Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple PeerConnections with the same nodeId but different PeerAddress #1422

Merged
merged 1 commit into from
Jul 8, 2020
Merged

Multiple PeerConnections with the same nodeId but different PeerAddress #1422

merged 1 commit into from
Jul 8, 2020

Conversation

vivien-apple
Copy link
Contributor

Problem

  • when someone connects to a peripheral using a secure connection, the platform trust the nodeid from the message header. But if a there is a second connection (made from a different address:port) with the same nodeid then some messages will be sent to the first node in reaction to messages from the second node.
    The second node can also forced the connection to the first node to stay active.

I was unsure of what is the expected behavior here, so I made a tentative patch that consider the last connection to be the right one.

andy31415
andy31415 reviewed Jul 2, 2020
View reviewed changes
src/transport/SecureSessionMgr.cpp Outdated
// connection, mark the previous connection invalid in order to not have duplicate node ids.
if (connection->mPeerConnections.FindPeerConnectionState(header.GetSourceNodeId().Value(), &state))
{
connection->mPeerConnections.MarkConnectionInvalid(state);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We may want a callback when this happens. For any persistent channels (TCP or BLE) we will need to close the connection.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any objections if I change the name of the current callbacks ?

I was thinking of something like:
OnMessageReceived -> OnMessage
OnReceivedError -> OnError

It would let me reuse the OnError callback and the embedder can then decide what to do depending on the type of errors.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems reasonable. Can we somehoe give the OnError callback context to detect when a 'overwrite/cancel' is provided?

Maybe OnExpiry then is also OnError.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vivien-apple ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@woody-apple Yeah sorry for the latency I'm trying to figure out what I want exactly.

@andy31415 OnExpiry ? Does it exists in the tree or did you mean something else ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Connection expiry exists currently in the tree and is treated reasonably stand-alone:

https://github.com/project-chip/connectedhomeip/blob/master/src/transport/SecureSessionMgr.h#L182

we may need some thought since this particular type of error has sideeffects (need to free up resources on the connection)... but maybe any error on a connection should close/free it.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also see we are piling up changes and wondering if we should try to make some changes here or file an issue and work on these things separately.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right. So I end up just calling the expiry callback when this thing happens. Would be better to do it separately.

@woody-apple
Copy link
Contributor

@vivien-apple ?

@vivien-apple vivien-apple force-pushed the Various_SecureSessionMultipleNodeIdsDifferentPeerAddress branch from 57c80b7 to 41eec3e Compare July 7, 2020 19:15
@CLAassistant
Copy link

CLAassistant commented Jul 7, 2020
edited
Loading

CLA assistant check
All committers have signed the CLA.

@BroderickCarlin BroderickCarlin merged commit c3e81c3 into project-chip:master Jul 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@woody-apple woody-apple woody-apple approved these changes

@andy31415 andy31415 andy31415 left review comments

@jelderton jelderton jelderton approved these changes

@BroderickCarlin BroderickCarlin BroderickCarlin approved these changes

@anush-apple anush-apple Awaiting requested review from anush-apple

@chrisdecenzo chrisdecenzo Awaiting requested review from chrisdecenzo

@hawk248 hawk248 Awaiting requested review from hawk248

@robszewczyk robszewczyk Awaiting requested review from robszewczyk

@saurabhst saurabhst Awaiting requested review from saurabhst

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@vivien-apple @woody-apple @CLAassistant @andy31415 @BroderickCarlin @jelderton