-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58224/
-----------------------------------------------------------
(Updated May 4, 2017, 3:52 p.m.)
Review request for mesos and Benjamin Mahler.
Changes
-------
Added documentation.
Bugs: MESOS-7401
https://issues.apache.org/jira/browse/MESOS-7401
Repository: mesos
Description
-------
In general, libprocess is unable to validate that a peer
is a legitimate owner of the UPID it claims in a libprocess
message. This change adds a check that the IP address in the
UPID matches the peer address. This makes spoofing the UPID
harder (eg. to send authenticated messages), but also breaks
some legitimate configurations, particularly on multihomed
hosts.
Diffs (updated)
-----
3rdparty/libprocess/src/process.cpp f5b666f894215cb1861c244c94b382e0739bc5c9
docs/configuration.md 79cada3c9403881bf257d653f721d32e55607a7f
Diff: https://reviews.apache.org/r/58224/diff/7/
Changes: https://reviews.apache.org/r/58224/diff/6-7/
Testing
-------
make check (Fedora 25). Light manual testing.
With LIBPROCESS_require_peer_address_ip_match=true, all Mesos tests pass except
``ExamplesTest.DiskFullFramework``, however enabling this will definitely break
some libprocess APIs (though not in the way that Mesos uses them) and
legitimate multi-homed configurations. Note that setting
LIBPROCESS_ip=127.0.0.1 makes you multihomed for this purpose, which is why
``ExamplesTest.DiskFullFramework`` breaks.
Thanks,
James Peach
