Secure LLDP-based Topology Detection Current LLDP/BDDP-based Topology Detection is vulnerable to the creation of fake links via forged, modified, or replayed LLDP packets. This patch fixes this vulnerability by authenticating LLDP/BDDP packets using a Message Authentication Code and adding a timestamp to prevent replay. We use HMAC with SHA-256 has our Messge Authentication Code and derive the key from the config/cluster.json file via the ClusterMetadata class. Change-Id: I01dd6edc5cffd6dfe274bcdb97189f2661a6c4f1

commit: 31e16f57b10ebb5c0f98d8dbf779774df342ed03 [log] [tgz]
author: Samuel Jero <samuel.jero@ll.mit.edu> Fri Sep 21 10:34:28 2018 -0400
committer: Thomas Vachuska <tom@opennetworking.org> Wed Oct 17 15:59:31 2018 +0000
tree: a7ba8ab671228eb24f9e3ec6218bd9ac80f72131
parent: e8b28db08622accdb1d1ff503a7084f067d60fc8 [diff] [blame]
diff --git a/utils/misc/src/test/java/org/onlab/packet/ONOSLLDPTest.java b/utils/misc/src/test/java/org/onlab/packet/ONOSLLDPTest.java
index 268b5f5..b2494b5 100644
--- a/utils/misc/src/test/java/org/onlab/packet/ONOSLLDPTest.java
+++ b/utils/misc/src/test/java/org/onlab/packet/ONOSLLDPTest.java

@@ -30,8 +30,9 @@
     private static final Integer PORT_NUMBER = 2;
     private static final Integer PORT_NUMBER_2 = 98761234;
     private static final String PORT_DESC = "Ethernet1";
+    private static final String TEST_SECRET = "test";
 
-    private ONOSLLDP onoslldp = ONOSLLDP.onosLLDP(DEVICE_ID, CHASSIS_ID, PORT_NUMBER, PORT_DESC);
+    private ONOSLLDP onoslldp = ONOSLLDP.onosSecureLLDP(DEVICE_ID, CHASSIS_ID, PORT_NUMBER, PORT_DESC, TEST_SECRET);
 
     /**
      * Tests port number and getters.
commit	31e16f57b10ebb5c0f98d8dbf779774df342ed03	[log] [tgz]
author	Samuel Jero <samuel.jero@ll.mit.edu>	Fri Sep 21 10:34:28 2018 -0400
committer	Thomas Vachuska <tom@opennetworking.org>	Wed Oct 17 15:59:31 2018 +0000
tree	a7ba8ab671228eb24f9e3ec6218bd9ac80f72131
parent	e8b28db08622accdb1d1ff503a7084f067d60fc8 [diff] [blame]