Bug 483812

Summary: make rpc.gssd work with IPv6
Product: [Fedora] Fedora Reporter: Jeff Layton <jlayton>
Component: nfs-utilsAssignee: Jeff Layton <jlayton>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: staubach, steved
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-04-17 07:15:26 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Attachments:
Description Flags
patch 1 -- make gssd reverse name resolution work with IPv6 none

Description Jeff Layton 2009-02-03 13:19:32 EST
Chuck Lever asked that I start looking at getting GSSAPI mounts working over IPv6. Opening this bug to track progress on that front...

We don't yet have a fully working IPv6 server on Linux so I've gone ahead and set up an opensolaris server for interop testing. I have it krb5 mounts working with IPv4. I can confirm that IPv6 does not yet work.

When I attempt a mount, I get these errors in the logs:

Feb  3 13:17:52 rawhide rpc.gssd[1619]: ERROR: can't resolve server feed:0000:0000:0000:0000:0000:0000:0023 name
Feb  3 13:17:52 rawhide rpc.gssd[1619]: ERROR: failed to read service info
Feb  3 13:17:52 rawhide rpc.gssd[1619]: ERROR: can't resolve server feed:0000:0000:0000:0000:0000:0000:0023 name
Feb  3 13:17:52 rawhide rpc.gssd[1619]: ERROR: failed to read service info
Feb  3 13:17:52 rawhide rpc.gssd[1619]: ERROR: can't resolve server feed:0000:0000:0000:0000:0000:0000:0023 name
Feb  3 13:17:52 rawhide rpc.gssd[1619]: ERROR: failed to read service info

So it looks like the first step is to get reverse resolution of IPv6 address to server name working.
Comment 1 Jeff Layton 2009-02-03 15:23:13 EST
Created attachment 330770 [details]
patch 1 -- make gssd reverse name resolution work with IPv6

First patch. Make reverse name resolution work with IPv6. This seems to get it past the "can't resolve hostname" errors.
Comment 2 Jeff Layton 2009-02-03 15:25:26 EST
That patch gets it over the initial hump. Now I see a segfault in what looks like nfs-utils-lib functions. I'll poke at those some tomorrow...

Program received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x000000000033bbbf in clnttcp_call (h=0x7ffff826e400, proc=0, xdr_args=0x3367a0 <xdr_rpc_gss_init_args>, args_ptr=0x7fffffffdd30 "\006\002", 
    xdr_results=0x336630 <xdr_rpc_gss_init_res>, results_ptr=0x7fffffffdce0 "", timeout={tv_sec = 25, tv_usec = 0}) at clnt_tcp.c:337
#2  0x0000000000335bda in authgss_refresh (auth=0x7ffff826afa0) at auth_gss.c:513
#3  0x0000000000335ff1 in authgss_create (clnt=0x7ffff826e400, name=0x7ffff8204c20, sec=0x7fffffffe2e0) at auth_gss.c:217
#4  0x0000000000336140 in authgss_create_default (clnt=0x7ffff826e400, service=0x7ffff8206e90 "nfs@opensolaris.poochiereds.net", sec=0x7fffffffe2e0) at auth_gss.c:250
#5  0x00007ffff7ff9818 in create_auth_rpc_client (clp=0x7ffff8204a30, clnt_return=0x7fffffffe3a0, auth_return=0x7fffffffe398, uid=0, authtype=0) at gssd_proc.c:677
#6  0x00007ffff7ffa9ca in handle_krb5_upcall (clp=0x7ffff8204a30) at gssd_proc.c:769
#7  0x00007ffff7ff90fc in scan_poll_results (ret=<value optimized out>) at gssd_main_loop.c:76
#8  gssd_run () at gssd_main_loop.c:146
#9  0x00007ffff7ff8e23 in main (argc=<value optimized out>, argv=0x7fffffffe638) at gssd.c:189
Comment 3 Jeff Layton 2009-03-11 12:53:03 EDT
Ok, after a lot of back and forth we determined that the problem in comment #2 was due to a mixing of legacy (glibc) rpc and libtirpc headers and libraries. In more recent tags in Chuck's nfs-utils git tree he's done a better job of making sure that we have a clean switch between libtirpc and legacy rpc.

I now have a first draft of a patchset to convert gssd to libtirpc and to handle IPv6 correctly. It's based on the latest tag in Chuck's tree. With it, I'm able to successfully mount an OpenSolaris server using NFSv4 + IPv6 + krb5. It also eliminates what I think is an unnecessary DNS lookup on each upcall (working on getting confirmation on this).

I've posted the patchset to upstream linux-nfs@vger.kernel.org and nfsv4@linux-nfs.org lists for comment.

Subject: [PATCH 0/6] nfs-utils: convert gssd to TI-RPC and add IPv6 support (RFC)
Comment 4 Jeff Layton 2009-04-17 07:15:26 EDT
Patches have been committed to nfs-utils upstream. They'll be in rawhide soon if they aren't already.