void
Forwarder::onIncomingInterest(Face& inFace, const Interest& interest)
{
// receive Interest
NFD_LOG_DEBUG("onIncomingInterest face=" << inFace.getId() <<
" interest=" << interest.getName());
const_cast<Interest&>(interest).setIncomingFaceId(inFace.getId());
++m_counters.getNInInterests();
// /localhost scope control
bool isViolatingLocalhost = !inFace.isLocal() &&
LOCALHOST_NAME.isPrefixOf(interest.getName());
if (isViolatingLocalhost) {
NFD_LOG_DEBUG("onIncomingInterest face=" << inFace.getId() <<
" interest=" << interest.getName() << " violates /localhost");
// (drop)
return;
}
// PIT insert
shared_ptr<pit::Entry> pitEntry = m_pit.insert(interest).first;
// detect duplicate Nonce
int dnw = pitEntry->findNonce(interest.getNonce(), inFace);
bool hasDuplicateNonce = (dnw != pit::DUPLICATE_NONCE_NONE) ||
m_deadNonceList.has(interest.getName(), interest.getNonce());
if (hasDuplicateNonce) {
// goto Interest loop pipeline
this->onInterestLoop(inFace, interest, pitEntry);
return;
}
// cancel unsatisfy & straggler timer
this->cancelUnsatisfyAndStragglerTimer(pitEntry);
// is pending?
const pit::InRecordCollection& inRecords = pitEntry->getInRecords();
bool isPending = inRecords.begin() != inRecords.end();
if (!isPending) {
if (m_csFromNdnSim == nullptr) {
m_cs.find(interest,
bind(&Forwarder::onContentStoreHit, this, ref(inFace), pitEntry, _1, _2),
bind(&Forwarder::onContentStoreMiss, this, ref(inFace), pitEntry, _1));
}
else {
shared_ptr<Data> match = m_csFromNdnSim->Lookup(interest.shared_from_this());
if (match != nullptr) {
this->onContentStoreHit(inFace, pitEntry, interest, *match);
}
else {
this->onContentStoreMiss(inFace, pitEntry, interest);
}
}
}
else {
this->onContentStoreMiss(inFace, pitEntry, interest);
}
}
/**
* @brief Send Interest towards application
*/
virtual void
sendInterest(const Interest& interest)
{
NS_LOG_DEBUG("<< Interest " << interest);
shared_ptr<const Interest> interestPtr = interest.shared_from_this();
m_appFaceImpl.m_scheduler.scheduleEvent(time::seconds(0), [this, interestPtr] {
m_appFaceImpl.processInterestFilters(*interestPtr);
});
}
virtual void
checkPolicy(const Interest& interest,
int stepCount,
const ndn::OnInterestValidated& onValidated,
const ndn::OnInterestValidationFailed& onValidationFailed,
std::vector<shared_ptr<ndn::ValidationRequest> >& nextSteps)
{
onValidationFailed(interest.shared_from_this(),
"No rules for interest.");
}
void
AppFace::sendInterest(const Interest& interest)
{
NS_LOG_FUNCTION(this << &interest);
this->emitSignal(onSendInterest, interest);
// to decouple callbacks
Simulator::ScheduleNow(&App::OnInterest, m_app, interest.shared_from_this());
}
void
InternalFace::sendInterest(const Interest& interest)
{
this->emitSignal(onSendInterest, interest);
// Invoke .processInterest a bit later,
// to avoid potential problems in forwarding pipelines.
