Why admin's do not trust daemons to do their own packet filtering (was Re: Resuming the great cleanup)
hmurray at megapathdsl.net
Tue May 29 23:11:37 UTC 2018
devel at ntpsec.org said:
> Assuming we drop interface-name filtering, everything but the wildcard
> socket is going to go away. I think this will make tracking routing
> unecessary. I hope so, anyway. That code is a mess and I want to nuke it.
We don't track routing in the sense of BGP. We do track local IP Addresses.
The easy case is a single WiFi interface that goes away as you walk down the
street and comes back with a new IP Address a bit later on. The key point is
that the system only has one IP Address at any point in time.
The interesting case is a system with several (hardware) interfaces.
Each packet has a source and destination IP address. We need to make sure
the return packet has a source address that matches the dest address of the
packet we are replying to. That is the packet comes back from the address it
was sent to rather than the address of some other interface on the other side
of the box. Most of the time, dumb/stupid code would just work, but we need
to handle the other cases too.
Can we get the dest address on receive without a separate socket per IP
Address? recvfrom() gives us the source address. I don't see how to get the
dest address, but I haven't looked very hard.
I'm not sure how to set the dest address on transmit. At worst we need
another socket and do a bind() before sending each packet. If bind is
expensive, we could keep a pre-bound socket per address, and garbage collect
the ones that don't get used, and ...
We should scan the code to see where the local address is used. I'm sure
crypto will need it.
These are my opinions. I hate spam.
More information about the devel