How LISa works

In the configuration file of LISa you provide a range of IP-addresses which LISa should check wether they are running. In the most simple case this could be your network address/subnetmask, then LISa would check every possible host of your network wether it is up. The hosts are checked using ICMP echo requests. To be able to send and receive ICMP echo requests and replies the program has to open a so called "raw socket". Therefor it needs root privileges. This socket is opened right after the start of the program, after successfully opening the socket root privileges are dropped immediatly (see main.cpp and strictmain.cpp). If you configure LISa this way, that it also uses nmblookup, it will popen("nmblookup \"*\""); and then parse the results.

Since the ICMP requests and the broadcasts can cause some network traffic if there are more than one such server running in one network, the servers cooperate with each other. Before they start pinging (or nmblookup), they send a broadcast on port 7741.
If somebody answers this broadcast, they will retrieve the complete list of running hosts via TCP port 7741 from this host and will not start to ping (or nmblookup) theirselves. If nobody answers, the host which sent the broadcast will start pinging the hosts (or nmblookup) and then open a socket which listens for the mentioned broadcasts. If the host received an answer to his broadcast, it won't have the socket for listening to the broadcasts open. So usually exactly one of the servers will have this socket open and only this one will actually ping (or nmblookup) the hosts. In other words, the servers are lazy, they work like "I will only do something if nobody else can do it for me".

There is another feature which reduces the network load. Let's say you configured LISa to update all 10 minutes. Now you don't access your server very often. If nobody accessed the server during the last update period, the server will update (either itself or from the one which actually does the work) and then double its update period, i.e. the next update will happen after 20 minutes. This will happen 4 times, so if nobody accesses the server with update period 10 minutes for a long time, its update interval will grow up to 160 minutes, almost three hours. If then somebody accesses the data from the server, he will get an old list ( up to 160 minutes old). With accessing the server will reset its update interval to its initial value, i.e. 10 minutes and immediatly start updating if the last update is more than these 10 minutes over. This means if you get a very old list, you can try some seconds later again and you should get a current version. This will have fast effect for the servers, which don't ping (or nmblookup) theirselves, since only one user usually accesses them, and it will have less effect for the server which does the pinging (or nmblookup), since this server is accessed from all other servers in the network.

This way it is possible that many hosts in a network run this server, but the net load will remain low. For the user it is not neccessary to know wether there is a server (i.e. a name server or fileserver or whatever) in the network which also runs LISa. He can always run LISa locally and LISa will detect if there is one, transparently to the user.

If you don't want that your LISa takes part in the broadcasting, but always does the pinging itself, make it use another port with the command line option --port or -p. This is not recommended !

If you send SIGHUP to LISa, it will reread its configfile. If you send SIGUSR1 to LISa, it will print some status information to stdout.

Accessing the information - clients

The first client for LISa is an ioslave for KDE2, so the user can enter there lan://localhost/ or lan:/, which will both contact LISa on the local system. If there is a machine which runs all the time and the user knows that this machine also runs LISa, he can use his LISa client directly with this server (would be with the mentioned ioslave lan://the_server_name/). The data provided over the socket has a simple format:

"decimal IP address in network byte order\0x20\full hostname\0\n"

and the last line
0 succeeded<'\n'>

e.g.

"17302538 some_host.whatever.de
18285834 linux.whatever.de
17827082 nameserver.whatever.de
0 succeeded
"

This should make it easy parseable.

If there are very strict security rules in your network, some people might consider the pinging a potential attack. If you have problems with this, try the restricted version, resLISa.

resLISa

If you hav very strict security rules in your network or you don't want to have another port open or whatever, you can use resLISa.

With resLISa you can't ping whole networks and address ranges, you can give resLISa up to currently 64 hosts by their names in its config file. These will be pinged. You are still able to use nmblookup. resLISa will also only provide the information over a unix domain socket, i.e. not over the network. The name of the socket is "/tmp/resLisa-YourLoginname", so resLISa can be savely run by more users on one machine. Since it should also not produce a security risk of any kind it is safe to install reslisa setuid root. root privileges will be dropped right after startup (see strictmain.cpp), they are only needed to create a raw socket for sending the ICMP echo requests. It will also not send or receive broadcasts. The first client for this is also an ioslave for KDE2 (makes rlan:/ in e.g. konqy).