From venglin@lubi.freebsd.lublin.pl  Thu Feb 10 13:52:17 2000
Return-Path: <venglin@lubi.freebsd.lublin.pl>
Received: from mx1.lublin.pl (mx1.lublin.pl [212.182.63.76])
	by builder.freebsd.org (Postfix) with ESMTP id 93C8F443E
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 10 Feb 2000 13:52:12 -0800 (PST)
Received: from lubi.freebsd.lublin.pl ([212.182.118.90]:41992 "HELO
        lubi.freebsd.lublin.pl") by krupik.man.lublin.pl with SMTP
	id <S633392AbQBJVv3>; Thu, 10 Feb 2000 22:51:29 +0100
Received: (qmail 19340 invoked by uid 1001); 10 Feb 2000 21:51:33 -0000
Message-Id: <20000210215133.19339.qmail@lubi.freebsd.lublin.pl>
Date: 10 Feb 2000 21:51:33 -0000
From: venglin@lubi.freebsd.lublin.pl
Reply-To: venglin@lubi.freebsd.lublin.pl
To: FreeBSD-gnats-submit@freebsd.org
Subject: Inetd(8) internal ident won't work with multiple interfaces
X-Send-Pr-Version: 3.2

>Number:         16645
>Category:       bin
>Synopsis:       Inetd(8) internal ident won't work with multiple interfaces
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 10 14:00:00 PST 2000
>Closed-Date:    Mon May 7 11:29:00 PDT 2001
>Last-Modified:  Mon May 07 11:32:55 PDT 2001
>Originator:     Przemyslaw Frasunek
>Release:        FreeBSD 3.4-STABLE i386
>Organization:
Lublin BSD Users Group (www.freebsd.lublin.pl)
>Environment:

lubi:venglin:~> uname -a
FreeBSD lubi.freebsd.lublin.pl 3.4-STABLE FreeBSD 3.4-STABLE #0: Thu Feb 10 09:51:24 CET 2000     venglin@lubi.freebsd.lublin.pl:/usr/src/sys/compile/GADACZKA  i386

lubi:venglin:~> ifconfig -a
ed1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
	ipx dead.c0dfe8ffc2 
	ether 00:c0:df:e8:ff:c2 
ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	inet 212.182.115.1 netmask 0xfffffff0 broadcast 212.182.115.15
	inet 192.168.0.1 netmask 0xffffff10 broadcast 192.168.0.239
	inet 192.168.0.241 netmask 0xffffffff broadcast 192.168.0.241
	inet 192.168.0.242 netmask 0xffffffff broadcast 192.168.0.242
	inet 192.168.0.243 netmask 0xffffffff broadcast 192.168.0.243
	inet 192.168.0.244 netmask 0xffffffff broadcast 192.168.0.244
	inet 192.168.0.245 netmask 0xffffffff broadcast 192.168.0.245
	ipx 101H.8048ed1213 
	ether 00:80:48:ed:12:13 
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
	inet 212.182.118.90 --> 212.182.118.89 netmask 0xfffffffc 
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	inet 127.0.0.1 netmask 0xff000000 
	ipx 31337H.1H 

lubi:venglin:~> grep auth /etc/inetd.conf
auth	stream	tcp	nowait	root	internal auth -r -o UNKNOWN -t 30

>Description:

	Internal auth service won't work if source IP address of TCP
	connection != target IP address of connection to ident server.

>How-To-Repeat:

lubi:venglin:~> netstat | grep own3d
tcp        0      0 lubi-e0.2202          own3d.telnet          ESTABLISHED

own3d:venglin:~> telnet lubi-e0 113
Trying 212.182.115.1...
Connected to lubi-e0.freebsd.lublin.pl.
Escape character is '^]'.
2202,23
2202 , 23 : USERID : UNKNOWN : venglin
Connection closed by foreign host.

own3d:venglin:~> telnet lubi 113
Trying 212.182.118.90...
Connected to lubi.gadaczka.org.
Escape character is '^]'.
2202,23
2202 , 23 : ERROR : No such file or directory
Connection closed by foreign host.


>Fix:
	
	Unknown.

>Release-Note:
>Audit-Trail:

From: Bill Fenner <fenner@research.att.com>
To: venglin@lubi.freebsd.lublin.pl
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: bin/16645: Inetd(8) internal ident won't work with multiple interfaces
Date: Thu, 10 Feb 2000 14:14:25 -0800

 >	Internal auth service won't work if source IP address of TCP
 >	connection != target IP address of connection to ident server.
 
 This is how the ident protocol works.  The IP addresses used for the
 ident connection are used as the IP addresses to combine with the ports
 being queried.  See RFC 1413 for more information.
 
 |   The information returned is that associated with the fully specified
 |   TCP connection identified by <server-address>, <client-address>,
 |   <port-on-server>, <port-on-client>, where <server-address> and
 |   <client-address> are the local and foreign IP addresses of the
 |   querying connection -- i.e., the TCP connection to the Identification
 |   Protocol Server.
 
   Bill
 

From: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
To: Bill Fenner <fenner@research.att.com>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: bin/16645: Inetd(8) internal ident won't work with multiple 
Date: Thu, 10 Feb 2000 23:24:11 +0100 (CET)

 On 10-Feb-2000 Bill Fenner wrote:
 >>      Internal auth service won't work if source IP address of TCP
 >>      connection != target IP address of connection to ident server.
 > This is how the ident protocol works.  The IP addresses used for the
 > ident connection are used as the IP addresses to combine with the ports
 > being queried.  See RFC 1413 for more information.
 
 I've tried pidentd and there was no such problems. Maybe inetd should have some
 parameter changing its behaviour (and breaking RFC...)?
 
 -- 
 * Fido: 2:480/124 ** WWW: http://www.freebsd.lublin.pl ** NIC-HDL: PMF9-RIPE *
 * Inet: venglin@freebsd.lublin.pl ** PGP: D48684904685DF43  EA93AFA13BE170BF *
 
State-Changed-From-To: open->closed 
State-Changed-By: dwmalone 
State-Changed-When: Mon May 7 11:29:00 PDT 2001 
State-Changed-Why:  
Builtin ident service is doing the right thing here and it would 
not be easy to impliment the other behaviour described. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=16645 
>Unformatted:
