CA Proxy Gateway

Module Owner / Current Author:: Ralph Lange

This page is the home of the EPICS CA Proxy Gateway module, which is a proxy server for the Channel Access Protocol.

This site gives access to the software source code and documentation on how to include and use it in your EPICS environment. Please email any comments and bug reports to Ralph Lange who is the current author responsible for coordinating development and releases. Stephanie Allison and John Hammonds are also familiar with this module and may be willing to help with some problems.

Introduction

The CA Proxy gateway is an application that uses a CA client on the lower interface to connect to channels (PVs) and sets up monitors to those channels. It uses the portable Channel Access Server (CAS) to provide these channels to other CA clients (the upper interface). The channels' data is cached. There is an EPICS Access Security layer within the Gateway to configure whose clients from which hosts may have read or write access to a channel provided by the Gateway.

Please refer to the Gateway talk (given at the Y2K spring EPICS Collaboration meeting) for an overview and general usage examples. Talks at later conferences are less detailed.

Hardware Supported

The module supports the following platforms / operating systems:

HP-UX HP-Workstations with the HP-UX operating system (Contact: Ralph Lange)
Solaris Sun-Workstations with the Solaris operating system (Contact: Stephanie Allison)
Linux PC's with the Linux operating system (Contact: John Hammonds)

Where to Find it

You can download the software by HTTP from BESSY directly from the links in the table below:

Module Version	Release Date	uses EPICS Release	Files
1.3.0	May 3rd, 2000	Patched 3.13.2	Base Patches Gateway Sources
1.3.1	June 16th, 2000	Patched 3.13.2	Base Patches Gateway Sources
1.3.2	Feb 11th, 2002	Same patched 3.13.2	Base Patches Gateway Sources
1.3.3	Jul 19th, 2002	Same, but with an additional patch (see release note)	Base Patches Gateway Sources

Required Modules

Except the appropriate EPICS Base with the right set of patches, the Gateway requires the GNU regex library (version 0.12). You can either use a library that already has been installed at your site or download it from your favourite ftp server or from here.

Site Installation and Building

Here's a simple step-by-step recipe that should get you through installation:

1.	Get a regular 3.13.2 base and unpack it in some directory (let's call it `<baseGateway>` here).
2.	Go there, make it writable and unpack `baseInsert-n.n.n.tar.gz`, which contains all the needed patches in base.
3.	Adjust `<baseGateway>/config/CONFIG_SITE` and build `<baseGateway>`. The make targets `inc.host` and `buildInstall.host` should do the job. (Note: If you patch an existing base installation you might have to uninstall the gdd and CAS headers before compiling.)
4a.	Go `<somewhere>`, unpack, configure and build the regex-0.12 library. Caveat: When compiled out-of-the-box, the regexp library is not optimized. Try setting `CFLAGS=-O3` on the make command line to get a faster and smaller library.
or
4b.	Find the object and include file of the regex library (comes with GNU Emacs).
5.	Set up some (extension-style) `<TOP>` where you want to build the Gateway.
6.	Go there and unpack `extensionsInsert-n.n.n.tar.gz`.
7.	Build the Gateway. (Make sure your `<TOP>/config/RELEASE` points to the special `<baseGateway>` and the appropriate locations for the regex binary and header files.)

Documentation

The CA Proxy Gateway documentation is still a bit sparse:

The Gateway talk mentioned above gives an introduction and some general application hints.
The example configuration files supplied with the Gateway sources contain their documentation as comments.
Starting the Gateway with -help as argument prints out a help page that explains the command line options.

Release Notes

The Gateway still needs a specially patched version of base. Bringing it back to work with an off-the-shelf 3.14 base is on top of my personal Gateway to-do-list. Expect this to happen quite soon (rather months than years).

Changes for 1.3.3

The pvExistTest() routine has been optimized to improve the connection performance.
Andrew Johnson suggested a small patch to the file <baseGateway>/src/libCom/os/generic/bsdSockResource.c that takes load off the DNS service and speeds up opening Gateway connections dramatically.

Install the patch by saving the patch file ipAddr.patch and running patch < ipAddr.patch in the affected source file's directory.

Changes for 1.3.2

A memory leak (in the existTest context) has been fixed that caused regular crashes. Reported, found and fixed by Joan Sage, JLab.
A bug has been fixed that caused crashes when using DENY without host name(s). Reported, found and fixed by Stephanie Allison, SLAC.
Some other minor changes, including time-stamped one-line log messages for client side connection losses (requested by Joan Sage).

Changes for 1.3.1

Added a new commandline option (-mask) that allows setting the CA event mask that the Gateway uses for value connections on the lower network.

Background: CA allows setting an event mask for monitor connections to any combination of ALARM, LOG and VALUE. The incoming event messages themselves do not contain the information which condition triggered the event. Therefore the Gateway does not know which of its (upper side) clients it should forward the event to and forwards all events to all clients. This led to a situation where archivers collecting their data through a Gateway did receive VALUE events (triggered by a value leaving the MDEL deadband) instead of LOG events (triggered by a value leaving ADEL). Now you can set up a special archiver Gateway (on a different port) that uses LOG events.

This feature will be removed as soon as CA provides the event reason as part of the event message. (Jeff, you promised to do this. Right?)
Removed the hardcoded event rate limit for atomic (i.e. array) data. (Andrew Johnson reported problems with high speed channels.)

As limiting the event rate seems a reasonable thing to do for a Gateway, this feature will return in a future release in a configurable fashion.
Made some minor changes (and base patches) that allow compiling the c++ parts of base and the Gateway with HP's aCC compiler. (Thanks to Chris Larrieu.) The shared libraries from base don't do anything but dumping cores, though - so I edited the Makefile.Host to build the gateway statically.

Changes for 1.3.0

I threw out the filename style pattern matching and replaced it with using the GNU regex library (version 0.12). All commands use regular expression patterns now. The <real_name> declaration of ALIAS commands may contain \0 ... \9 escapes, which are replaced by the n-th matching subexpression. This is a very flexible way to define wildcard aliases.
I simplified the configuration syntax. The new ALLOW command replaces the PV and PATTERN commands. (Which still work, though.)
The evaluation order of ALLOW and DENY is configurable. You can define a wide DENY pattern and special ALLOW patterns or vice versa.
I fixed a couple of CAS beacon shortcomings:
- There is a new environment variable EPICS_CAS_AUTO_ADDR_LIST to allow different broadcast configuration for the client and server side.
- Channels that were once connected but disappeared are treated different from channels that never were connected. If such an IOC side reconnect appears, the Gateway will send a special beacon to its clients to make them try to reconnect their channels. (Until now the Gateway's clients weren't notified when an IOC reconnected to the Gateway - bad for archivers working through a Gateway.)

EPICS CA Proxy Gateway Module