|
Bugzilla – Full Text Bug Listing |
| Summary: | avahi should be started by default | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE 10.3 | Reporter: | Stanislav Brabec <sbrabec> |
| Component: | Network | Assignee: | Gary Ekker <gekker> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Major | ||
| Priority: | P5 - None | CC: | ben, ke, locilka, security-team |
| Version: | Beta 1 | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 298902, 305023 | ||
|
Description
Stanislav Brabec
2007-08-09 15:05:43 UTC
needs to be discussed by dist meeting. we had audited avahid some time ago. any surprising new features in the last year? Also it is a bit more dead weight if the firewall is enabled and only ext interfaces there, it will just not get any traffic. I don't see surprising new features except new package nss-mdns and packaged avahi-bookmarks and other python stuff. Yes, mDNS is intended to work mainly on local network. It should be possible to allow it in firewall rules. Usage with firewall is a bit problematic, because Avahi announces services, not knowing that they are actually firewalled on particular interface. Nowadays mDNS is supported even by small devices like printers, PDA and routers, so it should be usable even in a small environments. nss-mdns allows to refer to local computers using .local domain. It is required e. g. by avahi-bookmarks from avahi-python - going to http://localhost:8080/ you can browse web pages in local network - for example in our network I see controls of our printer as http://npidc4bda.local/ Gary, please decide this. I'm undecided, but this should be decided on the base what SLED wants. We really need Avahi started by default. The firewall also needs to be configured to allow for mDNS traffic, etc. If Avahi isn't running, we really have no reliable way of making things like DAAP music sharing in Banshee working. Users are running into the DAAP problem in 10.3 because of this now: bug #305023. local network = internal firwall zone = unrestricted access => no need to open port in the external (=internet) zone No, I have to stop the firewall any time I want mDNS to work. You didn't put your network interface into the internal zone then. Yes we want avahi to be enabled by default. AJ do you still want to discuss in a dist meeting before enabling this? Alright, let's just go ahead and enable avahi by default on 10.3. However, we won't punch a hole into the firewall by default. This should be documented in the Release Notes. Could someone please provide input on that to Karl, to take this to the RN? For openSUSE n+1 we will need to revisit the firewall issue and make it more intuitive to configure. There is a doc attempt for RN: ----- Avahi Zeroconf (also known as Bonjour, Multicast DNS, mDNS, DNS-SD) service works out of the box only for interfaces in internal firewall zone. If you want to enable it for all (e. g. unconfigured) interfaces, allow service "Zeroconf/Bonjour Multicast DNS" in your SuSEfirewall rules. ----- avahi firewall rule already exists and should work correctly. Please report if it does not. Remaining problem: /etc/avahi/services/ should publish only services, which are active and not firewalled. AFAIK the list is now static and unmaintained. Opening as part FATE #302550: Provide advanced Zeroconf support: https://keeper.suse.de/webfate/match/id?value=302550 Can we mark this bug as fixed and retest in Beta 3? What is the normal protocol for resolving bugs in the OpenSUSE process? Wait for beta 3, test and then resolve the bug? I have a pidgin bug with a dependency on this issue for resolution. Brandy, yes. As soon as a fix has been submitted to STABLE/Factory feel free to close a bug FIXED. As this bug has a dependency to the release notes, it would need to be reassigend to ke@novell.com. Thanks. *** Bug 305023 has been marked as a duplicate of this bug. *** There is no need to add a note to the release notes as the situation didn't change from previous releases. I would think that changing our mDNS stack entirely would warrant a blurb in the notes. New attempt for RN: ----- Zeroconf (also known as Bonjour, Multicast DNS, mDNS, DNS-SD) service is now provided by Avahi stack instead of mDNSResponder. However mDNSResponder and howl compatibility libraries are available. ----- This is optional: ----- To enable mDNS for all network interfaces, use "Zeroconf/Bonjour Multicast DNS" SuSEfirewall rule. ----- Karl, is it OK for Release notes? To Ludwig Nussel (comment #7 and optional note in comment #17): To be completely functional (i. e. act for Zero Configuration), avahi service should be enabled on all interfaces, even on unconfigured interfaces. There are already routers, which are able to assign IP addresses using mDNS instead of DHCP and local DNS. mDNS could be also used to establish ad-hoc IP networking on devices like wireless ad-hoc networks, ethernet patch cable, USB-to-USB cable. All these uses cases need firewall open to unconfigured or external interfaces. Note that 10.3 is probably not ready to work in the Zeroconf ad-hoc network, so probably skip the optional comment. Thanks, that's fine. I'm going to add the following snippet: <!-- bug 298872 --> <sect3 id="zeroconf" status="2007-09-10"> <title>Zeroconf</title> <para> The Zeroconf service—also known as Bonjour, Multicast DNS, mDNS, or DNS-SD—is now provided by the Avahi stack instead of mDNSResponder. However, the mDNSResponder and howl compatibility libraries are still available.</para> <para> To enable mDNS for all network interfaces, use the "Zeroconf/Bonjour Multicast DNS" SuSEfirewall rule.</para> </sect3> Frankly, does anybody even know what are all these services good for? "Zeroconf, Bonjour, Multicast DNS, mDNS, DNS-SD ... now provided by Avahi stack" In my opinion, it's always better to expect that user "doesn't know" that and you want to teach them a bit. Yes, you can additionally mention also those strange names for experienced users, of course :) Please, reconsider the text ;) (In reply to comment #19 from Stanislav Brabec) > There are already routers, which are able to assign IP addresses using mDNS > instead of DHCP and local DNS. mDNS could be also used to establish ad-hoc IP > networking on devices like wireless ad-hoc networks, ethernet patch cable, > USB-to-USB cable. > > All these uses cases need firewall open to unconfigured or external interfaces. No, IPv4 link local address configuration is unrelated to and independent from mDNS. avahi-autoipd (just like any other tool for for that purpose) uses a packet socket which bypasses ip filters anyways. We do already support IPv4 link local addresses for quite some time btw, just set e.g. BOOTPROTO="dhcp+autoip" in your ifcfg file. Thanks Ludwig for explanation. As far as I understand: Zeroconf: Set of techniques for automatic ad-hoc creating of IP network (general name) mDNS/DNS-SD: Multicast DNS/DNS Service Discovery - Set of techniques to create ad-hoc DNS networking. Bonjour: Easy exporting of user space services. mDNSResponder: Implementation from Apple If everything works properly, you can connect two machines and start to work: - Automatically assign IP addresses - Automatically assign names - Automatically announce about user space programs which are ready to share data. I. e.: Plug cable or get to near distance to other WLAN ad-hoc network user, run IM client and talk, run music player and share music, share files in file browser etc. |