New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change of system time leads to closing of secure channel #2055
Comments
Would it make sense to base the timestamping of the token on system time independent ticks? There is the property Would this be a reasonable solution, or is there on other places some need of the The source code concerned is UA-.NETStandard/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryClientChannel.cs Lines 1165 to 1167 in d65e1cf
The actual evaluation takes place at UA-.NETStandard/Stack/Opc.Ua.Core/Stack/Tcp/ChannelToken.cs Lines 72 to 83 in d65e1cf
|
This is a barely tested proof-of-concept for timeouts independent of the system clock.
Sligthly more correct calculation: (re-)calculate the remaining time as fraction of the expected lifetime, not as fraction of the age of the token.
…es on the clock independent timer ticks.
The solution in UA-.NETStandard/clock-independent-timeouts works for me in my environment. See it as a proof of concept. |
Just adding some cross reference: |
Type of issue
Current Behavior
I am using the OPCUA-Library to connect a c# client application to a server on a Siemens plc.
The connection is up and running.
Values are asynchronously written to the plc with session.BeginWrite()
When I change the system time on the client side to at least 1 hour in the future, then the connection breaks instant.
A change of the system time to the past doesn’t have any effect, no matter how big the time difference is.
The system time could also be changed by the NTP client, in the case of a not initially correct set hardware clock.
The root cause is in the implementation of the timeouts. They save a timestamp and compared it with the current system time (DateTime.UtcNow). At the moment the system time gets changed, the timeout of the current token (and possibly an already prepared new token) for the secure channel gets triggered immediate and the secure channel gets closed.
Even with an automatic reconnect the current running publish events gets lost without any notification to the application.
The session and the subscriptions are transferred to a new secure channel, but failed publish requests are not cached and not retried.
Expected Behavior
The secure channel should not close and the connection should stay alive.
If this is not possible, the current publish tasks should not fail silently but be resent instead.
If this is also not possible at least an error notification should be sent to the application for each failing asynchronous write call.
Steps To Reproduce
Environment
Anything else?
Looks similar to issue #1859
The text was updated successfully, but these errors were encountered: