Bug#873073: [Pkg-samba-maint] Bug#873073: Other ways to disable IPv6 ?
Control: clone -1 -2 Control: retitle -2 smbd No way to bind to IPv4 only Control: severity -2 wishlist Control: reopen -2 Control: tags -2 confirmed upstrea Le jeu. 25 juil. 2019 à 01:36, Dark Penguin a écrit : > > On 24/07/19 22:14, Mathieu Parent wrote: > > Le mer. 24 juil. 2019 à 00:27, Dark Penguin a > > écrit : > >> > >> On 24/07/19 00:15, Mathieu Parent wrote: > >>> Version: 2:4.9.5+dfsg-5 > >>> > >>> I'm closing this bug with the version in buster. > >>> > >>> Le dim. 21 juil. 2019 à 21:45, Dark Penguin a > >>> écrit : > > I tried this just now. The result is, basically, nothing: my kernel does > not have IPv6 support anyway, so restricting IPv6 out on the systemd > level does not change anything. There are still error messages about > being unable to bind to IPv6 upon restarting smbd, however with this, > restarting it also takes a few seconds instead of happening almost > instantly. > > I guess the "proper" solution would be the same: if there are no IPv6 > interfaces in the system, smbd should not try to bind to them. If it was > specifically instructed to bind to a certain interface and it is > unavailable, then output an error message "This interface is requested > but unavailable", instead of "open_socket_in(): socket() call failed: > Address family not supported by protocol". This error message is not > even decipherable without Google's help. > >>> > >>> The following binds to IPv4 only: > >>> > >>> interfaces = lo 0.0.0.0 > >>> bind to interfaces only = yes > >>> > >>> Regards > >> > >> > >> Umm... I've actually tried that before. > > > > Confirmed with: > >interfaces = 127.0.0.0/8 0.0.0.0 > >bind interfaces only = yes > > > > > > $ sudo ss -lntp | grep smbd > > LISTEN0 50 127.0.0.1:445 > > 0.0.0.0:*users:(("smbd",pid=9146,fd=32)) > > LISTEN0 50 127.0.0.1:139 > > 0.0.0.0:*users:(("smbd",pid=9146,fd=33)) > > > We should probably reopen this then?.. The current bug is about samba service depending on network. I'm cloning this bug to another, about IPv4-only binding. Regards -- Mathieu Parent
Bug#873073: [Pkg-samba-maint] Bug#873073: Other ways to disable IPv6 ?
On 24/07/19 22:14, Mathieu Parent wrote: > Le mer. 24 juil. 2019 à 00:27, Dark Penguin a écrit : >> >> On 24/07/19 00:15, Mathieu Parent wrote: >>> Version: 2:4.9.5+dfsg-5 >>> >>> I'm closing this bug with the version in buster. >>> >>> Le dim. 21 juil. 2019 à 21:45, Dark Penguin a >>> écrit : I tried this just now. The result is, basically, nothing: my kernel does not have IPv6 support anyway, so restricting IPv6 out on the systemd level does not change anything. There are still error messages about being unable to bind to IPv6 upon restarting smbd, however with this, restarting it also takes a few seconds instead of happening almost instantly. I guess the "proper" solution would be the same: if there are no IPv6 interfaces in the system, smbd should not try to bind to them. If it was specifically instructed to bind to a certain interface and it is unavailable, then output an error message "This interface is requested but unavailable", instead of "open_socket_in(): socket() call failed: Address family not supported by protocol". This error message is not even decipherable without Google's help. >>> >>> The following binds to IPv4 only: >>> >>> interfaces = lo 0.0.0.0 >>> bind to interfaces only = yes >>> >>> Regards >> >> >> Umm... I've actually tried that before. > > Confirmed with: >interfaces = 127.0.0.0/8 0.0.0.0 >bind interfaces only = yes > > > $ sudo ss -lntp | grep smbd > LISTEN0 50 127.0.0.1:445 > 0.0.0.0:*users:(("smbd",pid=9146,fd=32)) > LISTEN0 50 127.0.0.1:139 > 0.0.0.0:*users:(("smbd",pid=9146,fd=33)) We should probably reopen this then?.. -- darkpenguin
Bug#873073: [Pkg-samba-maint] Bug#873073: Other ways to disable IPv6 ?
