On 07/13/2012 02:20 PM, Jan Cholasta wrote:
> Dne 11.7.2012 10:34, Martin Kosek napsal(a):
>> On 07/04/2012 09:13 AM, Martin Kosek wrote:
>>> I did various tests with IPv4 and IPv6 and everything worked for me. I also
>>> tried a mixed IPv4+IPv6 and IPv6-only environment and I was able to install
>>> IPv6-only replica without issues.
>>> Many functions use low-level socket interface for connection or
>>> various checks. However, most of the time we don't respect
>>> automatic address family detection but rather try to force our
>>> values. This may cause either redundat connection tries when an
>>> address family is disabled on system tries or even crashes
>>> when socket exceptions are not properly caught.
>>> Instead of forcing address families to socket, rather use
>>> getaddrinfo interface to automatically retrieve a list of all
>>> relevant address families and other connection settings when
>>> connecting to remote/local machine or binding to a local port.
>>> Now, we will also fill correctly all connection parameters like
>>> flowinfo and scopeid for IPv6 connections which will for example
>>> prevent issues with scoped IPv6 addresses.
>>> bind_port_responder function was changed to at first try to bind
>>> to IPv6 wildcard address before IPv4 as IPv6 socket is able to
>>> accept both IPv4 and IPv6 connections (unlike IPv4 socket).
>>> nsslib connection was refactored to use nss.io.AddrInfo class to
>>> get all the available connections. Socket is now not created by
>>> default in NSSConnection class initializer, but rather when the
>>> actual connection is being made, becase we do not an address family
>>> where connection is successful.
>> Attaching a rebased patch with updated comment - the patch also fix issues in
>> ticket 2913.
>> I just found an easy way to reproduce an issue caused by incorrect address
>> family handling that can be tried during review:
>> 1) Turn of IPv6 in your (Fedora) OS:
>> - add "ipv6.disable=1" as kernel parameter in your kernel line in your
>> bootloader conf
>> - add "NETWORKING_IPV6=no" to your /etc/sysconfig/network
>> 2) Run "ipa-replica-conncheck -m <master>" where <master> is a fqdn of some
>> your running IPA servers. Current IPA version will produce bunch of
>> patched IPA should work without any issue
> ACK, both IPv4-only and IPv6-only installs work fine.
Thanks for thorough review. Pushed to master.
Freeipa-devel mailing list