[Freeipa-users] IPv6

John Dennis jdennis at redhat.com
Mon Apr 30 12:27:53 UTC 2012 

On 04/30/2012 03:54 AM, Petr Spacek wrote:
> On 04/27/2012 02:43 PM, John Dennis wrote:
>> On 04/27/2012 04:45 AM, Petr Spacek wrote:
>>> On 04/26/2012 11:42 PM, Simo Sorce wrote:
>>>> On Thu, 2012-04-26 at 21:18 +0000, Steven Jones wrote:
>>>>> Hi,
>>>>>
>>>>> FYI,
>>>>>
>>>>> I shutdown IPv6 as we dont do IPv6 and found that IPA wouldnt
>>>>> work....slight oops there...
>>>>
>>>> Hi Steve,
>>>> can you be more explicit on how you 'shutdown' IPv6 ?
>>>> And can you please tell exactly how IPA breaks in that case ?
>>>>
>>>> Is this after IPA is fully installed ? Or does the installer fail ?
>>>>
>>>> Simo.
>>>>
>>> Is it same issue as described in
>>> https://www.redhat.com/archives/freeipa-users/2012-April/msg00160.html ?
>>
>> We do IPv6 in several places, but a while ago I noticed the way we iterate
>> over address families in nsslib in conjunction with getaddrinfo (the
>> io.AddrInfo class) looks dubious, it seems overly complex as if it's trying to
>> force a family selection (not sure, I would have to go back and really look at
>> the code again).

> Family selection should not be enforced from our code, I think. This way can
> create hidden dependency based on our (probably wrong) assumptions.

Agreed. We should not try to influence family selection.

I will open an IPA trac ticket.

>> In any event getaddrinfo is designed to return a list of possible addresses
>> sorted in priority order by the system. You're supposed to start at the first
>> address in the list and see if you can connect, if not try the next address.
>> You're not supposed to take addresses in the list based on some other criteria
>> (which is what we seem to be doing with the family).
>>
>> FWIW, the raw c lib getaddrinfo allows one to specify constraints (such as
>> family), unfortunately NSPR (the wrapper around getaddrinfo in nsslib) does
>> not permit this, not sure why (probably because NSPR has to fallback to other
>> mechanisms if getaddrinfo is not available)
>
> AFAIK "right place" to specify this kind of constraints is to use
> "/etc/gai.conf" configuration file. NSPR ignores it?

No. I believe /etc/gai.conf will be respected on modern systems with 
getaddrinfo support by NSPR because NSPR calls into getaddrinfo which is 
influenced by /etc/gai.conf. What I was referring to is that getaddrinfo 
exposes network address selection filtration based on gai.conf (or so I 
believe).


-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-users mailing list