Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-2274 Restrict Cassandra cluster node joins to a list of named hosts
  3. CASSANDRA-3462

Determine IP address of Message sender from the socket, rather than trusting the sender

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Normal
    • Resolution: Not A Problem
    • 1.0.3
    • None

    • All.

    Description

      A prerequisite for preventing malicious nodes from joining a cluster (parent issue https://issues.apache.org/jira/browse/CASSANDRA-2274) is that we can determine the IP of the sender (setting aside the fact that this may be spoofed by a determined attacker).

      Currently we deserialize the "from" IP address from the incoming message header, using Header.deserialize() and CompactEndpointSerializationHelper.deserialize() i.e. we trust the sender to supply a true IP address.

      We could stop storing the IP address in the message Header at all (saving a small amount of space) and set the 'true' sender IP upon receipt of the message, in org.apache.cassandra.net.IncomingTcpConnection, using socket.getInetAddress().

      Attachments

        1. Cassandra-3462.patch
          1.0 kB
          David Allsopp
        2. Cassandra-3462-v2.patch
          2 kB
          David Allsopp

        Activity

          People

            Unassigned Unassigned
            dallsopp David Allsopp
            Brandon Williams
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: