[Freeipa-users] IPv6
John Dennis
jdennis at redhat.com
Fri Apr 27 12:43:45 UTC 2012
On 04/27/2012 04:45 AM, Petr Spacek wrote:
> On 04/26/2012 11:42 PM, Simo Sorce wrote:
>> On Thu, 2012-04-26 at 21:18 +0000, Steven Jones wrote:
>>> Hi,
>>>
>>> FYI,
>>>
>>> I shutdown IPv6 as we dont do IPv6 and found that IPA wouldnt work....slight oops there...
>>
>> Hi Steve,
>> can you be more explicit on how you 'shutdown' IPv6 ?
>> And can you please tell exactly how IPA breaks in that case ?
>>
>> Is this after IPA is fully installed ? Or does the installer fail ?
>>
>> Simo.
>>
> Is it same issue as described in
> https://www.redhat.com/archives/freeipa-users/2012-April/msg00160.html ?
We do IPv6 in several places, but a while ago I noticed the way we
iterate over address families in nsslib in conjunction with getaddrinfo
(the io.AddrInfo class) looks dubious, it seems overly complex as if
it's trying to force a family selection (not sure, I would have to go
back and really look at the code again).
In any event getaddrinfo is designed to return a list of possible
addresses sorted in priority order by the system. You're supposed to
start at the first address in the list and see if you can connect, if
not try the next address. You're not supposed to take addresses in the
list based on some other criteria (which is what we seem to be doing
with the family).
FWIW, the raw c lib getaddrinfo allows one to specify constraints (such
as family), unfortunately NSPR (the wrapper around getaddrinfo in
nsslib) does not permit this, not sure why (probably because NSPR has to
fallback to other mechanisms if getaddrinfo is not available)
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list