[
https://issues.apache.org/jira/browse/HADOOP-16254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16819802#comment-16819802
]
He Xiaoqiao commented on HADOOP-16254:
--------------------------------------
Thanks [~daryn], [~vinayrpet] for your further valuable advices.
{quote}Include complete client's socket address instead of just hostname(i.e.
Hostname/IP:port ). This will help in identifying details about particular
client if required.
Instead of changing the RPC Request header, add the same field in
"IpcConnectionContextProto" as suggested by Daryn Sharp in the previous Jira.
Definitely don't want the peer address info passed on every call.
{quote}
it makes sense for me, I fully agree to maintain complete client's socket
address and move to "IpcConnectionContextProto", thus it does not need to do
domain resolve when #getRemoteAddress and also can reduce RPC load.
{quote}I was having deja vu seeing this jira. {quote}
Yes, this ticket originates from HDFS-13248, and based on some more discussions
and maillist suggestions, I initiate this issue, so...
{quote}Does it allow anyone to spoof addresses? If I didn't miss a safeguard,
-1 on this massive security hole.{quote}
About security vulnerability, I think it is limited, take RBF as an example,
1. router server will never use this field even if client set it.
2. I think we can reinforce checking at RPC layer (only regard as legal
parameter if current user/ugi is superuser) if client set proxyHostname and
send RPC request to Namenode directly.
The current patch is just draft version, and continue welcome furthermore
suggestions. Thanks all again.
> Add clientHostname to RPC header
> --------------------------------
>
> Key: HADOOP-16254
> URL: https://issues.apache.org/jira/browse/HADOOP-16254
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc
> Reporter: He Xiaoqiao
> Assignee: He Xiaoqiao
> Priority: Major
> Attachments: HADOOP-16254.001.patch, HADOOP-16254.002.patch
>
>
> In order to support data locality of RBF, we need to add new field about
> client hostname in the RPC headers of Router protocol calls.
> clientHostname represents hostname of client and forward by Router to
> Namenode to support data locality friendly. See more [RBF Data Locality
> Design|https://issues.apache.org/jira/secure/attachment/12965092/RBF%20Data%20Locality%20Design.pdf]
> in HDFS-13248 and [maillist
> vote|http://mail-archives.apache.org/mod_mbox/hadoop-common-dev/201904.mbox/%3CCAF3Ajax7hGxvowg4K_HVTZeDqC5H=3bfb7mv5sz5mgvadhv...@mail.gmail.com%3E].
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
