Best way to validate DICOM connection request with pynetdicom

Question

What is the preferred way to validate requested DICOM connection against a list of known hosts? I can connect to the EVT_CONN_OPEN event. But in that, the event.assoc.requestor.info.ae_title element is always empty (b''). I see from a TCP network analysis, that the name is transmitted. So, where is it? What is the right way to validate the requesting host?

Answer 1

You could try using EVT_REQUESTED instead, it gets triggered after an association request is received/sent and the AE title information should be available at that point. Unfortunately EVT_CONN_OPEN is triggered on TCP connection which occurs prior to the association request.

If you don't like the host's details you can use the handler to send an association rejection message using event.assoc.acse.send_reject() or abort with event.assoc.abort().

If you're only interested in validating against the AE title you can use the AE.require_calling_aet property to restrict associations to those with matching AE titles.

Answer 2

For the benefit of anyone else looking this up, the correct stage to look this up is in the EVT_REQUESTED event. However you will likely find the details aren't filled in (they are populated AFTER the handler has been called).

So if you want to locate the callers AE in EVT_REQUESTED, you need to locate the A_ASSOCIATE primitive and read them from there. So for example in your handler you can do this to reject remotes:

def handle_request(event):
    req_title = event.assoc.requestor.primitive.calling_ae_title.decode('ascii')
    if req_title != 'MyAET':
        event.assoc.acse.send_reject(0x01, 0x01, 0x03)
        return

At least for 1.5.7.