scheduler::schedule(time::seconds(0),
bind(&InternalFace::processInterest, this, interest.shared_from_this()));
}
void
ValidatorConfig::checkPolicy(const Interest& interest,
int nSteps,
const OnInterestValidated& onValidated,
const OnInterestValidationFailed& onValidationFailed,
std::vector<shared_ptr<ValidationRequest> >& nextSteps)
{
if (!m_shouldValidate)
return onValidated(interest.shared_from_this());
if (m_stepLimit == nSteps)
return onValidationFailed(interest.shared_from_this(),
"Maximum steps of validation reached");
bool isMatched = false;
int8_t checkResult = -1;
for (InterestRuleList::iterator it = m_interestRules.begin();
it != m_interestRules.end(); it++)
{
if ((*it)->match(interest))
{
isMatched = true;
checkResult = (*it)->check(interest, onValidated, onValidationFailed);
break;
}
}
if (!isMatched)
return onValidationFailed(interest.shared_from_this(), "No rule matched!");
if (checkResult == 0)
{
const Name& interestName = interest.getName();
Name signedName = interestName.getPrefix(-2);
Signature signature(interestName[-2].blockFromValue(),
interestName[-1].blockFromValue());
checkSignature(interest, signature, nSteps,
onValidated, onValidationFailed, nextSteps);
}
}
void
ValidatorInvitation::checkPolicy (const Interest& interest,
int stepCount,
const OnInterestValidated& onValidated,
const OnInterestValidationFailed& onValidationFailed,
vector<shared_ptr<ValidationRequest> >& nextSteps)
{
const Name& interestName = interest.getName();
if (!m_invitationInterestRule.match(interestName))
return onValidationFailed(interest.shared_from_this(),
"Invalid interest name: " + interest.getName().toUri());
Name signedName = interestName.getPrefix(-1);
ndn::Buffer signedBlob = ndn::Buffer(signedName.wireEncode().value(),
signedName.wireEncode().value_size());
Block signatureBlock = interestName.get(Invitation::SIGNATURE).blockFromValue();
Block signatureInfo = interestName.get(Invitation::KEY_LOCATOR).blockFromValue();
Signature signature(signatureInfo, signatureBlock);
if (signature.getKeyLocator().getType() != KeyLocator::KeyLocator_Name)
return onValidationFailed(interest.shared_from_this(),
"KeyLocator is not a name: " + interest.getName().toUri());
const Name & keyLocatorName = signature.getKeyLocator().getName();
Data innerData;
innerData.wireDecode(interestName.get(Invitation::INVITER_CERT).blockFromValue());
return internalCheck(signedBlob.buf(), signedBlob.size(),
signature,
keyLocatorName,
innerData,
bind(onValidated, interest.shared_from_this()),
bind(onValidationFailed, interest.shared_from_this(), _1));
}
void
Validator::validate(const Interest& interest,
const OnInterestValidated& onValidated,
const OnInterestValidationFailed& onValidationFailed,
int nSteps)
{
std::vector<shared_ptr<ValidationRequest> > nextSteps;
checkPolicy(interest, nSteps, onValidated, onValidationFailed, nextSteps);
if (nextSteps.empty()) {
// If there is no nextStep,
// that means InterestPolicy has already been able to verify the Interest.
// No more further processes.
return;
}
OnFailure onFailure = bind(onValidationFailed, interest.shared_from_this(), _1);
afterCheckPolicy(nextSteps, onFailure);
}
void
Forwarder::onIncomingInterest(Face& inFace, const Interest& interest)
{
// receive Interest
NFD_LOG_DEBUG("onIncomingInterest face=" << inFace.getId() <<
" interest=" << interest.getName());
const_cast<Interest&>(interest).setIncomingFaceId(inFace.getId());
++m_counters.getNInInterests();
// /localhost scope control
bool isViolatingLocalhost = !inFace.isLocal() &&
LOCALHOST_NAME.isPrefixOf(interest.getName());
if (isViolatingLocalhost) {
NFD_LOG_DEBUG("onIncomingInterest face=" << inFace.getId() <<
" interest=" << interest.getName() << " violates /localhost");
// (drop)
return;
}
// PIT insert
shared_ptr<pit::Entry> pitEntry = m_pit.insert(interest).first;
// detect duplicate Nonce
int dnw = pitEntry->findNonce(interest.getNonce(), inFace);
bool hasDuplicateNonce = (dnw != pit::DUPLICATE_NONCE_NONE) ||
m_deadNonceList.has(interest.getName(), interest.getNonce());
if (hasDuplicateNonce) {
// goto Interest loop pipeline
this->onInterestLoop(inFace, interest, pitEntry);
return;
}
// cancel unsatisfy & straggler timer
this->cancelUnsatisfyAndStragglerTimer(pitEntry);
// is pending?
const pit::InRecordCollection& inRecords = pitEntry->getInRecords();
bool isPending = inRecords.begin() != inRecords.end();
if (!isPending) {
// CS lookup
const Data* csMatch;
shared_ptr<Data> match;
if (m_csFromNdnSim == nullptr)
csMatch = m_cs.find(interest);
else {
match = m_csFromNdnSim->Lookup(interest.shared_from_this());
csMatch = match.get();
}
if (csMatch != 0) {
const_cast<Data*>(csMatch)->setIncomingFaceId(FACEID_CONTENT_STORE);
// XXX should we lookup PIT for other Interests that also match csMatch?
