From hdfs-issues-return-208707-archive-asf-public=cust-asf.ponee.io@hadoop.apache.org Sat Jan 27 00:28:04 2018 Return-Path: X-Original-To: archive-asf-public@eu.ponee.io Delivered-To: archive-asf-public@eu.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by mx-eu-01.ponee.io (Postfix) with ESMTP id 26CA8180657 for ; Sat, 27 Jan 2018 00:28:04 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 1326C160C50; Fri, 26 Jan 2018 23:28:04 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 5AAFD160C2E for ; Sat, 27 Jan 2018 00:28:03 +0100 (CET) Received: (qmail 66116 invoked by uid 500); 26 Jan 2018 23:28:02 -0000 Mailing-List: contact hdfs-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list hdfs-issues@hadoop.apache.org Received: (qmail 66102 invoked by uid 99); 26 Jan 2018 23:28:02 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 26 Jan 2018 23:28:02 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id F3F32C0026 for ; Fri, 26 Jan 2018 23:28:01 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -109.511 X-Spam-Level: X-Spam-Status: No, score=-109.511 tagged_above=-999 required=6.31 tests=[ENV_AND_HDR_SPF_MATCH=-0.5, KAM_ASCII_DIVIDERS=0.8, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_SPF_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id Qz_nY8ugpYZC for ; Fri, 26 Jan 2018 23:28:01 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 10D5D5F177 for ; Fri, 26 Jan 2018 23:28:01 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 95AD8E009C for ; Fri, 26 Jan 2018 23:28:00 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 21B9721300 for ; Fri, 26 Jan 2018 23:28:00 +0000 (UTC) Date: Fri, 26 Jan 2018 23:28:00 +0000 (UTC) From: "Ajay Kumar (JIRA)" To: hdfs-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (HDFS-13060) Adding a BlacklistBasedTrustedChannelResolver for TrustedChannelResolver MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HDFS-13060?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ajay Kumar updated HDFS-13060: ------------------------------ Attachment: HDFS-13060.000.patch > Adding a BlacklistBasedTrustedChannelResolver for TrustedChannelResolver > ------------------------------------------------------------------------ > > Key: HDFS-13060 > URL: https://issues.apache.org/jira/browse/HDFS-13060 > Project: Hadoop HDFS > Issue Type: Bug > Reporter: Xiaoyu Yao > Assignee: Ajay Kumar > Priority: Major > Attachments: HDFS-13060.000.patch > > > HDFS-5910 introduces encryption negotiation between client and server based on a customizable TrustedChannelResolver class. The TrustedChannelResolver is invoked on both client and server side. If the resolver indicates that the channel is trusted, then the data transfer will not be encrypted even if dfs.encrypt.data.transfer is set to true. > The default trust channel resolver implementation returns false indicating that the channel is not trusted, which always enables encryption. HDFS-5910 also added a build-int whitelist based trust channel resolver. It allows you to put IP address/Network Mask of trusted client/server in whitelist files to skip encryption for certain traffics. > This ticket is opened to add a blacklist based trust channel resolver for cases only certain machines (IPs) are untrusted without adding each trusted IP individually. > -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org