Packet Drop on Cohda MK5 with Parse_Secured_Header Error

Question

Packet Drop on Cohda MK5 with Parse_Secured_Header Error

buraksenkus opened this issue 3 years ago · 4 comments

I have two Cohda MK5 devices and I'm trying to test their CAM transmission between each other.

I can receive transmitted CAMs when using

Cohda stack on both devices
Vanetza stack on both devices.

But when I try to use Cohda stack on one device and Vanetza stack on other device, the device with Cohda stack receives CAMs successfully but the device with Vanetza stack gives below error.

received packet from 04:e5:48:20:57:16 (456 bytes)
Router dropped packet because of Parse_Secured_Header (2)

I've tried with --security none and --security dummy flags but nothing have changed. Can I disable this security check or is there some other major issues here that I'm not aware of?

Thanks!

Answer 1 · 2022-04-11T08:33:38.000Z

Hi @buraksenkus,

I am not sure and not familiar with the Cohda stack but the problem could be that Vanetza currently does not support the most recent ETSI V2X security standards (v1.3.1), but only v 1.2.1. Therefore it cannot decode CAMs signed by the Cohda stack which I guess uses v1.3.1. The other way round works because the Cohda stack probably understands both versions. One "solution" (depending on you use case) could be to try to force your Cohda stack to use v1.2.1 for the time being. But I never worked with the Cohda stack and don't know if that's easily possible.

There is also a PR active integrating v1.3.1 into Vanetza. However, I don't know what the status is there.

Probably @riebl has more/better ideas but maybe this already helps a bit.

Best regards
Keno

Answer 2 · 2022-04-11T12:21:20.000Z

Hi @kenog,

Thanks for your detailed explanation! By the help of you, I am able to disable the security checks and both devices can receive each other's CAMs.

For those who could encounter the same problem, I just set the ItsGnSecurity parameter to 0 in exampleETSI application setting of Cohda stack (e.g. obu.conf) and set the non-strict as command-line parameter of Vanetza stack.

Still, I'm wondering about if @riebl will confirm what you said.

Burak

Answer 3 · 2022-04-15T17:02:32.000Z

Keno is absolutely right about Vanetza supporting only v1.2.1 at the moment, which is not wire-compatible with v1.3.1. Support for v1.3.1 secured messages is on its way, however.

Even if both systems (Cohda and Vanetza in your case) use the very same protocol version, you can run into many issues due to mismatching security configurations. For example, they will only mutually trust V2X messages if these are signed by Authorization Tickets they know and those need to be issued by Authorization Authorities they believe to be trustworthy.

Answer 4 · 2022-04-15T21:40:12.000Z

OK then. Thank you both. For now, I will disable the security checks :)