git://git.whamcloud.com - fs/lustre-release.git/commit

author	Sebastien Buisson <sbuisson@ddn.com>
	Mon, 28 Jan 2019 15:16:42 +0000 (00:16 +0900)
committer	Oleg Drokin <green@whamcloud.com>
	Sun, 3 Mar 2019 00:21:30 +0000 (00:21 +0000)
commit	4932febc121349d855ac9934c538ce688c140afa
tree	3a1677122d26e6578256456b7f706fce9437ecfc	tree \| snapshot
parent	88d8f0f86bd4994e07aa12bd00cbc7ad3192205c	commit \| diff

LU-11894 lnet: check for asymmetrical route messages

Asymmetrical routes can be an issue when debugging network,
and allowing them also opens the door to attacks where hostile
clients inject data to the servers.

In order to prevent asymmetrical routes, add a new lnet kernel
module option named 'lnet_drop_asym_route'. When set to non-zero,
lnet_parse() will check if the message received from a remote peer
is coming through a router that would normally be used by this node
to reach the remote peer. If it is not the case, then it means we
are dealing with an asymmetrical route message, and the message will
be dropped.

The check for asymmetrical route can also be switched on/off with
the command 'lnetctl set drop_asym_route 0|1'. And this parameter is
exported/imported in Yaml.

Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I06fb23d9e46984d79c14fa9b53b2fa04ce3c50c5
Reviewed-on: https://review.whamcloud.com/34119
Tested-by: Jenkins
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Olaf Weber <olaf.weber@hpe.com>
Reviewed-by: Chris Horn <hornc@cray.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

lnet/include/lnet/lib-lnet.h		diff \| blob \| history
lnet/lnet/api-ni.c		diff \| blob \| history
lnet/lnet/lib-move.c		diff \| blob \| history
lnet/utils/lnetconfig/liblnetconfig.c		diff \| blob \| history
lnet/utils/lnetconfig/liblnetconfig.h		diff \| blob \| history
lnet/utils/lnetctl.c		diff \| blob \| history
lustre/doc/lnetctl.8		diff \| blob \| history