kopia lustrzana https://gitlab.com/sane-project/backends
453 wiersze
19 KiB
TeX
453 wiersze
19 KiB
TeX
\chapter{Network Protocol}\label{chap:net}
|
|
|
|
The SANE interface has been designed to facilitate network access to
|
|
image acquisition devices. In particular, most SANE implementations
|
|
are expected to support a network backend (net client) and a
|
|
corresponding network daemon (net server) that allows accessing image
|
|
acquisition devices through a network connection. Network access is
|
|
useful in several situations:
|
|
\begin{itemize}
|
|
|
|
\item To provide controlled access to resources that are inaccessible
|
|
to a regular user. For example, a user may want to access a device
|
|
on a host where she has no account on. With the network protocol,
|
|
it is possible to allow certain users to access scanners without
|
|
giving them full access to the system.
|
|
|
|
Controlling access through the network daemon can be useful even in
|
|
the local case: for example, certain backends may require root
|
|
privileges to access a device. Rather than installing each frontend
|
|
as setuid-root, a system administrator could instead install the
|
|
SANE network daemon as setuid-root. This enables regular users to
|
|
access the privileged device through the SANE daemon (which,
|
|
presumably, supports a more fine-grained access control mechanism
|
|
than the simple setuid approach). This has the added benefit that
|
|
the system administrator only needs to trust the SANE daemon, not
|
|
each and every frontend that may need access to the privileged
|
|
device.
|
|
|
|
\item Network access provides a sense of ubiquity of the available
|
|
image acquisition devices. For example, in a local area network
|
|
environment, this allows a user to log onto any machine and have
|
|
convenient access to any resource available to any machine on the
|
|
network (subject to permission constraints).
|
|
|
|
\item For devices that do not require physical access when used (e.g.,
|
|
video cameras), network access allows a user to control and use
|
|
these devices without being in physical proximity. Indeed, if such
|
|
devices are connected to the Internet, access from any place in the
|
|
world is possible.
|
|
|
|
\end{itemize}
|
|
|
|
The network protocol described in this chapter has been design with
|
|
the following goals in mind:
|
|
\begin{enumerate}
|
|
|
|
\item Image transmission should be efficient (have low encoding
|
|
overhead).
|
|
|
|
\item Accessing option descriptors on the client side must be
|
|
efficient (since this is a very common operation).
|
|
|
|
\item Other operations, such as setting or inquiring the value of an
|
|
option are less performance critical since they typically require
|
|
explicit user action.
|
|
|
|
\item The network protocol should be simple and easy to implement on
|
|
any host architecture and any programming language.
|
|
|
|
\end{enumerate}
|
|
The SANE protocol can be run across any transport protocol that
|
|
provides reliable data delivery. While SANE does not specify a
|
|
specific transport protocol, it is expected that TCP/IP will be among
|
|
the most commonly used protocols.
|
|
|
|
\section{Data Type Encoding}
|
|
|
|
\subsection{Primitive Data Types}
|
|
|
|
The four primitive types of the SANE standard are encoded as follows:
|
|
\begin{description}
|
|
|
|
\item[\code{\defn{SANE\_Byte}}:] A byte is encoded as an 8 bit value.
|
|
Since the transport protocol is assumed to be byte-orientd, the bit
|
|
order is irrelevant.
|
|
|
|
\item[\code{\defn{SANE\_Word}}:] A word is encoded as 4 bytes (32
|
|
bits). The bytes are ordered from most-significant to
|
|
least-significant byte (big-endian byte-order).
|
|
|
|
\item[\code{\defn{SANE\_Char}}:] A character is currently encoded as an 8-bit
|
|
ISO LATIN-1 value. An extension to support wider character sets (16 or 32
|
|
bits) is planned for the future, but not supported at this point.
|
|
|
|
\item[\code{\defn{SANE\_String}}:] A string pointer is encoded as a
|
|
\code{SANE\_Char} array. The trailing NUL byte is considered part
|
|
of the array and a \code{NULL} pointer is encoded as a zero-length
|
|
array.
|
|
|
|
\item[\code{\defn{SANE\_Handle}}:] A handle is encoded like a word.
|
|
The network backend needs to take care of converting these integer
|
|
values to the opaque pointer values that are presented to the user
|
|
of the network backend. Similarly, the SANE daemon needs to take
|
|
care of converting the opaque pointer values it receives from its
|
|
backends into 32-bit integers suitable for use for network encoding.
