zenoh icon indicating copy to clipboard operation
zenoh copied to clipboard
verified publisher icon eclipse-zenoh

t errorr: Session vs Route did not match any configured ACL subject

Open Thongtdextra opened this issue 5 months ago • 1 comments

Describe the bug

Description of zenoh operation: At host A: 1 Session has ID = SessionA responsible for communication between internal device and RouterZenoh of hostA. 1 Route Zenoh has ID = RouteA responsible for communication between device and RouterZenoh B with ID = RouteB.

At HostB: 1 Session has ID = SessionB responsible for communication between internal device and RouterZenoh of hostingB. 1 Route Zenoh has ID = RouteB responsible for communication between device and RouterZenoh B with ID = RouteA.

I want to use access control to configure a whitelist of topics that are allowed to communicate between RouteA and RouteB over the Wg0 interface.

Here is the Route and Session configuration at A and B. And i still meet errorr: Session vs Route did not match any configured ACL subject. (in my config, HostA aka client will set access control, and other config have default access control (allow all traffic).

To reproduce

  1. ros2 run rmw_zenoh_cpp rmw_zenohd
  2. ros2 topic pub /mavros std_msgs/String "data: Hello ROS Develo"
  3. ros2 topic list

System info

// /// Configure access control (ACL) rules access_control: { "enabled": true, "default_permission": "allow", "rules": [ { "id": "rule1", "messages": [ "put", "delete", "declare_subscriber", "query", "reply", "declare_queryable", "liveliness_token", "liveliness_query", "declare_liveliness_subscriber" ], "flows":["egress","ingress"], "permission": "deny", "key_exprs": [ "mavros/**" ], } ], /// List of combinations of subjects. "subjects": [ { "id": "subject1", "interfaces": ["wg0","lo"], "link_protocols": [ "tcp", "udp", "tls", "quic", "ws", "serial", "unixsock-stream", "unixpipe", "vsock"], } ], // /// The policies list associates rules to subjects "policies": [ { "rules": ["rule1"], "subjects": ["subject1"] } ] },

Thongtdextra avatar Jul 25 '25 07:07 Thongtdextra

Hi @Thongtdextra,

I'm not sure what "Session vs Route" represents here. If you could please provide the logs as they are printed (with actual ZIDs) it would be more clear.

As a side-note, your "link_protocols" subject filter is redundant, since you seem to list all supported protocols, which is equivalent to not providing the filter at all.

oteffahi avatar Jul 31 '25 12:07 oteffahi