You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@mesos.apache.org by James Peach <jp...@apache.org> on 2017/04/18 21:02:11 UTC
Re: Review Request 58224: Optionally verify the source IP address for
libprocess messages.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58224/
-----------------------------------------------------------
(Updated April 18, 2017, 9:02 p.m.)
Review request for mesos and Mesos Reviewbot.
Changes
-------
Rebased, added options, fixed tests and addressed review feedback.
Summary (updated)
-----------------
Optionally verify the source IP address for libprocess messages.
Repository: mesos
Description (updated)
-------
In general, libprocess is unable to validate that a peer
is a legitimate owner of the UPID it claims in a libprocess
message. This change adds a check that the IP address in the
UPID matches the peer address. This makes spoofing the UPID
harder (eg. to send authenticated messages), but also breaks
some legitimate configurations, particularly on multihomed
hosts.
Diffs (updated)
-----
3rdparty/libprocess/src/process.cpp 92efa915414c2a38b18de99858c66b63e757f63c
3rdparty/libprocess/src/tests/process_tests.cpp bf90c7e78fd50ad7e16cc0a69a248ba71e2a7115
3rdparty/libprocess/src/tests/test_linkee.cpp 921d67695bc0e4d601e9f74fbc625d69bf36ba50
Diff: https://reviews.apache.org/r/58224/diff/2/
Changes: https://reviews.apache.org/r/58224/diff/1-2/
Testing (updated)
-------
make check (Fedora 25). Light manual testing.
With LIBPROCESS_pin_peer_address=true, all Mesos tests pass except ``ExamplesTest.DiskFullFramework``, however enabling this will definitely break some libprocess APIs (though not in the way that Mesos uses them) and legitimate multi-homed configurations. Note that setting LIBPROCESS_ip=127.0.0.1 makes you multihomed for this purpose, which is why ``ExamplesTest.DiskFullFramework`` breaks.
Thanks,
James Peach
Re: Review Request 58224: Optionally verify the source IP address for
libprocess messages.
Posted by Mesos Reviewbot <re...@mesos.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58224/#review172303
-----------------------------------------------------------
Patch looks great!
Reviews applied: [58517, 58224]
Passed command: export OS='ubuntu:14.04' BUILDTOOL='autotools' COMPILER='gcc' CONFIGURATION='--verbose' ENVIRONMENT='GLOG_v=1 MESOS_VERBOSE=1'; ./support/docker-build.sh
- Mesos Reviewbot
On April 18, 2017, 9:11 p.m., James Peach wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58224/
> -----------------------------------------------------------
>
> (Updated April 18, 2017, 9:11 p.m.)
>
>
> Review request for mesos and Mesos Reviewbot.
>
>
> Bugs: MESOS-7401
> https://issues.apache.org/jira/browse/MESOS-7401
>
>
> Repository: mesos
>
>
> Description
> -------
>
> In general, libprocess is unable to validate that a peer
> is a legitimate owner of the UPID it claims in a libprocess
> message. This change adds a check that the IP address in the
> UPID matches the peer address. This makes spoofing the UPID
> harder (eg. to send authenticated messages), but also breaks
> some legitimate configurations, particularly on multihomed
> hosts.
>
>
> Diffs
> -----
>
> 3rdparty/libprocess/src/process.cpp 92efa915414c2a38b18de99858c66b63e757f63c
> 3rdparty/libprocess/src/tests/process_tests.cpp bf90c7e78fd50ad7e16cc0a69a248ba71e2a7115
> 3rdparty/libprocess/src/tests/test_linkee.cpp 921d67695bc0e4d601e9f74fbc625d69bf36ba50
>
>
> Diff: https://reviews.apache.org/r/58224/diff/2/
>
>
> Testing
> -------
>
> make check (Fedora 25). Light manual testing.
>
> With LIBPROCESS_pin_peer_address=true, all Mesos tests pass except ``ExamplesTest.DiskFullFramework``, however enabling this will definitely break some libprocess APIs (though not in the way that Mesos uses them) and legitimate multi-homed configurations. Note that setting LIBPROCESS_ip=127.0.0.1 makes you multihomed for this purpose, which is why ``ExamplesTest.DiskFullFramework`` breaks.
>
>
> Thanks,
>
> James Peach
>
>
Re: Review Request 58224: Optionally verify the source IP address for
libprocess messages.
Posted by James Peach <jp...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58224/
-----------------------------------------------------------
(Updated April 18, 2017, 9:11 p.m.)
Review request for mesos and Mesos Reviewbot.
Bugs: MESOS-7401
https://issues.apache.org/jira/browse/MESOS-7401
Repository: mesos
Description
-------
In general, libprocess is unable to validate that a peer
is a legitimate owner of the UPID it claims in a libprocess
message. This change adds a check that the IP address in the
UPID matches the peer address. This makes spoofing the UPID
harder (eg. to send authenticated messages), but also breaks
some legitimate configurations, particularly on multihomed
hosts.
Diffs
-----
3rdparty/libprocess/src/process.cpp 92efa915414c2a38b18de99858c66b63e757f63c
3rdparty/libprocess/src/tests/process_tests.cpp bf90c7e78fd50ad7e16cc0a69a248ba71e2a7115
3rdparty/libprocess/src/tests/test_linkee.cpp 921d67695bc0e4d601e9f74fbc625d69bf36ba50
Diff: https://reviews.apache.org/r/58224/diff/2/
Testing
-------
make check (Fedora 25). Light manual testing.
With LIBPROCESS_pin_peer_address=true, all Mesos tests pass except ``ExamplesTest.DiskFullFramework``, however enabling this will definitely break some libprocess APIs (though not in the way that Mesos uses them) and legitimate multi-homed configurations. Note that setting LIBPROCESS_ip=127.0.0.1 makes you multihomed for this purpose, which is why ``ExamplesTest.DiskFullFramework`` breaks.
Thanks,
James Peach