You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by su...@apache.org on 2011/09/09 02:49:14 UTC
svn commit: r1166952 - in /hadoop/common/branches/branch-0.20-security:
CHANGES.txt src/core/org/apache/hadoop/net/NetUtils.java
src/test/org/apache/hadoop/net/TestNetUtils.java
Author: suresh
Date: Fri Sep 9 00:49:14 2011
New Revision: 1166952
URL: http://svn.apache.org/viewvc?rev=1166952&view=rev
Log:
Promoting from 0.21 - HADOOP-6722. NetUtils.connect should check that it hasn't connected a socket to itself. Contributed by Todd Lipcon.
Added:
hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/net/TestNetUtils.java
Modified:
hadoop/common/branches/branch-0.20-security/CHANGES.txt
hadoop/common/branches/branch-0.20-security/src/core/org/apache/hadoop/net/NetUtils.java
Modified: hadoop/common/branches/branch-0.20-security/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security/CHANGES.txt?rev=1166952&r1=1166951&r2=1166952&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security/CHANGES.txt (original)
+++ hadoop/common/branches/branch-0.20-security/CHANGES.txt Fri Sep 9 00:49:14 2011
@@ -104,6 +104,9 @@ Release 0.20.205.0 - unreleased
HDFS-1122. client block verification may result in blocks in
DataBlockScanner prematurely. (Sam Rash via jitendra)
+ HADOOP-6722. NetUtils.connect should check that it hasn't connected a socket
+ to itself. (Todd Lipcon via suresh)
+
IMPROVEMENTS
MAPREDUCE-2187. Reporter sends progress during sort/merge. (Anupam Seth via
Modified: hadoop/common/branches/branch-0.20-security/src/core/org/apache/hadoop/net/NetUtils.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security/src/core/org/apache/hadoop/net/NetUtils.java?rev=1166952&r1=1166951&r2=1166952&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security/src/core/org/apache/hadoop/net/NetUtils.java (original)
+++ hadoop/common/branches/branch-0.20-security/src/core/org/apache/hadoop/net/NetUtils.java Fri Sep 9 00:49:14 2011
@@ -29,6 +29,7 @@ import java.net.SocketException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.UnknownHostException;
+import java.net.ConnectException;
import java.nio.channels.SocketChannel;
import java.util.Map.Entry;
import java.util.*;
@@ -406,6 +407,21 @@ public class NetUtils {
} else {
SocketIOWithTimeout.connect(ch, endpoint, timeout);
}
+
+ // There is a very rare case allowed by the TCP specification, such that
+ // if we are trying to connect to an endpoint on the local machine,
+ // and we end up choosing an ephemeral port equal to the destination port,
+ // we will actually end up getting connected to ourself (ie any data we
+ // send just comes right back). This is only possible if the target
+ // daemon is down, so we'll treat it like connection refused.
+ if (socket.getLocalPort() == socket.getPort() &&
+ socket.getLocalAddress().equals(socket.getInetAddress())) {
+ LOG.info("Detected a loopback TCP socket, disconnecting it");
+ socket.close();
+ throw new ConnectException(
+ "Localhost targeted connection resulted in a loopback. " +
+ "No daemon is listening on the target port.");
+ }
}
/**
Added: hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/net/TestNetUtils.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/net/TestNetUtils.java?rev=1166952&view=auto
==============================================================================
--- hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/net/TestNetUtils.java (added)
+++ hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/net/TestNetUtils.java Fri Sep 9 00:49:14 2011
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.net;
+
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+import java.net.Socket;
+import java.net.ConnectException;
+import java.net.InetSocketAddress;
+import java.net.SocketException;
+
+import org.apache.hadoop.conf.Configuration;
+
+public class TestNetUtils {
+
+ /**
+ * Test that we can't accidentally connect back to the connecting socket due
+ * to a quirk in the TCP spec.
+ *
+ * This is a regression test for HADOOP-6722.
+ */
+ @Test
+ public void testAvoidLoopbackTcpSockets() throws Exception {
+ Configuration conf = new Configuration();
+
+ Socket socket = NetUtils.getDefaultSocketFactory(conf)
+ .createSocket();
+ socket.bind(new InetSocketAddress("localhost", 0));
+ System.err.println("local address: " + socket.getLocalAddress());
+ System.err.println("local port: " + socket.getLocalPort());
+ try {
+ NetUtils.connect(socket,
+ new InetSocketAddress(socket.getLocalAddress(), socket.getLocalPort()),
+ 20000);
+ socket.close();
+ fail("Should not have connected");
+ } catch (ConnectException ce) {
+ System.err.println("Got exception: " + ce);
+ assertTrue(ce.getMessage().contains("resulted in a loopback"));
+ } catch (SocketException se) {
+ // Some TCP stacks will actually throw their own Invalid argument
+ // exception here. This is also OK.
+ assertTrue(se.getMessage().contains("Invalid argument"));
+ }
+ }
+}