Thanks to visit codestin.com
Credit goes to github.com

Skip to content

jets: remove +de:sivc punt logging #5826

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jul 13, 2022
Merged

jets: remove +de:sivc punt logging #5826

merged 4 commits into from
Jul 13, 2022

Conversation

@joemfb
Copy link
Collaborator

@joemfb joemfb commented Jun 4, 2022

The "punt" logging pattern in the crypto jets was intended to surface unusual error conditions. But urcrypt and libaes-siv don't clearly distinguish between deterministic decryption failure and other errors (invalid calls, allocation failures, &c). to ensure determinism, so the relevant jets "punt" all errors back to the nock interpreter. And +de:sivc is used by ames, which means that receiving any invalid ciphertext or stale keys produces noisy, useless output: two lines of sivc-de-punt per packet.

The PR just removes the logging, but there are two non-trivial next steps which should be done:

  • deterministic decryption failure should not punt

Accomplishing this will require review of libaes-siv and the openssl functions it depends on, and may require patches to distinguish error conditions. This is important for many reasons, not the least of which is that punting is expensive (and therefore a DOS vector).

  • receipt of bad packets needs better tracking and logging

Other than the (accidentally) frequent "punt" logging, the ames driver keeps a counter of failed packets and prints every 1K (or every time with -v). But if we're receiving lots of invalid packets with a valid ames header, there's a good chance that we or our peer is behind on PKI state. (And if packets from a particular ip:port are consistently invalid, we probably want to stop try to process them for a while.)

@joemfb joemfb requested a review from belisarius222 June 4, 2022 05:05
belisarius222
belisarius222 approved these changes Jun 4, 2022
View reviewed changes
Copy link
Collaborator

@belisarius222 belisarius222 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I approve. This logging annoys more than informs.

If the encryption libraries don't report whether their error was deterministic, then the only guaranteed-correct way to handle that is for Nock to treat any error as nondeteterministic. Otherwise we could mistakenly think encryption failed deterministically, which would violate Nock.

belisarius222
belisarius222 approved these changes Jun 4, 2022
View reviewed changes
Copy link
Collaborator

@belisarius222 belisarius222 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I approve. This logging annoys more than informs.

If the encryption libraries don't report whether their error was deterministic, then the only guaranteed-correct way to handle that is for Nock to treat any error as nondeteterministic. Otherwise we could mistakenly think encryption failed deterministically, which would violate Nock.

@joemfb
Copy link
Collaborator Author

joemfb commented Jul 13, 2022

@belisarius222 I've gone ahead and replaced the "punt" on decryption failure with bail:evil (non-deterministic), and special-cased that in the event dispatch logic to elide the error-notification event. This handles both DOS and verbose punt-logging issues.

@joemfb joemfb requested a review from belisarius222 July 13, 2022 02:27
belisarius222
belisarius222 approved these changes Jul 13, 2022
View reviewed changes
Copy link
Collaborator

@belisarius222 belisarius222 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@joemfb joemfb force-pushed the jb/sivc-no-punt branch from 788cd79 to c5312ee Compare July 13, 2022 15:50
@joemfb
Copy link
Collaborator Author

joemfb commented Jul 13, 2022

@belisarius222 sorry for dripping these changes out. I realized that we never need stack traces for bail:evil, so I'm dropping them in u3m_soft(). And I decided to track them separately in the ames driver, and print a more specific error message. Pilots have really started depending on sivc-de-punt as an indicator of lagging azimuth state (see #5748), so I think we need to replace it with something else.

PTOML (one more)

@joemfb joemfb requested a review from belisarius222 July 13, 2022 15:54
belisarius222
belisarius222 approved these changes Jul 13, 2022
View reviewed changes
Copy link
Collaborator

@belisarius222 belisarius222 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good again

@joemfb joemfb merged commit dd8df1b into next/vere Jul 13, 2022
@joemfb joemfb deleted the jb/sivc-no-punt branch July 13, 2022 21:27
@joemfb joemfb mentioned this pull request Aug 19, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@belisarius222 belisarius222 belisarius222 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@joemfb @belisarius222