-
Notifications
You must be signed in to change notification settings - Fork 172
Miscellaneous small improvements for socktap, btp and geonet #106
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
8cf87d8
55047fa
41fb2d1
addc659
e0195c0
591e87a
6c3fdd7
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -43,6 +43,7 @@ int main(int argc, const char** argv) | |
| ("print-rx-cam", "Print received CAMs") | ||
| ("print-tx-cam", "Print generated CAMs") | ||
| ("benchmark", "Enable benchmarking") | ||
| ("non-strict", "Set MIB parameter ItsGnSnDecapResultHandling to NON_STRICT") | ||
| ; | ||
|
|
||
| po::positional_options_description positional_options; | ||
|
|
@@ -107,6 +108,9 @@ int main(int argc, const char** argv) | |
| mib.itsGnLocalGnAddr.is_manually_configured(true); | ||
| mib.itsGnLocalAddrConfMethod = geonet::AddrConfMethod::Managed; | ||
| mib.itsGnSecurity = false; | ||
| if (vm.count("non-strict")) { | ||
| mib.itsGnSnDecapResultHandling = vanetza::geonet::SecurityDecapHandling::Non_Strict; | ||
| } | ||
| mib.itsGnProtocolVersion = vm["gn-version"].as<unsigned>(); | ||
|
|
||
| if (mib.itsGnProtocolVersion != 0 && mib.itsGnProtocolVersion != 1) { | ||
|
|
@@ -144,6 +148,7 @@ int main(int argc, const char** argv) | |
| for (auto& chain_path : vm["certificate-chain"].as<std::vector<std::string> >()) { | ||
| auto chain_certificate = security::load_certificate_from_file(chain_path); | ||
| chain.push_back(chain_certificate); | ||
| cert_cache.insert(chain_certificate); | ||
|
|
||
| // Only add root certificates to trust store, so certificate requests are visible for demo purposes. | ||
|
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Regarding this comment and the change above: Demonstrating certificate requests by using tickets signed by different AAs is a cleaner way and closer to the use of this feature in the real world. If you want to keep this need for a request for the own AA certificate as a demo feature, I would propose that it is off by default and can be activated via a command line option. |
||
| if (chain_certificate.subject_info.subject_type == security::SubjectType::Root_CA) { | ||
|
|
@@ -172,7 +177,7 @@ int main(int argc, const char** argv) | |
| security::VerifyService verify_service = straight_verify_service(trigger.runtime(), *certificate_provider, *certificate_validator, *crypto_backend, cert_cache, sign_header_policy, positioning); | ||
|
|
||
| security::DelegatingSecurityEntity security_entity(sign_service, verify_service); | ||
| RouterContext context(raw_socket, mib, trigger, positioning, security_entity); | ||
| RouterContext context(raw_socket, mib, trigger, positioning, &security_entity); | ||
| context.require_position_fix(vm.count("require-gnss-fix") > 0); | ||
|
|
||
| CamApplication cam_app(positioning, trigger.runtime()); | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -398,7 +398,6 @@ void Router::indicate_basic(IndicationContextBasic& ctx) | |
| indicate_secured(ctx, *basic); | ||
| } else if (basic->next_header == NextHeaderBasic::Common) { | ||
| if (!m_mib.itsGnSecurity || SecurityDecapHandling::Non_Strict == m_mib.itsGnSnDecapResultHandling) { | ||
| indication.security_report = security::DecapReport::Unsigned_Message, | ||
|
Owner
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. No,
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Oh, sorry, that commit/change needs to be moved to #105. There, Apart from that, please have a look at the explanation in the commit message. Essentially, the security report is the report from the security entity which is never invoked for packets without secure header. |
||
| indicate_common(ctx, *basic); | ||
| } else { | ||
| packet_dropped(PacketDropReason::Decap_Unsuccessful_Strict); | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this beneficial? From my point of view, this causes an additional memory allocation and thus this should be justifiable.
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When Vanetza shares stdout with other threads that manipulate the flags for stdout, it can happen (although rarely and unpredictable) that the
std::hexflag set in the streaming operator overload ofMacAddressis not properly cleared. One could probably move the special treatment to the streaming operator overload.If you don't see that as a problem Socktap/Vanetza should care about, feel free to omit this commit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, but socktap is not multi-threaded ;-) If this is going to change, we will need some more sophisticated logging anyway.