Resolve 1.0.1 bundle authentication issue
Hi all,
I'm new user of IBR-DTN, and I was having trouble with the simplest application ever : dtnping. I had the following warning when trying to ping from two distant machines (local ping worked fine) :
"WARNING BundleFilter: bundle rejected due to invalid authentication"
The thing is that I disabled every security in my dtnd configuration file, so there shouldn't be any check I guess. I've searched whether people had the same issue or not, and it seems some did. I digged up the code a little bit and found a strange part in ibrdtn/daemon/src/core/BundleCore.cpp.
At the very end of the file, in function void BundleCore::reload_filter_tables(), authentication is verified when the authentication feature is enabled, same with integrity (and signed bundles is enabled). But then, whatever the security options are, there is an integrity check as well as an auth check on incoming bundles. (a copy/paste might have gone wrong).
Basically commenting the last two lines solved the issue for me. I won't do any pull request, since I don't know if it's a tweak or the real solution but in the meantime, everybody who had the same issue can fix it at least temporarily.
Mathias
Hello Mathias,
the code you identified is not a copy & paste mistake. It does what it should do and that is verifying any incoming authentication header.
The reason why you get an authentication error is that the sender of the bundle adds authentication information to the bundle. IBR-DTN verifies every authentication extension even if you did not configured an authentication key.
The existing settings in the configuration allows you to make authentication mandatory. By default it is an optional extension, but as soon as it is present it will be verified.
Disable the authentication key at the sender and you'll be fine.
Kind regards, Johannes
Am 11.03.2015 um 10:15 schrieb Mathias Brulatout:
Hi all,
I'm new user of IBR-DTN, and I was having trouble with the simplest application ever : dtnping. I had the following warning when trying to ping from two distant machines (local ping worked fine) :
"WARNING BundleFilter: bundle rejected due to invalid authentication"
The thing is that I disabled every security in my dtnd configuration file, so there shouldn't be any check I guess. I've searched whether people had the same issue or not, and it seems some did. I digged up the code a little bit and found a strange part in ibrdtn/daemon/src/core/BundleCore.cpp.
At the very end of the file, in function void BundleCore::reload_filter_tables(), authentication is verified when the authentication feature is enabled, same with integrity (and signed bundles is enabled). But then, whatever the security options are, there is an integrity check as well as an auth check on incoming bundles. (a copy/paste might have gone wrong).
Basically commenting the last two lines solved the issue for me. I won't do any pull request, since I don't know if it's a tweak or the real solution but in the meantime, everybody who had the same issue can fix it at least temporarily.
Mathias
participants (2)
-
Johannes Morgenroth
-
Mathias Brulatout