krb5 UDP daemons and IP pktinfo

[Greg Hudson]

On 01/12/2016 01:58 AM, Kenneth G Raeburn wrote:
>> Yesterday, I discovered that some operating
>> systems implement the same functionality in a different way
>> (IP_RECVDSTADDR).  If we handle both variants, then we can safely bind
>> to the IPv4 wildcard address on Linux, Solaris, all of the BSDs, and OS
>> X.
> 
> Have you checked that it actually works?  It’s been a long time, but I remember running across IP_RECVDSTADDR, and I seem to recall that some options in this space didn’t seem to work as documented (or at all?) on some platforms, but I can’t recall for sure if IP_RECVDSTADDR was what was broken, and of course it could’ve been fixed since for the platforms you care about.

It works on current FreeBSD in a test program[1].  It appears to be used
by FreeRADIUS[2] and PowerDNS[3].

OpenBSD currently appears to define IP_RECVDSTADDR but not
IP_SENDSRCADDR.  I don't know if the former can be used as the latter
(they have the same value in FreeBSD).

I also discovered that OS X has IP_PKTINFO in 10.9.  Windows also
appears to support it as of XP and Server 2003, although that's not
immediately important since we don't build the KDC or kadmind on Windows.

[1] I tested successfully on FreeBSD 10.2 in a VM.  Ben Kaduk ran my
test program on his FreeBSD machine and it gets EINVAL trying to send
from loopback to the host address.  We're not sure why, and we're not
sure whether it would be a concern for just mirroring the destination
address of a request to the source address of a reply.

[2]
https://github.com/FreeRADIUS/freeradius-server/blob/v3.1.x/src/lib/udpfromto.c

[3]
http://blog.powerdns.com/2012/10/08/on-binding-datagram-udp-sockets-to-the-any-addresses/