----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58224/#review173718 -----------------------------------------------------------
Patch looks great! Reviews applied: [58928, 58224] Passed command: export OS='ubuntu:14.04' BUILDTOOL='autotools' COMPILER='gcc' CONFIGURATION='--verbose' ENVIRONMENT='GLOG_v=1 MESOS_VERBOSE=1'; ./support/docker-build.sh - Mesos Reviewbot On May 2, 2017, 9:02 p.m., James Peach wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58224/ > ----------------------------------------------------------- > > (Updated May 2, 2017, 9:02 p.m.) > > > Review request for mesos and Benjamin Mahler. > > > Bugs: MESOS-7401 > https://issues.apache.org/jira/browse/MESOS-7401 > > > Repository: mesos > > > Description > ------- > > In general, libprocess is unable to validate that a peer > is a legitimate owner of the UPID it claims in a libprocess > message. This change adds a check that the IP address in the > UPID matches the peer address. This makes spoofing the UPID > harder (eg. to send authenticated messages), but also breaks > some legitimate configurations, particularly on multihomed > hosts. > > > Diffs > ----- > > 3rdparty/libprocess/src/process.cpp > f5b666f894215cb1861c244c94b382e0739bc5c9 > > > Diff: https://reviews.apache.org/r/58224/diff/4/ > > > Testing > ------- > > make check (Fedora 25). Light manual testing. > > With LIBPROCESS_pin_peer_address=true, all Mesos tests pass except > ``ExamplesTest.DiskFullFramework``, however enabling this will definitely > break some libprocess APIs (though not in the way that Mesos uses them) and > legitimate multi-homed configurations. Note that setting > LIBPROCESS_ip=127.0.0.1 makes you multihomed for this purpose, which is why > ``ExamplesTest.DiskFullFramework`` breaks. > > > Thanks, > > James Peach > >
