awcullen
commented
1 year ago I found that the server code is not returning certain errors to the client. I'll begin work to return all errors to client if possible, or to log them.
Closed milgner closed 1 year ago
awcullen
commented
1 year ago I found that the server code is not returning certain errors to the client. I'll begin work to return all errors to client if possible, or to log them.
milgner
commented
1 year ago I made a few - mostly cosmetic - changes in https://github.com/re-gmbh/go-opcua/commit/90fbdbadb4719c5b77f40b1a65cad339f1bde085 and it looks like the system is running more stable now. The only actual change in there is the removal of the tokenIDLock which looked unnecessary as all places where it was being used were ones that were already synchronised through tokenLock.
I also found that since the ID generation always wraps without checking whether the new ID is already in use, an attacker could force it to wrap around to the ID of another connection which I annotated in places where I came across that behaviour.
awcullen
commented
1 year ago I found an error in the way the server handled the OpenSecureChannelRequest during a token renewal. Please see latest release v1.0.1.
I also applied many of your suggestions concerning Locks and Defer. Thanks alot!
Not sure if someone else noticed this yet and I haven't started debugging either. But I noticed a curious behaviour: after a couple of days of running great, the OPC UA server stops responding to
OpenSecureChannelRequest. Looking at the Wireshark dump, I can see that theHELandACKmessages of UACP are exchanged correctly, then the client sends theOpenSecureChannelRequestbut doesn't receive an answer.There is lots of RAM and CPU available but the process looks idle and there is no error message in the logs either.