-
Notifications
You must be signed in to change notification settings - Fork 160
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarification on validateEgressID Logic for SCION Packet Processing #4497
Comments
Thanks, @mlimbeck, for the detailed bug report.
You're right, there is no situation where a packet is received on interface 0 and should be forwarded internally. Here's a small script that creates a packet that will be internally "bounced" between the routers of an AS: https://gist.github.com/matzf/13de17cef9d0b29811a1660b3f52426f You found a nasty bug! 💯 |
A packet received on the internal interface would previously be "bounced" to the responsible egress router. This is forbidden in the SCION design and was an accidental mis-feature of the processing logic. Fixes scionproto#4497
A packet received on the internal interface would previously be "bounced" to the responsible egress router. This is forbidden in the SCION design and was an accidental mis-feature of the processing logic. Fixes scionproto#4497
A packet received on the internal interface would previously be "bounced" to the responsible egress router. This is forbidden in the SCION design and was an accidental mis-feature of the processing logic. Fixes scionproto#4497
A packet received on the internal interface would previously be "bounced" to the responsible egress router. This is forbidden in the SCION design and was an accidental mis-feature of the processing logic. Fixes scionproto#4497
A packet received on the internal interface would previously be "bounced" to the responsible egress router. This is forbidden in the SCION design and was an accidental mis-feature of the processing logic. Fixes #4497
Description:
cc: @jcp19
During the verification of router logic within the VerifiedSCION project, I encountered a possible problem in the
scionPacketProcessor
'svalidateEgressID
function that might miss an additional check. The code snippet in question is as follows:This checks whether a received packet can be forwarded either internally or externally based on the
pktEgressID
. My concern revolves around the scenario wherep.ingressID == 0
, indicating that the packet has already entered the Autonomous System (AS) and will be forwarded by the router internally. This situation seems to contradict the SCION protocol's design, where a packet is only handled twice within an AS: once by the ingress router and once by the egress router. This case is also not included in the following comment in thescionPacketProcessor
'sprocess
function:Question:
Whenever a packet is leaving the AS through another Border Router, shouldn't it be ensured that
p.ingressID != 0
?Am I misunderstanding something, or is there actually a situation where
p.ingressID == 0
and the packet is still meant to be forwarded internally?The text was updated successfully, but these errors were encountered: