Tigase Forge
Dashboards
Projects
Global Views
Code Search
server-core
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Packages
Statistics
Child Projects
OneDev 11.9.7
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects tigase _server server-core Issues #339
Prevent tigase cluster from connecting to itself (#339)
Wojciech Kapcia (Tigase) opened 1 decade ago

Avoid establishing cluster connection to the node itself to avoid connectivity issues (i.e. source = target IP(s) of the machine)

  • Wojciech Kapcia (Tigase) commented 1 decade ago

    • prevent loading cluster node details from repository if it would resolve to local instance;

    • terminate tigase instance if in cluster-mode it resolve it's hostname to 'localhost';

    • terminate incoming cluster connections if they for some reason came from the same instance (highly unlikely, but to be on the safe side);

  • Artur Hefczyc commented 1 decade ago

    Code review comments.

    I looked in the ClusterConnectionManager changes and I am not sure if the condition is correct (maybe I misunderstand the code):

      // we ignore any local addresses
  if (!addr.isAnyLocalAddress() && !addr.isLoopbackAddress()  && !( NetworkInterface.getByInetAddress( addr ) != null ) ){
    log.log( Level.WARNING, "Cluster handshake received from this instance, terminating: {0}", serv_addr );
    return;
  }

    Shouldn't it be actually like this?

      // we ignore any local addresses
  if (addr.isAnyLocalAddress() || addr.isLoopbackAddress()  || ( NetworkInterface.getByInetAddress( addr ) == null ) ){
    log.log( Level.WARNING, "Cluster handshake received from this instance, terminating: {0}", serv_addr );
    return;
  }
  • Artur Hefczyc commented 1 decade ago

    Another comment, similar, but related to ClConConfigRepository modifications.

    Piece of code:

      isCorrect = !addr.isAnyLocalAddress() && !addr.isLoopbackAddress() && !( NetworkInterface.getByInetAddress( addr ) != null );

    I think the last condition should be different, either remove '!' or use '==' for null testing:

      isCorrect = !addr.isAnyLocalAddress() && !addr.isLoopbackAddress() && ( NetworkInterface.getByInetAddress( addr ) != null );
  • Wojciech Kapcia (Tigase) commented 1 decade ago

    • NetworkInterface.getByInetAddress( addr ) != null indicates that given address is local (it's matched against any of the local interfaces) hence the condition in ClConConfigRepository is (was*) correct;

    • ClusterConnectionManager is indeed wrong - condition logic is inverted in comparison to ClConConfigRepository from where it was taken - this was corrected;

    • (*) I've reverted the behaviour of ClConConfigRepository.clusterRecordValid() to previous state and moved the check to ClusterConnectionManager.itemAdded() as, apart from obviously wrong cluster items like @localhost@, we still need to load all valid cluster items in order to proceed with the password handshake.

    Tested on our test-cluster.

  • Artur Hefczyc commented 1 decade ago

    Ok, thank you for explanation. It makes sense now.

    Just a small note then. Instead of:

    !(NetworkInterface.getByInetAddress( addr ) != null )

    it is better to have simpler:

    (NetworkInterface.getByInetAddress( addr ) == null )
issue 1 of 1
Type
Bug
Priority
Normal
Assignee
Artur Hefczyc
RedmineID
2014
Version
tigase-server-7.0.0
Spent time
0
Issue Votes (0)
Login to vote
Watchers (0)
Reference
tigase/_server/server-core#339
Please wait...
Page is in error, reload to recover