[LU-11894] Check for asymmetrical route messages in LNet Created: 28/Jan/19 Updated: 01/Apr/19 Resolved: 03/Mar/19 |
|
| Status: | Resolved |
| Project: | Lustre |
| Component/s: | None |
| Affects Version/s: | Lustre 2.12.0 |
| Fix Version/s: | Lustre 2.13.0, Lustre 2.12.1 |
| Type: | Bug | Priority: | Minor |
| Reporter: | Sebastien Buisson | Assignee: | Sebastien Buisson |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | lnet, patch, sec | ||
| Severity: | 3 |
| Rank (Obsolete): | 9223372036854775807 |
| Description |
|
Asymmetrical routes can be an issue when debugging network, and allowing them also opens the door to attacks where hostile clients inject data to the servers. This is explained for instance in this presentation from Dave Holland from Sanger: The idea is to check if the LNet messages received from a remote peer are coming through a router that would normally be used by this node to reach the remote peer. If it is not the case, then it means we are dealing with asymmetrical routing, and we want to drop such messages. The check for asymmetrical route messages could be switched on/off on a per-node basis. I will propose a patch to implement this idea. |
| Comments |
| Comment by Gerrit Updater [ 28/Jan/19 ] |
|
Sebastien Buisson (sbuisson@ddn.com) uploaded a new patch: https://review.whamcloud.com/34119 |
| Comment by Gerrit Updater [ 03/Mar/19 ] |
|
Oleg Drokin (green@whamcloud.com) merged in patch https://review.whamcloud.com/34119/ |
| Comment by Peter Jones [ 03/Mar/19 ] |
|
Landed for 2.13 |
| Comment by Gerrit Updater [ 19/Mar/19 ] |
|
Minh Diep (mdiep@whamcloud.com) uploaded a new patch: https://review.whamcloud.com/34457 |
| Comment by Gerrit Updater [ 01/Apr/19 ] |
|
Oleg Drokin (green@whamcloud.com) merged in patch https://review.whamcloud.com/34457/ |