Bug 767125

Summary: unscd breaks ipv6 name lookups
Product: [openSUSE] openSUSE 12.2 Reporter: Dominique Leuenberger <dimstar>
Component: BasesystemAssignee: Michael Matz <matz>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Critical    
Priority: P5 - None CC: aj, bwiedemann, crrodriguez, ismail, matz
Version: Factory   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 684534    
Bug Blocks:    
Attachments: Possible patch

Description Dominique Leuenberger 2012-06-14 16:45:08 UTC 
While running unscd on a factory machine, IPv6 DNS Lookups do not work.

laran:~ # rcnscd start
redirecting to systemctl
laran:~ # getent ahosts www.google.com
74.125.132.103  STREAM www.l.google.com
74.125.132.103  DGRAM  
74.125.132.103  RAW    
74.125.132.105  STREAM 
74.125.132.105  DGRAM  
74.125.132.105  RAW    
74.125.132.106  STREAM 
74.125.132.106  DGRAM  
74.125.132.106  RAW    
74.125.132.147  STREAM 
74.125.132.147  DGRAM  
74.125.132.147  RAW    
74.125.132.99   STREAM 
74.125.132.99   DGRAM  
74.125.132.99   RAW    
74.125.132.104  STREAM 
74.125.132.104  DGRAM  
74.125.132.104  RAW    
laran:~ # ping6 www.google.com
unknown host
laran:~ # rcnscd stop
redirecting to systemctl
laran:~ # getent ahosts www.google.com
2a00:1450:4007:804::1014 STREAM www.l.google.com
2a00:1450:4007:804::1014 DGRAM  
2a00:1450:4007:804::1014 RAW    
74.125.132.105  STREAM 
74.125.132.105  DGRAM  
74.125.132.105  RAW    
74.125.132.103  STREAM 
74.125.132.103  DGRAM  
74.125.132.103  RAW    
74.125.132.104  STREAM 
74.125.132.104  DGRAM  
74.125.132.104  RAW    
74.125.132.106  STREAM 
74.125.132.106  DGRAM  
74.125.132.106  RAW    
74.125.132.99   STREAM 
74.125.132.99   DGRAM  
74.125.132.99   RAW    
74.125.132.147  STREAM 
74.125.132.147  DGRAM  
74.125.132.147  RAW    
laran:~ # ping6 www.google.com -c 1
PING www.google.com(par03s03-in-x14.1e100.net) 56 data bytes
64 bytes from par03s03-in-x14.1e100.net: icmp_seq=1 ttl=54 time=134 ms

--- www.google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 134.645/134.645/134.645/0.000 ms
laran:~ #
Comment 2 Cristian Rodríguez 2012-06-15 13:49:39 UTC 
Saw this one, workaround, install glibc nscd , package "nscd"
Comment 4 Bernhard Wiedemann 2012-06-17 09:34:24 UTC 
AJ, I found that this fixes the problem:

--- nscd-0.48.c (revision 1)
+++ nscd-0.48.c (working copy)
@@ -1084,7 +1084,7 @@
        unsigned canonlen = 0;
 
        memset(&hints, 0, sizeof(hints));
-       hints.ai_flags = AI_CANONNAME;
+       hints.ai_flags = (AI_CANONNAME | AI_ADDRCONFIG);
        /* kills dups (one for each possible SOCK_xxx) */
        /* this matches glibc behavior */
        hints.ai_socktype = SOCK_STREAM;

but reading
man 3 getaddrinfo
makes me think, that this is actually a glibc bug:

       If  hints.ai_flags includes the AI_ADDRCONFIG flag, then IPv4 addresses
       are returned in the list pointed to by res only if the local system has
       at  least  one  IPv4  address  configured,  and IPv6 addresses are only
       returned if the local system has at least one IPv6 address  configured.
       The loopback address is not considered for this case as valid as a con-
       figured address.


if you want to try:
https://build.opensuse.org/package/show?package=unscd&project=home%3Abmwiedemann%3Abranches%3ABase%3ASystem
Comment 5 Bernhard Wiedemann 2012-06-17 16:09:33 UTC 
the breakage comes from
getaddrinfo-ipv6-sanity.diff having
glibc/sysdeps/posix/getaddrinfo.c
-      last_i = gaih_inet (name, pservice, hints, end, &naddrs);
+      last_i = gaih_inet (name, pservice, hints, end, &naddrs, seen_ipv6);

where seen_ipv6 is not initialized by the above __check_pf call (because it is within the if(hints->ai_flags & AI_ADDRCONFIG) )
and not yet by the below __check_pf call

changes from bug 684534 may have introduced some of it
Comment 6 Michael Matz 2012-06-18 11:37:46 UTC 
Yeah, possibly we can check the local addresses also for !AI_ADDRCONFIG.
Comment 7 Michael Matz 2012-06-18 11:42:32 UTC 
Note: for glibc 2.11 check_pf is still called unconditional, so the same should
also be done for newer glibc, at _for us_, as we use seen_ipv6 also
unconditional.
Comment 8 Andreas Jaeger 2012-07-02 10:50:59 UTC 
Michael, do you have an updated patch?
Comment 9 Michael Matz 2012-07-04 12:38:58 UTC 
Created attachment 497405 [details]
Possible patch

I think this should do the trick.  It replaces the whole old getaddrinfo-ipv6-sanity.diff patch.  It applies to some git glibc I had lying
around, it probably also applies to 2.15.
Comment 10 Andreas Jaeger 2012-07-04 13:39:42 UTC 
Thanks, adding to our glibc now.
Comment 11 Andreas Jaeger 2012-07-05 08:24:47 UTC 
Bernhard, Dominique,

Base:System has a new glibc (awaiting Factory review). Could you test that one, please?
Comment 12 Dominique Leuenberger 2012-07-05 17:37:53 UTC 
With the glibc*.rpm packages from Base:System and unscd running, I can still ping ipv6 addresses...

so that looks good.
Comment 13 Bernhard Wiedemann 2012-07-06 19:02:45 UTC 
glibc+unscd now returns AAAA records when I have any IPv6 addr,
even a link-local addr that can not be used for accessing the internet.

So the patch only prevents IPv6-lookups when people disable IPv6 completely.
That is fine for me.
Comment 14 Ismail Dönmez 2012-08-23 12:48:48 UTC 
Closing this one as fixed since comment #12 and comment #13 confirms.