|
|
|
|
\item[{\em\defn{enumeration types}}:] Enumeration types are encoded
|
|
like words.
|
|
|
|
\end{description}
|
|
|
|
\subsection{Type Constructors}
|
|
|
|
Closely following the type constructors of the C language, the SANE network
|
|
protocol supports the following four constructors:
|
|
\begin{description}
|
|
|
|
\item[{\em\defn{pointer}}:] A pointer is encoded by a word that indicates
|
|
whether the pointer is a NULL-pointer which is then followed by the
|
|
value that the pointer points to (in the case of a non-NULL pointer;
|
|
in the case of a NULL pointer, no bytes are encoded for the pointer
|
|
value).
|
|
|
|
\item[{\em\defn{array}}:] An array is encoded by a word that indicates
|
|
the length of the array followed by the values of the elements in
|
|
the array. The length may be zero in which case no bytes are
|
|
encoded for the element values.
|
|
|
|
\item[{\em\defn{structure}}:] A structure is encoded by simply encoding the
|
|
structure members in the order in which they appear in the
|
|
corresponding C type declaration.
|
|
|
|
\item[{\em\defn{union}}:] A union must always be accompanied by a tag
|
|
value that indicates which of the union members is the currently the
|
|
active one. For this reason, the union itself is encoded simply by
|
|
encoding the value of the currently active member.
|
|
|
|
\end{description}
|
|
|
|
Note that for type constructors, the pointer, element, or member
|
|
values themselves may have a constructed type. Thus, the above rules
|
|
should be applied recursively until a sequence of primitive types has
|
|
been found.
|
|
|
|
Also SANE had no need for encoding of circular structures. This
|
|
greatly simplifies the network protocol.
|
|
|
|
\section{Remote Procedure Call Requests}
|
|
|
|
The SANE network protocol is a client/server-style remote procedure
|
|
call (RPC) protocol. This means that all activity is initiated by the
|
|
client side (the network backend)---a server is restricted to
|
|
answering request by the client.
|
|
|
|
\subsection{\code{\defn{SANE\_NET\_INIT}}}
|
|
|
|
This RPC establishes a connection to a particular SANE network daemon.
|
|
It must be the first call in a SANE network session. The parameter
|
|
and reply arguments for this call are shown in the table below:
|
|
\begin{center}
|
|
\begin{tabular}{ll}
|
|
{\bf request:} & {\bf reply:} \\
|
|
\code{SANE\_Word version\_code} & \code{SANE\_Word status} \\
|
|
\code{SANE\_String user\_name} & \code{SANE\_Word version\_code} \\
|
|
\end{tabular}
|
|
\end{center}
|
|
The \code{version\_code} argument in the request is the SANE
|
|
version-code of the network backend that is contacting the network
|
|
daemon (see Section~\ref{sec:saneversioncode}). The
|
|
``build-revision'' in the version code is used to hold the network
|
|
protocol version. The SANE network daemon receiving such a request
|
|
must make sure that the network protocol version corresponds to a
|
|
supported version since otherwise the encoding of the network stream
|
|
may be incompatible (even though the SANE interface itself may be
|
|
compatible). The \code{user\_name} argument is the name of the user
|
|
on whose behalf this call is being performed. If the network backend
|
|
cannot determine a user-name, it passes a \code{NULL} pointer for this
|
|
argument. No trust should be placed in the authenticity of this
|
|
user-name. The intent of this string is to provide more convenience
|
|
to the user. E.g., it could be used as the default-user name in
|
|
subsequent authentication calls.
|
|
|
|
In the reply, \code{status} indicates the completion status. If the
|
|
value is anything other than \code{SANE\_STA\-TUS\_SUCCESS}, the
|
|
remainder of the reply has undefined values.\footnote{The sane network
|
|
daemon should be careful not to leak information in the undefined
|
|
portion of the reply.} The \code{version\_code} argument returns the
|
|
SANE version-code that the network daemon supports. See the comments
|
|
in the previous paragraph on the meaning of the build-revision in this
|
|
version code.
|
|
|
|
\subsection{\code{\defn{SANE\_NET\_GET\_DEVICES}}}
|
|
|
|
This RPC is used to obtain the list of devices accessible by the SANE
|
|
daemon.
|
|
\begin{center}
|
|
\begin{tabular}{ll}
|
|
{\bf request:} & {\bf reply:} \\
|
|
\code{void} & \code{SANE\_Word status} \\
|
|
& \code{SANE\_Device ***device\_list} \\
|
|
\end{tabular}
|
|
\end{center}
|
|
There are no arguments in the request for this call.
