<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> <HTML> <HEAD> <META http-equiv="Content-Type" content="text/html; charset=US-ASCII"> <META name="GENERATOR" content="hevea 1.10"> <LINK rel="stylesheet" type="text/css" href="omniORB.css"> <TITLE>Connection and Thread Management</TITLE> </HEAD> <BODY > <A HREF="omniORB007.html"><IMG SRC="previous_motif.gif" ALT="Previous"></A> <A HREF="index.html"><IMG SRC="contents_motif.gif" ALT="Up"></A> <A HREF="omniORB009.html"><IMG SRC="next_motif.gif" ALT="Next"></A> <HR> <H1 CLASS="chapter"><A NAME="htoc91">Chapter 8</A>  Connection and Thread Management</H1><P> <A NAME="chap:connections"></A></P><P>This chapter describes how omniORB manages threads and network connections.</P><H2 CLASS="section"><A NAME="toc37"></A><A NAME="htoc92">8.1</A>  Background</H2><P>In CORBA, the ORB is the ‘middleware’ that allows a client to invoke an operation on an object without regard to its implementation or location. In order to invoke an operation on an object, a client needs to ‘bind’ to the object by acquiring its object reference. Such a reference may be obtained as the result of an operation on another object (such as a naming service or factory object) or by conversion from a stringified representation. If the object is in a different address space, the binding process involves the ORB building a proxy object in the client’s address space. The ORB arranges for invocations on the proxy object to be transparently mapped to equivalent invocations on the implementation object.</P><P>For the sake of interoperability, CORBA mandates that all ORBs should support IIOP as the means to communicate remote invocations over a TCP/IP connection. IIOP is usually<SUP><A NAME="text17" HREF="#note17">1</A></SUP> asymmetric with respect to the roles of the parties at the two ends of a connection. At one end is the client which can only initiate remote invocations. At the other end is the server which can only receive remote invocations.</P><P>Notice that in CORBA, as in most distributed systems, remote bindings are established implicitly without application intervention. This provides the illusion that all objects are local, a property known as ‘location transparency’. CORBA does not specify when such bindings should be established or how they should be multiplexed over the underlying network connections. Instead, ORBs are free to implement implicit binding by a variety of means.</P><P>The rest of this chapter describes how omniORB manages network connections and the programming interface to fine tune the management policy.</P><H2 CLASS="section"><A NAME="toc38"></A><A NAME="htoc93">8.2</A>  The model</H2><P>omniORB is designed from the ground up to be fully multi-threaded. The objective is to maximise the degree of concurrency and at the same time eliminate any unnecessary thread overhead. Another objective is to minimise the interference by the activities of other threads on the progress of a remote invocation. In other words, thread ‘cross-talk’ should be minimised within the ORB. To achieve these objectives, the degree of multiplexing at every level is kept to a minimum by default.</P><P>Minimising multiplexing works well when the ORB is relatively lightly loaded. However, when the ORB is under heavy load, it can sometimes be beneficial to conserve operating system resources such as threads and network connections by multiplexing at the ORB level. omniORB has various options that control its multiplexing behaviour.</P><H2 CLASS="section"><A NAME="toc39"></A><A NAME="htoc94">8.3</A>  Client side behaviour</H2><P>On the client side of a connection, the thread that invokes on a proxy object drives the GIOP protocol directly and blocks on the connection to receive the reply. The first time the client makes a call to a particular address space, the ORB opens a suitable connection to the remote address space (based on the client transport rule as described in section <A HREF="#sec:clientRule">8.7.1</A>). After the reply has been received, the ORB caches the open network connection, ready for use by another call.