IMO, there're lack security check in cman join/leave mechanism, that's means a aborative udp packet made the cluster untrusted, if there's a manageable authorization password input through proc entries, the wrong configured node or the cracker without the cluster-extension authorized word will not bother the cluster message passing. a simple memcmp calling in the beginning of process_message will out sight of load.
sincerely Michael Moore
-- Linux-cluster@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/linux-cluster