|
|
|
|
In the reply, \code{status} indicates the completion status. If the
|
|
value is anything other than \code{SANE\_STA\-TUS\_SUCCESS}, the
|
|
remainder of the reply has undefined values. The \code{device\_list}
|
|
argument is a pointer to a \code{NULL}-terminated array of
|
|
\code{SANE\_Device} pointers.
|
|
|
|
\subsection{\code{\defn{SANE\_NET\_OPEN}}}
|
|
|
|
This RPC is used to open a connection to a remote SANE device.
|
|
\begin{center}
|
|
\begin{tabular}{ll}
|
|
{\bf request:} & {\bf reply:} \\
|
|
\code{SANE\_String device\_name} & \code{SANE\_Word status} \\
|
|
& \code{SANE\_Word handle} \\
|
|
& \code{SANE\_String resource} \\
|
|
\end{tabular}
|
|
\end{center}
|
|
The \code{device\_name} argument specifies the name of the device to
|
|
open.
|
|
|
|
In the reply, \code{status} indicates the completion status. If the
|
|
value is anything other than \code{SANE\_STA\-TUS\_SUCCESS}, the
|
|
remainder of the reply has undefined values. The \code{handle}
|
|
argument specifies the device handle that uniquely identifies the
|
|
connection. The \code{resource} argument is used to request
|
|
authentication. If it has a non-\code{NULL} value, the network
|
|
backend should authenticate the specified resource and then retry this
|
|
operation (see Section~\ref{sec:authorization} for details on how to
|
|
authorize a resource).
|
|
|
|
\subsection{\code{\defn{SANE\_NET\_CLOSE}}}
|
|
|
|
This RPC is used to close a connection to a remote SANE device.
|
|
\begin{center}
|
|
\begin{tabular}{ll}
|
|
{\bf request:} & {\bf reply:} \\
|
|
\code{SANE\_Word handle} & \code{SANE\_Word dummy} \\
|
|
\end{tabular}
|
|
\end{center}
|
|
The \code{handle} argument identifies the connection that should be
|
|
closed.
|
|
|
|
In the reply, the \code{dummy} argument is unused. Its purpose is to
|
|
ensure proper synchronization (without it, a net client would not be
|
|
able to determine when the RPC has completed).
|
|
|
|
\subsection{\code{\defn{SANE\_NET\_GET\_OPTION\_DESCRIPTORS}}}
|
|
|
|
This RPC is used to obtain {\em all\/} the option descriptors for a
|
|
remote SANE device.
|
|
\begin{center}
|
|
\begin{tabular}{ll}
|
|
{\bf request:} & {\bf reply:} \\
|
|
\code{SANE\_Word handle} & \code{Option\_Descriptor\_Array odesc} \\
|
|
\end{tabular}
|
|
\end{center}
|
|
The \code{handle} argument identifies the remote device whose option
|
|
descriptors should be obtained.
|
|
|
|
In the reply, the \code{odesc} argument is used to return the array of
|
|
option descriptors. The option descriptor array has the following
|
|
structure:
|
|
\begin{quote}\index{Option\_Descriptor\_Array}
|
|
\begin{verbatim}
|
|
struct Option_Descriptor_Array
|
|
{
|
|
SANE_Word num_options;
|
|
SANE_Option_Descriptor **desc;
|
|
};
|
|
\end{verbatim}
|
|
\end{quote}
|
|
|
|
|
|
\subsection{\code{\defn{SANE\_NET\_CONTROL\_OPTION}}}
|
|
|
|
This RPC is used to control (inquire, set, or set to automatic) a
|
|
specific option of a remote SANE device.
|
|
\begin{center}
|
|
\begin{tabular}{ll}
|
|
{\bf request:} & {\bf reply:} \\
|
|
\code{SANE\_Word handle} & \code{SANE\_Status status} \\
|
|
\code{SANE\_Word option} & \code{SANE\_Word info} \\
|
|
\code{SANE\_Word action} & \code{SANE\_Word value\_type} \\
|
|
\code{SANE\_Word value\_type} & \code{SANE\_Word value\_size} \\
|
|
\code{SANE\_Word value\_size} & \code{void *value} \\
|
|
\code{void *value} & \code{SANE\_String *resource} \\
|
|
\end{tabular}
|
|
\end{center}
|
|
The \code{handle} argument identifies the remote device whose option
|
|
should be controlled. Argument \code{option} is the number (index) of
|
|
the option that should be controlled. Argument \code{action}
|
|
specifies what action should be taken (get, set, or set automatic).