</P><P>If two (or more) threads in a multi-threaded client attempt to contact the same address space simultaneously, there are two different ways to proceed. The default way is to open another network connection to the server. This means that neither the client or server ORB has to perform any multiplexing on the network connections—multiplexing is performed by the operating system, which has to deal with multiplexing anyway. The second possibility is for the client to multiplex the concurrent requests on a single network connection. This conserves operating system resources (network connections), but means that both the client and server have to deal with multiplexing issues themselves.</P><P>In the default one call per connection mode, there is a limit to the number of concurrent connections that are opened, set with the <TT>maxGIOPConnectionPerServer</TT> parameter. To tell the ORB that it may multiplex calls on a single connection, set the <TT>oneCallPerConnection</TT> parameter to zero. If the <TT>oneCallPerConnection</TT> parameter is set to the default value of one, and there are more concurrent calls than specified by <TT>maxGIOPConnectionPerServer</TT>, calls block waiting for connections to become free.</P><P>Note that some server-side ORBs, including omniORB versions before version 4.0, are unable to deal with concurrent calls multiplexed on a single connection, so they serialise the calls. It is usually best to keep to the default mode of opening multiple connections.</P><H3 CLASS="subsection"><A NAME="htoc95">8.3.1</A>  Client side timeouts</H3><P> <A NAME="sec:timeoutAPI"></A></P><P>omniORB can associate a timeout with a call, meaning that if the call takes too long a <TT>TRANSIENT</TT> exception is thrown. Timeouts can be set for the whole process, for a specific thread, or for a specific object reference.</P><P>Timeouts are set using this API:</P><DIV CLASS="lstlisting"><B>namespace</B> omniORB { <B>void</B> setClientCallTimeout(CORBA::ULong millisecs); <B>void</B> setClientCallTimeout(CORBA::Object_ptr obj, CORBA::ULong millisecs); <B>void</B> setClientThreadCallTimeout(CORBA::ULong millisecs); <B>void</B> setClientConnectTimeout(CORBA::ULong millisecs); };</DIV><P><TT>setClientCallTimeout()</TT> sets either the global timeout or the timeout for a specific object reference. <TT>setClientThreadCallTimeout()</TT> sets the timeout for the calling thread. The calling thread must have an <TT>omni_thread</TT> associated with it. Setting any timeout value to zero disables it.</P><P>Accessing per-thread state is a relatively expensive operation, so per thread timeouts are disabled by default. The <TT>supportPerThreadTimeOut</TT> parameter must be set true to enable them.</P><P>To choose the timeout value to use for a call, the ORB first looks to see if there is a timeout for the object reference, then to the calling thread, and finally to the global timeout.</P><P>When a client has no existing connection to communicate with a server, it must open a new connection before performing the call. <TT>setClientConnectTimeout()</TT> sets an overriding timeout for cases where a new connection must be established. The effect of the connect timeout depends upon whether the connect timeout is greater or less than the timeout that would otherwise be used.</P><P>As an example, imagine that the usual call timeout is 10 seconds:</P><H4 CLASS="subsubsection">Connect timeout > usual timeout</H4><P>If the connect timeout is set to 20 seconds, then a call that establishes a new connection will be permitted 20 seconds before it times out. Subsequent calls using the same connection have the normal 10 second timeout. If establishing the connection takes 8 seconds, then the call itself takes 5 seconds, the call succeeds despite having taken 13 seconds in total, longer than the usual timeout.</P><P>This kind of configuration is good when connections are slow to be established.</P><P>If an object reference has multiple possible endpoints available, and connecting to the first endpoint times out, only that one endpoint will have been tried before an exception is raised. However, once the timeout has occurred, the object reference will switch to use the next endpoint. If the application attempts to make another call, it will use the next endpoint.</P><H4 CLASS="subsubsection">Connect timeout < usual timeout</H4><P>If the connect timeout is set to 2 seconds, the actual network-level connect is only permitted to take 2 seconds. As long as the connection is established in less than 2 seconds, the call can proceed. The 10 second call timeout still applies to the time taken for the whole call (including the connection establishment). So, if establishing the connection takes 1.5 seconds, and the call itself takes 9.5 seconds, the call will time out because although it met the connection timeout, it exceeded the 10 second total call timeout. On the other hand, if establishing the connection takes 3 seconds, the call will fail after only 2 seconds, since only 2 seconds are permitted for the connect.