On 07/13/2012 02:20 PM, Jan Cholasta wrote: > Dne 11.7.2012 10:34, Martin Kosek napsal(a): >> On 07/04/2012 09:13 AM, Martin Kosek wrote: >>> I did various tests with IPv4 and IPv6 and everything worked for me. I also >>> tried a mixed IPv4+IPv6 and IPv6-only environment and I was able to install >>> an >>> IPv6-only replica without issues. >>> >>> --- >>> >>> Many functions use low-level socket interface for connection or >>> various checks. However, most of the time we don't respect >>> automatic address family detection but rather try to force our >>> values. This may cause either redundat connection tries when an >>> address family is disabled on system tries or even crashes >>> when socket exceptions are not properly caught. >>> >>> Instead of forcing address families to socket, rather use >>> getaddrinfo interface to automatically retrieve a list of all >>> relevant address families and other connection settings when >>> connecting to remote/local machine or binding to a local port. >>> Now, we will also fill correctly all connection parameters like >>> flowinfo and scopeid for IPv6 connections which will for example >>> prevent issues with scoped IPv6 addresses. >>> >>> bind_port_responder function was changed to at first try to bind >>> to IPv6 wildcard address before IPv4 as IPv6 socket is able to >>> accept both IPv4 and IPv6 connections (unlike IPv4 socket). >>> >>> nsslib connection was refactored to use nss.io.AddrInfo class to >>> get all the available connections. Socket is now not created by >>> default in NSSConnection class initializer, but rather when the >>> actual connection is being made, becase we do not an address family >>> where connection is successful. >>> >>> https://fedorahosted.org/freeipa/ticket/2695 >>> >> >> Attaching a rebased patch with updated comment - the patch also fix issues in >> ticket 2913. >> >> I just found an easy way to reproduce an issue caused by incorrect address >> family handling that can be tried during review: >> >> 1) Turn of IPv6 in your (Fedora) OS: >> - add "ipv6.disable=1" as kernel parameter in your kernel line in your >> bootloader conf >> - add "NETWORKING_IPV6=no" to your /etc/sysconfig/network >> >> 2) Run "ipa-replica-conncheck -m <master>" where <master> is a fqdn of some >> of >> your running IPA servers. Current IPA version will produce bunch of >> tracebacks, >> patched IPA should work without any issue >> >> Martin >> > > ACK, both IPv4-only and IPv6-only installs work fine. > > Honza >
Thanks for thorough review. Pushed to master. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel