "TEST1" in the PACS.
I am trying to send the list of IPs as data in curl.
Curl adds null objects in data field when I try to parse the data through a bash variable (Here, $ips). It works fine without using the variable, however, I need to use that since the number of IPs is not constant. Below is exact command/syntax used with output:
mabosvgori-m2:Qualys_Auth_Scan vgori$ ips=`cat PRIVATE_IPs`
mabosvgori-m2:Qualys_Auth_Scan vgori$ echo "$ips"
["XX.XX.XX.XX", "YY.YY.YY.YY", "ZZ.ZZ.ZZ.ZZ",....]
mabosvgori-m2:Qualys_Auth_Scan vgori$ curl -v -H "Content-Type:application/json" -X "POST" -d "$ips" "https://aa.bb.info/TEST/APP/Scan" --trace-ascii /dev/stdout
Warning: --trace-ascii overrides an earlier trace/verbose option
== Info: Trying XX.YY.ZZ.AA...
== Info: Connected to aa.bb.info (XX.YY.ZZ.AA) port 443 (#0)
== Info: TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
== Info: Server certificate: *.bb.info
== Info: Server certificate: DigiCert SHA2 High Assurance Server CA
== Info: Server certificate: DigiCert High Assurance EV Root CA
=> Send header, 178 bytes (0xb2)
0000: POST /TEST/APP/Scan HTTP/1.1
0027: Host: aa.bb.info
003f: User-Agent: curl/7.43.0
0058: Accept: */*
0065: Content-Type:application/json
0084: Content-Length: 6907
009a: Expect: 100-continue
00b0:
<= Recv header, 23 bytes (0x17)
0000: HTTP/1.1 100 Continue
=> Send data, 6907 bytes (0x1afb)
0000: ["XX.XX.XX.XX", "YY.YY.YY.YY", "ZZ.ZZ.ZZ.ZZ",....]
== Info: We are completely uploaded and fine
<= Recv header, 36 bytes (0x24)
0000: HTTP/1.1 500 Internal Server Error
<= Recv header, 46 bytes (0x2e)
0000: Content-Type: application/json;charset=UTF-8
<= Recv header, 37 bytes (0x25)
0000: Date: Tue, 12 Apr 2016 19:05:48 GMT
<= Recv header, 27 bytes (0x1b)
0000: Server: Apache-Coyote/1.1
<= Recv header, 23 bytes (0x17)
0000: Vary: Accept-Encoding
<= Recv header, 69 bytes (0x45)
0000: X-Trace: 1B686AF995169D1B189FCEB49C21AA676B73E2E45F3598FBDC3699E
0040: EB3
<= Recv header, 28 bytes (0x1c)
0000: transfer-encoding: chunked
<= Recv header, 24 bytes (0x18)
0000: Connection: keep-alive
<= Recv header, 2 bytes (0x2)
0000:
<= Recv data, 6163 bytes (0x1813)
0000: 180b
0006: {. "error" : "Cannot invoke method getPlatformId() on null obje
0046: ct",. "stacktrace" : "org.codehaus.groovy.runtime.NullObject.in
0086: vokeMethod(NullObject.java:88)\norg.codehaus.groovy.runtime.call
00c6: site.PogoMetaClassSite.call(PogoMetaClassSite.java:45)\norg.code
0106: haus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteA
0146: rray.java:45)\norg.codehaus.groovy.runtime.callsite.NullCallSite
0186: .call(NullCallSite.java:32)\norg.codehaus.groovy.runtime.callsit
01c6: e.CallSiteArray.defaultCall(CallSiteArray.java:45......
I cannot use --data-urlencode or any other encoding option as the server script doesn't support those.
I really thought it was curl but I figured its cat which was the culprit here.
Using cat PRIVATE_IPs | tr -dc '[:digit:],."[]' resolved this.
Wrong again. I finally figured it's the null-bytes in IP address themselves which give the issue. That is, if the IP address contains something like XX.YY.100.ZZ it will throw this error.
I seem to be having some kind of openssl/certificates issue I can't figure out. Using wget 'http://www.youtube.com' gives me the following certificates error (other sites like amazon and google work, though):
--2015-05-07 11:10:26-- http://www.youtube.com/
Resolving www.youtube.com... 74.125.239.102, 74.125.239.98, 74.125.239.101, ...
Connecting to www.youtube.com|74.125.239.102|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.youtube.com/ [following]
--2015-05-07 11:10:26-- https://www.youtube.com/
Connecting to www.youtube.com|74.125.239.102|:443... connected.
ERROR: cannot verify www.youtube.com's certificate, issued by 'CN=Google Internet Authority G2,O=Google Inc,C=US':
Unable to locally verify the issuer's authority.
To connect to www.youtube.com insecurely, use '--no-check-certificate'.
First I tried reinstalling openssl with
~ > brew uninstall openssl
~ > brew install openssl
Nothing changed.
I tried /usr/local/opt/openssl/bin/openssl s_client -connect youtube.com:443 -CAfile /usr/local/etc/openssl/cert.pem but this continues to give me a Verify return code: 20 (unable to get local issuer certificate) full output:
testenv3 > /usr/local/opt/openssl/bin/openssl s_client -connect youtube.com:443 -CAfile /usr/local/etc/openssl/cert.pem
CONNECTED(00000003)
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
i:/C=US/O=Google Inc/CN=Google Internet Authority G2
1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHgzCCBmugAwIBAgIILW9oBp50RiIwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwNDIyMTMyMTQwWhcNMTUwNzIxMDAwMDAw
WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5n
b29nbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDJKgSnX
rfthwCCB0gc5KDN02J+Uj2xgKeFusyLnCtCv/QYKJjXDXYceViX9aF+GSFZZe1GK
uNP0qYh8/v31zTz0SE5UaQyn9uqz33wwU43Af94J5nnjA6PCZrNnHzhOaDputEgO
y3UwEPSgatVhcVEgdqXeisQOnG7SpRuzfMs/HEsiSmc784+rSBAZKktspXDdh9BK
B84vT7MqdJQKYdqENyqzdnJiqqNieXlcVYDcCVqf/VqoS2zmq1UaZuhBBhi+Q8ef
C5XmniLVKnmAtRktwux1khRV4W1axoEShipaolhww8X2FyiYou0/IUUGRRMOfzwD
5myRr2feJkOFAwIDAQABo4IEUDCCBEwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMIIDJgYDVR0RBIIDHTCCAxmCDCouZ29vZ2xlLmNvbYINKi5hbmRyb2lk
LmNvbYIWKi5hcHBlbmdpbmUuZ29vZ2xlLmNvbYISKi5jbG91ZC5nb29nbGUuY29t
ghYqLmdvb2dsZS1hbmFseXRpY3MuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUu
Y2yCDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28u
dWuCDyouZ29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5j
b20uYnKCDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2ds
ZS5jb20udHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xl
LmVzggsqLmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdv
b2dsZS5ubIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBp
cy5jb22CDyouZ29vZ2xlYXBpcy5jboIUKi5nb29nbGVjb21tZXJjZS5jb22CESou
Z29vZ2xldmlkZW8uY29tggwqLmdzdGF0aWMuY26CDSouZ3N0YXRpYy5jb22CCiou
Z3Z0MS5jb22CCiouZ3Z0Mi5jb22CFCoubWV0cmljLmdzdGF0aWMuY29tggwqLnVy
Y2hpbi5jb22CECoudXJsLmdvb2dsZS5jb22CFioueW91dHViZS1ub2Nvb2tpZS5j
b22CDSoueW91dHViZS5jb22CFioueW91dHViZWVkdWNhdGlvbi5jb22CCyoueXRp
bWcuY29tggthbmRyb2lkLmNvbYIEZy5jb4IGZ29vLmdsghRnb29nbGUtYW5hbHl0
aWNzLmNvbYIKZ29vZ2xlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tggp1cmNoaW4u
Y29tggh5b3V0dS5iZYILeW91dHViZS5jb22CFHlvdXR1YmVlZHVjYXRpb24uY29t
MGgGCCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUu
Y29tL0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2ds
ZS5jb20vb2NzcDAdBgNVHQ4EFgQUiM602EJkc9+TR6CsmcXD7cBI35YwDAYDVR0T
AQH/BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAE
EDAOMAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5n
b29nbGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAUi0NYc8EEax2
6DpqB9ZWYQTbgmIADA2ksPZtJ1MUJXbENoUlILIcv4qFgoPXqZPDLhuBZ+aJmfXL
3H4Z4piBAZC11nGioZaubKxqYa/ujKgmnjYeGaFGPWocYZOw2RmZwp/RLaMP64JH
Y6QgyEZlbX//lV6e4PjFSnr0y90Ksrl1PsvwUFV8dTfhI079OXtqD6sqEEf+uRao
7HHH50ZKGkb1Aa5e8xXx9DOo6siyAEVRGb1+uxnGsPZW2v3UmNPXmp5YdKmPifxT
5lGe54TepRde2y+UvsyeFAjroSnm10fnkj777peFg/sK3Gs1tAbNgw6SDOPVnvBz
q59oNKUisw==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4500 bytes and written 474 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: BE12D954ABDF74775FCCDBD467C6494D2F5F93FC5C582F6086B42CB7F5A3C5CD
Session-ID-ctx:
Master-Key: 57AB75014EBE5C3CF5B617033D2EAFCA29780953F00FAE65C7BA9945202474717AA713F7E79B51C88007DE2A88559F62
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 100800 (seconds)
TLS session ticket:
0000 - 6e 35 b6 f5 87 7f fc 8c-bd 57 35 a3 b9 89 15 4d n5.......W5....M
0010 - fe 9b d1 cf 05 7e b1 46-66 06 83 cd 83 ec ea f7 .....~.Ff.......
