zenoh unifies data in motion, data in-use, data at rest and computations. It carefully blends traditional pub/sub with geo-distributed storages, queries and computations, while retaining a level of time and space efficiency that is well beyond any of the mainstream stacks.
Following issue #1159 which was caused by a bug in fetching the interface used in single-link connections, it has come to our attention that ACL logic does not apply correctly when a transport uses multiple links.
The multilink feature is one possible case where this can happen, but other cases could arise in the future.
If possible, ACL logic should be updated to handle this case and apply the correct filter on each message depending on the associated interface.
This issues mainly applies to transports opened between two peers, and between two routers.
To reproduce
1- Connect two instances of Zenoh in multilink using at least two different interfaces.
2- Configure ACL rules to default deny with one allow rule on one interface.
3- Turn all interfaces down, except one on which traffic is not allowed according to ACL.
Traffic will be allowed on that interface.
Describe the bug
Following issue #1159 which was caused by a bug in fetching the interface used in single-link connections, it has come to our attention that ACL logic does not apply correctly when a transport uses multiple links. The multilink feature is one possible case where this can happen, but other cases could arise in the future.
If possible, ACL logic should be updated to handle this case and apply the correct filter on each message depending on the associated interface.
This issues mainly applies to transports opened between two peers, and between two routers.
To reproduce
1- Connect two instances of Zenoh in multilink using at least two different interfaces. 2- Configure ACL rules to default deny with one allow rule on one interface. 3- Turn all interfaces down, except one on which traffic is not allowed according to ACL. Traffic will be allowed on that interface.
System info