mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benjamin Mahler <bmah...@apache.org>
Subject Re: Review Request 58224: Optionally verify the source IP address for libprocess messages.
Date Thu, 01 Jun 2017 22:34:52 GMT


> On May 31, 2017, 8:14 p.m., Andrew Schwartzmeyer wrote:
> > Does not build on Windows. Please ensure that the tests include _at least_ a compilation
on Windows before committing. The build is broken now.

I don't think we can expect users to compile on windows, OS X and linux for all of their patches.
We can notice reviewbot telling us the windows build is broken. But even then, without a submit
queue gating commits, we're going to accidentally break the build from time to time, we should
just be sure to fix quickly.

I think here we were operating with good intentions, since it's highly surprising that this
breaks the windows build due to PCH, we couldn't have anticipated that there was something
windows specific here. I would like to understand why the build broke, it seems weird to me
that we have to change a .cpp static global name.


- Benjamin


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58224/#review176508
-----------------------------------------------------------


On May 10, 2017, 6:06 p.m., James Peach wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58224/
> -----------------------------------------------------------
> 
> (Updated May 10, 2017, 6:06 p.m.)
> 
> 
> Review request for mesos and Benjamin Mahler.
> 
> 
> Bugs: MESOS-7401
>     https://issues.apache.org/jira/browse/MESOS-7401
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> In general, libprocess is unable to validate that a peer
> is a legitimate owner of the UPID it claims in a libprocess
> message. This change adds a check that the IP address in the
> UPID matches the peer address. This makes spoofing the UPID
> harder (eg. to send authenticated messages), but also breaks
> some legitimate configurations, particularly on multihomed
> hosts.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/src/process.cpp 96ce7dbc486a2f1d55d2238a8a102bf024b12b1c 
> 
> 
> Diff: https://reviews.apache.org/r/58224/diff/11/
> 
> 
> Testing
> -------
> 
> make check (Fedora 25). Light manual testing.
> 
> With LIBPROCESS_require_peer_address_ip_match=true, all Mesos tests pass except ``ExamplesTest.DiskFullFramework``,
however enabling this will definitely break some libprocess APIs (though not in the way that
Mesos uses them) and legitimate multi-homed configurations. Note that setting LIBPROCESS_ip=127.0.0.1
makes you multihomed for this purpose, which is why ``ExamplesTest.DiskFullFramework`` breaks.
> 
> 
> Thanks,
> 
> James Peach
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message