[Nfd-dev] Auto prefix propagation and clock sync

Lee, Jongdeog jlee700 at illinois.edu
Thu Mar 23 09:52:59 PDT 2017 

Dear Junxiao,

  Auto prefix propagation finally works.
  The problem was clock synchronization. My machine is about 30 seconds off-synced with the Illinois forwarder.
  I did not know the relation between auto prefix propagation and clock synchronization.

  After synching my machine to one of NTP servers, auto prefix works just fine.
  Thanks for pointing it out, Junxiao.

Best wishes,
Jongdeog Lee (JD)

------------------------------------------------
Ph.D. Student
Department of Computer Science
University of Illinois at Urbana-Champaign
________________________________
From: Junxiao Shi [shijunxiao at email.arizona.edu]
Sent: Wednesday, March 22, 2017 9:54 AM
To: Lee, Jongdeog
Cc: nfd-dev at lists.cs.ucla.edu
Subject: Re: [Nfd-dev] Auto prefix propagation on multiple machines

Hi Jongdeog

“authorization reject” is the message used in the management dispatcher on ControlResponse with code 403.
NFD-RIB commands on /localhop/nfd/rib prefix is verified by the trust schema defined on rib.localhop_security config section.
If you are getting 403 in reply to a prefix registration command, this means the command is not authenticated or authorized by that trust schema.

It’s intentional to hide the detailed error from the client, to prevent leaking sensitive information.
Currently, the detailed error isn’t logged on the server (router) side either. You may try to add logging to the authorization function<https://github.com/named-data/NFD/blob/d396b61ba14a84b34d3ae65db4530062f7d43301/rib/rib-manager.cpp#L331>, and install the re-compiled version on the router.

Yours, Junxiao

On Mar 17, 2017, at 1:59 PM, Lee, Jongdeog <jlee700 at illinois.edu<mailto:jlee700 at illinois.edu>> wrote:
what are the conditions that the NDN node replies this error message to the producer regarding auto prefix registration: "authorization rejected"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20170323/3a66a2cd/attachment.html>

More information about the Nfd-dev mailing list