[CRIU] [PATCH 1/2] p.haul: do not use getsockname() as a hash_name, v2
Pavel Emelyanov
xemul at parallels.com
Mon Oct 27 10:42:59 PDT 2014
On 10/23/2014 10:57 PM, Ruslan Kuprieiev wrote:
> Currently xem_rpc is not proxy-resistant.
> It means that if there is a proxy somewhere in
> between client and server, p.haul will fail,
> because getsockname() on client != getpeername()
> on server.
>
> v2, Pavel suggested to solve it like this:
>
> 1. On main rpc socket after init_rpc() the server
> reports back the name by which it sees the client
> socket.
>
> 2. After calling connect() on data socket the client
> should mix the name from step 1 to the data socket
> name to distinguish his data socket from those
> created by other clients.
>
> Signed-off-by: Ruslan Kuprieiev <kupruser at gmail.com>
> ---
> xem_rpc.py | 11 +++++++----
> 1 file changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/xem_rpc.py b/xem_rpc.py
> index 9718eef..f4a9b21 100644
> --- a/xem_rpc.py
> +++ b/xem_rpc.py
> @@ -3,6 +3,7 @@ import select
> import threading
> import traceback
> import util
> +import struct
>
> rpc_port = 12345
> rpc_sk_buf = 256
> @@ -41,7 +42,7 @@ class _rpc_proxy_caller:
> class rpc_proxy:
> def __init__(self, conn, *args):
> self._srv = conn
> - self._rpc_sk = self._make_sk()
> + self._rpc_sk = self._make_sk()[0]
> util.set_cloexec(self._rpc_sk)
> _rpc_proxy_caller(self._rpc_sk, RPC_CMD, "init_rpc")(args)
>
> @@ -51,12 +52,13 @@ class rpc_proxy:
> def _make_sk(self):
> sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
> sk.connect((self._srv, rpc_port))
> - return sk
> + host = eval(sk.recv(rpc_sk_buf))
> + return (sk, host)
>
> def open_socket(self, uname):
> - sk = self._make_sk()
> + sk, host = self._make_sk()
> c = _rpc_proxy_caller(self._rpc_sk, RPC_CMD, "pick_channel")
> - c(sk.getsockname(), uname)
> + c(host, uname)
> return sk
>
>
> @@ -128,6 +130,7 @@ class _rpc_server_ask:
>
> def work(self, mgr):
> sk, addr = self._sk.accept()
> + sk.send(repr(addr))
Don't add new send/recv please. Make use of existing _rpc_proxy_caller,
e.g. look at how the rpc control socket announces itself to the service.
> mgr.add(_rpc_server_sk(sk))
>
> class _rpc_stop_fd:
>
More information about the CRIU
mailing list