Projects tigase _server server-core Issues #339
Prevent tigase cluster from connecting to itself (#339)
Closed
wojciech.kapcia@tigase.net opened 1 decade ago

Avoid establishing cluster connection to the node itself to avoid connectivity issues (i.e. source = target IP(s) of the machine)

wojciech.kapcia@tigase.net commented 1 decade ago
  • prevent loading cluster node details from repository if it would resolve to local instance;

  • terminate tigase instance if in cluster-mode it resolve it's hostname to 'localhost';

  • terminate incoming cluster connections if they for some reason came from the same instance (highly unlikely, but to be on the safe side);

Artur Hefczyc commented 1 decade ago

Code review comments.

I looked in the ClusterConnectionManager changes and I am not sure if the condition is correct (maybe I misunderstand the code):

  // we ignore any local addresses
  if (!addr.isAnyLocalAddress() && !addr.isLoopbackAddress()  && !( NetworkInterface.getByInetAddress( addr ) != null ) ){
    log.log( Level.WARNING, "Cluster handshake received from this instance, terminating: {0}", serv_addr );
    return;
  }

Shouldn't it be actually like this?

  // we ignore any local addresses
  if (addr.isAnyLocalAddress() || addr.isLoopbackAddress()  || ( NetworkInterface.getByInetAddress( addr ) == null ) ){
    log.log( Level.WARNING, "Cluster handshake received from this instance, terminating: {0}", serv_addr );
    return;
  }
Artur Hefczyc commented 1 decade ago

Another comment, similar, but related to ClConConfigRepository modifications.

Piece of code:

  isCorrect = !addr.isAnyLocalAddress() && !addr.isLoopbackAddress() && !( NetworkInterface.getByInetAddress( addr ) != null );

I think the last condition should be different, either remove '!' or use '==' for null testing:

  isCorrect = !addr.isAnyLocalAddress() && !addr.isLoopbackAddress() && ( NetworkInterface.getByInetAddress( addr ) != null );
wojciech.kapcia@tigase.net commented 1 decade ago
  • NetworkInterface.getByInetAddress( addr ) != null indicates that given address is local (it's matched against any of the local interfaces) hence the condition in ClConConfigRepository is (was*) correct;

  • ClusterConnectionManager is indeed wrong - condition logic is inverted in comparison to ClConConfigRepository from where it was taken - this was corrected;

  • (*) I've reverted the behaviour of ClConConfigRepository.clusterRecordValid() to previous state and moved the check to ClusterConnectionManager.itemAdded() as, apart from obviously wrong cluster items like @localhost@, we still need to load all valid cluster items in order to proceed with the password handshake.

Tested on our test-cluster.

Artur Hefczyc commented 1 decade ago

Ok, thank you for explanation. It makes sense now.

Just a small note then. Instead of:

!(NetworkInterface.getByInetAddress( addr ) != null )

it is better to have simpler:

(NetworkInterface.getByInetAddress( addr ) == null )
issue 1 of 1
Type
Bug
Priority
Normal
Assignee
RedmineID
2014
Version
tigase-server-7.0.0
Spent time
10h 30m
Issue Votes (0)
Watchers (0)
Reference
tigase/_server/server-core#339
Please wait...
Page is in error, reload to recover