[Freeipa-devel] [PATCH] 283 Improve address family handling in sockets
Martin Kosek
mkosek at redhat.com
Wed Jul 11 08:34:19 UTC 2012
On 07/04/2012 09:13 AM, Martin Kosek wrote:
> I did various tests with IPv4 and IPv6 and everything worked for me. I also
> tried a mixed IPv4+IPv6 and IPv6-only environment and I was able to install an
> IPv6-only replica without issues.
>
> ---
>
> Many functions use low-level socket interface for connection or
> various checks. However, most of the time we don't respect
> automatic address family detection but rather try to force our
> values. This may cause either redundat connection tries when an
> address family is disabled on system tries or even crashes
> when socket exceptions are not properly caught.
>
> Instead of forcing address families to socket, rather use
> getaddrinfo interface to automatically retrieve a list of all
> relevant address families and other connection settings when
> connecting to remote/local machine or binding to a local port.
> Now, we will also fill correctly all connection parameters like
> flowinfo and scopeid for IPv6 connections which will for example
> prevent issues with scoped IPv6 addresses.
>
> bind_port_responder function was changed to at first try to bind
> to IPv6 wildcard address before IPv4 as IPv6 socket is able to
> accept both IPv4 and IPv6 connections (unlike IPv4 socket).
>
> nsslib connection was refactored to use nss.io.AddrInfo class to
> get all the available connections. Socket is now not created by
> default in NSSConnection class initializer, but rather when the
> actual connection is being made, becase we do not an address family
> where connection is successful.
>
> https://fedorahosted.org/freeipa/ticket/2695
>
Attaching a rebased patch with updated comment - the patch also fix issues in
ticket 2913.
I just found an easy way to reproduce an issue caused by incorrect address
family handling that can be tried during review:
1) Turn of IPv6 in your (Fedora) OS:
- add "ipv6.disable=1" as kernel parameter in your kernel line in your
bootloader conf
- add "NETWORKING_IPV6=no" to your /etc/sysconfig/network
2) Run "ipa-replica-conncheck -m <master>" where <master> is a fqdn of some of
your running IPA servers. Current IPA version will produce bunch of tracebacks,
patched IPA should work without any issue
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-283-2-improve-address-family-handling-in-sockets.patch
Type: text/x-patch
Size: 20553 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120711/f6b38590/attachment.bin>
More information about the Freeipa-devel
mailing list