|
1: 2008-12-21 (Sun) 03:29:18 gambled  |
| | + | * sl_relay [#k8b98ddc] |
| | + | [[日本語はこちら>sl_relay]]~ |
| | | | |
| | + | ** Outline [#uf81341b] |
| | + | -''sl_relay'' is a Packet Relay Server for Second Life running on Linux. It is aimed at connecting to Second Life Servers from a PC through a firewall such as might be found in a university. |
| | + | -''sl_relay'' relays communication (UDP,HTTP/HTTPS) between the SIM Server and the Second Life viewer. |
| | + | - Note: it not only relays but also scans inside each packet. Thus when the content of a packet (URL, IP address and port number) indicate another SIM is involved, a new relay process for that SIM can be started. |
| | + | |
| | + | - ''[[sl_cache>sl_cache (E)]]'' can be used with ''sl_relay'' to provide a texture data cache. |
| | + | - When caching UDP packets (''[[sl_cache>sl_cache (E)]]''), the sequence number of each UDP packet is rewritten to prevent contradictions. |
| | + | |
| | + | - It is also possible to limit access to particular SIMs by using ''sl_relay'' with the Information Server (''[[sl_info>sl_info (E)]]''). |
| | + | |
| | + | - ''sl_relay'' is part of ''[[sl_proxy>sl_proxy (E)]]''. |
| | + | - The current version is ''1.6.1'' (6 Oct. '08) |
| | + | |
| | + | ***''Outline of Functions.'' [#b28df040] |
| | + | + You can execute Second Life from a PC with private IP address behind a firewall. |
| | + | + You can specifiy the port number for firewall access. |
| | + | + Access to ''sl_relay'' can be controlled. |
| | + | + Full HTTPS access between Viewer and Relay Server is possible. (default is HTTP) |
| | + | + MusicURL and MediaURL(High 23) is supported. However, it is recommended that a WEB proxy be used. |
| | + | + External WEB Proxy (e.g. squid) connection is supported. Moreover, an internal WEB Proxy function is included. |
| | + | + [[OpenSim]] is supported. (Test version) |
| | + | + ''[[sl_cache>sl_cache (E)]]'' connection is supported. (''[[sl_cache>sl_cache (E)]]'' is the texture cache server for ''sl_relay''.) |
| | + | + When ''[[sl_cache>sl_cache (E)]]'' is down or response is too slow, ''sl_relay'' automatically disconnects from the cache server after short delay. |
| | + | + Access to Second Life SIMs can be controlled, by Avatar, viewer machine IP or at the global SIM level through the use of white lists with ''[[sl_info>sl_info (E)]]''. |
| | + | |
| | + | ***''Annoyances or Bugs.'' [#dc53166d] |
| | + | + You might see the same message two or more times in IM or chat. The cause is unknown, sorry. |
| | + | + It doesn't work with ''slvoice''. |
| | + | + A stress test of ''sl_relay'' has not been carried out. |
| | + | |
| | + | **''Explanation'' [#g7f1e55f] |
| | + | + [[Over the Firewall>./Firewall]] |
| | + | + [[Cooperation with the Cache Server>./Cooperation with the Cache Server]] |
| | + | + [[Cooperation with the Information Server>./Cooperation with the Information Server]] |
| | + | + [[Communication by HTTPS>./Communication by HTTPS]] |
| | + | + [[WEB Proxy Function>./WebProxy]] |
| | + | + [[When the server has two or more network interfaces>/sl_proxy (E)/two or more network interfaces]] |
| | + | + [[Rewrite Viewer Version>./Rewrite Viewer Version]] |
| | + | + [[Log and Debug Mode>./Log and Debug Mode]] |
| | + | + [[Security>./Security]] |
| | + | |
| | + | ** Configuration [#q6718feb] |
| | + | - The default configuration file is ''/usr/local/etc/sl_proxy/sl_relay.conf''. |
| | + | - It is also possible to specify an alternate configuration file using the ''-f'' option of ''sl_relay''. |
| | + | - Because the configuration file is read before ''sl_relay'' does the switch to the effective user, exec user should be able to be read. |
| | + | - The setting of each item is described in the configuration file. Empty lines or lines starting with # are not read. |
| | + | |
| | + | |
| | + | *** Items [#mdd29c33] |
| | + | Communication port with SIM Server |
| | + | -[[MinUdpExPort>./MinUdpExPort]] |
| | + | -[[MaxUdpExPort>./MaxUdpExPort]] |
| | + | -[[MinTcpExPort>./MinTcpExPort]] |
