alfred: Don't accept user defined dataset source address in slave mode
Commit Message
The dataset source is used by master servers to identify if it has to be
forwarded to other master servers. The data::source of an incoming UDP
push_data is checked and compared against the address of the node sending
the dataset. If both are same then the dataset is marked as
SOURCE_FIRST_HAND. Otherwise it is already synced dataset (SOURCE_SYNCED).
Only datasets marked as SOURCE_FIRST_HAND or SOURCE_LOCAL will be forwarded
by master servers.
Allowing slave servers to accept push_data packets via unix socket with a
modified data::source would break the synchronization of datasets between
the master servers. The slave server would forward data to the master
server as always but the master would now mark the packet as SOURCE_SYNCED.
The synchronization process would end here. Parts of the alfred servers
would therefore have access to the dataset and some not.
Instead drop the incoming push_data with a set data::source on the slave.
No alfred server will have the dataset and the stable inconsistency is
avoided.
Fixes: 58e109973bbe ("alfred: Allow setting the source mac via unix sock")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
---
Depends on the patch https://patchwork.open-mesh.org/patch/15954/
---
unix_sock.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
Comments
On Sunday 03 April 2016 19:21:47 Sven Eckelmann wrote:
> The dataset source is used by master servers to identify if it has to be
> forwarded to other master servers. The data::source of an incoming UDP
> push_data is checked and compared against the address of the node sending
> the dataset. If both are same then the dataset is marked as
> SOURCE_FIRST_HAND. Otherwise it is already synced dataset (SOURCE_SYNCED).
> Only datasets marked as SOURCE_FIRST_HAND or SOURCE_LOCAL will be forwarded
> by master servers.
>
> Allowing slave servers to accept push_data packets via unix socket with a
> modified data::source would break the synchronization of datasets between
> the master servers. The slave server would forward data to the master
> server as always but the master would now mark the packet as SOURCE_SYNCED.
> The synchronization process would end here. Parts of the alfred servers
> would therefore have access to the dataset and some not.
>
> Instead drop the incoming push_data with a set data::source on the slave.
> No alfred server will have the dataset and the stable inconsistency is
> avoided.
>
> Fixes: 58e109973bbe ("alfred: Allow setting the source mac via unix sock")
> Signed-off-by: Sven Eckelmann <sven@narfation.org>
> ---
> Depends on the patch https://patchwork.open-mesh.org/patch/15954/
> ---
> unix_sock.c | 14 +++++++++++---
> 1 file changed, 11 insertions(+), 3 deletions(-)
Applied in revision 7782e61.
Thanks!
Simon
@@ -122,10 +122,18 @@ static int unix_sock_add_data(struct globals *globals,
/* clients should set the source mac to 00:00:00:00:00:00
* to make the server set the source for them
+ *
+ * Only alfred in master mode can accept a user defined
+ * source addresses. Otherwise the data would not be
+ * synced between master servers.
*/
- if (!is_valid_ether_addr(data->source))
- memcpy(data->source, &interface->hwaddr,
- sizeof(interface->hwaddr));
+ if (is_valid_ether_addr(data->source)) {
+ if (memcmp(data->source, &interface->hwaddr, ETH_ALEN) != 0 &&
+ globals->opmode != OPMODE_MASTER)
+ goto err;
+ } else {
+ memcpy(data->source, &interface->hwaddr, ETH_ALEN);
+ }
if ((int)(data_len + sizeof(*data)) > len)
goto err;