// invoke PIT satisfy callback
beforeSatisfyInterest(*pitEntry, *m_csFace, *csMatch);
this->dispatchToStrategy(pitEntry, bind(&Strategy::beforeSatisfyInterest, _1,
pitEntry, cref(*m_csFace), cref(*csMatch)));
// set PIT straggler timer
this->setStragglerTimer(pitEntry, true, csMatch->getFreshnessPeriod());
// goto outgoing Data pipeline
this->onOutgoingData(*csMatch, inFace);
return;
}
}
// insert InRecord
pitEntry->insertOrUpdateInRecord(inFace.shared_from_this(), interest);
// set PIT unsatisfy timer
this->setUnsatisfyTimer(pitEntry);
// FIB lookup
shared_ptr<fib::Entry> fibEntry = m_fib.findLongestPrefixMatch(*pitEntry);
// dispatch to strategy
this->dispatchToStrategy(pitEntry, bind(&Strategy::afterReceiveInterest, _1,
cref(inFace), cref(interest), fibEntry, pitEntry));
}
inline void
CommandInterestValidator::checkPolicy(const Interest& interest,
int stepCount,
const OnInterestValidated& onValidated,
const OnInterestValidationFailed& onValidationFailed,
std::vector<shared_ptr<ValidationRequest> >& nextSteps)
{
const Name& interestName = interest.getName();
//Prepare
if (interestName.size() < MIN_LENGTH)
return onValidationFailed(interest.shared_from_this(),
"Interest is not signed: " + interest.getName().toUri());
Name keyName;
try
{
Signature signature(interestName[POS_SIG_INFO].blockFromValue(),
interestName[POS_SIG_VALUE].blockFromValue());
if (signature.getType() != Signature::Sha256WithRsa)
return onValidationFailed(interest.shared_from_this(),
"Require SignatureSha256WithRsa");
SignatureSha256WithRsa sig(signature);
const KeyLocator& keyLocator = sig.getKeyLocator();
if (keyLocator.getType() != KeyLocator::KeyLocator_Name)
return onValidationFailed(interest.shared_from_this(),
"Key Locator is not a name");
keyName = IdentityCertificate::certificateNameToPublicKeyName(keyLocator.getName());
//Check if command is in the trusted scope
bool isInScope = false;
for (std::list<SecRuleSpecific>::iterator scopeIt = m_trustScopeForInterest.begin();
scopeIt != m_trustScopeForInterest.end();
++scopeIt)
{
if (scopeIt->satisfy(interestName, keyName))
{
if (scopeIt->isExempted())
{
return onValidated(interest.shared_from_this());
}
isInScope = true;
break;
}
}
if (isInScope == false)
return onValidationFailed(interest.shared_from_this(),
"Signer cannot be authorized for the command: " +
keyName.toUri());
//Check signature
if (!Validator::verifySignature(interestName.wireEncode().value(),
interestName.wireEncode().value_size() -
interestName[-1].size(),
sig, m_trustAnchorsForInterest[keyName]))
return onValidationFailed(interest.shared_from_this(),
"Signature cannot be validated: " +
interest.getName().toUri());
//Check if timestamp is valid
time::system_clock::TimePoint interestTime =
time::fromUnixTimestamp(time::milliseconds(interestName.get(POS_TIMESTAMP).toNumber()));
time::system_clock::TimePoint currentTime = time::system_clock::now();
LastTimestampMap::iterator timestampIt = m_lastTimestamp.find(keyName);
if (timestampIt == m_lastTimestamp.end())
{
if (!(currentTime - m_graceInterval <= interestTime &&
interestTime <= currentTime + m_graceInterval))
return onValidationFailed(interest.shared_from_this(),
"The command is not in grace interval: " +
interest.getName().toUri());
}
else
{
if (interestTime <= timestampIt->second)
return onValidationFailed(interest.shared_from_this(),
"The command is outdated: " +
interest.getName().toUri());
}
//Update timestamp
if (timestampIt == m_lastTimestamp.end())
{
m_lastTimestamp[keyName] = interestTime;
}
else
{
timestampIt->second = interestTime;
}
}
catch (Signature::Error& e)
{
return onValidationFailed(interest.shared_from_this(),
"No valid signature");
}
catch (IdentityCertificate::Error& e)
{
return onValidationFailed(interest.shared_from_this(),
"Cannot locate the signing key");
}
catch (Tlv::Error& e)
{
return onValidationFailed(interest.shared_from_this(),
"Cannot decode signature related TLVs");
}
return onValidated(interest.shared_from_this());
}
Entry::Entry(const Interest& interest)
: m_interest(interest.shared_from_this())
{
}
Entry::Entry(const Interest& interest)
: m_interest(interest.shared_from_this())
, m_nameTreeEntry(nullptr)
{
}
