SSH-AFS multihomed server problem
Jeffrey Hutzelman
jhutz@cmu.edu
Mon, 26 Mar 2001 18:42:45 -0600 (CST)
On Mon, 26 Mar 2001, Atro Tossavainen wrote:
> The interface and all other traffic through it work fine, but if the
> interface is up, SSH logins to any workstations whose primary interface
> is ATM failed. We're running AFS 3.6 build 2.0 and SSH 1.2.27 with Dug
> Song's AFS patches.
>
> Snooping on the Ethernet and ATM interfaces simultaneously shows what
> is happening as soon as the password is entered:
>
> workstation-atm -> server-ethernet UDP D=750 S=1983 LEN=76
> server-atm -> workstation-atm UDP D=1983 S=750 LEN=169
> workstation-atm -> server-atm ICMP Destination unreachable (Bad port)
>
> I.e. kaserver (I believe?) is replying on the wrong interface, and the
> workstation is not expecting this.
Indeed, the kaserver is responding to krb4 UDP requests on the wrong
interface. Unfortunately, this is a very hard problem to fix, because
there is no portable way of finding out the destination address of a
received UDP packet short of creating a separate socket for each
interface. Rx deals by ignoring the source IP address of packets received
for a client connection, instead using only the epoch, cid, and source
port.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA