Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Minor
Fix Version/s: Lustre 2.13.0, Lustre 2.12.1
Affects Version/s: Lustre 2.12.0
Labels:
- lnet
- patch
- sec

Severity:
3
Rank (Obsolete):
9223372036854775807

Description

Asymmetrical routes can be an issue when debugging network, and allowing them also opens the door to attacks where hostile clients inject data to the servers.

This is explained for instance in this presentation from Dave Holland from Sanger:
https://youtu.be/Yf29eyR_2AU?t=1359

The idea is to check if the LNet messages received from a remote peer are coming through a router that would normally be used by this node to reach the remote peer. If it is not the case, then it means we are dealing with asymmetrical routing, and we want to drop such messages.

The check for asymmetrical route messages could be switched on/off on a per-node basis.

I will propose a patch to implement this idea.

Attachments

Issue Links

mentioned in: Page Loading...

Activity

People

Assignee:: Sebastien Buisson

Reporter:: Sebastien Buisson

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 28/Jan/19 4:53 PM

Updated:: 01/Apr/19 2:08 PM

Resolved:: 03/Mar/19 2:47 PM