Skip Menu |
 

From: Denis Vlasenko <vda@ilport.com.ua>
To: krb5-bugs@mit.edu
Subject: kdc sends udp replies from wrong addresses, does not listen on loopback interface
Date: Sun, 18 Dec 2005 18:46:15 +0200
I have a box which has no permanent IP addresses except those
which are configured on loopback device. Something like
ppp server with pile of serial lines and no ethernet at all.

On loopback there is usual 127.0.0.1/8 address configured
and also 1.2.3.4/8 address which is a "server address"
to use for ppp clients for DNS etc.

kdc cannot start on it if there is no active ppp interfaces.

If there are active ppp's, it starts, but don't reply from
1.2.3.4 because it has sockets bound to ppp ip address(es)
only, which are dynamic.

I have a patch which remedies this using just one socket bound
to 0.0.0.0 and recvmsg/IP_PKTINFO trick. Would it be revieved
or maybe you have some fundamental reasons against it?
--
vda
From: Denis Vlasenko <vda@ilport.com.ua>
To: krb5-bugs@mit.edu
Subject: Re: kdc sends udp replies from wrong addresses, does not listen on loopback interface
Date: Mon, 19 Dec 2005 17:34:20 +0200
On Sunday 18 December 2005 18:46, Denis Vlasenko wrote:
Show quoted text
> I have a box which has no permanent IP addresses except those
> which are configured on loopback device. Something like
> ppp server with pile of serial lines and no ethernet at all.
>
> On loopback there is usual 127.0.0.1/8 address configured
> and also 1.2.3.4/8 address which is a "server address"
> to use for ppp clients for DNS etc.
>
> kdc cannot start on it if there is no active ppp interfaces.
>
> If there are active ppp's, it starts, but don't reply from
> 1.2.3.4 because it has sockets bound to ppp ip address(es)
> only, which are dynamic.
>
> I have a patch which remedies this using just one socket bound
> to 0.0.0.0 and recvmsg/IP_PKTINFO trick. Would it be revieved
> or maybe you have some fundamental reasons against it?

Patch which fixes this is in attachment. Please review.

recv_from_to() and send_to_from() are duplicated in it,
I hope someone with more experience with krb source code tree
will have an idea in which .c file to place them for general use.
--
vda
Download udp.diff
text/x-diff 14.4KiB

Message body is not shown because sender requested not to inline it.

Cc: rt-comment@krbdev.mit.edu
From: Ken Raeburn <raeburn@MIT.EDU>
Subject: Re: [krbdev.mit.edu #3306] kdc sends udp replies from wrong addresses, does not listen on loopback interface
Date: Tue, 20 Dec 2005 23:08:44 -0500
To: Denis Vlasenko <vda@ilport.com.ua>
RT-Send-Cc:
The IP_PKTINFO code looks good, at first glance; I've been wanting to
do the IPV6_PKTINFO bit for a long time, but didn't know about
IP_PKTINFO. (Is it implemented anywhere other than Linux?)

I'm a bit concerned about simply extending the RPC code to IPv6,
especially where IPv4 address structures are part of the API; we
should see what Sun's doing in that regard. But the KDC
functionality upgrade shouldn't be a problem. Thanks for the patch!

Ken
From: Denis Vlasenko <vda@ilport.com.ua>
To: Ken Raeburn <raeburn@mit.edu>
Subject: Re: [krbdev.mit.edu #3306] kdc sends udp replies from wrong addresses, does not listen on loopback interface
Date: Wed, 21 Dec 2005 13:22:39 +0200
Cc: rt-comment@krbdev.mit.edu
RT-Send-Cc:
On Wednesday 21 December 2005 06:08, Ken Raeburn wrote:
Show quoted text
> The IP_PKTINFO code looks good, at first glance; I've been wanting to
> do the IPV6_PKTINFO bit for a long time, but didn't know about
> IP_PKTINFO. (Is it implemented anywhere other than Linux?)

It exists on newer Windows too.
--
vda
From: Denis Vlasenko <vda@ilport.com.ua>
To: Ken Raeburn <raeburn@mit.edu>
Subject: Re: [krbdev.mit.edu #3306] kdc sends udp replies from wrong addresses, does not listen on loopback interface
Date: Wed, 21 Dec 2005 14:11:17 +0200
Cc: rt-comment@krbdev.mit.edu
RT-Send-Cc:
On Wednesday 21 December 2005 06:08, Ken Raeburn wrote:
Show quoted text
> The IP_PKTINFO code looks good, at first glance; I've been wanting to
> do the IPV6_PKTINFO bit for a long time, but didn't know about
> IP_PKTINFO. (Is it implemented anywhere other than Linux?)
>
> I'm a bit concerned about simply extending the RPC code to IPv6,
> especially where IPv4 address structures are part of the API; we
> should see what Sun's doing in that regard. But the KDC
> functionality upgrade shouldn't be a problem. Thanks for the patch!

I sent it as ticket #3307, but anyway, here is it again, just in case.

Obviously, I do not suggest merging this as-is:

int xp_laddrlen; /* lenght of local address */
+//vda: this is not enough to hold ipv6 addr!!! Should we use sockaddr_storage?
+// Using ugly hack for now...
struct sockaddr_in xp_laddr; /* local address */
+ char bogus_pad[16]; //[sizeof(sockaddr_in6) - sizeof(sockaddr_in)]
} SVCXPRT;

Maybe conversion from sockaddr_in to sockaddr_storage is a proper fix.
You decide.
--
vda
Download udp.diff
text/x-diff 14.4KiB

Message body is not shown because sender requested not to inline it.

I've just checked in a patch to the KDC, loosely based on the patch from Denis. (See ticket 5517
in RT.) Briefly tested on Mac OS X and Linux.

I don't want to touch the RPC code until we figure out the API problems, so I'll leave this ticket
open...
I'm closing this since there isn't much call to make RPC UDP listeners
work in the current code base. I will open a new ticket about the
loopback exclusion when setting up KDC listener sockets without pktinfo.