[Nfd-dev] [EXT]Re: Try NDNCERT (based on Interest-Data exchange) and get an NDN certificate today

Junxiao Shi shijunxiao at email.arizona.edu
Fri Feb 5 01:26:26 PST 2021 

Hi Zhiyi

I can see that the NFD on suns was last restarted at 2021-02-05 03:05:02
UTC, which explains the "end of file" message.

"request time out" likely came from ndn::nfd::Controller for failing to
register prefixes, because NFD-RIB is not yet ready.
I think you need to add some delay (a RestartSec directive) in the systemd
unit.
Also, it's missing BindsTo=nfd.service , unless you are leaving it off
because you are using user systemd rather than system-wide systemd.



Anyway, I've tested the service.
CA profile retrieval is working now.

However, the NewResponse packet is encoded incorrectly - it contains an
unrecognized TLV element of critical type 0x9B.
Packet capture is attached.

I can see that the offending line is here:
https://github.com/Zhiyi-Zhang/ndncert/blob/cac27f1128883096c803d70b3c6d2cab50e1cd10/src/detail/new-renew-revoke-encoder.cpp#L91
The protocol doesn't have a Status field in this packet:
https://github.com/named-data/ndncert/wiki/NDNCERT-Protocol-0.3/0d11d48d9ebee022eee71dee14f1342e0905a620#232-packet-format

Your decoding function is not implementing TLV evolvability correctly.
https://github.com/Zhiyi-Zhang/ndncert/blob/cac27f1128883096c803d70b3c6d2cab50e1cd10/src/detail/new-renew-revoke-encoder.cpp#L102
If it encounters an unrecognized or out-of-order field of a critical
TLV-TYPE. However, the current decoding function would erroneously accept
any unrecognized or out-of-order fields of critical TLV-TYPEs.
All new NDN software is expected to properly implement TLV evolvability.
Please see ndn::Interest type in ndn-cxx for an example.

Please reply when you have fixed the NewResponse bug, so I can re-test.

Yours, Junxiao

On Thu, Feb 4, 2021, 23:53 Zhiyi Zhang <zhiyi at cs.ucla.edu> wrote:

> *External Email*
> It seems the network on the Suns is not stable and the service reports the
> following error several times:
>
> ```
> Feb 05 03:05:01 suns.cs.ucla.edu ndncert-ca-server[6005]: terminate
> called after throwing an instance of
> 'boost::exception_detail::clone_impl<boost::exception_detail::error_info_injector<
> *ndn::Transport::Error*> >'
> Feb 05 03:05:01 suns.cs.ucla.edu ndncert-ca-server[6005]:   what():  *error
> while receiving data from socket (End of file)*
> ...
> Feb 05 03:05:12 suns.cs.ucla.edu ndncert-ca-server[16981]: *ERROR:
> request timed out*
> ```
>
> I restarted the service.
>
> Best,
> Zhiyi
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20210205/4f64c42b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: zhiyi-ndncert_20210205.pcapng
Type: application/octet-stream
Size: 1720 bytes
Desc: not available
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20210205/4f64c42b/attachment-0001.obj>

More information about the Nfd-dev mailing list