Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support to advertise local services ("localhost") on the local machine only #161

Open
wants to merge 1 commit into
base: master
from

Conversation

@tillkamppeter
Copy link

commented Dec 15, 2017

This is the patch attached to Issue #125 (on Dec 6, 2017) and also
shown in the readme.md of ippusbxd
(https://github.com/OpenPrinting/ippusbxd).

It makes also services on the loopback ("lo") interface being
advertised and these records use "localhost" instead of the network
host name of the machine as server host name. This way clients, like
for example CUPS or cups-browsed will find these local services and be
able to work with them as they were network services.

…chine only

This is the patch attached to Issue #125 (on Dec 6, 2017) and also
shown in the readme.md of ippusbxd
(https://github.com/OpenPrinting/ippusbxd).

It makes also services on the loopback ("lo") interface being
advertised and these records use "localhost" instead of the network
host name of the machine as server host name. This way clients, like
for example CUPS or cups-browsed will find these local services and be
able to work with them as they were network services.
@lathiat

This comment has been minimized.

Copy link
Owner

commented Sep 17, 2019

Note for later; the patch in it's current form (including as shipping on Ubuntu) causes messages like this:
sendmsg() to 0:0:ff02:: failed: Network is unreachable

This seems to happen becuase the AvahiInterface protocol is set to PF_LOCAL instead of PF_INET or PF_INET6 as we assume elsewhere. This causes some if/else statements not to run to send data including the mcast address.

(gdb) bt
#0 sendmsg_loop (fd=12, msg=0x7fffffffe190, flags=0) at socket.c:460
#1 0x00007ffff7f902a8 in avahi_send_dns_packet_ipv6 (fd=12, interface=1, p=0x5555555ad4c0,
src_address=0x55555558bd9c, dst_address=0x0, dst_port=0) at socket.c:624
#2 0x00007ffff7f814e8 in avahi_interface_send_packet_unicast (i=0x55555558bd60, p=0x5555555ad4c0, a=0x0, port=0)
at iface.c:601
#3 0x00007ffff7f8156a in avahi_interface_send_packet (i=0x55555558bd60, p=0x5555555ad4c0) at iface.c:608
#4 0x00007ffff7f9374f in append_known_answers_and_send (s=0x55555558c660, p=0x5555555ad4c0) at query-sched.c:269
#5 0x00007ffff7f938c4 in elapse_callback (e=0x5555555aa670, data=0x5555555aa620) at query-sched.c:310
#6 0x00007ffff7f7ee77 in expiration_event (timeout=0x55555558db00, userdata=0x555555588b00) at timeeventq.c:94
#7 0x00007ffff7fc34fa in timeout_callback (t=0x55555558db00) at simple-watch.c:447
#8 0x00007ffff7fc38e1 in avahi_simple_poll_dispatch (s=0x555555584ac0) at simple-watch.c:570
#9 0x00007ffff7fc3a4a in avahi_simple_poll_iterate (s=0x555555584ac0, timeout=-1) at simple-watch.c:605
#10 0x000055555555ef2f in run_server (c=0x55555557e200 ) at main.c:1256
#11 0x000055555555fc38 in main (argc=1, argv=0x7fffffffe528) at main.c:1674

@tillkamppeter

This comment has been minimized.

Copy link
Author

commented Sep 17, 2019

@rithvikp1998, could you have a look into this issue which @lathiat is mentioning?

@rithvikp1998

This comment has been minimized.

Copy link

commented Sep 17, 2019

Yeah @tillkamppeter, I'll take a look at it and will give an update by the end of the week

@rithvikp1998

This comment has been minimized.

Copy link

commented Sep 18, 2019

I wanted to clarify one thing though. I just reread the discussion on the issue this patch addresses (#125) and I wanted to confirm if we are going ahead with this implementation at all? It seems that there was no conclusion to the discussion on the issue. @lathiat? @tillkamppeter?

@lathiat

This comment has been minimized.

Copy link
Owner

commented Sep 19, 2019

I'm working on the CUPS issue this week. My current plan is to allow lo as an interface, but not to replace the hostname with 'localhost'. And to fix the issue with localhost/the hostname inside CUPS.

Optionally I am considering a way to make it so that localhost is a special interface and only services created specifically on localhost appear there but I'm not too worried about that for the immediate case.

@lathiat

This comment has been minimized.

Copy link
Owner

commented Sep 19, 2019

Will update the CUPS bug in the next couple of days. I have an IPPUSB printer arriving today so I can finish debugging a patch for CUPS.

@tillkamppeter

This comment has been minimized.

Copy link
Author

commented Sep 19, 2019

As discussion has moved over from issue #125 to here, I am taking Mike Sweet back into the loop.
@michaelrsweet, @lathiat is working on the Avahi localhost issue now. Please could you chime in here as we (me and you) agreed on that Avahi already should advertise the local service with the "localhost" host name.

@michaelrsweet

This comment has been minimized.

Copy link

commented Sep 19, 2019

From #125:

If Avahi returns 127.0.0.1 as one of the addresses for a .local lookup, that will cause some serious security problems when machine A (a.local.) looks up machine B ("b.local.") and gets its own loopback address. By returning localhost ("localhost.") that security issue is avoided.

Keep in mind as well that when CUPS tries to connect to a printer/server, it tries all of the addresses returned by a lookup in parallel until one of the connections succeeds. Since CUPS also validates the Host: header in requests (and block any attempt to communicate with cupsd over the loopback interface if the hostname is not "localhost" or "localhost."), this will result in a successful connection but a failed request, breaking printing.

So you really do need to return "localhost" for services registered on the loopback interface.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.