[Freeipa-users] IPv6

[Petr Spacek]

On 04/27/2012 02:43 PM, John Dennis wrote:
> On 04/27/2012 04:45 AM, Petr Spacek wrote:
>> On 04/26/2012 11:42 PM, Simo Sorce wrote:
>>> On Thu, 2012-04-26 at 21:18 +0000, Steven Jones wrote:
>>>> Hi,
>>>>
>>>> FYI,
>>>>
>>>> I shutdown IPv6 as we dont do IPv6 and found that IPA wouldnt
>>>> work....slight oops there...
>>>
>>> Hi Steve,
>>> can you be more explicit on how you 'shutdown' IPv6 ?
>>> And can you please tell exactly how IPA breaks in that case ?
>>>
>>> Is this after IPA is fully installed ? Or does the installer fail ?
>>>
>>> Simo.
>>>
>> Is it same issue as described in
>> https://www.redhat.com/archives/freeipa-users/2012-April/msg00160.html ?
>
> We do IPv6 in several places, but a while ago I noticed the way we iterate
> over address families in nsslib in conjunction with getaddrinfo (the
> io.AddrInfo class) looks dubious, it seems overly complex as if it's trying to
> force a family selection (not sure, I would have to go back and really look at
> the code again).
Family selection should not be enforced from our code, I think. This way can 
create hidden dependency based on our (probably wrong) assumptions.

> In any event getaddrinfo is designed to return a list of possible addresses
> sorted in priority order by the system. You're supposed to start at the first
> address in the list and see if you can connect, if not try the next address.
> You're not supposed to take addresses in the list based on some other criteria
> (which is what we seem to be doing with the family).
>
> FWIW, the raw c lib getaddrinfo allows one to specify constraints (such as
> family), unfortunately NSPR (the wrapper around getaddrinfo in nsslib) does
> not permit this, not sure why (probably because NSPR has to fallback to other
> mechanisms if getaddrinfo is not available)

AFAIK "right place" to specify this kind of constraints is to use 
"/etc/gai.conf" configuration file. NSPR ignores it?

Petr^2 Spacek