Details

    • Type: Sub-task Sub-task
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Not a Problem
    • Fix Version/s: 1.0.3
    • Component/s: Core
    • Environment:

      All.

      Description

      A prerequisite for preventing malicious nodes from joining a cluster (parent issue https://issues.apache.org/jira/browse/CASSANDRA-2274) is that we can determine the IP of the sender (setting aside the fact that this may be spoofed by a determined attacker).

      Currently we deserialize the "from" IP address from the incoming message header, using Header.deserialize() and CompactEndpointSerializationHelper.deserialize() i.e. we trust the sender to supply a true IP address.

      We could stop storing the IP address in the message Header at all (saving a small amount of space) and set the 'true' sender IP upon receipt of the message, in org.apache.cassandra.net.IncomingTcpConnection, using socket.getInetAddress().

      1. Cassandra-3462.patch
        1.0 kB
        David Allsopp
      2. Cassandra-3462-v2.patch
        2 kB
        David Allsopp

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Unassigned
            Reporter:
            David Allsopp
            Reviewer:
            Brandon Williams
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development