#35 Evaluator callback IP mis-handling

[Kenneth C. Schalk]

In two different cases, the Vesta evaluator asks a
server to make a TCP connection back to it.
(Specifically, it does this when talking to the
RunToolServer to arrange relaying of the standard
output/error of the tool and when talking to the
repository to provide the contents of a directory to be
used for a tool invocation and to handle recording of
dependency information from file accesses within that
directory.) When doing this, it sends an IP address
and port number to the server.

Currently, the evaluator always sends the IP address
that its hostname resolves to. However this doesn't
always work correctly. Some systems hand a hostname
that resolves to the loopback IP address (127.0.0.1).
Some systems have multiple network interfaces, each
responding to a different IP address, at most one of
which can correspond to the IP the hostname resolves to.

The evaluator should instead take send the IP of its
end of the connection to the server. This avoids a
dependence on the hostname and what it resolves to, and
is much more likely to send an IP that the server can
actually use to contact the evaluator.

There are some cases where even this won't work. If,
for example, the connection to the server passes
through an intermediate router that performs network
address translation, it may not be possible to reach
the client. For this reason, the server should
validate the IP it receives by comparing it to the
other end of the TCP connection initiated by the
evaluator when making its request. If the two don't
match, the server should treat this as an error in the
processing of the request.

[Kenneth C. Schalk]

Logged In: YES
user_id=304837

Actually, it provides the client hostname to the repository
when creating a volatile directory *not* an IP address.

[Scott Venier]

Logged In: YES
user_id=291223

Wouldn't it be safest to just have the call back address be
the source address of the connection? Seems like that
should work in all cases except a many:1 NAT setup, and I
don't think there's much of anything that will work there.

[Kenneth C. Schalk]

Logged In: YES
user_id=304837

Yes, it definitely should use the IP address of it's end of
the connection to the server it's talking to. In my last
comment I was correcting my statement of the current
behavior (which I described incorrectly when I opened this
tracker item), not suggesting that the evaluator should be
sending a hostname to the repository for the call-back address.