Make storescp aetitle-aware

[a.wilmink]

I'm testing dicom connectivity with dcmtk.
When I perform an echoscu to another host running the command

Code: Select all

storescp -v 5678

the echoscu completes successfully as long as the peer and port are filled in correctly.

When I manually add an aetitle, for instance

Code: Select all

storescp -aec NODE -v 5678

the command will succeed regardless of the aetitle I fill in the echoscu command.

I'd like to know if there's any way I can set the storescp command to give an error message or notification when the aetitles are mismatched.

[Michael Onken]

Hi,

unfortunately this is not possible but requires patching storescp. Should be straightforward, though.

storescp allows access control only via TCP wrapper on Unix-like systems (option +ac) or TLS (see the various transport layer security options).

Best,
Michael

[a.wilmink]

Hi Michael,

Thank you for your reply. And apologies for not posting this topic in the right subforum.

When I run storescp I get the following output, and the tcp wrapper option is missing:

Code: Select all

$dcmtk: storescp v3.6.0 2011-01-06 $

storescp: DICOM storage (C-STORE) SCP
usage: storescp [options] [port]

parameters:
  port                           tcp/ip port number to listen on

general options:
  -h      --help                 print this help text and exit
          --version              print version information and exit
          --arguments            print expanded command line arguments
  -q      --quiet                quiet mode, print no warnings and errors
  -v      --verbose              verbose mode, print processing details
  -d      --debug                debug mode, print debug information
  -ll     --log-level            [l]evel: string constant
                                 (fatal, error, warn, info, debug, trace)
                                 use level l for the logger
  -lc     --log-config           [f]ilename: string
                                 use config file f for the logger
  +v      --verbose-pc           show presentation contexts in verbose mode
multi-process options:
          --single-process       single process mode (default)
          --fork                 fork child process for each association
network options:
  association negotiation profile from configuration file:
    -xf   --config-file          [f]ilename, [p]rofile: string
                                 use profile p from config file f
  preferred network transfer syntaxes (not with --config-file):
    +x=   --prefer-uncompr       prefer explicit VR local byte order (default)
    +xe   --prefer-little        prefer explicit VR little endian TS
    +xb   --prefer-big           prefer explicit VR big endian TS
    +xs   --prefer-lossless      prefer default JPEG lossless TS
    +xy   --prefer-jpeg8         prefer default JPEG lossy TS for 8 bit data
    +xx   --prefer-jpeg12        prefer default JPEG lossy TS for 12 bit data
    +xv   --prefer-j2k-lossless  prefer JPEG 2000 lossless TS
    +xw   --prefer-j2k-lossy     prefer JPEG 2000 lossy TS
    +xt   --prefer-jls-lossless  prefer JPEG-LS lossless TS
    +xu   --prefer-jls-lossy     prefer JPEG-LS lossy TS
    +xm   --prefer-mpeg2         prefer MPEG2 Main Profile @ Main Level TS
    +xh   --prefer-mpeg2-high    prefer MPEG2 Main Profile @ High Level TS
    +xr   --prefer-rle           prefer RLE lossless TS
    +xd   --prefer-deflated      prefer deflated expl. VR little endian TS
    +xi   --implicit             accept implicit VR little endian TS only
    +xa   --accept-all           accept all supported transfer syntaxes
  other network options:
    -id   --inetd                run from inetd super server (not with --fork)
    -ta   --acse-timeout         [s]econds: integer (default: 30)
                                 timeout for ACSE messages
    -td   --dimse-timeout        [s]econds: integer (default: unlimited)
                                 timeout for DIMSE messages
    -aet  --aetitle              [a]etitle: string
                                 set my AE title (default: STORESCP)
    -pdu  --max-pdu              [n]umber of bytes: integer (4096..131072)
                                 set max receive pdu to n bytes (def.: 16384)
    -dhl  --disable-host-lookup  disable hostname lookup
          --refuse               refuse association
          --reject               reject association if no implement. class UID
          --ignore               ignore store data, receive but do not store
          --sleep-after          [s]econds: integer
                                 sleep s seconds after store (default: 0)
          --sleep-during         [s]econds: integer
                                 sleep s seconds during store (default: 0)
          --abort-after          abort association after receipt of C-STORE-RQ
                                 (but before sending response)
          --abort-during         abort association during receipt of C-STORE-RQ
    -pm   --promiscuous          promiscuous mode, accept unknown SOP classes
                                 (not with --config-file)
    -up   --uid-padding          silently correct space-padded UIDs
output options:
  general:
    -od   --output-directory     [d]irectory: string (default: ".")
                                 write received objects to existing directory d
  bit preserving mode:
    -B    --normal               allow implicit format conversions (default)
    +B    --bit-preserving       write data exactly as read
  output file format:
    +F    --write-file           write file format (default)
    -F    --write-dataset        write data set without file meta information
  output transfer syntax (not with --bit-preserving or compressed transmission):
    +t=   --write-xfer-same      write with same TS as input (default)
    +te   --write-xfer-little    write with explicit VR little endian TS
    +tb   --write-xfer-big       write with explicit VR big endian TS
    +ti   --write-xfer-implicit  write with implicit VR little endian TS
    +td   --write-xfer-deflated  write with deflated expl. VR little endian TS
  post-1993 value representations (not with --bit-preserving):
    +u    --enable-new-vr        enable support for new VRs (UN/UT) (default)
    -u    --disable-new-vr       disable support for new VRs, convert to OB
  group length encoding (not with --bit-preserving):
    +g=   --group-length-recalc  recalculate group lengths if present (default)
    +g    --group-length-create  always write with group length elements
    -g    --group-length-remove  always write without group length elements
  length encoding in sequences and items (not with --bit-preserving):
    +e    --length-explicit      write with explicit lengths (default)
    -e    --length-undefined     write with undefined lengths
  data set trailing padding (not with --write-dataset or --bit-preserving):
    -p    --padding-off          no padding (default)
    +p    --padding-create       [f]ile-pad [i]tem-pad: integer
                                 align file on multiple of f bytes and items
                                 on multiple of i bytes
  deflate compression level (only with --write-xfer-deflated/same):
    +cl   --compression-level    [l]evel: integer (default: 6)
                                 0=uncompressed, 1=fastest, 9=best compression
  sorting into subdirectories (not with --bit-preserving):
    -ss   --sort-conc-studies    [p]refix: string
                                 sort studies using prefix p and a timestamp
    -su   --sort-on-study-uid    [p]refix: string
                                 sort studies using prefix p and the Study
                                 Instance UID
    -sp   --sort-on-patientname  sort studies using the Patient's Name and
                                 a timestamp
  filename generation:
    -uf   --default-filenames    generate filename from instance UID (default)
    +uf   --unique-filenames     generate unique filenames
    -tn   --timenames            generate filename from creation time
    -fe   --filename-extension   [e]xtension: string
                                 append e to all filenames
event options:
  -xcr    --exec-on-reception    [c]ommand: string
                                 execute command c after having received and
                                 processed one C-STORE-RQ message
  -xcs    --exec-on-eostudy      [c]ommand: string
                                 execute command c after having received and
                                 processed all C-STORE-RQ messages that belong
                                 to one study
  -rns    --rename-on-eostudy    having received and processed all C-STORE-RQ
                                 messages that belong to one study, rename
                                 output files according to certain pattern
  -tos    --eostudy-timeout      [t]imeout: integer
                                 specifies a timeout of t seconds for
                                 end-of-study determination
  -xs     --exec-sync            execute command synchronously in foreground

