[jira] [Work logged] (HDFS-16495) RBF should prepend the client ip rather than append it.

Tue, 08 Mar 2022 14:05:07 -0800 


     [ 
https://issues.apache.org/jira/browse/HDFS-16495?focusedWorklogId=738401&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-738401
 ]

ASF GitHub Bot logged work on HDFS-16495:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 08/Mar/22 22:04
            Start Date: 08/Mar/22 22:04
    Worklog Time Spent: 10m 
      Work Description: omalley opened a new pull request #4054:
URL: https://github.com/apache/hadoop/pull/4054


   ### Description of PR
   
   Makes RBF prepends the client ip & port to the caller context and removes 
previous values. This avoids a couple problems:
   * User can't fake their network address to the NN.
   * It is less likely to have false positives (accidental conflicts), since 
the critical information that is under system control comes first.
   
   ### How was this patch tested?
   
   The relevant unit tests were fixed and run.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

            Worklog Id:     (was: 738401)
    Remaining Estimate: 0h
            Time Spent: 10m

> RBF should prepend the client ip rather than append it.
> -------------------------------------------------------
>
>                 Key: HDFS-16495
>                 URL: https://issues.apache.org/jira/browse/HDFS-16495
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>            Reporter: Owen O'Malley
>            Assignee: Owen O'Malley
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Currently the Routers append the client ip to the caller context if and only 
> if it is not already set. This would allow the user to fake their ip by 
> setting the caller context. Much better is to prepend it unconditionally.
> The NN must be able to trust the client ip from the caller context.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to