|
|
Argument \code{value\_type} specifies the type of the option value
|
|
(must be one of \code{SANE\_TYPE\_BOOL}, \code{SANE\_TYPE\_INT},
|
|
\code{SANE\_TYPE\_FIXED}, \code{SANE\_TYPE\_STR\-ING},
|
|
\code{SANE\_TYPE\_BUTTON}). Argument \code{value\_size} specifies
|
|
the size of the option value in number of bytes (see
|
|
Section~\ref{sec:valuesize} for the precise meaning of this value).
|
|
Finally, argument \code{value} is a pointer to the option value. It
|
|
must be a writeable area that is at least \code{value\_size} bytes
|
|
large. (Note that this area must be writable even if the action is to
|
|
set the option value. This is because the backend may not be able to
|
|
set the exact option value, in which case the option value is used to
|
|
return the next best value that the backend has chosen.)
|
|
|
|
In the reply, argument \code{resource} is set to the name of the
|
|
resource that must be authorized before this call can be retried. If
|
|
this value is non-\code{NULL}, all other arguments have undefined
|
|
values (see Section~\ref{sec:authorization} for details on how to
|
|
authorize a resource). Argument \code{status} indicates the
|
|
completion status. If the value is anything other than
|
|
\code{SANE\_STA\-TUS\_SUCCESS}, the remainder of the reply has undefined
|
|
values. The \code{info} argument returns the information on how well
|
|
the backend was able to satisfy the request. For details, see the
|
|
description of the corresponding argument in
|
|
Section~\ref{sec:control}. Arguments \code{value\_type} and
|
|
\code{value\_size} have the same values as the arguments by the same
|
|
name in corresponding request. The values are repeated here to ensure
|
|
that both the request and the reply are self-contained (i.e., they can
|
|
be encoded and decoded independently). Argument \code{value} is holds
|
|
the value of the option that has become effective as a result of this
|
|
RPC.
|
|
|
|
|
|
\subsection{\code{\defn{SANE\_NET\_GET\_PARAMETERS}}}
|
|
|
|
This RPC is used to obtain the scan parameters of a remote SANE
|
|
device.
|
|
\begin{center}
|
|
\begin{tabular}{ll}
|
|
{\bf request:} & {\bf reply:} \\
|
|
\code{SANE\_Word handle} & \code{SANE\_Status status} \\
|
|
& \code{SANE\_Parameters params} \\
|
|
\end{tabular}
|
|
\end{center}
|
|
The \code{handle} argument identifies the connection to the remote
|
|
device whose scan parameters should be returned.
|
|
|
|
In the reply, \code{status} indicates the completion status. If the
|
|
value is anything other than \code{SANE\_STA\-TUS\_SUC\-CESS}, the
|
|
remainder of the reply has undefined values. The argument
|
|
\code{params} is used to return the scan parameters.
|
|
|
|
\subsection{\code{\defn{SANE\_NET\_START}}}
|
|
|
|
This RPC is used to start image acquisition (scanning).
|
|
\begin{center}
|
|
\begin{tabular}{ll}
|
|
{\bf request:} & {\bf reply:} \\
|
|
\code{SANE\_Word handle} & \code{SANE\_Status status} \\
|
|
& \code{SANE\_Word port} \\
|
|
& \code{SANE\_Word byte\_order} \\
|
|
& \code{SANE\_String resource} \\
|
|
\end{tabular}
|
|
\end{center}
|
|
The \code{handle} argument identifies the connection to the remote
|
|
device from which the image should be acquired.
|
|
|
|
In the reply, argument \code{resource} is set to the name of the
|
|
resource that must be authorized before this call can be retried. If
|
|
this value is non-\code{NULL}, all other arguments have undefined
|
|
values (see Section~\ref{sec:authorization} for details on how to
|
|
authorize a resource). Argument, \code{status} indicates the
|
|
completion status. If the value is anything other than
|
|
\code{SANE\_STA\-TUS\_SUCCESS}, the remainder of the reply has
|
|
undefined values. The argument \code{port} returns the port number
|
|
from which the image data will be available. To read the image data,
|
|
a network client must connect to the remote host at the indicated port
|
|
number. Through this port, the image data is transmitted as a
|
|
sequence of data records. Each record starts with the data length in
|
|
bytes. The data length is transmitted as a sequence of four bytes.