I looked up some online documentation how to use the +ac option, but when I try and enter the command I get the following error:

Code: Select all

$dcmtk: storescp v3.6.0 2011-01-06 $

storescp: DICOM storage (C-STORE) SCP
error: Unknown option +ac

I think I understand what you are suggesting, filtering the echoscu with a tcp wrapper would give a similair error as misconfiguring the aetitle. Am I using the wrong version of dcmtk? I installed the latest version I could find from the website from source.

[Michael Onken]

Hi,

the -aet option specifies the AE Title storescp will respond with, no matter on which "Called AE Title" echoscu or any other tool is using when connecting to it.

You can see what is going on during association negotiation when using "-d" for debug instead or on top of "-v" for verbose mode. This will also list the AE Titles used but does _not_ print an error if the AE titles do not match.

The TCP wrapper options are only available on Unix-like systems (Linuxes, BSD, Mac OS X, ...) if the option is enabled during DCMTK compilation. They are _not_ available on Windows. However, they do not provide a way to react on a mismatched AE Title.

The TLS options are only available (Windows, Unix) if OpenSSL support was enabled when compiling DCMTK.

As said, there is no way to check the AE Title and return an error on mismatch with storescp, unless you patch the source code.

Michael

[a.wilmink]

Hi Michael,

thanks again for your help.
I recompiled dcmtk to include tcpd.

I can now block access to specific hosts or all hosts.

After setting up tcp wrappers I now get storescp output:

Code: Select all

E: Receiving Association failed: 0006:0324 TCP wrapper: denied connection from host (x.x.x.x)

And on the client side I get the error

Code: Select all

I: Requesting Association
F: Association Request Failed: 0006:0317 Peer aborted Association (or never connected)

I noticed this is the same error one would get when for instance misconfiguring the port number.
That means that in a real life scenario the error message for a mismatched AE title would basically always mean an association mismatch?

[J. Riesmeier]

If you want to check what the behavior is in case the called AE title is not recognized, why don't you use the little image archive that comes with the DCMTK (dcmqrscp)?
The TCP wrapper has nothing to do with DICOM network communication. It is just a way of restricting access to a TCP/IP based server (in case of the DCMTK, a DICOM SCP).

[a.wilmink]

Code: Select all

I: Requesting Association
F: Association Rejected:
F: Result: Rejected Permanent, Source: Service User
F: Reason: Called AE Title Not Recognized

Thanks a lot!