search

home-assistant / core

:house_with_garden: Open source home automation that puts local control and privacy first.
https://www.home-assistant.io
Apache License 2.0
71.34k stars 29.88k forks source link

Unifi Integration DOS sorta? #125047

Open thenoid opened 2 weeks ago

thenoid commented 2 weeks ago

The problem

The other day, someone war drove my unifi wifi. 26K unique mac addresses attempted to connect within minutes.

While this in and of it's self was disconcerting, the following day home assistant was crashing in all flavors of chrome and the companion app. When loading the companion app, phones would become physically hot.

After wasting tons of time debugging frontend components, thinking it was the front end, I accidentally clicked the devices tab and noticed that there was 26K new devices, each with 3+ entities each, corresponding to the macs from the wifi attack.

Apparently this is enough devices + entities to kill the HA frontend. I'm assuming it downloads a JSON blob of all the device/entities as a local cache or something considering the JSHeap went front 120+MB to 20ish MB after i deleted the unifi integration.

Anywho, i'm not sure if this counts as a backend bug, frontend bug, configuration bug, documentation bug, or what....but seemed like something I should least post about.

What version of Home Assistant Core has the issue?

core-2024.8.3

What was the last working version of Home Assistant Core?

core-2024.8.3

What type of installation are you running?

Home Assistant Container

Integration causing the issue

Unifi

Link to integration documentation on our website

https://www.home-assistant.io/integrations/unifi

Diagnostics information

No response

Example YAML snippet

No response

Anything in the logs that might be useful for us?

No response

Additional information

No response

home-assistant[bot] commented 2 weeks ago

Hey there @kane610, mind taking a look at this issue as it has been labeled with an integration (unifi) you are listed as a code owner for? Thanks!

Code owner commands Code owners of `unifi` can trigger bot actions by commenting: - `@home-assistant close` Closes the issue. - `@home-assistant rename Awesome new title` Renames the issue. - `@home-assistant reopen` Reopen the issue. - `@home-assistant unassign unifi` Removes the current integration label and assignees on the issue, add the integration domain after the command. - `@home-assistant add-label needs-more-information` Add a label (needs-more-information, problem in dependency, problem in custom component) to the issue. - `@home-assistant remove-label needs-more-information` Remove a label (needs-more-information, problem in dependency, problem in custom component) on the issue.

(message by CodeOwnersMention)

unifi documentation unifi source (message by IssueLinks)

Kane610 commented 1 week ago

My plan is to not allow dynamic addition of clients but that explicit selection of clients will be needed. It is implemented and available but it still falls back to the dynamic logic right now but no plan on when removing the dynamic part yet.

thenoid commented 1 week ago

It is implemented and available

How does one enable this functionality and disable the dynamic logic?