[CRIU] [PATCH 1/3] p.haul: do not use getsockname() as a hash_name, v4

Pavel Emelyanov xemul at parallels.com
Wed Oct 29 01:17:38 PDT 2014


On 10/28/2014 01:18 AM, Ruslan Kuprieiev wrote:
> Currently xem_rpc is not proxy-resistant.
> It means that if there is a proxy somewhere in
> between client and server, p.haul will fail,
> because getsockname() on client != getpeername()
> on server.
> 
> v2, Pavel suggested to solve it like this:
> 
> 1. On main rpc socket after init_rpc() the server
>    reports back the name by which it sees the client
>    socket.
> 
> 2. After calling connect() on data socket the client
>    should mix the name from step 1 to the data socket
>    name to distinguish his data socket from those
>    created by other clients.
> 
> v3, use rpc to transfer socket name
> v4, use init option in _make_sk
> 
> Signed-off-by: Ruslan Kuprieiev <kupruser at gmail.com>
> ---
>  xem_rpc.py | 18 +++++++++++++-----
>  1 file changed, 13 insertions(+), 5 deletions(-)
> 
> diff --git a/xem_rpc.py b/xem_rpc.py
> index 9718eef..71ca051 100644
> --- a/xem_rpc.py
> +++ b/xem_rpc.py
> @@ -3,6 +3,7 @@ import select
>  import threading
>  import traceback
>  import util
> +import struct
>  
>  rpc_port = 12345
>  rpc_sk_buf = 256
> @@ -41,22 +42,26 @@ class _rpc_proxy_caller:
>  class rpc_proxy:
>  	def __init__(self, conn, *args):
>  		self._srv = conn
> -		self._rpc_sk = self._make_sk()
> +		self._rpc_sk = self._make_sk(init=True)
>  		util.set_cloexec(self._rpc_sk)
>  		_rpc_proxy_caller(self._rpc_sk, RPC_CMD, "init_rpc")(args)
>  
>  	def __getattr__(self, attr):
>  		return _rpc_proxy_caller(self._rpc_sk, RPC_CALL, attr)
>  
> -	def _make_sk(self):
> +	def _make_sk(self, init=False):

Plz, make it w/o argument to _make_sk(). Let the caller of it
call the RPC_CMD "get_name" or smth himself.

>  		sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
>  		sk.connect((self._srv, rpc_port))
> -		return sk
> +		if init:
> +			return sk
> +		else:
> +			host = _rpc_proxy_caller(sk, RPC_CMD, "get_name")()
> +			return (sk, host)
>  
>  	def open_socket(self, uname):
> -		sk = self._make_sk()
> +		sk, host = self._make_sk()
>  		c = _rpc_proxy_caller(self._rpc_sk, RPC_CMD, "pick_channel")
> -		c(sk.getsockname(), uname)
> +		c(host, uname)
>  		return sk
>  
>  
> @@ -76,6 +81,9 @@ class _rpc_server_sk:
>  	def hash_name(self):
>  		return self._sk.getpeername()
>  
> +	def get_name(self, mgr):
> +		return self.hash_name()
> +
>  	def work(self, mgr):
>  		raw_data = self._sk.recv(rpc_sk_buf)
>  		if not raw_data:
> 



More information about the CRIU mailing list