Project

General

Profile

Feature #3162

Updated by Junxiao Shi about 9 years ago

Include Link object as part of PIT index. 

 **Necessity** 
 Forwarding with Link leads to concerns about denial-of-service with malicious Link objects.   
 For example, Eve may express Interests at a high rate for popular contents with Link [{10,ndn:/eve2}], and setup a producer at ndn:/eve2 network to return fake Data. 
 After Eve's Interest is forwarded, other Interests requesting same contents with no or different Link objects would be aggregated into the PIT entry created by Eve's Interest, and they won't be able to receive legit Data. 

 **Solution** 
 The Interest Table should be logically partitioned according to the Link object.   
 By including the Link object as part of PIT index, Eve's Interest would have a different PIT entry than other Interests with same Name and Selectors. 
 This solution eliminates this type of denial-of-service, because Interests with different Link objects are forwarded separately and not aggregated, so that Eve's Interest cannot affect Interests without Eve's Link object. 

 This issue includes: 

 * PIT entry: Link object getter 
 * PIT index: include Link object as part of index 
 * PIT lookup: perform exact match on Name+Selectors+Link 
 * PIT match Data: incoming Data can match a PIT entry only if incoming face has an out-record;   
   special case: if PIT Interest Name ends with an implicit digest, any Data that satisfies the implicit digest can match it 

 NFD Developer Guide should be updated as part of this issue.

Back