[jira] [Comment Edited] (KUDU-1900) Localhost connections to single-host clusters on Ubuntu don't skip TLS

Fri, 01 Feb 2019 21:38:42 -0800 


    [ 
https://issues.apache.org/jira/browse/KUDU-1900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16758883#comment-16758883
 ] 

Alexey Serbin edited comment on KUDU-1900 at 2/2/19 5:37 AM:
-------------------------------------------------------------

[~grishick], I think the piece of the code you mentioned is 
https://github.com/apache/kudu/blob/990bb4d134c8fd9bd4621cd2fb9827d47f623db7/src/kudu/rpc/server_negotiation.cc#L512

However, I think the essence is in {{Socket::IsLoopbackConnection()}}.  The 
suggestion is to update its implementation to be more robust and 
straightforward in case if both the remote and the local addresses of the 
socket are loopback ones, i.e. in 127.0.0.0/8 subnet.

Maybe, this wiki article might be relevant: 
https://en.wikipedia.org/wiki/Localhost


was (Author: aserbin):
[~grishick], I think the piece of code you are interested in is 
https://github.com/apache/kudu/blob/990bb4d134c8fd9bd4621cd2fb9827d47f623db7/src/kudu/rpc/server_negotiation.cc#L512

However, I think the essence is in how {{Socket::IsLoopbackConnection()}} is 
implemented.  The suggestion is to update its implementation to be more robust 
and straightforward in case if both the remote and local addresses of the 
socket are loopback ones, i.e. in 127.0.0.0/8 subnet.  Maybe, this wiki article 
might be relevant: https://en.wikipedia.org/wiki/Localhost

> Localhost connections to single-host clusters on Ubuntu don't skip TLS
> ----------------------------------------------------------------------
>
>                 Key: KUDU-1900
>                 URL: https://issues.apache.org/jira/browse/KUDU-1900
>             Project: Kudu
>          Issue Type: Bug
>          Components: perf, security
>            Reporter: Todd Lipcon
>            Priority: Major
>              Labels: newbie
>
> On Ubuntu, it seems like we sometimes end up with connections from 127.0.1.1 
> to 127.0.0.1 when running a local cluster and connecting to to it from the 
> same machine. This is because Ubuntu puts an entry with the host's external 
> hostname in /etc/hosts as 127.0.1.1, and the tablet server ends up 
> registering with that name. The code that detects loopback connections sees 
> the "127.0.0.1 -> 127.0.1.1" and decides it's not loopback.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to