Hello,
I'm working on Linux, and I don't know if that is a problem even in WIndows.
Well, I'm creating a network (now on my PC for testing...) in this way:
(println (string "COMMAND IS: " c) )))
I execute server with this command:
newlisp check-port.lsp -c -d 4702
alessandro@alessandro1 ~ $ newlisp
newLISP v.10.1.1 on Linux IPv4, execute 'newlisp -h' for more info.
> (net-eval "127.0.0.1" 4702 {(+ 3 4)})
"COMMAND IS: [cmd]nnnilnnilnCOMMAND IS: (+ 3 4)(exit)nnnilnnERR: symbol expected : " IS: (+ 3 4)(exit)\n"n"
> (net-eval "127.0.0.1" 4702 {(+ 3 4)})
"COMMAND IS: [cmd]nnnilnnilnCOMMAND IS: (+ 3 4)(exit)nnnilnnERR: symbol expected : " IS: (+ 3 4)(exit)\n"n"
> (net-eval "127.0.0.1" 4702 {(setq a 1)})
"COMMAND IS: [cmd]nnnilnnilnCOMMAND IS: (setq a 1)(exit)nnnilnnERR: symbol expected : " IS: (setq a 1)(exit)\n"n"
>
I'm becoming mad!
* Sometimes the client hangs: lock prompt as if the server is "sleeping" (in this case if I stop the server then the client comes live again).
* Sometimes I simply get, as result, the string "[cmd]" (6 chars). Nothing else. Even if I insert many input commands.
* Sometimes I get the result you can see above.
What is happening? I think I'm doing something wrong, but where?
NOTE: If I eliminate the function (command-event) then everything is correct.
I need to use that function since I'm creating a centralized job scheduler. I have several PC, and I use a central unique server to schedule some activities. In the "client" computers I have newLisp as server (wait for "net-eval").
When in the central server an event happen, then it send the proper job to the client. I implemented some security features, but I need to use (command-event) to check the command that reach the PC clients, to avoid PC abuse.
Can you help me?
Thank you!
(command-event) has a limit of input characters..
I Have this used inside my newlisp prompt and with ansi enabled and
long onliner I get different behaviours on different linux versions...
Are you able to shorten the commands in shunks? just for the test...
'command-event' in newLISP server mode should only be used for preprocessing HTTP requests, not for 'net-eval' requests.
'command-event' works on the input line by line, but 'net-eval' sends multi-line commands transforming a single line like "(+ 3 4)" into [cmd]n(+ 3 4)n[/cmd] a 3-line sequence.
Just start your server without it:
if you preload code, as you did, you can preload function definitions for functions which you are calling from 'net-eval' later, or you can send function definitions using 'net-eval' too, or you could send (load ....) commands using 'net-eval'.
see also here:
http://www.newlisp.org/downloads/CodePatterns.html#toc-22
and here:
http://www.newlisp.org/downloads/newlisp_manual.html#command-event
and here for more complex 'net-eval' application.
http://www.newlisp.org/syntax.cgi?code/mapreduce.txt
Thank you, but for distributed computing, about security checks, I need a function that I'm sure it is recalled for first, like (command-event) for http. I can use it to check data input and eliminate malicious code.
I think a function like (command-event), but fully working with net-eval, should be really VERY useful. In fact, this is the only way I have to be sure that nobody tries to send some data (even using another newLisp version) to a remote PC.
I think that function could supply a high level of control. Please!
Thank you!
If you are concerned about security you should not use 'net-eval' on an open network, or use 'net-eval' over an encrypted channel using SSH tunnels.
If you work on an open network use HTTP and CGI processing. That gives you more control and you can uses pre-processing with 'command-event'. On the downsize it is also slower. 'net-eval' has been designed for max speed on closed private network clusters.
To log traffic for either 'net-eval' or HTTP start the server with -L or -l for this to create a logfile of all requests:
Create logfile.txt first before starting the server (use the touch command).
after: (net-eval "localhost" 4702 {(+ 3 4)})
you have this in logfile.txt
newLISP v.10102 listening on 4702
Connected to 127.0.0.1 on Thu Jul 30 18:04:23 2009
[cmd]
(+ 3 4)(exit)
[/cmd]
7
See also here:
http://www.newlisp.org/downloads/newlisp_manual.html#logging
Thank you, but I'm not afraid about "transport", since my messages (from the central server to the client PC) are already encrypted.
I'm inside a private network. My concern is the computer clients have "newLisp -c -d ..." with the port "..." open and ready to receive commands. It means I can send commands via net-eval, but even another guy in the same network can do that. So if one discover this background service, he/she could, for example, send commands like
CENTRAL_SERVER -------> PC_CLIENT
IMPOSTOR --------------->
If I cannot check the message (in the PC client) I cannot verify if the command was sent from the "official" computer (and not from the impostor).