Paul,
If you let the sender set the limit and it's something like a 8 or 16
bit value, it is effectively not limited. If the entire internet can
work with 64 router hops, it is really hard for me to imagine that
owserver forwarding can't. With this, the state is in the forwarded
message rather than owserver, which scales much better.
I haven't looked at the code, but I would assume that each forwarding
node needs to keep and age out a list of labels that it has forwarded
and match every request against that list. Lots of complex code that has
scaling issues. This has to be done on all the forwarding nodes because
the loop may not include the originating node. That is a far greater
limit than hop count, IMO.
jerry
On 05/02/2014 08:38 AM, Paul Alfille wrote:
Yes, I chose the second approach (hash of some relatively unique data)
just to avoid arbitrary limits, even if they are unlikely to be
exceeded in actual use. That's a general design objective throughout
owfs.
I'm amused that you designed just about the same scheme, including the
hash, that is actually implemented. Part of the unique information is
the command line arguments, but Stefano found I botched the looping.
On Fri, May 2, 2014 at 11:00 AM, Stefano Miccoli <mo...@icloud.com
<mailto:mo...@icloud.com>> wrote:
Actually your second option is exactly what is implemented in
2.9p4, with the md5 implementation from
http://en.wikipedia.org/wiki/MD5#Simple_implementation,
see SetupAntiloop in module/owserver/src/c/owserver.c
My concerns about this approach are not linked to the security,
but the robustness of the code. But of course, adding a dependency
to a new library (like libuuid from util-linux) may not be the
right answer.
Stefano
On 02 May 2014, at 16:30, Jerry Scharf
<sch...@lagunawayconsulting.com
<mailto:sch...@lagunawayconsulting.com>> wrote:
Paul,
If all you are trying to do is loop detection, there are a couple
ways I know to do it.
The simplest way to do it is a "time to live" field like IP does
it. Start it at some number (64 in standard for IP, but we would
probably want it to be lower) and every time you forward it,
decrement the TTL. When it hits 0, drop it (and possibly send an
error back.) The number could be configurable, but something like
4 or 8 seems like a reasonable number. This requires no extra
software and takes just a few lines to implement.
The other way is to take a bunch of information like the IP
address, owserver pid and a sequence number and run it through a
cryptographic hash. The size is constant, the odds of duplication
are vanishingly small and it discloses no information. You don't
need anything secure, so 128 bit MD5 is fine and there may be
even shorter ones. This requires having the crypto hash software
available, which may be a challenge across the range of systems
owserver can install.
jerry
On 05/02/2014 04:50 AM, Paul Alfille wrote:
Good catch on the bug you patched.
I'd love to open a discussion of the UUID feature.
Let me state the problem area for background information:
1. owserver can be configured to send requests "upstream" -- to
another owserver
A. This is done at the command line or via a configuration file
B This cannot be done by a mear user
C There is no limit on the length of the chain of owserver
redirections.
2. Any chain of owserver redirections will eventually reach an
end unless there is a loop in the sequence.
The solution: owserver adds a "unique token" (16 bytes of
data) to the end of messages passing upstream, and makes sure
incoming messages don't have it's unique token.
Potential problems:
1. owserver could be altered to not look for the token
A. Well, any rogue program or shell script that you allow to
be run can be malicious.
2. The tokens could be altered in transit.
A. Again, if you don't have control of your network traffic,
anyone can inject any amount of traffic
3. The token might be non-unique
A. The is a fail safe in terms of network traffic
B Part of the 1-wire network would be inaccessible.
Based on my analysis, the only real risk is non-unique tokens,
and given the typically small extent of owserver networks, only
modest uniqueness guarantees are needed.
I thought of using an existing library (like UUID) but it's a
nuisance for users to find and build another package. Especially
since we are cross-platform and multiarchitecture. I try to
reserve using libraries for complex and essential functions
(like USB access).
Still, I'm open to the debate.
Paul
On Thu, May 1, 2014 at 5:46 PM, Stefano Miccoli
<mo...@icloud.com <mailto:mo...@icloud.com>> wrote:
Thanks for including my suggestions in p4!
I found a small bug in the new antiloop code
(module/owserver/src/c/owserver.c) please see the attached
patch.
Stefano
PS:
in my opinion, instead of the MD5 hash of some process data,
a UUID
<http://en.wikipedia.org/wiki/Universally_unique_identifier> would
be more appropriate for the antiloop feature.
On 30 Apr 2014, at 02:35, Paul Alfille
<paul.alfi...@gmail.com <mailto:paul.alfi...@gmail.com>> wrote:
Release Notes owfs 2.9p4
4/30/2014
New features
1. Switch to git for source management
Still hosted on sourceforge.net <http://sourceforge.net/>
git clone git://git.code.sf.net/p/owfs/code
<http://git.code.sf.net/p/owfs/code> owfs-code
cvs history brought over.
2. Clean and test DS2409 (Microlan) hubs
Addressing problem found by Ors Tiszay
Works well with passive devices
Problems with powered slaves, but probably not a software
issue.
3. Improved and tested owserver protocol for
server-to-server communication
Use md5 hash for unique token
Fixed byte counting issue in write messages
Null-terminated string no longer required in path string
(problem pointed out by Stefano Miccoli)
4. Added /system/configuration/version
Reports owserver version
Request from Stefano Miccoli
Fixes
1. Double initialization of mutex fixed
Show stopper in FreeBSD
Found by Johan Strom
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing
- For FREE
Instantly run your Selenium tests across 300+ browser/OS
combos. Get
unparalleled scalability from the best Selenium testing
platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs_______________________________________________
Owfs-developers mailing list
Owfs-developers@lists.sourceforge.net
<mailto:Owfs-developers@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/owfs-developers
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing
- For FREE
Instantly run your Selenium tests across 300+ browser/OS
combos. Get
unparalleled scalability from the best Selenium testing
platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Owfs-developers mailing list
Owfs-developers@lists.sourceforge.net
<mailto:Owfs-developers@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/owfs-developers
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Owfs-developers mailing list
Owfs-developers@lists.sourceforge.net
<mailto:Owfs-developers@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/owfs-developers
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For
FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get
unparalleled scalability from the best Selenium testing platform
available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs_______________________________________________
Owfs-developers mailing list
Owfs-developers@lists.sourceforge.net
<mailto:Owfs-developers@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/owfs-developers
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform
available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Owfs-developers mailing list
Owfs-developers@lists.sourceforge.net
<mailto:Owfs-developers@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/owfs-developers
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Owfs-developers mailing list
Owfs-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owfs-developers
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Owfs-developers mailing list
Owfs-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owfs-developers
