[951] in SIPB_Linux_Development
Re: probs still with Linux/Kerberos
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Wed Mar 1 10:59:34 1995
Date: Wed, 1 Mar 1995 10:59:05 +0500
From: "Theodore Ts'o" <tytso@MIT.EDU>
To: Bill Sommerfeld <sommerfeld@orchard.medford.ma.us>
Cc: "Charles M. Hannum" <mycroft@ai.mit.edu>, ghudson@MIT.EDU,
linux-dev@MIT.EDU, netbsd-dev@MIT.EDU
In-Reply-To: Bill Sommerfeld's message of Wed, 01 Mar 1995 09:05:44 -0500,
<199503011405.JAA00787@orchard.medford.ma.us>
Date: Wed, 01 Mar 1995 09:05:44 -0500
From: Bill Sommerfeld <sommerfeld@orchard.medford.ma.us>
In recent versions of the BSD TCP stack, if you connect() a UDP socket
(which tells the kernel, "here's the default outgoing address/port,
and you should ignore incoming packets except from this
address/port"), ICMP errors get reflected back up through syscall
error returns.
Yup, it's a neat trick. The krb5 sendto_kdc() does this, but this
innovation never got back-ported to the V4 library. Here's the relevant
comment from src/lib/krb5/os/sendto_kdc.c:
> /* On BSD systems, a connected UDP socket will get connection
> refused and net unreachable errors while an unconnected
> socket will time out, so use connect, send, recv instead of
> sendto, recvfrom. The connect here may return an error if
> the destination host is known to be unreachable. */
I suspect Linux may be doing this even when the UDP socket isn't
connected.
That sounds right. Off hand, can anyone think of any potentially bad
effects of this behavior? If so, I'll submit it as a bug to the Linux
networking developers.
- Ted
