Security and CLIENT/SERVER discovery

[manuelValch]

Hello, has anyone before tried security stack with CLIENT/SERVER ?

--Setup--
OS: oracle linux 9
fastdds: 3.2.1
fastcdr: 2.3.0
openssl: 3.0.7

For the context, I want to secure some communication between 3 clients,that communicates through loopback interface in udp.

In order to avoid having multicast traffic of SIMPLE discovery protocol set-up (with the doc):

• unicast only
• CLIENT/SERVER discovery

Managed to give server permission to communicate with this in the permission document:

        <grant name="DiscoveryServerPermission">
            <subject_name>[email protected], CN=discovery_server</subject_name>
            <validity>
                <not_before>2013-06-01T13:00:00</not_before>
                <not_after>2038-06-01T13:00:00</not_after>
            </validity>
            <allow_rule>
                <domains>
                    <id>0</id>
                </domains>
                <publish>
                    <topics>
                        <topic>eprosima_server_virtual_topic</topic>
                    </topics>
                </publish>
                <subscribe>
                    <topics>
                        <topic>eprosima_server_virtual_topic</topic>
                    </topics>
                </subscribe>
            </allow_rule>
            <default>DENY</default>
        </grant>

I see some strange warning messages that I do not understand:
[SECURITY Error] Cannot serialize ParticipantGenericMessage -> Function on_process_handshake
Looked into issue / discussion with this message did not found anything.

Though my clients start their communication.

Nothing in the security log file, even if I am running the logger in DEBUG:

                <property>
                    <name>dds.sec.log.plugin</name>
                    <value>builtin.DDS_LogTopic</value>
                </property>
                <!-- Configure DDS:Auth:PKI-DH plugin -->
                <property>
                    <name>dds.sec.log.builtin.DDS_LogTopic.logging_level</name>
                    <value>DEBUG_LEVEL</value>
                </property>
                <property>
                    <name>dds.sec.log.builtin.DDS_LogTopic.log_file</name>
                    <value>discovery_server-security.log</value>
                </property>

Not sure what I am missing here, anyone has an idea ?

[cferreiragonz]

Hello @manuelValch, could you try branch 3.2.x or master? They include #5843 which should solve the error you mentioned.

[manuelValch]

Hello @cferreiragonz, ok will try with https://github.com/eProsima/Fast-DDS/releases/tag/v3.3.0 and let you know.

Thank you for the answer

[manuelValch]

It does resolve the issue thanks.

Also I note that those permissions are not necessary for discovery servers:

                <publish>
                    <topics>
                        <topic>eprosima_server_virtual_topic</topic>
                    </topics>
                </publish>
                <subscribe>
                    <topics>
                        <topic>eprosima_server_virtual_topic</topic>
                    </topics>
                </subscribe>