|
|
These bytes should be interpreted as an unsigned integer in big-endian
|
|
format. The four length bytes are followed by the number of data
|
|
bytes indicated by the length. Except for byte-order, the data is in
|
|
the same format as defined for \code{sane\_read()}. Since some
|
|
records may contain no data at all, a length value of zero is
|
|
perfectly valid. The special length value of \code{0xffffffff} is
|
|
used to indicate the end of the data stream. That is, after receiving
|
|
a record length of \code{0xffffffff}, the network client should close
|
|
the data connection and stop reading data.
|
|
|
|
Argument \code{byte\_order} specifies the byte-order of the image
|
|
data. A value of 0x1234 indicates little-endian format, a value of
|
|
0x4321 indicates big-endian format. All other values are presently
|
|
undefined and reserved for future enhancements of this protocol. The
|
|
intent is that a network server sends data in its own byte-order and
|
|
the client is responsible for adjusting the byte-order, if necessary.
|
|
This approach causes no unnecessary overheads in the case where the
|
|
server and client byte-order match and puts the extra burden on the
|
|
client side when there is a byte-order mismatch. Putting the burden
|
|
on the client-side improves the scalability properties of this
|
|
protocol.
|
|
|
|
\subsection{\code{\defn{SANE\_NET\_CANCEL}}}
|
|
|
|
This RPC is used to cancel the current operation of a remote SANE
|
|
device.
|
|
\begin{center}
|
|
\begin{tabular}{ll}
|
|
{\bf request:} & {\bf reply:} \\
|
|
\code{SANE\_Word handle} & \code{SANE\_Word dummy} \\
|
|
\end{tabular}
|
|
\end{center}
|
|
The \code{handle} argument identifies the connection whose operation
|
|
should be cancelled.
|
|
|
|
In the reply, the \code{dummy} argument is unused. Its purpose is to
|
|
ensure proper synchronization (without it, a net client would not be
|
|
able to determine when the RPC has completed).
|
|
|
|
\subsection{\code{\defn{SANE\_NET\_AUTHORIZE}}}\label{sec:authorization}
|
|
\index{network authorization}
|
|
|
|
This RPC is used to pass authorization data from the net client to the
|
|
net server.
|
|
\begin{center}
|
|
\begin{tabular}{ll}
|
|
{\bf request:} & {\bf reply:} \\
|
|
\code{SANE\_String resource} & \code{SANE\_Word dummy} \\
|
|
\code{SANE\_String username} & \\
|
|
\code{SANE\_String password} & \\
|
|
\end{tabular}
|
|
\end{center}
|
|
The \code{resource} argument specifies the name of the resource to be
|
|
authorized. This argument should be set to the string returned in the
|
|
\code{resource} argument of the RPC reply that required this
|
|
authorization call. The \code{username} and \code{password} are the
|
|
name of the user that is accessing the resource and the password for
|
|
the specified resource/user pair.
|
|
|
|
Since the password is not encrypted during network transmission, it is
|
|
recommended to use the following extension:
|
|
|
|
If the server adds the string `\code{\$MD5\$}' to the resource-name followed
|
|
by a random string not longer then 128 bytes, the client may answer with the
|
|
MD5 digest of the concatenation of the password and the random string. To
|
|
differentiate between the MD5 digest and a strange password the client prepends
|
|
the MD5 digest with the string `\code{\$MD5\$}'.
|
|
|
|
In the reply, \code{dummy} is completely unused. Note that there is
|
|
no direct failure indication. This is unnecessary since a net client
|
|
will retry the RPC that resulted in the authorization request until
|
|
that call succeeds (or until the request is cancelled). The RPC that resulted
|
|
in the authorization request continues after the reply from the client and may
|
|
fail with \code{SANE\_STATUS\_ACCESS\_DENIED}.
|
|
|
|
|
|
\subsection{\code{\defn{SANE\_NET\_EXIT}}}
|
|
|
|
This RPC is used to disconnect a net client from a net server. There
|
|
are no request or reply arguments in this call. As a result of this
|
|
call, the connection between the client and the server that was
|
|
established by the \code{SANE\_NET\_INIT} call will be closed.
|
|
|
|
% Local Variables:
|
|
% mode: latex
|
|
% TeX-master: "sane.tex"
|
|
% End:
|