Project

General

Profile

Task #4989

Error out if both localhop_security and auto_prefix_propagate are enabled

Added by Davide Pesavento 9 months ago. Updated 7 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
RIB
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:

Description

We should give a clear error message rather than misbehaving when both sections are enabled in nfd.conf.

https://www.lists.cs.ucla.edu/pipermail/nfd-dev/2019-August/003755.html


Related issues

Blocks NFD - Task #5045: Release 0.7.0Closed

Actions

History

#1

Updated by Junxiao Shi 9 months ago

Disagree. The proper solution of the root cause is letting every node have a different command prefix for prefix registrations, as described in #3142 and #3143.

#2

Updated by Davide Pesavento 9 months ago

Oh, I don't disagree with fixing the root issues, but given that there has been no progress in 4 years, I don't expect them to be resolved any time soon. In the meantime, we should clearly communicate to our users that the two settings are mutually incompatible.

#3

Updated by Wenkai Zheng 9 months ago

Hi,for error message, which part do you want it to add in nfd.conf.sample.in,on both localhop_security part and auto_prefix_propagate part?

#4

Updated by Wenkai Zheng 9 months ago

  • Assignee set to Wenkai Zheng
#5

Updated by Davide Pesavento 9 months ago

You can add a note about the incompatibility in nfd.conf.sample.in, in both sections, but that's not the main goal of this task. The "error message" mentioned in the description must be raised by NFD at runtime, if the config is incorrect. That means throwing a ConfigFile::Error exception. There are plenty of similar cases in the codebase, for instance take a look at daemon/face/*-factory.cpp.

#6

Updated by Wenkai Zheng 9 months ago

Thanks for that example,I am thinking the config file is related with rib/service.cpp,and there is a ApplyConfig function,if the section has localhop_security already,and in next loop,it has auto_prefix_propagate,should this situation be incorrect for throwing exception?

#7

Updated by Wenkai Zheng 9 months ago

Is ApplyConfig function in rib/service.cpp a right place to add code ?

#8

Updated by Ju Pan 9 months ago

Wenkai Zheng wrote:

Is ApplyConfig function in rib/service.cpp a right place to add code ?

I think you are targeting at the correct file. But it seems more likely that the function you should work on is Service::checkConfig. E.g. if in a loop you see CFG_LOCALHOP_SECURITY and in another loop you see CFG_PREFIX_PROPAGATE, you need to throw an error.

#9

Updated by Wenkai Zheng 8 months ago

  • % Done changed from 0 to 90
#10

Updated by Davide Pesavento 7 months ago

  • Status changed from New to Code review
  • Target version set to v0.7

Apparently NFD-Android enables both these sections in the default config. Anyone knows why?

#11

Updated by Ju Pan 7 months ago

A basic question: what is the problem when both localhop_security and auto_prefix_propagate are enabled?

My understanding is there are only two combinations:

  1. localhost + auto_prefix_propagate: prefix registrations on NFD are propagated to the connected gateway router
  2. localhop: NFD expects prefix registrations from apps running on remote machines.

Why can't localhop work with auto_prefix_propagte? I must misunderstand something here.

Thanks in advance.

#12

Updated by Alex Afanasyev 7 months ago

Davide Pesavento wrote:

Apparently NFD-Android enables both these sections in the default config. Anyone knows why?

This was done in commit:449a431db2d67d98bb7d6aaad35696fdd26ed0ca to "fix" self-learning, with the disclaimer that this is a temporary solution and be replaced with the proper
trust management inside NDN android app later.

#13

Updated by Davide Pesavento 7 months ago

Ah thanks, I remember now. It shouldn't be a problem then. Self-learning is switching to its own validator instead of abusing the localhop validator. So NFD-Android can simply disable localhop_security again when it gets updated to the new NFD (and enable prefix_announcement_validation for self-learning).

#14

Updated by Davide Pesavento 7 months ago

#15

Updated by Davide Pesavento 7 months ago

  • Status changed from Code review to Closed
  • % Done changed from 90 to 100

Also available in: Atom PDF