Uploaded image for project: 'OpenVZ'
  1. OpenVZ
  2. OVZ-4058

Throw an error if there's another host with the same IP in the subnet.

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Fix Version/s: OpenVZ-legacy
    • Component/s: Containers::Userspace
    • Security Level: Public
    • Environment:
      Operating System: Other Linux
      Platform: All

      Description

      vzctl displays a warning if there is a host in the same subnet with the same IP that's being assigned to CT. This behaviour leads to DoS of another container/host, which is unacceptable in production environment. Proposed patch causes vzctl to produce an error instead of warning, leaving the container fully alive with no networking, that doesnt cause any impact on already working CT with the same IP.

      refs http://bugzilla.openvz.org/show_bug.cgi?id=869

        Activity

        Hide
        thresh@altlinux.org Konstantin Pavlov added a comment -

        Yes, but it will take some time as now i'm overburdened with other activities.

        Show
        thresh@altlinux.org Konstantin Pavlov added a comment - Yes, but it will take some time as now i'm overburdened with other activities.
        Hide
        kir Kir Kolyshkin added a comment -

        JFYI: I'm going to give new vzctl build to QA in one or two days; rush if you want this to be included into 3.0.23, otherwise let's target this for >= 3.0.24.

        Show
        kir Kir Kolyshkin added a comment - JFYI: I'm going to give new vzctl build to QA in one or two days; rush if you want this to be included into 3.0.23, otherwise let's target this for >= 3.0.24.
        Hide
        kir Kir Kolyshkin added a comment -

        Going to release vzctl-3.0.24 in a near future; please work on this patch if you want it to be included.

        Show
        kir Kir Kolyshkin added a comment - Going to release vzctl-3.0.24 in a near future; please work on this patch if you want it to be included.
        Hide
        kir Kir Kolyshkin added a comment -

        OK I have reworked the patch myself.

        Committed to GIT:
        (part 1) http://git.openvz.org/?p=vzctl;a=commit;h=692078b1026bd2523b2e4dce2c68e37cd5219aca
        (part 2) http://git.openvz.org/?p=vzctl;a=commit;h=c8c2e8caae6481546c9ad81df945822cd0ec5d89

        Will be available in vzctl >= 3.0.24

        Show
        kir Kir Kolyshkin added a comment - OK I have reworked the patch myself. Committed to GIT: (part 1) http://git.openvz.org/?p=vzctl;a=commit;h=692078b1026bd2523b2e4dce2c68e37cd5219aca (part 2) http://git.openvz.org/?p=vzctl;a=commit;h=c8c2e8caae6481546c9ad81df945822cd0ec5d89 Will be available in vzctl >= 3.0.24
        Hide
        thresh@altlinux.org Konstantin Pavlov added a comment -

        Thanks, Kir! Keep up the good work.

        Show
        thresh@altlinux.org Konstantin Pavlov added a comment - Thanks, Kir! Keep up the good work.

          People

          • Assignee:
            igor Igor Sukhih
            Reporter:
            thresh@altlinux.org Konstantin Pavlov
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: