[LU-11894] Check for asymmetrical route messages in LNet - Whamcloud Community JIRA

Details

Type: Bug
Resolution: Fixed
Priority: Minor
Fix Version/s: Lustre 2.13.0, Lustre 2.12.1
Affects Version/s: Lustre 2.12.0
Labels:
- lnet
- patch
- sec

Severity:
3
Rank (Obsolete):
9223372036854775807

Description

Asymmetrical routes can be an issue when debugging network, and allowing them also opens the door to attacks where hostile clients inject data to the servers.

This is explained for instance in this presentation from Dave Holland from Sanger:
https://youtu.be/Yf29eyR_2AU?t=1359

The idea is to check if the LNet messages received from a remote peer are coming through a router that would normally be used by this node to reach the remote peer. If it is not the case, then it means we are dealing with asymmetrical routing, and we want to drop such messages.

The check for asymmetrical route messages could be switched on/off on a per-node basis.

I will propose a patch to implement this idea.

Attachments

Issue Links

mentioned in: Page Loading...

Activity

[LU-11894] Check for asymmetrical route messages in LNet

Peter Jones made changes - 01/Apr/19 2:08 PM

Labels

Original: LTS12 lnet patch sec

New: lnet patch sec

Peter Jones made changes - 01/Apr/19 2:08 PM

Fix Version/s

New: Lustre 2.12.1 [ 14406 ]

Peter Jones made changes - 03/Mar/19 2:47 PM

Labels

Original: lnet patch sec

New: LTS12 lnet patch sec

Peter Jones made changes - 03/Mar/19 2:47 PM

Fix Version/s		New: Lustre 2.13.0 [ 14290 ]
Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

Amir Shehata (Inactive) made changes - 06/Feb/19 1:34 AM

Remote Link

New: This issue links to "Page (Whamcloud Community Wiki)" [ 23610 ]

Sebastien Buisson created issue - 28/Jan/19 4:53 PM

People

Assignee:: Sebastien Buisson

Reporter:: Sebastien Buisson

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 28/Jan/19 4:53 PM

Updated:: 01/Apr/19 2:08 PM

Resolved:: 03/Mar/19 2:47 PM