10559 – getaddrinfo() calls unnecessarily connect()

Bug 10559 - getaddrinfo() calls unnecessarily connect()

Summary: getaddrinfo() calls unnecessarily connect()

Status:	RESOLVED WONTFIX

Alias:	None

Product:	glibc
Classification:	Unclassified
Component:	libc (show other bugs)
Version:	unspecified

Importance:	P2 minor
Target Milestone:	---
Assignee:	Ulrich Drepper

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-08-25 17:23 UTC by Miika Komu
Modified:	2014-07-01 07:00 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Flags:	fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Miika Komu 2009-08-25 17:23:15 UTC

Background: I am a developer in hipl.hiit.fi project which develops Linux-based
IPsec key and mobility management daemon for Host Identity Protocol (HIP). The
daemon stores its keys in DNS according to RFC5206 and uses a local DNS proxy to
returns hashes of public keys to application from the DNS. The daemon calls also
getaddrinfo() to resolve identifiers from the DNS when using registration
extensions defined in RFC5204.

The problem: it appears that calling getaddrinfo() also calls connect() with the
given IP address, UDP protocol and port 0. This a problem in the IPsec key
management daemon because it calls also getaddrinfo and this triggers a
Diffie-Hellman based key exchange (which is a costly operation)

Is it really necessary to call connect() in getaddrinfo() or is there some other
way around this? Currently it's not possible to filter requests to trigger key
exchange with UDP port zero in IPsec key managers because Linux XFRM does not
support it.

Comment 1 Ulrich Drepper 2009-10-30 04:46:24 UTC

Yes, the connect calls are  necessary because there is no other way to determine
the source address.  If you don't like this implement something in the kernel to
get the source address in another way.