On this page
|
| SUMMARY | |
| Protocol |
: |
Remote Procedure Call protocol |
| Protocol suite |
: |
SUN protocol suite |
| Layer |
: |
Session Layer |
| Type |
: |
Remote procedure call protocol |
| Latest Version |
: |
RPCv2 |
| Ports |
: |
Dynamic |
|
| DESCRIPTION |
The Remote Procedure Call (RPC) protocol is designed to augment IP in a different way than TCP. While TCP is targeted at the transfer of large data streams, RPC is designed for network programming, allowing a program to make a subroutine call on a remote machine. The most important application of RPC is the NFS file sharing protocol.
The ONC RPC protocol is based on the remote procedure call model, which is similar to the local procedure call model. The remote procedure call model is similar. One thread of control logically winds through two processes: the caller's process, and a server's process. On the server side, a process is dormant awaiting the arrival of call message.
There are a few important ways in which remote procedure calls differ from local procedure calls:
- Error handling:
failures of the remote server or network must be handled when using remote procedure calls.
- Global variables and side-effects:
since the server does not have access to the client's address space, hidden arguments cannot be passed as global variables or returned as side effects.
- Performance:
remote procedures usually operate one or more orders of magnitude slower than local procedure calls.
- Authentication:
since remote procedure calls can be transported over unsecured networks, authentication may be necessary. Authentication prevents one entity from masquerading as some other entity.
The RPC protocol can be implemented on several different transport protocols. The RPC protocol does not care how a message is passed from one process to another, but only with specification and interpretation of messages.
It is important to point out that RPC does not try to implement any kind of reliability and that the application may need to be aware of the type of transport protocol underneath RPC. If it knows it is running on top of a reliable transport such as TCP, then most of the work is already done for it. On the other hand, if it is running on top of an unreliable transport such as UDP, it must implement its own time-out, retransmission, and duplicate detection policies as the RPC protocol does not provide these services.
The RPC protocol provides the fields necessary for a client to identify itself to a service, and vice-versa, in each call and reply message. Security and access control mechanisms can be built on top of this message authentication. Several different authentication protocols can be supported.
RPC Programs and Procedures
The RPC call message has three unsigned integer fields - remote program number, remote program version number, and remote procedure number - which uniquely identify the procedure to be called. Program numbers are administered by a central authority (rpc@sun.com). The procedure number identifies the procedure to be called. These numbers are documented in the specific program's protocol specification.
Authentication
Provisions for authentication of caller to service and vice-versa are provided as a part of the RPC protocol. The call message has two authentication fields, the credential and verifier. The reply message has one authentication field, the response verifier.
Program Number Assignment
Program numbers are given out in groups of hexadecimal 20000000 (decimal 536870912) according to the following chart:
| 0-1fffffff | defined by rpc@sun.com | | 20000000-3fffffff | defined by user | | 40000000-5fffffff | transient | | 60000000-7fffffff | reserved | | 80000000-9fffffff | reserved | | a0000000- bfffffff | reserved | | c0000000- dfffffff | reserved | | e0000000 - ffffffff | reserved |
The first group is a range of numbers administered by rpc@sun.com and should be identical for all sites. The second range is for applications peculiar to a particular site. This range is intended primarily for debugging new programs. When a site develops an application that might be of general interest, that application should be given an assigned number in the first range. Application developers may apply for blocks of RPC program numbers in the first range by sending electronic mail to "rpc@sun.com". The third group is for applications that generate program numbers dynamically. The final groups are reserved for future use, and should not be used.
Other Uses of the RPC Protocol
The intended use of this protocol is for calling remote procedures. Normally, each call message is matched with a reply message. However, the protocol itself is a message-passing protocol with which other (non-procedure call) protocols can be implemented.
Batching
Batching is useful when a client wishes to send an arbitrarily large sequence of call messages to a server. Batching typically uses reliable byte stream protocols (like TCP) for its transport
Broadcast Remote Procedure Calls
In broadcast protocols, the client sends a broadcast call to the network and waits for numerous replies. This requires the use of packet-based protocols (like UDP) as its transport protocol.
RPC Message protocol
- The RPC message
All messages start with a transaction identifier, xid, followed by a two-armed discriminated union. The union's discriminant is a msg_type which switches to one of the two types of the message. The xid of a REPLY message always matches that of the initiating CALL message. NB: The xid field is only used for clients matching reply messages with call messages or for servers detecting retransmissions; the service side cannot treat this id as any type of sequence number.
struct rpc_msg {
unsigned int xid;
union switch (msg_type mtype) {
case CALL:
call_body cbody;
case REPLY:
reply_body rbody;
} body;
};
Body of an RPC call
In version 2 of the RPC protocol specification must be equal to 2. The fields prog, vers, and proc specify the remote program, its version number, and the procedure within the remote program to be called. After these fields are two authentication parameters: cred (authentication credential) and verf (authentication verifier).
struct call_body {
unsigned int rpcvers; /* must be equal to two (2) */
unsigned int prog;
unsigned int vers;
unsigned int proc;
opaque_auth cred;
opaque_auth verf;
/* procedure specific parameters start here */
};
Body of a reply to an RPC call
> union reply_body switch (reply_stat stat) {
case MSG_ACCEPTED:
accepted_reply areply;
case MSG_DENIED:
rejected_reply rreply;
} reply;
Reply to an RPC call that was accepted by the server
There could be an error even though the call was accepted. The first field is an authentication verifier that the server generates in order to validate itself to the client. It is followed by a union whose discriminant is an enum accept_stat. The SUCCESS arm of the union is protocol specific. The PROG_UNAVAIL, PROC_UNAVAIL, GARBAGE_ARGS, and SYSTEM_ERR arms of the union are void. The PROG_MISMATCH arm specifies the lowest and highest version numbers of the remote program supported by the server.
struct accepted_reply {
opaque_auth verf;
union switch (accept_stat stat) {
case SUCCESS:
opaque results[0];
/*
* procedure-specific results start here
*/
case PROG_MISMATCH:
struct {
unsigned int low;
unsigned int high;
} mismatch_info;
default:
/*
* Void. Cases include PROG_UNAVAIL, PROC_UNAVAIL,
* GARBAGE_ARGS, and SYSTEM_ERR.
*/
void;
} reply_data;
};
Reply to an RPC call that was rejected by the server
The call can be rejected for two reasons: either the server is not running a compatible version of the RPC protocol (RPC_MISMATCH), or the server rejects the identity of the caller (AUTH_ERROR). In case of an RPC version mismatch, the server returns the lowest and highest supported RPC version numbers. In case of invalid authentication, failure status is returned.
union rejected_reply switch (reject_stat stat) {
case RPC_MISMATCH:
struct {
unsigned int low;
unsigned int high;
} mismatch_info;
case AUTH_ERROR:
auth_stat stat;
};
RPC Binding protocol
RPC introduces another step in this process to divorce services from being tied to a given port number. It does so using a special RPC service called PORTMAP or RPCBIND. These binding protocols are unique among RPC services since they have an assigned port of their own (port 111). Other RPC services, running on any port number, can register themselves using an RPC call to port 111. The portmapper offers other RPC calls to permit service lookup.
An RPC service is identified by its RPC program number, version number, and the transport address where it may be reached. The transport address, in turn, consists of a network address and a transport selector. In the case of a service available over TCP/IP or UDP/IP, the network address is an IP address, and the transport selector is a TCP or UDP port number.
The transport selector (ie., the TCP or UDP port) is usually determined dynamically, and varies with each invocation of the service. Server programs allocate a transport address, and register it with a well-known lookup service (well-known because it uses a fixed transport selector, and resides at the same network address as the server).
Such a lookup service is very desirable because the range of well- known transport selectors is very small for some transports and the number of services is potentially very large. RPCBv3 (Binding protocol version 3 for RPC) and RPCBv4 are both versions of a lookup service, which use the same RPC program number (100000). They both use port 111 over TCP and UDP transports.