</P><P>If an object reference has multiple possible endpoints available, the client will attempt to connect to them in turn, until one succeeds. The connect timeout applies to each connection attempt. So with a connect timeout of 2 seconds, the client will spend up to 2 seconds attempting to connect to the first address and then, if that fails, up to 2 seconds trying the second address, and so on. The 10 second timeout still applies to the call as a whole, so if the total time taken on timed-out connection attempts exceeds 10 seconds, the call will time out.</P><P>This kind of configuration is useful where calls may take a long time to complete (so call timeouts are long), but a fast indication of connection failure is required.</P><H2 CLASS="section"><A NAME="toc40"></A><A NAME="htoc96">8.4</A>  Server side behaviour</H2><P>The server side has two primary modes of operation: thread per connection and thread pooling. It is able to dynamically transition between the two modes, and it supports a hybrid scheme that behaves mostly like thread pooling, but has the same fast turn-around for sequences of calls as thread per connection.</P><H3 CLASS="subsection"><A NAME="htoc97">8.4.1</A>  Thread per connection mode</H3><P>In thread per connection mode (the default, and the only option in omniORB versions before 4.0), each connection has a single thread dedicated to it. The thread blocks waiting for a request. When it receives one, it unmarshals the arguments, makes the up-call to the application code, marshals the reply, and goes back to watching the connection. There is thus no thread switching along the call chain, meaning the call is very efficient.</P><P>As explained above, a client can choose to multiplex multiple concurrent calls on a single connection, so once the server has received the request, and just before it makes the call into application code, it marks the connection as ‘selectable’, meaning that another thread should watch it to see if any other requests arrive. If they do, extra threads are dispatched to handle the concurrent calls. GIOP 1.2 actually allows the argument data for multiple calls to be interleaved on a connection, so the unmarshalling code has to handle that too. As soon as any multiplexing occurs on the connection, the aim of removing thread switching cannot be met, and there is inevitable inefficiency due to thread switching.</P><P>The <TT>maxServerThreadPerConnection</TT> parameter can be set to limit the number of threads that can be allocated to a single connection containing concurrent calls. Setting the parameter to 1 mimics the behaviour of omniORB versions before 4.0, that did not support calls multiplexed on one connection.</P><H3 CLASS="subsection"><A NAME="htoc98">8.4.2</A>  Thread pool mode</H3><P> <A NAME="sec:watchConn"></A></P><P>In thread pool mode, selected by setting the <TT>threadPerConnectionPolicy</TT> parameter to zero, a single thread watches all incoming connections. When a call arrives on one of them, a thread is chosen from a pool of threads, and set to work unmarshalling the arguments and performing the up-call. There is therefore at least one thread switch for each call.</P><P>The thread pool is not pre-initialised. Instead, threads are started on demand, and idle threads are stopped after a period of inactivity. The maximum number of threads that can be started in the pool is set with the <TT>maxServerThreadPoolSize</TT> parameter. The default is 100.</P><P>A common pattern in CORBA applications is for a client to make several calls to a single object in quick succession. To handle this situation most efficiently, the default behaviour is to not return a thread to the pool immediately after a call is finished. Instead, it is set to watch the connection it has just served for a short while, mimicking the behaviour in thread per connection mode. If a new call comes in during the watching period, the call is dispatched without any thread switching, just as in thread per connection mode. Of course, if the server is supporting a very large number of connections (more than the size of the thread pool), this policy can delay a call coming from another connection. If the <TT>threadPoolWatchConnection</TT> parameter is set to zero, connection watching is disabled and threads return to the pool immediately after finishing a single request.</P><P>In the face of multiplexed calls on a single connection, multiple threads from the pool can be dispatched for one connection, just as in thread per connection mode. With <TT>threadPoolWatchConnection</TT> set to the default value of 1, only the last thread servicing a connection will watch it when it finishes a request. Setting the parameter to a larger number allows the last <EM>n</EM> connections to watch the connection.</P><H3 CLASS="subsection"><A NAME="htoc99">8.4.3</A>  Policy transition</H3><P>If the server is dealing with a relatively small number of connections, it is most efficient to use thread per connection mode. If the number of connections becomes too large, however, operating system limits on the number of threads may cause a significant slowdown, or even prevent the acceptance of new connections altogether.</P><P>To give the most efficient response in all circumstances, omniORB allows a server to start in thread per connection mode, and transition to thread pooling if many connections arrive. This is controlled with the <TT>threadPerConnectionUpperLimit</TT> and <TT>threadPerConnectionLowerLimit</TT> parameters. The former must always be larger than the latter. The upper limit chooses the number of connections at which time the ORB transitions to thread pool mode; the lower limit selects the point at which the transition back to thread per connection is made.</P><P>For example, setting the upper limit to 50 and the lower limit to 30 would mean that the first 49 connections would receive dedicated threads. The 50th to arrive would trigger thread pooling. All future connections to arrive would make use of threads from the pool. Note that the existing dedicated threads continue to service their connections until the connections are closed. If the number of connections falls below 30, thread per connection is reactivated and new connections receive their own dedicated threads (up to the limit of 50 again). Once again, existing connections in thread pool mode stay in that mode until they are closed.</P><H2 CLASS="section"><A NAME="toc41"></A><A NAME="htoc100">8.5</A>  Idle connection shutdown</H2><P> <A NAME="sec:connShutdown"></A></P><P>It is wasteful to leave a connection open when it has been left unused for a considerable time. Too many idle connections could block out new connections when it runs out of spare communication channels. For example, most platforms have a limit on the number of file handles a process can open. Many platforms have a very small default limit like 64. The value can often be increased to a maximum of a thousand or more by changing the ‘ulimit’ in the shell.</P><P>Every so often, a thread scans all open connections to see which are idle. The scanning period (in seconds) is set with the <TT>scanGranularity</TT> parameter. The default is 5 seconds.</P><P>Outgoing connections (initiated by clients) and incoming connections (initiated by servers) have separate idle timeouts. The timeouts are set with the <TT>outConScanPeriod</TT> and <TT>inConScanPeriod</TT> parameters respectively. The values are in seconds, and must be a multiple of the scan granularity.</P><P>Beware that setting <TT>outConScanPeriod</TT> or <TT>inConScanPeriod</TT> to be equal to (or less than) <TT>scanGranularity</TT> means that connections are considered candidates for closure immediately after they are opened. That can mean that the connections are closed before any calls have been sent through them. If oneway calls are used, such connection closure can result in silent loss of calls.</P><H3 CLASS="subsection"><A NAME="htoc101">8.5.1</A>  Interoperability Considerations</H3><P>The IIOP specification allows both the client and the server to shutdown a connection unilaterally. When one end is about to shutdown a connection, it should send a CloseConnection message to the other end. It should also make sure that the message will reach the other end before it proceeds to shutdown the connection.</P><P>The client should distinguish between an orderly and an abnormal connection shutdown. When a client receives a CloseConnection message before the connection is closed, the condition is an orderly shutdown. If the message is not received, the condition is an abnormal shutdown. In an abnormal shutdown, the ORB should raise a <TT>COMM_FAILURE</TT> exception whereas in an orderly shutdown, the ORB should <EM>not</EM> raise an exception and should try to re-establish a new connection transparently.</P><P>omniORB implements these semantics completely. However, it is known that some ORBs are not (yet) able to distinguish between an orderly and an abnormal shutdown. Usually this is manifested as the client in these ORBs seeing a <TT>COMM_FAILURE</TT> occasionally when connected to an omniORB server. The work-around is either to catch the exception in the application code and retry, or to turn off the idle connection shutdown inside the omniORB server.</P><H2 CLASS="section"><A NAME="toc42"></A><A NAME="htoc102">8.6</A>  Transports and endpoints</H2><P>omniORB can support multiple network transports. All platforms (usually) have a TCP transport available. Unix platforms support a Unix domain socket transport. Platforms with the OpenSSL library available can support an SSL transport.</P><P>Servers must be configured in two ways with regard to transports: the transports and interfaces on which they listen, and the details that are published in IORs for clients to see. Usually the published details will be the same as the listening details, but there are times when it is useful to publish different information.</P><P>Details are selected with the <TT>endPoint</TT> family of parameters. The simplest is plain <TT>endPoint</TT>, which chooses a transport and interface details, and publishes the information in IORs. Endpoint parameters are in the form of URIs, with a scheme name of ‘<TT>giop:</TT>’, followed by the transport name. Different transports have different parameters following the transport.</P><P>TCP endpoints have the format:</P><BLOCKQUOTE CLASS="quote"> <TT>giop:tcp:</TT><I><host></I><TT>:</TT><I><port></I> </BLOCKQUOTE><P>The host must be a valid host name or IP address for the server machine. It determines the network interface on which the server listens. The port selects the TCP port to listen on, which must be unoccupied. Either the host or port, or both can be left empty. If the host is empty, the ORB publishes the IP address of the first non-loopback network interface it can find (or the loopback if that is the only interface), but listens on <EM>all</EM> network interfaces. If the port is empty, the operating system chooses a port.</P><P>Multiple TCP endpoints can be selected, either to specify multiple network interfaces on which to listen, or (less usefully) to select multiple TCP ports on which to listen.</P><P>If no <TT>endPoint</TT> parameters are set, the ORB assumes a single parameter of <TT>giop:tcp::</TT>, meaning IORs contain the address of the first non-loopback network interface, the ORB listens on all interfaces, and the OS chooses a port number.</P><P>SSL endpoints have the same format as TCP ones, except ‘<TT>tcp</TT>’ is replaced with ‘<TT>ssl</TT>’. Unix domain socket endpoints have the format:</P><BLOCKQUOTE CLASS="quote"> <TT>giop:unix:</TT><I><filename></I> </BLOCKQUOTE><P>where the filename is the name of the socket within the filesystem. If the filename is left blank, the ORB chooses a name based on the process id and a timestamp.</P><P>To listen on an endpoint without publishing it in IORs, specify it with the <TT>endPointNoPublish</TT> configuration parameter. See below for more details about endpoint publishing.</P><H3 CLASS="subsection"><A NAME="htoc103">8.6.1</A>  IPv6</H3><P>On platforms where it is available, omniORB supports IPv6. On most Unix platforms, IPv6 sockets accept both IPv6 and IPv4 connections, so omniORB’s default <TT>giop:tcp::</TT> endpoint accepts both IPv4 and IPv6 connections. On Windows versions before Windows Vista, each socket type only accepts incoming connections of the same type, so an IPv6 socket cannot be used with IPv4 clients. For this reason, the default <TT>giop:tcp::</TT> endpoint only listens for IPv4 connections. Since endpoints with a specific host name or address only listen on a single network interface, they are inherently limited to just one protocol family.