Le mer. 24 juil. 2019 à 00:27, Dark Penguin a écrit : > > On 24/07/19 00:15, Mathieu Parent wrote: > > Version: 2:4.9.5+dfsg-5 > > > > I'm closing this bug with the version in buster. > > > > Le dim. 21 juil. 2019 à 21:45, Dark Penguin a > > écrit : > >> > >> I tried this just now. The result is, basically, nothing: my kernel does > >> not have IPv6 support anyway, so restricting IPv6 out on the systemd > >> level does not change anything. There are still error messages about > >> being unable to bind to IPv6 upon restarting smbd, however with this, > >> restarting it also takes a few seconds instead of happening almost > >> instantly. > >> > >> I guess the "proper" solution would be the same: if there are no IPv6 > >> interfaces in the system, smbd should not try to bind to them. If it was > >> specifically instructed to bind to a certain interface and it is > >> unavailable, then output an error message "This interface is requested > >> but unavailable", instead of "open_socket_in(): socket() call failed: > >> Address family not supported by protocol". This error message is not > >> even decipherable without Google's help. > > > > The following binds to IPv4 only: > > > > interfaces = lo 0.0.0.0 > > bind to interfaces only = yes > > > > Regards > > > Umm... I've actually tried that before. Confirmed with: interfaces = 127.0.0.0/8 0.0.0.0 bind interfaces only = yes $ sudo ss -lntp | grep smbd LISTEN0 50 127.0.0.1:445 0.0.0.0:*users:(("smbd",pid=9146,fd=32)) LISTEN0 50 127.0.0.1:139 0.0.0.0:*users:(("smbd",pid=9146,fd=33)) -- Mathieu Parent
Bug#873073: [Pkg-samba-maint] Bug#873073: Other ways to disable IPv6 ?
I tried this just now. The result is, basically, nothing: my kernel does not have IPv6 support anyway, so restricting IPv6 out on the systemd level does not change anything. There are still error messages about being unable to bind to IPv6 upon restarting smbd, however with this, restarting it also takes a few seconds instead of happening almost instantly. I guess the "proper" solution would be the same: if there are no IPv6 interfaces in the system, smbd should not try to bind to them. If it was specifically instructed to bind to a certain interface and it is unavailable, then output an error message "This interface is requested but unavailable", instead of "open_socket_in(): socket() call failed: Address family not supported by protocol". This error message is not even decipherable without Google's help. On 15/07/19 16:51, Mathieu Parent wrote: > Le dim. 14 juil. 2019 à 15:09, Dark Penguin a écrit : >> >> This particular case could be less of a problem (at least to me) if >> adding "bind interfaces only = yes" was not the only way to disable IPv6 >> in samba. >> >> Would it make sense to change the priority of an error message on >> startup about missing IPv6 support? If samba sees that IPv6 is not >> supported on this system, shouldn't it deduce that it is therefore not >> required, and output an "info" message like "Not binding to IPv6 - >> protocol not supported" instead of an error? > > Have you tried overriding with: > > cat /etc/systemd/system/smbd.service > [Service] > RestrictAddressFamilies=AF_UNIX AF_INET > > (then systemctl daemon-reload and systemctl restart smbd) > > (Not tested...) > > Regards > -- darkpenguin
Bug#873073: [Pkg-samba-maint] Bug#873073: Other ways to disable IPv6 ?
Le dim. 14 juil. 2019 à 15:09, Dark Penguin a écrit : > > This particular case could be less of a problem (at least to me) if > adding "bind interfaces only = yes" was not the only way to disable IPv6 > in samba. > > Would it make sense to change the priority of an error message on > startup about missing IPv6 support? If samba sees that IPv6 is not > supported on this system, shouldn't it deduce that it is therefore not > required, and output an "info" message like "Not binding to IPv6 - > protocol not supported" instead of an error? Have you tried overriding with: cat /etc/systemd/system/smbd.service [Service] RestrictAddressFamilies=AF_UNIX AF_INET (then systemctl daemon-reload and systemctl restart smbd) (Not tested...) Regards -- Mathieu Parent