No aging needed. The token is generated once per owserver run and reused.
owserver only needs to see if a message is repeatedly coming in, and it
knows the direction (query or response) of the message.
On Fri, May 2, 2014 at 1:05 PM, Jerry Scharf <sch...@lagunawayconsulting.com
> wrote:
> Paul,
>
> If you let the sender set the limit and it's something like a 8 or 16 bit
> value, it is effectively not limited. If the entire internet can work with
> 64 router hops, it is really hard for me to imagine that owserver
> forwarding can't. With this, the state is in the forwarded message rather
> than owserver, which scales much better.
>
> I haven't looked at the code, but I would assume that each forwarding node
> needs to keep and age out a list of labels that it has forwarded and match
> every request against that list. Lots of complex code that has scaling
> issues. This has to be done on all the forwarding nodes because the loop
> may not include the originating node. That is a far greater limit than hop
> count, IMO.
>
> jerry
>
>
> On 05/02/2014 08:38 AM, Paul Alfille wrote:
>
> Yes, I chose the second approach (hash of some relatively unique data)
> just to avoid arbitrary limits, even if they are unlikely to be exceeded in
> actual use. That's a general design objective throughout owfs.
>
> I'm amused that you designed just about the same scheme, including the
> hash, that is actually implemented. Part of the unique information is the
> command line arguments, but Stefano found I botched the looping.
>
>
> On Fri, May 2, 2014 at 11:00 AM, Stefano Miccoli <mo...@icloud.com> wrote:
>
>> Actually your second option is exactly what is implemented in 2.9p4, with
>> the md5 implementation from
>> http://en.wikipedia.org/wiki/MD5#Simple_implementation,
>> see SetupAntiloop in module/owserver/src/c/owserver.c
>>
>> My concerns about this approach are not linked to the security, but the
>> robustness of the code. But of course, adding a dependency to a new library
>> (like libuuid from util-linux) may not be the right answer.
>>
>> Stefano
>>
>> On 02 May 2014, at 16:30, Jerry Scharf <sch...@lagunawayconsulting.com>
>> wrote:
>>
>> Paul,
>>
>> If all you are trying to do is loop detection, there are a couple ways I
>> know to do it.
>>
>> The simplest way to do it is a "time to live" field like IP does it.
>> Start it at some number (64 in standard for IP, but we would probably want
>> it to be lower) and every time you forward it, decrement the TTL. When it
>> hits 0, drop it (and possibly send an error back.) The number could be
>> configurable, but something like 4 or 8 seems like a reasonable number.
>> This requires no extra software and takes just a few lines to implement.
>>
>> The other way is to take a bunch of information like the IP address,
>> owserver pid and a sequence number and run it through a cryptographic hash.
>> The size is constant, the odds of duplication are vanishingly small and it
>> discloses no information. You don't need anything secure, so 128 bit MD5 is
>> fine and there may be even shorter ones. This requires having the crypto
>> hash software available, which may be a challenge across the range of
>> systems owserver can install.
>>
>> jerry
>>
>> On 05/02/2014 04:50 AM, Paul Alfille wrote:
>>
>> Good catch on the bug you patched.
>>
>> I'd love to open a discussion of the UUID feature.
>>
>> Let me state the problem area for background information:
>> 1. owserver can be configured to send requests "upstream" -- to another
>> owserver
>> A. This is done at the command line or via a configuration file
>> B This cannot be done by a mear user
>> C There is no limit on the length of the chain of owserver
>> redirections.
>> 2. Any chain of owserver redirections will eventually reach an end unless
>> there is a loop in the sequence.
>> The solution: owserver adds a "unique token" (16 bytes of data) to the
>> end of messages passing upstream, and makes sure incoming messages don't
>> have it's unique token.
>>
>> Potential problems:
>> 1. owserver could be altered to not look for the token
>> A. Well, any rogue program or shell script that you allow to be run can
>> be malicious.
>> 2. The tokens could be altered in transit.
>> A. Again, if you don't have control of your network traffic, anyone
>> can inject any amount of traffic
>> 3. The token might be non-unique
>> A. The is a fail safe in terms of network traffic
>> B Part of the 1-wire network would be inaccessible.
>>
>> Based on my analysis, the only real risk is non-unique tokens, and
>> given the typically small extent of owserver networks, only modest
>> uniqueness guarantees are needed.
>>
>> I thought of using an existing library (like UUID) but it's a nuisance
>> for users to find and build another package. Especially since we are
>> cross-platform and multiarchitecture. I try to reserve using libraries for
>> complex and essential functions (like USB access).
>>
>> Still, I'm open to the debate.
>>
>> Paul
>>
>>
>>
>>
>>
>> On Thu, May 1, 2014 at 5:46 PM, Stefano Miccoli <mo...@icloud.com> wrote:
>>
>>> Thanks for including my suggestions in p4!
>>>
>>> I found a small bug in the new antiloop code
>>> (module/owserver/src/c/owserver.c) please see the attached patch.
>>>
>>> Stefano
>>>
>>>
>>>
>>>
>>> PS:
>>>
>>> in my opinion, instead of the MD5 hash of some process data, a UUID <
>>> http://en.wikipedia.org/wiki/Universally_unique_identifier> would be
>>> more appropriate for the antiloop feature.
>>>
>>> On 30 Apr 2014, at 02:35, Paul Alfille <paul.alfi...@gmail.com> wrote:
>>>
>>> Release Notes owfs 2.9p4
>>> 4/30/2014
>>>
>>> New features
>>> 1. Switch to git for source management
>>> Still hosted on sourceforge.net
>>> git clone git://git.code.sf.net/p/owfs/code owfs-code
>>> cvs history brought over.
>>> 2. Clean and test DS2409 (Microlan) hubs
>>> Addressing problem found by Ors Tiszay
>>> Works well with passive devices
>>> Problems with powered slaves, but probably not a software issue.
>>> 3. Improved and tested owserver protocol for server-to-server
>>> communication
>>> Use md5 hash for unique token
>>> Fixed byte counting issue in write messages
>>> Null-terminated string no longer required in path string
>>> (problem pointed out by Stefano Miccoli)
>>> 4. Added /system/configuration/version
>>> Reports owserver version
>>> Request from Stefano Miccoli
>>>
>>> Fixes
>>> 1. Double initialization of mutex fixed
>>> Show stopper in FreeBSD
>>> Found by Johan Strom
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>>> Instantly run your Selenium tests across 300+ browser/OS combos. Get
>>> unparalleled scalability from the best Selenium testing platform
>>> available.
>>> Simple to use. Nothing to install. Get started now for free."
>>>
>>> http://p.sf.net/sfu/SauceLabs_______________________________________________
>>> Owfs-developers mailing list
>>> Owfs-developers@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/owfs-developers
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>>> Instantly run your Selenium tests across 300+ browser/OS combos. Get
>>> unparalleled scalability from the best Selenium testing platform
>>> available.
>>> Simple to use. Nothing to install. Get started now for free."
>>> http://p.sf.net/sfu/SauceLabs
>>> _______________________________________________
>>> Owfs-developers mailing list
>>> Owfs-developers@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/owfs-developers
>>>
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>> Instantly run your Selenium tests across 300+ browser/OS combos. Get
>> unparalleled scalability from the best Selenium testing platform available.
>> Simple to use. Nothing to install. Get started now for
>> free."http://p.sf.net/sfu/SauceLabs
>>
>>
>>
>> _______________________________________________
>> Owfs-developers mailing
>> listOwfs-developers@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/owfs-developers
>>
>>
>> ------------------------------------------------------------------------------
>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>> Instantly run your Selenium tests across 300+ browser/OS combos. Get
>> unparalleled scalability from the best Selenium testing platform
>> available.
>> Simple to use. Nothing to install. Get started now for free."
>>
>> http://p.sf.net/sfu/SauceLabs_______________________________________________
>> Owfs-developers mailing list
>> Owfs-developers@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/owfs-developers
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>> Instantly run your Selenium tests across 300+ browser/OS combos. Get
>> unparalleled scalability from the best Selenium testing platform
>> available.
>> Simple to use. Nothing to install. Get started now for free."
>> http://p.sf.net/sfu/SauceLabs
>> _______________________________________________
>> Owfs-developers mailing list
>> Owfs-developers@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/owfs-developers
>>
>>
>
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos. Get
> unparalleled scalability from the best Selenium testing platform available.
> Simple to use. Nothing to install. Get started now for
> free."http://p.sf.net/sfu/SauceLabs
>
>
>
> _______________________________________________
> Owfs-developers mailing
> listOwfs-developers@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/owfs-developers
>
>
>
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos. Get
> unparalleled scalability from the best Selenium testing platform available.
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Owfs-developers mailing list
> Owfs-developers@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owfs-developers
>
>
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Owfs-developers mailing list
Owfs-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owfs-developers