- RPCBv3
RPCBv3 header format
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Octet | Program Number | 1-4 | Version Number | 5-8 | Network ID Length | 9-12 | Network ID | 13-N | Universal Address Length | N+1-N+4 | Universal Address | N+5-M |
- Program
The program number
- Version
The version number
- Network ID
The network ID
- Universal Address
The universal address
- RPCBV4
Binding protocol version 4 for RPC (RPCv4) is very similar to version 3, but with a few additional parameters.
RPCBv4 header format
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Octet | Program Number | 1-4 | Version Number | 5-8 | Network ID Length | 9-12 | Network ID | 13-N | Universal Address Length | N+1-N+4 | Universal Address | N+5-M |
- Program
The program number
- Version
The version number
- Network ID
The network ID
- Universal Address
The universal address
RPCSEC GSS
The security protocol version 3 for RPC deals with integrity and privacy as well as authentication. It is described using the XDR language [Srinivasan-xdr]. It uses GSS-API interfaces to provide security services that are independent of the underlying security mechanism.
An RPC session based on the RPCSEC_GSS security consists of: context creation, RPC data exchange, and context destruction.
Context creation and destruction use control messages that are not dispatched to service procedures registered by an RPC server. The program and version numbers used in these control messages are the same as the RPC service's program and version numbers.
RPCSEC GSS structure
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Octet | Version | 1-4 | Procedure | 5-8 | Sequence Number | 9-12 | Service | 13-16 |
- Version
The version number
- Procedure
The procedure number
- Sequence Number
The sequence number
- Service
The service number
|
 Top of Page
|
| EXAMPLES |
Example 1: Authentication
The RPC protocol specification defines all three fields to be the following opaque type
(in the eXternal Data Representation (XDR) language [9]):
enum auth_flavor {
AUTH_NONE = 0,
AUTH_SYS = 1,
AUTH_SHORT = 2
/* and more to be defined */
};
struct opaque_auth {
auth_flavor flavor;
opaque body<400>;
}; Example 2
Given that a call message was accepted, the following is the status of an attempt to
call a remote procedure.
enum accept_stat {
SUCCESS = 0, /* RPC executed successfully */
PROG_UNAVAIL = 1, /* remote hasn't exported program */
PROG_MISMATCH = 2, /* remote can't support version # */
PROC_UNAVAIL = 3, /* program can't support procedure */
GARBAGE_ARGS = 4, /* procedure can't decode params */
SYSTEM_ERR = 5 /* errors like memory allocation failure */
};
Reasons why a call message was rejected:
enum reject_stat {
RPC_MISMATCH = 0, /* RPC version number != 2 */
AUTH_ERROR = 1 /* remote can't authenticate caller */
};
Why authentication failed:
enum auth_stat {
AUTH_OK = 0, /* success */
/*
* failed at remote end
*/
AUTH_BADCRED = 1, /* bad credential (seal broken) */
AUTH_REJECTEDCRED = 2, /* client must begin new session */
AUTH_BADVERF = 3, /* bad verifier (seal broken) */
AUTH_REJECTEDVERF = 4, /* verifier expired or replayed */
AUTH_TOOWEAK = 5, /* rejected for security reasons */
/*
* failed locally
*/
AUTH_INVALIDRESP = 6, /* bogus response verifier */
AUTH_FAILED = 7 /* reason unknown */
}; Example 3: Service Described in the RPC Language
program PING_PROG {
/*
* Latest and greatest version
*/
version PING_VERS_PINGBACK {
void
PINGPROC_NULL(void) = 0;
/*
* Ping the client, return the round-trip time
* (in microseconds). Returns -1 if the operation
* timed out.