| | + | -[[MaxTcpExPort>./MaxTcpExPort]] |
| | + | |
| | + | Communication port with Viewer |
| | + | -[[MinUdpImPort>./MinUdpImPort]] |
| | + | -[[MaxUdpImPort>./MaxUdpImPort]] |
| | + | -[[MinTcpImPort>./MinTcpImPort]] |
| | + | -[[MaxTcpImPort>./MaxTcpImPort]] |
| | + | |
| | + | Control port of Relay Controller |
| | + | -[[MinControlPort>./MinControlPort]] |
| | + | -[[MaxControlPort>./MaxControlPort]] |
| | + | |
| | + | |
| | + | HTTPS(SSL) |
| | + | -[[CERT_PEM_File>./CERT_PEM_File]] |
| | + | -[[SKEY_PEM_File>./SKEY_PEM_File]] |
| | + | -[[CA_PEM_File>./CA_PEM_File]] |
| | + | |
| | + | Access control |
| | + | -[[Hosts_Allow_File>/sl_proxy (E)/Hosts_Allow_File]] |
| | + | -[[ExternalWebProxy>./ExternalWebProxy]] |
| | + | -[[Proxy_Allow_File>./Proxy_Allow_File]] |
| | + | |
| | + | Etc. etc. |
| | + | -[[Temp_File_Dir>/sl_proxy (E)/Temp_File_Dir]] |
| | + | -[[MaxIdleTime>/sl_proxy (E)/MaxIdleTime]] |
| | + | |
| | + | **Execute Options [#p28613aa] |
| | + | sl_relay [-s server_name[:port]] [-p port] [-u user_name] [-f config_file] |
| | + | [-v syslog_level] [-i interface_address] [-pid pid_file] |
| | + | [-as] [-aca] [-ano] |
| | + | [-is [info_server:port]] |
| | + | [-cs [cache_server:port]] [-cg] [-cp] |
| | + | [-xp web_proxy_server:port] [-p [port]] [-mm] |
| | + | [-wf] |
| | + | [-d] [-x] [-xt] [-xu] [-xuf] |
| | + | [-ver version] |
| | + | |
| | + | -s : specify login server of Second Life. default is login.agni.lindenlab.com:443 |
| | + | -p : port number that Viewer connects. default is 8100. |
| | + | -u : effective user. |
| | + | -f : configuration file. default is /usr/local/etc/sl_proxy/sl_relay.conf |
| | + | -l : log file. not implemented yet. |
| | + | -v : level of syslog. default is LOG_INFO (7). |
| | + | -i : specify Viewer side network interface IP address. You need to use this option if your server has two or more network interfaces. |
| | + | -pid: pid file. |
| | + | |
| | + | -as : use HTTPS between Viewer and Relay Server. |
| | + | -aca: confirms Second Life Server by using C:\Program Files\SecondLife\app_settings\CA.pem |
| | + | -ano: no HTTPS communication. Not usually used - it is for OpenSim only. (Experimental option) |
| | + | |
| | + | -is : specify sl_info information server. default is localhost:8086 |
| | + | -cs : specify sl_cache cache server. default is localhost:8200 |
| | + | -cg : only get cache data. Do not save data. |
| | + | -cp : only save cache data. Do not get data. |
| | + | |
| | + | -ip : use internal web proxy function with full access mode. Start internal web proxy |
| | + | process (port number can be specified.) |
| | + | -ipx: use internal web proxy function with restricted mode. Start internal web proxy |
| | + | process (port number can be specified.) |
| | + | -xp : specify external web proxy server. |
| | + | -mm : relay MusicURL and MediaURL(High 23). It is preferable to use the web proxy function |
| | + | of viewer. |
| | + | |
| | + | -wf : Limit access to SIMs using the white list (done in cooperation with sl_info.) |
| | + | |
| | + | -d : debug mode |
| | + | -x : TCP(HTTP/HTTPS) packets are saved in the working directory and UDP packets are printed. |
| | + | -xt : TCP(HTTP/HTTPS) packets are saved in the working directory. |
| | + | -xu : UDP packet headers are printed. |
| | + | -xuf: full UDP packet is dumped. |
| | + | -ver: change the Viewer version. Please only use this as a temporary measure if you cannot |
| | + | install a new Viewer. It is dangerous to keep using this, never do it!! |
| | + | |
| | + | **Processes [#f13647f7] |
| | + | |
| | + | ***Relationship between Processes [#ece449c6] |
| | + | http://www.nsl.tuis.ac.jp/xoops/modules/xpwiki/?plugin=ref&page=sl_relay&src=sl_relay.png |
| | + | |
| | + | ***Transformation of UDP and HTTP/HTTPS Packets [#cfd53c48] |
| | + | http://www.nsl.tuis.ac.jp/xoops/modules/xpwiki/?plugin=ref&page=sl_relay&src=sl_relay2.png |
| | + | -[Proxy Process] is ''Relay Process'' |
| | + | -[Control Process] is ''Relay Controller'' |