0020 - 3f 2a a5 56 97 b3 76 c1-0d eb a4 d4 57 fd bb 23 ?*.V..v.....W..#
0030 - a6 5a ea 63 17 cd 8d 47-f1 80 a5 d9 c8 74 d7 0f .Z.c...G.....t..
0040 - b2 f7 63 5a 9a fd 0f 2f-3d 95 96 07 54 89 51 cf ..cZ.../=...T.Q.
0050 - 7b d2 79 3f 9b ff 14 ed-af d8 cf dd 29 bd de 3d {.y?........)..=
0060 - 70 c1 ff 6b 5d d3 78 a7-62 f4 df 25 05 be 2c 94 p..k].x.b..%..,.
0070 - 96 20 54 a2 70 8d 25 5c-75 93 ab f1 0b 1a 2a 29 . T.p.%\u.....*)
0080 - 5b 1c 2c fb 64 80 73 84-c7 0a 27 f9 57 39 d0 81 [.,.d.s...'.W9..
0090 - df dd 17 ff 3e 0a 37 5e-32 d3 8b 65 49 6f a4 e9 ....>.7^2..eIo..
00a0 - cf 01 76 3b ..v;
Start Time: 1430847495
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
I also tried echo | openssl s_client -connect youtube.com:443 and here is that output:
(testenv3)testenv3 > echo | openssl s_client -connect youtube.com:443
CONNECTED(00000003)
depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
i:/C=US/O=Google Inc/CN=Google Internet Authority G2
1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHgzCCBmugAwIBAgIILW9oBp50RiIwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwNDIyMTMyMTQwWhcNMTUwNzIxMDAwMDAw
WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5n
b29nbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDJKgSnX
rfthwCCB0gc5KDN02J+Uj2xgKeFusyLnCtCv/QYKJjXDXYceViX9aF+GSFZZe1GK
uNP0qYh8/v31zTz0SE5UaQyn9uqz33wwU43Af94J5nnjA6PCZrNnHzhOaDputEgO
y3UwEPSgatVhcVEgdqXeisQOnG7SpRuzfMs/HEsiSmc784+rSBAZKktspXDdh9BK
B84vT7MqdJQKYdqENyqzdnJiqqNieXlcVYDcCVqf/VqoS2zmq1UaZuhBBhi+Q8ef
C5XmniLVKnmAtRktwux1khRV4W1axoEShipaolhww8X2FyiYou0/IUUGRRMOfzwD
5myRr2feJkOFAwIDAQABo4IEUDCCBEwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMIIDJgYDVR0RBIIDHTCCAxmCDCouZ29vZ2xlLmNvbYINKi5hbmRyb2lk
LmNvbYIWKi5hcHBlbmdpbmUuZ29vZ2xlLmNvbYISKi5jbG91ZC5nb29nbGUuY29t
ghYqLmdvb2dsZS1hbmFseXRpY3MuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUu
Y2yCDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28u
dWuCDyouZ29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5j
b20uYnKCDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2ds
ZS5jb20udHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xl
LmVzggsqLmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdv
b2dsZS5ubIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBp
cy5jb22CDyouZ29vZ2xlYXBpcy5jboIUKi5nb29nbGVjb21tZXJjZS5jb22CESou
Z29vZ2xldmlkZW8uY29tggwqLmdzdGF0aWMuY26CDSouZ3N0YXRpYy5jb22CCiou
Z3Z0MS5jb22CCiouZ3Z0Mi5jb22CFCoubWV0cmljLmdzdGF0aWMuY29tggwqLnVy
Y2hpbi5jb22CECoudXJsLmdvb2dsZS5jb22CFioueW91dHViZS1ub2Nvb2tpZS5j
b22CDSoueW91dHViZS5jb22CFioueW91dHViZWVkdWNhdGlvbi5jb22CCyoueXRp
bWcuY29tggthbmRyb2lkLmNvbYIEZy5jb4IGZ29vLmdsghRnb29nbGUtYW5hbHl0
aWNzLmNvbYIKZ29vZ2xlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tggp1cmNoaW4u
Y29tggh5b3V0dS5iZYILeW91dHViZS5jb22CFHlvdXR1YmVlZHVjYXRpb24uY29t
MGgGCCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUu
Y29tL0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2ds
ZS5jb20vb2NzcDAdBgNVHQ4EFgQUiM602EJkc9+TR6CsmcXD7cBI35YwDAYDVR0T
AQH/BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAE
EDAOMAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5n
b29nbGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAUi0NYc8EEax2
6DpqB9ZWYQTbgmIADA2ksPZtJ1MUJXbENoUlILIcv4qFgoPXqZPDLhuBZ+aJmfXL
3H4Z4piBAZC11nGioZaubKxqYa/ujKgmnjYeGaFGPWocYZOw2RmZwp/RLaMP64JH
Y6QgyEZlbX//lV6e4PjFSnr0y90Ksrl1PsvwUFV8dTfhI079OXtqD6sqEEf+uRao
7HHH50ZKGkb1Aa5e8xXx9DOo6siyAEVRGb1+uxnGsPZW2v3UmNPXmp5YdKmPifxT
5lGe54TepRde2y+UvsyeFAjroSnm10fnkj777peFg/sK3Gs1tAbNgw6SDOPVnvBz
q59oNKUisw==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
---
No client certificate CA names sent
---
SSL handshake has read 3999 bytes and written 444 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-SHA
Session-ID: 10775C02A73AB2D86F618C26491521BAC0EF8FAB670C7BEFC7F1FAA223064A57
Session-ID-ctx:
Master-Key: B7D9845159D987F16A7E1A847C049E1E2A703590C4846731ACCB12B34A5056900BAFEF75A461E999A786B258C12E87AC
Key-Arg : None
Start Time: 1430785075
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
DONE
I don't know what else to do from here and I have little to no understanding of openssl and certificates. What exactly do I need to do to fix this?
It should be possible send and receive ICMP packets using the Ruby socket library but I do not see any good documentation on this.
I do not want to use net-ping, icmp, ping, and all of these other libraries that either fail because of cross-platform issues, require devkit and custom building, which fail during the build process, are neglected and have not been updated for a lengthy time, and/or are just in general buggy.
Does anyone have any good documentation on how to accomplish this? I want to send ICMP echo replies, not TCP or UDP packets.
Reading Daniel Berger's code on his Net-ping project I was able to see how he did it.
http://rubygems.org/gems/net-ping
I recently dug this problem and wanted to make an self-contained answer. I use Linux or macOS in development and Linux in production.
In 2011, a patch was introduced to allow the creation of a socket where the kernel handles some ICMP stuff like providing an ID and computing the checksum with echo requests. It is also available for macOS. I made some tests with ICMP echo requests and replies.
Under macOS:
You get the IP header (20 bytes without options) with the ICMP echo reply but you send the ICMP echo request alone.
You have to compute the checksum yourself.
Under Linux, permissions must be set accordingly to allow users from a group to create the socket if not run as root. On macOS there is no need for it.
sysctl net.ipv4.ping_group_range='1000 1000'
Some code has been taken or adapted from net-ping. The book Unix Network Programming: The Sockets Networking Api (Volume 1, 3rd edition, by Stevens, Fenner and Rudoff, Addison-Wesley, 2004) is really interesting and in particular the chapter concerning raw sockets (chapter 28) and its sections 28.4 ("Raw Socket Input") and 28.5 ("ping Program").