*/
int
PINGPROC_PINGBACK(void) = 1;
} = 2;
/*
* Original version
*/
version PING_VERS_ORIG {
void
PINGPROC_NULL(void) = 0;
} = 1;
} = 1;
const PING_VERS = 2; /* latest version */
The first version described is PING_VERS_PINGBACK with two procedures, PINGPROC_NULL
and PINGPROC_PINGBACK. PINGPROC_NULL takes no arguments and returns no results,
but it is useful for computing round-trip times from the client to the server and back
again. By convention, procedure 0 of any RPC protocol should have the same semantics,
and never require any kind of authentication. The second procedure is used for the
client to have the server do a reverse ping operation back to the client, and it
returns the amount of time (in microseconds) that the operation used. The next
version, PING_VERS_ORIG, is the original version of the protocol and it does not
contain PINGPROC_PINGBACK procedure. It is useful for compatibility with old client
programs, and as this program matures it may be dropped from the protocol entirely. Example 4: The RPC Language Specification
The RPC language is identical to the XDR language except for the added definition
of a "program-def" described below.
program-def:
"program" identifier "{"
version-def
version-def *
"}" "=" constant ";"
version-def:
"version" identifier "{"
procedure-def
procedure-def *
"}" "=" constant ";"
procedure-def:
type-specifier identifier "(" type-specifier
("," type-specifier )* ")" "=" constant ";"
|
Top of Page
|
| PROTOCOL RELATIONS |
■ Parent layer
■ Child layer
TCP/UDP
| | RPC | |
Top of Page
|
| GLOSSARY |
|
Authentication
The process of identifying an individual, usually based on a username and password. In security systems, authentication is distinct from authorization , which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual.
GSS-API
The GSS-API (Generic Security Service Application Program Interface) is a generic API for doing client-server authentication.
A typical GSS-API caller is itself a communications protocol, calling on GSS-API in order to protect its communications with authentication, integrity, and/or confidentiality security services. A GSS-API caller accepts tokens provided to it by its local GSS-API implementation and transfers the tokens to a peer on a remote system; that peer passes the received tokens to its local GSS-API implementation for processing. The security services available through GSS-API in this fashion are implementable (and have been implemented) over a range of underlying mechanisms based on secret-key and public-key cryptographic technologies.
The GSS-API separates the operations of initializing a security context between peers, achieving peer entity authentication (GSS_Init_sec_context() and GSS_Accept_sec_context() calls), from the operations of providing per-message data origin authentication and data integrity protection (GSS_GetMIC() and GSS_VerifyMIC() calls) for messages subsequently transferred in conjunction with that context.
NFS
NFS (Network File System) is a client/server application designed by Sun Microsystems that allows all network users to access shared files stored on computers of different types. NFS provides access to shared files through an interface called the Virtual File System (VFS) that runs on top of TCP/IP. Users can manipulate shared files as if they were stored locally on the user's own hard disk.
With NFS, computers connected to a network operate as clients while accessing remote files, and as servers while providing remote users access to local shared files. The NFS standards are publicly available and widely used.
XDR
XDR (eXternal Data Representation) is a standard for the description and encoding of data. It is useful for transferring data between different computer architectures, and has been used to communicate data between such diverse machines as the SUN WORKSTATION*, VAX*, IBM-PC*, and Cray*.
XDR uses a language to describe data formats. The language can only be used only to describe data; it is not a programming language. This language allows one to describe intricate data formats in a concise manner.
The XDR standard makes the following assumption: that bytes (or octets) are portable, where a byte is defined to be 8 bits of data. A given hardware device should encode the bytes onto the various media in such a way that other hardware devices may decode the bytes without loss of meaning.
|
Top of Page
|
| REFERENCES |
RFCs:
[ RFC 1057] RPC: Remote Procedure Call Protocol Specification Version 2.
Obsoletes: RFC 1050.
[ RFC 1790] An Agreement between the Internet Society and Sun Microsystems, Inc. in the Matter of ONC RPC and XDR Protocols
[ RFC 1831] RPC: Remote Procedure Call Protocol Specification Version 2.
[ RFC 1833] Binding Protocols for ONC RPC Version 2.
[ RFC 2695] Authentication Mechanisms for ONC RPC.
Obsolete RFCs:
[ RFC 1050] RPC: Remote Procedure Call Protocol Specification.
Obsoleted by: RFC 1057.
|
Top of Page
|
| OTHER PROTOCOLS OF TCP/IP SUITE |
|
|
|
|
|
