LabVIEW

Are you married to using shared variables? There are other techniques that are easier and don't have the added complication of having a separate shared variable engine running somewhere. Shared variables can also be very inefficient if the size of the data is large.

I'm thinking specifically of VI Server.

Mike...

Can you elaborate what you have in mind? It's not a huge project and the data volume and update rate is very moderate (max. a kilobyte or so per second per client), so shared variables seem to be the most suitable solution for easy network access...

 

I know VI server has very easy to configure ACL (and I'm wondering whether it has the same host/IP bug; I'll test it), but how would that be "better" than shared variables? You'll need to access data via references and properties, right? I have no problem with the SVE service running in the background, the only issue is reliable authentication...

It's been almost a year now... Could anyone reproduce the bug and does NI know about it?

I don't think it's a bug.  I'm pretty sure the operating system handles where the packets are supposed to go.  You can force an application to use a certain connection, but that's a Windows thing, not a LabVIEW thing...

Maybe I didn't say it clearly enough in the first post: The client reports a wrong IP address to the server and the server "believes" it without checking the actual IP address of the client's connection.

 

There is only one physical network connection between the client and the server (192.168.x.x in my example). Additionally, the client has another NIC connected to a completely different and isolated network (10.0.0.x), which exists e.g. only between the client and an IP camera device or something like that. The server doesn't know anything about that other network and there is no physical way for the client to reach the server through any other NIC than the one bound to the 192.168.x.x network! The physical ni-psp connection is therefore established over the 192.168.x.x network but for some reason (probably the enumeration sequence of NICs in windows) the client wrongly reports his other 10.0.0.x address to the server and the server doesn't verify it.

 

I don't have time to reverse engineer the ni-psp protocol, but I assume that upon connection the client says to the server something like this: "I'm a psp client, my IP address is 10.0.0.1 and my computer name is such-and-such". This would make kind of sense, because the ACL works also with computer names (afaik) and I don't think the psp server has anything to do with NetBIOS/WINS and all that windows network stuff (plus it has to be system independent to work on Linux/embedded as well). However, this would defeat the whole purpose of ACL for shared variables because anyone who talks psp could spoof any "authentication" information. I don't know how to work around that in the case of computer name/DNS (other than not using it at all), but at least in the case of IP address authentication it would be trivial for the server to compare the announced IP address by the client with the actual IP address of that connection (or ignore whatever the client announces). And the client implementation for windows should do the same check before announcing the IP address to the server, rather than blindly taking the first enumerated IP address of the system...