Determine IP address of Message sender from the socket, rather than trusting
the sender
---------------------------------------------------------------------------------------
Key: CASSANDRA-3462
URL: https://issues.apache.org/jira/browse/CASSANDRA-3462
Project: Cassandra
Issue Type: Sub-task
Components: Core
Affects Versions: 1.0.1
Environment: All.
Reporter: David Allsopp
A prerequisite for preventing malicious nodes from joining a cluster (parent
issue https://issues.apache.org/jira/browse/CASSANDRA-2274) is that we can
determine the IP of the sender (setting aside the fact that this may be spoofed
by a determined attacker).
Currently we deserialize the "from" IP address from the incoming message
header, using Header.deserialize() and
CompactEndpointSerializationHelper.deserialize() i.e. we trust the sender to
supply a true IP address.
We could stop storing the IP address in the message Header at all (saving a
small amount of space) and set the 'true' sender IP upon receipt of the
message, in org.apache.cassandra.net.IncomingTcpConnection, using
socket.getInetAddress().
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
