[erlang-questions] Interconnect question: how to work with names
Fri Jun 28 20:15:15 CEST 2019
> Validates the node name and the version number:
Yes, this seems to be the answer.
Ok, what have I done:
1) I launch my server with hostname server.l:
2) I add this hostname to control tool:
Now I can connect to master@REDACTED
Server admin can put any hostname that he wants, I do not depend on it
On Fri, Jun 28, 2019 at 4:16 PM Dániel Szoboszlay <dszoboszlay@REDACTED>
> I'm not claiming the response to the challenge itself would be dependent
> on the node names. It is not.
> What I'm trying to say, is that together with the challenge, in the same
> SEND_CHALLENGE message there are two more pieces of information: the
> protocol version and the node name.
> Upon receiving the challenge (
> https://github.com/erlang/otp/blob/master/lib/kernel/src/dist_util.erl#L770) the
> node that's trying to connect:
> - Validates the node name and the version number:
> - Only after this step will look at the challenge sent in the message:
> - And calculate a challenge response at the place you identified:
> So the recv_challenge/1 function is where the connection attempt fails if
> there's a mismatch in the node names. And that's what you originally asked:
> where does this check happen, what prevents us from connecting to a node
> with the wrong name (in the post-@ part)?
> If you rewrite the handshake on your own, and omit this check, than fine,
> you can of course connect. But this is probably not a good thing to do,
> because you've just introduced some inconsistency into the cluster: the
> nodes will disagree on what their name is. That can cause a lot of
> problems, not in the distribution connection layer probably, but higher up
> in the application layer (e.g. you send the value of node() across to your
> peer and it will believe you're not talking about yourself, but a third,
> unknown node).
> And as a side note, the is_allowed check has nothing to do with this
> problem. That's a rarely used feature where you can blacklist/whitelist
> nodes that are allowed to connect to you.
> On Fri, 28 Jun 2019 at 14:07, Max Lapshin <max.lapshin@REDACTED> wrote:
>> I do not understand, what for to use words like "believe"
>> I've rewritten the handshake from scratch and I see that nodes send their
>> names, but encryption digest does not use node name.
>> Perhaps problem is here:
>> When we change node name, we can pass interconnect handshake, but do not
>> allow to connect.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions