You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kudu.apache.org by "Alexey Serbin (JIRA)" <ji...@apache.org> on 2019/02/02 05:36:00 UTC
[jira] [Comment Edited] (KUDU-1900) Localhost connections to
single-host clusters on Ubuntu don't skip TLS
[ https://issues.apache.org/jira/browse/KUDU-1900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16758883#comment-16758883 ]
Alexey Serbin edited comment on KUDU-1900 at 2/2/19 5:35 AM:
-------------------------------------------------------------
[~grishick], I think the piece of code you are interested in is https://github.com/apache/kudu/blob/990bb4d134c8fd9bd4621cd2fb9827d47f623db7/src/kudu/rpc/server_negotiation.cc#L512
However, I think the essence is in how {{Socket::IsLoopbackConnection()}} is implemented. The suggestion is to update its implementation to be more robust and straightforward in case if both the remote and local addresses of the socket are loopback ones, i.e. in 127.0.0.0/8 subnet. Maybe, this wiki article might be relevant: https://en.wikipedia.org/wiki/Localhost
was (Author: aserbin):
[~grishick], I think the piece of code you are interested in is https://github.com/apache/kudu/blob/990bb4d134c8fd9bd4621cd2fb9827d47f623db7/src/kudu/rpc/server_negotiation.cc#L512
> Localhost connections to single-host clusters on Ubuntu don't skip TLS
> ----------------------------------------------------------------------
>
> Key: KUDU-1900
> URL: https://issues.apache.org/jira/browse/KUDU-1900
> Project: Kudu
> Issue Type: Bug
> Components: perf, security
> Reporter: Todd Lipcon
> Priority: Major
> Labels: newbie
>
> On Ubuntu, it seems like we sometimes end up with connections from 127.0.1.1 to 127.0.0.1 when running a local cluster and connecting to to it from the same machine. This is because Ubuntu puts an entry with the host's external hostname in /etc/hosts as 127.0.1.1, and the tablet server ends up registering with that name. The code that detects loopback connections sees the "127.0.0.1 -> 127.0.1.1" and decides it's not loopback.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)