RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1035209 - virt-viewer cannot connect guest via qemu+ssh when listen address is 0.0.0.0
Summary: virt-viewer cannot connect guest via qemu+ssh when listen address is 0.0.0.0
Keywords:
Status: CLOSED DUPLICATE of bug 1192143
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: nmap
Version: 7.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Michal Hlavinka
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-11-27 10:01 UTC by CongDong
Modified: 2015-07-22 12:50 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-07-22 12:50:28 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
virt-viewer debug message (2.88 KB, text/x-log)
2013-11-27 10:01 UTC, CongDong 		no flags Details
log for spice guest (4.23 KB, text/x-log)
2013-12-17 03:42 UTC, CongDong 		no flags Details
View All

Description CongDong 2013-11-27 10:01:59 UTC 
Created attachment 829628 [details]
virt-viewer debug message

Description of problem:
If configure the vnc listen address with "0.0.0.0".
Cannot use virt-viewer connect the vnc guest via qemu+ssh.

Version-Release number of selected component (if applicable):
# rpm -qa libvirt qemu-kvm virt-viewer 
libvirt-1.1.1-13.el7.x86_64
qemu-kvm-1.5.3-19.el7.x86_64
virt-viewer-0.5.7-2.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Prepare a vnc guest on remote host($remote-ip)
2. # virsh dumpxml $guest , make sure listen address is "0.0.0.0"
    <graphics type='vnc' port='5900' autoport='yes' listen='0.0.0.0'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>

2. Use virt-viewer connect the guest
# virt-viewer -c qemu+ssh://$remote-ip/system $guest

Actual results:
virt-viewer is stop and got error message:
** (virt-viewer:29384): WARNING **: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-hfBAkVZwRc: Connection refused
Ncat: Connection refused.

After input the password second time, connection failed and a message pop out.
(virt-viewer:25881): Gtk-WARNING **: Attempting to add a widget with type VncDisplay to a container of type VirtViewerDisplayVnc, but the widget is already inside a container of type VirtViewerDisplayVnc, please use gtk_widget_reparent()


Expected results:
virt-viewer can connect the vnc guest successfully.

Additional info:
remote-viewer can connect the guset successfully.
If the guest is a spice guest, virt-viewer can connect it.
Comment 2 CongDong 2013-12-17 03:42:05 UTC 
Created attachment 837537 [details]
log for spice guest

With virt-viewer-0.5.7-3.el7.x86_64
spice+qxl+spicevmc guest also has the same problem.

But if use spice guest, an error dialog will pop out:
Unable to connect to the graphic server localhost:5900

If use a vnc guest, the virt-viewer window just close.
There is no error dialog.
Comment 3 Christophe Fergeau 2013-12-17 10:11:17 UTC 
(In reply to CongDong from comment #0)

> After input the password second time, connection failed and a message pop
> out.
> (virt-viewer:25881): Gtk-WARNING **: Attempting to add a widget with type
> VncDisplay to a container of type VirtViewerDisplayVnc, but the widget is
> already inside a container of type VirtViewerDisplayVnc, please use
> gtk_widget_reparent()
> 

This one is unrelated to this bug (do you get asked for a password even if libvirt XML does not have a 'passwd' attribute in the <graphics> node?) and is fixed by upstream commit bffbd2a7e7bc4ddd84e482bfb3489021b65401cf
Comment 4 Christophe Fergeau 2013-12-17 13:48:15 UTC 
I've tested this with virt-viewer-0.5.7-2.el7.x86_64 but connecting to a RHEL6 hypervisor ( qemu-kvm-0.12.1.2-2.415.el6_5.3.x86_64 spice-server-0.12.4-6.el6.x86_64 libvirt-0.10.2-29.el6.1.x86_64 ) and connections through qemu+ssh:// work both for spice and vnc.
I don't have yet a RHEL7 on physical hardware in order to test if I can reproduce using a RHEL7 qemu/libvirt.
Comment 5 CongDong 2014-03-11 09:51:27 UTC 
Still can reproduce with:
virt-viewer-0.5.7-7.el7.x86_64

Both vnc and spice have the problem (as comment 0 and 2)
So update the summary.
Comment 6 Christophe Fergeau 2014-03-11 15:27:12 UTC 
What happens is that virt-viewer tries to run 
ssh -l root $remote-ip nc localhost $vncport
and the nc invocation fails (even when run in a local shell) because nc chooses to connect to localhost in ipv6 rather than ipv4.

Changing this to
ssh -l root $remote-ip nc 127.0.0.1 $vncport
or
ssh -l root $remote-ip nc -4 localhost $vncport

Hopefully virt-viewer has enough information from libvirt to decide whether netcat should forward ipv4 or ipv6 from the remote system.
Comment 7 Cui Lei 2014-03-12 02:39:46 UTC 
Use the listen ip '127.0.0.1' instead of ''0.0.0.0', virt-viewer could connect guest as above settings. '127.0.0.1' is default setting in guest xml.
And according to comment6, this is a defect bug not a block issue.
Comment 8 Christophe Fergeau 2014-03-12 11:06:22 UTC 
After a discussion with danpb,

11:23 < teuf> danpb: do you know if nc localhost $port should figure out by itself to connect to $port using ipv4 or ipv6, or is it up
              to remote-viewer to be more specific than 'localhost' there ?
11:24 < danpb> assuming 'localhost' has mappings for both ipv4 + ipv6 then the code should try both
11:25 < danpb> basically  getaddrinfo() will return multiple results and the application is supposed to try each result in order until
               it successfuly connects or runs out of results to try
11:46 < teuf> danpb: nmap-ncat does not seem to be doing that /o\ they have a 'resolve' function which only keep the first result from
              getaddrinfo
11:46 < teuf> and  ncat -4 -l 8080 + ncat localhost 8080 fails on rhel7/f20 :(
11:47 < teuf> guess I'll move the bug there and see how it goes
11:48 < danpb> teuf: basically this page describes correct usage  http://www.akkadia.org/drepper/userapi-ipv6.html
11:48 < supybot> Title: Userlevel IPv6 Programming Introduction (at www.akkadia.org)
11:48 < danpb> "The most important thing when using getaddrinfo is     to make sure     that all results are used in order.  To stress
               the important words
11:48 < danpb> again: all and order.  Too many (incorrect) programs     only use the first result.  The order in which the results are
               returned is not arbitrary or random.  The results are in     fact sorted."
Comment 9 Christophe Fergeau 2014-03-12 11:12:10 UTC 
Reassigning to nmap-ncat, ncat/ncat_core.c:resolve_internal() seems to only keep the first result returned by getaddrinfo. 
Running 'ncat -4 -l 8080' and 'ncat localhost 8080' fails on RHEL7/f20 systems.
Comment 10 RHEL Program Management 2014-03-24 05:50:18 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 12 Michal Hlavinka 2015-07-22 12:50:28 UTC 

*** This bug has been marked as a duplicate of bug 1192143 ***
Note You need to log in before you can comment on or make changes to this bug.