zenoh icon indicating copy to clipboard operation
zenoh copied to clipboard
verified publisher icon eclipse-zenoh

ACL does not apply rules correctly in multilink transport

Open oteffahi opened this issue 1 year ago • 0 comments

Describe the bug

Following issue #1159 which was caused by a bug in fetching the interface used in single-link connections, it has come to our attention that ACL logic does not apply correctly when a transport uses multiple links. The multilink feature is one possible case where this can happen, but other cases could arise in the future.

If possible, ACL logic should be updated to handle this case and apply the correct filter on each message depending on the associated interface.

This issues mainly applies to transports opened between two peers, and between two routers.

To reproduce

1- Connect two instances of Zenoh in multilink using at least two different interfaces. 2- Configure ACL rules to default deny with one allow rule on one interface. 3- Turn all interfaces down, except one on which traffic is not allowed according to ACL. Traffic will be allowed on that interface.

System info

  • MacOS 14
  • Apple Silicon M2
  • Zenoh release 0.11.0

oteffahi avatar Jun 28 '24 13:06 oteffahi