</P><P>To explicitly ask for just IPv4 or just IPv6, an endpoint with the wildcard address for the protocol family should be used. For IPv4, the wildcard address is ‘<TT>0.0.0.0</TT>’, and for IPv6 it is ‘<TT>::</TT>’. So, to listen for IPv4 connections on all IPv4 network interfaces, use an endpoint of:</P><BLOCKQUOTE CLASS="quote"> <TT>giop:tcp:0.0.0.0:</TT> </BLOCKQUOTE><P>All IPv6 addresses contain colons, so the address portion in URIs must be contained within <TT>[]</TT> characters. Therefore, to listen just for IPv6 connections on all IPv6 interfaces, use the somewhat cryptic:</P><BLOCKQUOTE CLASS="quote"> <TT>giop:tcp:[::]:</TT> </BLOCKQUOTE><P>To listen for both IPv4 and IPv6 connections on Windows versions prior to Vista, both endpoints must be explicitly provided.</P><H4 CLASS="subsubsection"><A NAME="htoc104">8.6.1.1</A>  Link local addresses</H4><P>In IPv6, all network interfaces are assigned a <I>link local</I> address, starting with the digits <TT>fe80</TT>. The link local address is only valid on the same ‘link’ as the interface, meaning directly connected to the interface, or possibly on the same subnet, depending on how the network is switched. To connect to a server’s link local address, a client has to know which of its network interfaces is on the same link as the server. Since there is no way for omniORB to know which local interface a remote link local address may be connected to, and in extreme circumstances may even end up contacting the wrong server if it picks the wrong interface, link local addresses are not considered valid. Servers do not publish link local addresses in their IORs.</P><H3 CLASS="subsection"><A NAME="htoc105">8.6.2</A>  Endpoint publishing</H3><P>For clients to be able to connect to a server, the server publishes endpoint information in its IORs (Interoperable Object References). Normally, omniORB publishes the first available address for each of the endpoints it is listening on.</P><P>The endpoint information to publish is determined by the <TT>endPointPublish</TT> configuration parameter. It contains a comma-separated list of publish rules. The rules are applied in turn to each of the configured endpoints; if a rule matches an endpoint, it causes one or more endpoints to be published.</P><P>The following core rules are supported:</P><TABLE CELLSPACING=6 CELLPADDING=0><TR><TD VALIGN=top ALIGN=left><TT>addr</TT></TD><TD VALIGN=top ALIGN=left>the first natural address of the endpoint</TD></TR> <TR><TD VALIGN=top ALIGN=left><TT>ipv4</TT></TD><TD VALIGN=top ALIGN=left>the first IPv4 address of a TCP or SSL endpoint</TD></TR> <TR><TD VALIGN=top ALIGN=left><TT>ipv6</TT></TD><TD VALIGN=top ALIGN=left>the first IPv6 address of a TCP or SSL endpoint</TD></TR> <TR><TD VALIGN=top ALIGN=left><TT>name</TT></TD><TD VALIGN=top ALIGN=left>the first address that can be resolved to a name</TD></TR> <TR><TD VALIGN=top ALIGN=left><TT>hostname</TT></TD><TD VALIGN=top ALIGN=left>the result of the gethostname() system call</TD></TR> <TR><TD VALIGN=top ALIGN=left><TT>fqdn</TT></TD><TD VALIGN=top ALIGN=left>the fully-qualified domain name</TD></TR> </TABLE><P>The core rules can be combined using the vertical bar operator to try several rules in turn until one succeeds. e.g:</P><TABLE CELLSPACING=6 CELLPADDING=0><TR><TD VALIGN=top ALIGN=left><TT>name|ipv6|ipv4</TT></TD><TD VALIGN=top ALIGN=left>the name of the endpoint if it has one; failing that, its first IPv6 address; failing that, its first IPv4 address.</TD></TR> </TABLE><P>Multiple rules can be combined using the comma operator to publish more than one endpoint. e.g.</P><TABLE CELLSPACING=6 CELLPADDING=0><TR><TD VALIGN=top ALIGN=left><TT>name,addr</TT></TD><TD VALIGN=top ALIGN=left>the name of the endpoint (if it has one), followed by its first address.</TD></TR> </TABLE><P>For endpoints with multiple addresses (e.g. TCP endpoints on multi-homed machines), the <TT>all()</TT> manipulator causes all addresses to be published. e.g.:</P><TABLE CELLSPACING=6 CELLPADDING=0><TR><TD VALIGN=top ALIGN=left><TT>all(addr)</TT></TD><TD VALIGN=top ALIGN=left>all addresses are published</TD></TR> <TR><TD VALIGN=top ALIGN=left><TT>all(name)</TT></TD><TD VALIGN=top ALIGN=left>all addresses that resolve to names are published</TD></TR> <TR><TD VALIGN=top ALIGN=left><TT>all(name|addr)</TT></TD><TD VALIGN=top ALIGN=left>all addresses are published by name if they have one, address otherwise.</TD></TR> <TR><TD VALIGN=top ALIGN=left><TT>all(name,addr)</TT></TD><TD VALIGN=top ALIGN=left>all addresses are published by name (if they have one), and by address.</TD></TR> <TR><TD VALIGN=top ALIGN=left><TT>all(name), all(addr)</TT></TD><TD VALIGN=top ALIGN=left>first the names of all addresses are published, followed by all the addresses.