Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

control: enforce registration policies #3147

Open
kormat opened this issue Sep 16, 2019 · 1 comment
Open

control: enforce registration policies #3147

kormat opened this issue Sep 16, 2019 · 1 comment
Labels
c/control feature New feature or request i/good first issue Good for newcomers i/vulnerability

Comments

@kormat
Copy link
Contributor

kormat commented Sep 16, 2019
edited by matzf
Loading

  • an up-segment registration is only allowed from the local AS, and can only happen in a non-core AS
  • a down-segment registration is only allowed from the local ISD, and can only happen in a core AS
  • a core-segment registration is only allowed from the local AS, and can only happen in a core AS

Update: since the "monolithization" of the control service, up and core segment registration no longer exist as explicit RPCs.
@kormat kormat added the PS label Sep 16, 2019
@scrye scrye added c/control and removed PS labels Jan 28, 2020
@scrye scrye added feature New feature or request i/vulnerability labels Jan 6, 2021
@scrye scrye changed the title PS: enforce registration policies control: enforce registration policies Jan 6, 2021
@jiceatscion
Copy link
Contributor

The check is indeed still missing. It seems that it could go about here:

scion/control/segreg/grpc/registration_server.go

Line 75 in b01d019

Note that in the preceding line, labels.Type is derived from the registration request and not from the segment itself. We should get that info from the segment and the invoker shouldn't need to tell us (and we shouldn't believe it).

@jiceatscion jiceatscion added the i/good first issue Good for newcomers label Jul 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
c/control feature New feature or request i/good first issue Good for newcomers i/vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@scrye @kormat @jiceatscion