[Freeipa-devel] [PATCH] 283 Improve address family handling in sockets
Martin Kosek
mkosek at redhat.com
Fri Jul 13 12:37:44 UTC 2012
On 07/13/2012 02:20 PM, Jan Cholasta wrote:
> Dne 11.7.2012 10:34, Martin Kosek napsal(a):
>> On 07/04/2012 09:13 AM, Martin Kosek wrote:
>>> I did various tests with IPv4 and IPv6 and everything worked for me. I also
>>> tried a mixed IPv4+IPv6 and IPv6-only environment and I was able to install an
>>> IPv6-only replica without issues.
>>>
>>> ---
>>>
>>> Many functions use low-level socket interface for connection or
>>> various checks. However, most of the time we don't respect
>>> automatic address family detection but rather try to force our
>>> values. This may cause either redundat connection tries when an
>>> address family is disabled on system tries or even crashes
>>> when socket exceptions are not properly caught.
>>>
>>> Instead of forcing address families to socket, rather use
>>> getaddrinfo interface to automatically retrieve a list of all
>>> relevant address families and other connection settings when
>>> connecting to remote/local machine or binding to a local port.
>>> Now, we will also fill correctly all connection parameters like
>>> flowinfo and scopeid for IPv6 connections which will for example
>>> prevent issues with scoped IPv6 addresses.
>>>
>>> bind_port_responder function was changed to at first try to bind
>>> to IPv6 wildcard address before IPv4 as IPv6 socket is able to
>>> accept both IPv4 and IPv6 connections (unlike IPv4 socket).
>>>
>>> nsslib connection was refactored to use nss.io.AddrInfo class to
>>> get all the available connections. Socket is now not created by
>>> default in NSSConnection class initializer, but rather when the
>>> actual connection is being made, becase we do not an address family
>>> where connection is successful.
>>>
>>> https://fedorahosted.org/freeipa/ticket/2695
>>>
>>
>> Attaching a rebased patch with updated comment - the patch also fix issues in
>> ticket 2913.
>>
>> I just found an easy way to reproduce an issue caused by incorrect address
>> family handling that can be tried during review:
>>
>> 1) Turn of IPv6 in your (Fedora) OS:
>> - add "ipv6.disable=1" as kernel parameter in your kernel line in your
>> bootloader conf
>> - add "NETWORKING_IPV6=no" to your /etc/sysconfig/network
>>
>> 2) Run "ipa-replica-conncheck -m <master>" where <master> is a fqdn of some of
>> your running IPA servers. Current IPA version will produce bunch of tracebacks,
>> patched IPA should work without any issue
>>
>> Martin
>>
>
> ACK, both IPv4-only and IPv6-only installs work fine.
>
> Honza
>
Thanks for thorough review. Pushed to master.
Martin
More information about the Freeipa-devel
mailing list