#!/usr/bin/env ruby
require 'socket'
def bin_to_hex(s, sep = " ")
s.each_byte.map { |b| "%02x" % b.to_i }.join(sep)
end
def checksum(msg)
length = msg.length
num_short = length / 2
check = msg.unpack("n#{num_short}").sum
if length % 2 > 0
check += msg[length-1, 1].unpack1('C') << 8
end
check = (check >> 16) + (check & 0xffff)
return (~((check >> 16) + check) & 0xffff)
end
def send_ping(socket, host, seq, data)
id = 0
checksum = 0
icmp_packet = [8, 0, checksum, id, seq].pack('C2 n3') << data
puts "icmp_packet bef checksum: #{bin_to_hex(icmp_packet)}"
checksum = checksum(icmp_packet)
icmp_packet = [8, 0, checksum, id, seq].pack('C2 n3') << data
puts "icmp_packet aft checksum: #{bin_to_hex(icmp_packet)}"
saddr = Socket.pack_sockaddr_in(0, host)
socket.send(icmp_packet, 0, saddr)
return icmp_packet
end
def receive_ping(socket, timeout)
io_array = select([socket], nil, nil, timeout)
if io_array.nil? || io_array[0].empty?
return nil, nil
end
# length is either 12 bytes of ICMP alone or 20 bytes of IP header + 12 bytes of ICMP = 32 bytes
# data = socket.recv(32) # IP header 20 + 12
data = socket.recv(32)
puts "received packet: #{bin_to_hex(data)}"
rcvd_at = Time.now
if data.size == 32
if data.unpack1("C") == 0x45
# We have an IP header
offset = 20
else
# Looks like an IP header but it is not!
return rcvd_at, nil
end
else
# data.size == 12
offset = 0
end
icmp_type, icmp_code = data[0 + offset, 2].unpack('C2')
if icmp_type == 0 && icmp_code == 0
echo_reply_id, echo_reply_seq = data[4 + offset, 4].unpack('n2')
# Check if using a raw socket (SOCK_RAW)
# Means we need sent id (and seq if we want to)
# if id == echo_reply_id && seq == echo_reply_seq
return rcvd_at, data[offset..]
# end
end
return rcvd_at, nil
end
sock = Socket.open(Socket::PF_INET, Socket::SOCK_DGRAM, Socket::IPPROTO_ICMP)
# sock = Socket.open(Socket::PF_INET, Socket::SOCK_RAW, Socket::IPPROTO_ICMP)
# No need unless we use a raw socket
# id = Process.pid & 0xffff
seq = 1
sent_at = Time.now
sent_at_ms = (sent_at.hour * 3600 + sent_at.min * 60 + sent_at.sec) * 1000 + sent_at.tv_nsec / 1000000
sent = send_ping(sock, ARGV[0], seq, [sent_at_ms].pack("N"))
puts "sent icmp packet: #{bin_to_hex(sent)}"
# The loop is necessary in case of a raw socket because perhaps we did not receive a reply for our request
# loop do
rcvd_at, rcvd = receive_ping(sock, 5000)
if rcvd
rcvd_at_ms = (rcvd_at.hour * 3600 + rcvd_at.min * 60 + rcvd_at.sec) * 1000 + rcvd_at.tv_nsec / 1000000
sent_at_ms = rcvd[8, 4].unpack1("N")
latency = rcvd_at_ms - sent_at_ms
puts "size: #{rcvd.size}, latency: #{latency}, rcvd icmp: #{bin_to_hex(rcvd)}"
# break
# else
# puts "received bytes is not our reply"
end
# end
sock.close
On macOS we get:
$ ./ping.rb google.com
icmp_packet bef checksum: 08 00 00 00 00 00 00 01 02 17 b3 5e
icmp_packet aft checksum: 08 00 42 89 00 00 00 01 02 17 b3 5e
sent icmp packet: 08 00 42 89 00 00 00 01 02 17 b3 5e
received packet: 45 60 0c 00 00 00 00 00 73 01 c2 10 ac d9 17 6e c0 a8 00 7d 00 00 4a 89 00 00 00 01 02 17 b3 5e
size: 12, latency: 29, rcvd icmp: 00 00 4a 89 00 00 00 01 02 17 b3 5e
On Debian 10:
$ ./ping.rb google.com
icmp_packet bef checksum: 08 00 00 00 00 00 00 01 02 18 e0 f9
icmp_packet aft checksum: 08 00 14 ed 00 00 00 01 02 18 e0 f9
sent icmp packet: 08 00 14 ed 00 00 00 01 02 18 e0 f9
received packet: 00 00 1c 9c 00 51 00 01 02 18 e0 f9
size: 12, latency: 14, rcvd icmp: 00 00 1c 9c 00 51 00 01 02 18 e0 f9
Note the difference between received packets. Note that we put current time in the packet in the form of the number of milliseconds since midnight (local time) and that we did not account for a request for which the reply is received the next day (e.g. sent at 23:59:59 and received at 00:00:01 the next day, 2sec later).
Some code is necessary if we use a raw socket.
Choose a unique id (process id)
Compute the checksum.
Check that the received ICMP echo reply is meant for our code by checking that the IDs match.