Secure LLDP-based Topology Detection Current LLDP/BDDP-based Topology Detection is vulnerable to the creation of fake links via forged, modified, or replayed LLDP packets. This patch fixes this vulnerability by authenticating LLDP/BDDP packets using a Message Authentication Code and adding a timestamp to prevent replay. We use HMAC with SHA-256 has our Messge Authentication Code and derive the key from the config/cluster.json file via the ClusterMetadata class. Change-Id: I01dd6edc5cffd6dfe274bcdb97189f2661a6c4f1

commit: 31e16f57b10ebb5c0f98d8dbf779774df342ed03 [log] [tgz]
author: Samuel Jero <samuel.jero@ll.mit.edu> Fri Sep 21 10:34:28 2018 -0400
committer: Thomas Vachuska <tom@opennetworking.org> Wed Oct 17 15:59:31 2018 +0000
tree: a7ba8ab671228eb24f9e3ec6218bd9ac80f72131
parent: e8b28db08622accdb1d1ff503a7084f067d60fc8 [diff] [blame]
diff --git a/tools/package/onos-run-karaf b/tools/package/onos-run-karaf
index b0c371f..ac58826 100755
--- a/tools/package/onos-run-karaf
+++ b/tools/package/onos-run-karaf

@@ -54,12 +54,13 @@
     [ -d $ONOS_DIR/config ] || mkdir -p $ONOS_DIR/config
     cat > $ONOS_DIR/config/cluster.json <<-EOF
     {
-      "name": "default",
+      "name": "default-$RANDOM",
       "node": {
         "id": "$IP",
         "ip": "$IP",
         "port": 9876
-      }
+      },
+      "clusterSecret": "$RANDOM"
     }
 EOF
commit	31e16f57b10ebb5c0f98d8dbf779774df342ed03	[log] [tgz]
author	Samuel Jero <samuel.jero@ll.mit.edu>	Fri Sep 21 10:34:28 2018 -0400
committer	Thomas Vachuska <tom@opennetworking.org>	Wed Oct 17 15:59:31 2018 +0000
tree	a7ba8ab671228eb24f9e3ec6218bd9ac80f72131
parent	e8b28db08622accdb1d1ff503a7084f067d60fc8 [diff] [blame]