</TD></TR> </TABLE><P>A specific endpoint can be published by giving its endpoint URI, even if the server is not listening on that endpoint. e.g.:</P><TABLE CELLSPACING=6 CELLPADDING=0><TR><TD VALIGN=top ALIGN=left><TT>giop:tcp:not.my.host:12345</TT></TD></TR> <TR><TD VALIGN=top ALIGN=left><TT>giop:unix:/not/my/socket-file</TT></TD></TR> </TABLE><P>If the host or port number for a TCP or SSL URI are missed out, they are filled in with the details from each listening TCP/SSL endpoint. This can be used to publish a different name for a TCP/SSL endpoint that is using an ephemeral port, for example.</P><P>omniORB 4.0 supported two options related to endpoint publishing that are superseded by the <TT>endPointPublish</TT> parameter, and so are now deprecated. Setting <TT>endPointPublishAllIFs</TT> to 1 is equivalent to setting <TT>endPointPublish</TT> to ‘<TT>all(addr)</TT>’. The <TT>endPointNoListen</TT> parameter is equivalent to adding endpoint URIs to the <TT>endPointPublish</TT> parameter.</P><H2 CLASS="section"><A NAME="toc43"></A><A NAME="htoc106">8.7</A>  Connection selection and acceptance</H2><P>In the face of IORs containing details about multiple different endpoints, clients have to know how to choose the one to use to connect a server. Similarly, servers may wish to restrict which clients can connect to particular transports. This is achieved with <I>transport rules</I>.</P><H3 CLASS="subsection"><A NAME="htoc107">8.7.1</A>  Client transport rules</H3><P> <A NAME="sec:clientRule"></A></P><P>The <TT>clientTransportRule</TT> parameter is used to filter and prioritise the order in which transports specified in an IOR are tried. Each rule has the form:</P><BLOCKQUOTE CLASS="quote"> <I><address mask> [action]+</I> </BLOCKQUOTE><P>The address mask can be one of</P><TABLE CELLSPACING=6 CELLPADDING=0><TR><TD VALIGN=top ALIGN=left NOWRAP>1.</TD><TD VALIGN=top ALIGN=left NOWRAP><TT>localhost</TT></TD><TD VALIGN=top ALIGN=left>The address of this machine</TD></TR> <TR><TD VALIGN=top ALIGN=left NOWRAP> 2.</TD><TD VALIGN=top ALIGN=left NOWRAP><I>w.x.y.z</I><TT>/</TT><I>m1.m2.m3.m4</I></TD><TD VALIGN=top ALIGN=left>An IPv4 address with bits selected by the mask, e.g. <TT>172.16.0.0/255.240.0.0</TT></TD></TR> <TR><TD VALIGN=top ALIGN=left NOWRAP> 3.</TD><TD VALIGN=top ALIGN=left NOWRAP><I>w.x.y.z</I><TT>/</TT><I>prefixlen</I></TD><TD VALIGN=top ALIGN=left>An IPv4 address with <I>prefixlen</I> significant bits, e.g. <TT>172.16.2.0/24</TT></TD></TR> <TR><TD VALIGN=top ALIGN=left NOWRAP> 4.</TD><TD VALIGN=top ALIGN=left NOWRAP><I>a:b:c:d:e:f:g:h</I><TT>/</TT><I>prefixlen</I></TD><TD VALIGN=top ALIGN=left>An IPv6 address with <I>prefixlen</I> significant bits, e.g. <TT>3ffe:505:2:1::/64</TT></TD></TR> <TR><TD VALIGN=top ALIGN=left NOWRAP> 5.</TD><TD VALIGN=top ALIGN=left NOWRAP><TT>*</TT></TD><TD VALIGN=top ALIGN=left>Wildcard that matches any address</TD></TR> </TABLE><P>The action is one or more of the following:</P><TABLE CELLSPACING=6 CELLPADDING=0><TR><TD VALIGN=top ALIGN=left NOWRAP>1.</TD><TD VALIGN=top ALIGN=left NOWRAP><TT>none</TT></TD><TD VALIGN=top ALIGN=left>Do not use this address</TD></TR> <TR><TD VALIGN=top ALIGN=left NOWRAP>2.</TD><TD VALIGN=top ALIGN=left NOWRAP><TT>tcp</TT></TD><TD VALIGN=top ALIGN=left>Use a TCP transport</TD></TR> <TR><TD VALIGN=top ALIGN=left NOWRAP>3.</TD><TD VALIGN=top ALIGN=left NOWRAP><TT>ssl</TT></TD><TD VALIGN=top ALIGN=left>Use an SSL transport</TD></TR> <TR><TD VALIGN=top ALIGN=left NOWRAP>4.</TD><TD VALIGN=top ALIGN=left NOWRAP><TT>unix</TT></TD><TD VALIGN=top ALIGN=left>Use a Unix socket transport</TD></TR> <TR><TD VALIGN=top ALIGN=left NOWRAP>5.</TD><TD VALIGN=top ALIGN=left NOWRAP><TT>bidir</TT></TD><TD VALIGN=top ALIGN=left>Connections to this address can be used bidirectionally (see section <A HREF="#sec:bidir">8.8</A>)</TD></TR> </TABLE><P>The transport-selecting actions form a prioritised list, so an action of ‘<TT>unix,ssl,tcp</TT>’ means to use a Unix transport if there is one, failing that a SSL transport, failing <EM>that</EM> a TCP transport. In the absence of any explicit rules, the client uses the implicit rule of ‘<TT>* unix,ssl,tcp</TT>’.</P><P>If more than one rule is specified, they are prioritised in the order they are specified. For example, the configuration file might contain:</P><PRE CLASS="verbatim"> clientTransportRule = 192.168.1.0/255.255.255.0 unix,tcp clientTransportRule = 172.16.0.0/255.240.0.0 unix,tcp = * none </PRE><P>This would be useful if there is a fast network (192.168.1.0) which should be used in preference to another network (172.16.0.0), and connections to other networks are not permitted at all.</P><P>In general, the result of filtering the endpoint specifications in an IOR with the client transport rule will be a prioritised list of transports and networks. (If the transport rules do not prioritise one endpoint over another, the order the endpoints are listed in the IOR is used.) When trying to contact an object, the ORB tries its possible endpoints in turn, until it finds one with which it can contact the object. Only after it has unsuccessfully tried all permissible endpoints will it raise a <TT>TRANSIENT</TT> exception to indicate that the connect failed.</P><H3 CLASS="subsection"><A NAME="htoc108">8.7.2</A>  Server transport rules</H3><P> <A NAME="sec:serverRule"></A></P><P>The server transport rules have the same format as client transport rules. Rather than being used to select which of a set of ways to contact a machine, they are used to determine whether or not to accept connections from particular clients. In this example, we only allow connections from our intranet:</P><PRE CLASS="verbatim"> serverTransportRule = localhost unix,tcp,ssl = 172.16.0.0/255.240.0.0 tcp,ssl = * none </PRE><P>And in this one, we accept only SSL connections if the client is not on the intranet:</P><PRE CLASS="verbatim"> serverTransportRule = localhost unix,tcp,ssl = 172.16.0.0/255.240.0.0 tcp,ssl = * ssl,bidir </PRE><P>In the absence of any explicit rules, the server uses the implicit rule of ‘<TT>* unix,ssl,tcp</TT>’, meaning any kind of connection is accepted from any client.</P><H2 CLASS="section"><A NAME="toc44"></A><A NAME="htoc109">8.8</A>  Bidirectional GIOP</H2><P> <A NAME="sec:bidir"></A></P><P>omniORB supports bidirectional GIOP, which allows callbacks to be made using a connection opened by the original client, rather than the normal model where the server opens a new connection for the callback. This is important for negotiating firewalls, since they tend not to allow connections back on arbitrary ports.</P><P>There are several steps required for bidirectional GIOP to be enabled for a callback. Both the client and server must be configured correctly. On the client side, these conditions must be met:</P><UL CLASS="itemize"><LI CLASS="li-itemize">The <TT>offerBiDirectionalGIOP</TT> parameter must be set to true. </LI><LI CLASS="li-itemize">The client transport rule for the target server must contain the <TT>bidir</TT> action. </LI><LI CLASS="li-itemize">The POA containing the callback object (or objects) must have been created with a <TT>BidirectionalPolicy</TT> value of <TT>BOTH</TT>.</LI></UL><P>On the server side, these conditions must be met:</P><UL CLASS="itemize"><LI CLASS="li-itemize">The <TT>acceptBiDirectionalGIOP</TT> parameter must be set to true. </LI><LI CLASS="li-itemize">The server transport rule for the requesting client must contain the <TT>bidir</TT> action. </LI><LI CLASS="li-itemize">The POA hosting the object contacted by the client must have been created with a <TT>BidirectionalPolicy</TT> value of <TT>BOTH</TT>.</LI></UL><H2 CLASS="section"><A NAME="toc45"></A><A NAME="htoc110">8.9</A>  SSL transport</H2><P>omniORB supports an SSL transport, using OpenSSL. It is only built if OpenSSL is available. On platforms using Autoconf, it is autodetected in many locations, or its location can be given with the <TT>--with-openssl=</TT> argument to <TT>configure</TT>. On other platforms, the <TT>OPEN_SSL_ROOT</TT> make variable must be set in the platform file.</P><P>To use the SSL transport, you must link your application with the <TT>omnisslTP</TT> library, and correctly set up certificates. See the <TT>src/examples/ssl_echo</TT> directory for an example. That directory contains a <TT>README</TT> file with more details.</P><HR CLASS="footnoterule"><DL CLASS="thefootnotes"><DT CLASS="dt-thefootnotes"> <A NAME="note17" HREF="#text17">1</A></DT><DD CLASS="dd-thefootnotes">GIOP 1.2 supports ‘bidirectional GIOP’, which permits the rôles to be reversed. </DD></DL> <HR> <A HREF="omniORB007.html"><IMG SRC="previous_motif.gif" ALT="Previous"></A> <A HREF="index.html"><IMG SRC="contents_motif.gif" ALT="Up"></A> <A HREF="omniORB009.html"><IMG SRC="next_motif.gif" ALT="Next"></A> </BODY> </HTML>