[krbdev.mit.edu #8530] KDC/kadmind explicit wildcard listener addresses do not use pktinfo

Richard Basch via RT rt-comment at krbdev.mit.edu
Sun Jan 8 12:05:54 EST 2017


I will be testing this weekend. Visually, the patch looks correct, though I wonder if pktinfo should be restricted to wildcard-only sockets.

If you bind to 127.0.0.1 but define the interface as 127.0.0.1/8, will it return on the correct address if you direct the query to 127.1.1.1. Certainly, this works with "ping", etc. so the traffic is definitely seen. It's an edge-case which most likely has impacts on systems responding to traffic directed to PtP links and Loopback addresses which do not use /32 masks and I think it is a condition which might not work without pktinfo being attempted. Personally, I suggest just attempting pktinfo for all UDP and not worry if it can't get the info since it will merely use the bound address in that case.


-----Original Message-----
From: Greg Hudson via RT [mailto:rt-comment at krbdev.mit.edu] 
Sent: Friday, January 06, 2017 11:49 AM
To: Basch, Richard [Tech]
Subject: [krbdev.mit.edu #8530] KDC/kadmind explicit wildcard listener addresses do not use pktinfo 

> I opened https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_krb5_krb5_pull_587&d=DgIBAg&c=7563p3e2zaQw0AB1wrFVgyagb2IE5rTZOYPxLxfZlX4&r=QM_TBIImy6WiEE26nxWZWvqm31sXIWCJn8HIwtrXMTw&m=ZMW6xJexylky1TzSZu5H2q7rwKRv4YFPYxwg1HEWWVk&s=lM2FT5WF38UC0NYU2m0lbvRZvU1M6KDgishGLWrDERk&e=  with fixes the two
>    issues
> discussed in this ticket.

Richard, do you think you could spare the time to test those patches against your system configuration?



More information about the krb5-bugs mailing list