Paul,
If all you are trying to do is loop detection, there are a couple ways I
know to do it.
The simplest way to do it is a "time to live" field like IP does it.
Start it at some number (64 in standard for IP, but we would probably
want it to be lower) and every time you forward it, decrement the TTL.
When it hits 0, drop it (and possibly send an error back.) The number
could be configurable, but something like 4 or 8 seems like a reasonable
number. This requires no extra software and takes just a few lines to
implement.
The other way is to take a bunch of information like the IP address,
owserver pid and a sequence number and run it through a cryptographic
hash. The size is constant, the odds of duplication are vanishingly
small and it discloses no information. You don't need anything secure,
so 128 bit MD5 is fine and there may be even shorter ones. This requires
having the crypto hash software available, which may be a challenge
across the range of systems owserver can install.
jerry
On 05/02/2014 04:50 AM, Paul Alfille wrote:
Good catch on the bug you patched.
I'd love to open a discussion of the UUID feature.
Let me state the problem area for background information:
1. owserver can be configured to send requests "upstream" -- to
another owserver
A. This is done at the command line or via a configuration file
B This cannot be done by a mear user
C There is no limit on the length of the chain of owserver
redirections.
2. Any chain of owserver redirections will eventually reach an end
unless there is a loop in the sequence.
The solution: owserver adds a "unique token" (16 bytes of data) to
the end of messages passing upstream, and makes sure incoming messages
don't have it's unique token.
Potential problems:
1. owserver could be altered to not look for the token
A. Well, any rogue program or shell script that you allow to be run
can be malicious.
2. The tokens could be altered in transit.
A. Again, if you don't have control of your network traffic, anyone
can inject any amount of traffic
3. The token might be non-unique
A. The is a fail safe in terms of network traffic
B Part of the 1-wire network would be inaccessible.
Based on my analysis, the only real risk is non-unique tokens, and
given the typically small extent of owserver networks, only modest
uniqueness guarantees are needed.
I thought of using an existing library (like UUID) but it's a nuisance
for users to find and build another package. Especially since we are
cross-platform and multiarchitecture. I try to reserve using libraries
for complex and essential functions (like USB access).
Still, I'm open to the debate.
Paul
On Thu, May 1, 2014 at 5:46 PM, Stefano Miccoli <mo...@icloud.com
<mailto:mo...@icloud.com>> wrote:
Thanks for including my suggestions in p4!
I found a small bug in the new antiloop code
(module/owserver/src/c/owserver.c) please see the attached patch.
Stefano
PS:
in my opinion, instead of the MD5 hash of some process data, a
UUID <http://en.wikipedia.org/wiki/Universally_unique_identifier>
would be more appropriate for the antiloop feature.
On 30 Apr 2014, at 02:35, Paul Alfille <paul.alfi...@gmail.com
<mailto:paul.alfi...@gmail.com>> wrote:
Release Notes owfs 2.9p4
4/30/2014
New features
1. Switch to git for source management
Still hosted on sourceforge.net <http://sourceforge.net/>
git clone git://git.code.sf.net/p/owfs/code
<http://git.code.sf.net/p/owfs/code> owfs-code
cvs history brought over.
2. Clean and test DS2409 (Microlan) hubs
Addressing problem found by Ors Tiszay
Works well with passive devices
Problems with powered slaves, but probably not a software issue.
3. Improved and tested owserver protocol for server-to-server
communication
Use md5 hash for unique token
Fixed byte counting issue in write messages
Null-terminated string no longer required in path string
(problem pointed out by Stefano Miccoli)
4. Added /system/configuration/version
Reports owserver version
Request from Stefano Miccoli
Fixes
1. Double initialization of mutex fixed
Show stopper in FreeBSD
Found by Johan Strom
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For
FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get
unparalleled scalability from the best Selenium testing platform
available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs_______________________________________________
Owfs-developers mailing list
Owfs-developers@lists.sourceforge.net
<mailto:Owfs-developers@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/owfs-developers
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform
available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Owfs-developers mailing list
Owfs-developers@lists.sourceforge.net
<mailto:Owfs-developers@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/owfs-developers
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Owfs-developers mailing list
Owfs-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owfs-developers
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Owfs-developers mailing list
Owfs-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owfs-developers
