Dne 11.7.2012 10:34, Martin Kosek napsal(a):
On 07/04/2012 09:13 AM, Martin Kosek wrote:
I did various tests with IPv4 and IPv6 and everything worked for me. I also
tried a mixed IPv4+IPv6 and IPv6-only environment and I was able to install an
IPv6-only replica without issues.
---
Many functions use low-level socket interface for connection or
various checks. However, most of the time we don't respect
automatic address family detection but rather try to force our
values. This may cause either redundat connection tries when an
address family is disabled on system tries or even crashes
when socket exceptions are not properly caught.
Instead of forcing address families to socket, rather use
getaddrinfo interface to automatically retrieve a list of all
relevant address families and other connection settings when
connecting to remote/local machine or binding to a local port.
Now, we will also fill correctly all connection parameters like
flowinfo and scopeid for IPv6 connections which will for example
prevent issues with scoped IPv6 addresses.
bind_port_responder function was changed to at first try to bind
to IPv6 wildcard address before IPv4 as IPv6 socket is able to
accept both IPv4 and IPv6 connections (unlike IPv4 socket).
nsslib connection was refactored to use nss.io.AddrInfo class to
get all the available connections. Socket is now not created by
default in NSSConnection class initializer, but rather when the
actual connection is being made, becase we do not an address family
where connection is successful.
https://fedorahosted.org/freeipa/ticket/2695
Attaching a rebased patch with updated comment - the patch also fix issues in
ticket 2913.
I just found an easy way to reproduce an issue caused by incorrect address
family handling that can be tried during review:
1) Turn of IPv6 in your (Fedora) OS:
- add "ipv6.disable=1" as kernel parameter in your kernel line in your
bootloader conf
- add "NETWORKING_IPV6=no" to your /etc/sysconfig/network
2) Run "ipa-replica-conncheck -m <master>" where <master> is a fqdn of some of
your running IPA servers. Current IPA version will produce bunch of tracebacks,
patched IPA should work without any issue
Martin
ACK, both IPv4-only and IPv6-only installs work fine.
Honza
--
Jan Cholasta
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
