[OpenAFS] ka-forwarder and kaserver
Marcus Watts
mdw@umich.edu
Wed, 19 Nov 2008 15:25:17 -0500
Ok. They're on the same subnet. This permits an interesting 'trick',
which works like this:
Client sends to special program on host1.
special program on host1 forwards the packet to host2,
using the client's ip address.
host2 receives the packet,
thinks it came from client,
does its thing, then sends to client.
Client receives the packet from host2, associates it with originating
rpc and completes the call.
Basically, the packets follow a triangular path. Here's sample
code for the very small "special program" on host1:
/afs/umich.edu/group/itd/build/mdw/tmp/buredir-m2.tgz
This uses a raw socket in order to "forge" packets that appear to come
from the client. It needs to run on the same lan segment so that the
routers don't have an opportunity to discard the packet that's originating
from the "wrong" subnet.
We used something like this at umich.edu for many years to locate
buserver and budb on a separate host from the database servers, back
when db server real estate was a scarce resource.
-Marcus Watts