On Feb 20, 2008, at 04:28, Vipin Rathor wrote: > On 2/19/08, Ken Raeburn <[EMAIL PROTECTED]> wrote: >> The UDP service offered by the KDC needs to respond from the same IP >> address that the client used to reach it. That's not possible with a >> wildcard-address listener unless your system has support for >> IP_PKTINFO or IPV6_PKTINFO, which is now supported in our code as >> well. The TCP listener does use a wildcard address. >> > Does that mean, if wildcard is used over UDP for KDC, then on a > multi-IP machine, same IP will not be returned to the client? > Whereas TCP with wildcard, takes care of returning same IP, due to > it's reliability feature?
A TCP server has to respond using the same address as the client contacted it at; it's part of how a TCP connection is specified. UDP has no such automatic association between the two packets sent by either side; if the server wants to send the response using the same server-side address as the client used to contact it, instead of letting the operating system pick a source address, it has to take steps to make sure that happens. Binding sockets to individual IP addresses is one way; using IP_PKTINFO or IPV6_PKTINFO, when supported, is another. If it does neither of these things, and just uses a socket bound to the wildcard address, the server can't even tell which of its addresses the client used. Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
