1038963 – [RFE] qemu can't listen on both IPv6 and IPv4 localhost for VNC

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1038963 - [RFE] qemu can't listen on both IPv6 and IPv4 localhost for VNC

Summary: [RFE] qemu can't listen on both IPv6 and IPv4 localhost for VNC

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	qemu-kvm-rhev
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	7.4
Assignee:	Gerd Hoffmann
QA Contact:	Guo, Zhiyi
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1038965 1083896
TreeView+	depends on / blocked

Reported:	2013-12-06 09:07 UTC by Ján Tomko
Modified:	2017-08-02 03:22 UTC (History)
CC List:	14 users (show)
Fixed In Version:	qemu-kvm-rhev-2.9.0-1.el7
Doc Type:	Enhancement
Doc Text:
Clone Of:	1014422
Clones:	1038965 (view as bug list)
Environment:
Last Closed:	2017-08-01 23:27:12 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2017:2392	0	normal	SHIPPED_LIVE	Important: qemu-kvm-rhev security, bug fix, and enhancement update	2017-08-01 20:04:36 UTC

Description Ján Tomko 2013-12-06 09:07:35 UTC

+++ This bug was initially created as a clone of Bug #1014422 +++

Description of problem:

qemu doesn't listen on IPv6 socket for IPv4 and IPv6 VNC connections.

Version-Release number of selected component (if applicable):
qemu-1.4.2-10.fc19.x86_64

How reproducible:
always

Steps to Reproduce:
1. Use virt-manager to create and start a guest with VNC display
2. Check the listening VNC socket: sudo netstat -nlp | grep :59

Actual results:

>sudo netstat -nlp | grep :59
tcp        0      0 127.0.0.1:5900          0.0.0.0:*               LISTEN      3233/qemu-system-x8 

Expected results:

qemu should listen on an IPv6 socket configured to accept both IPv4 and IPv6 connections.

>sudo netstat -nlp | grep :59
tcp6        0      0 ::1:5900          :::*               LISTEN      3233/qemu-system-x8 

Additional info:

--- Additional comment from Cole Robinson on 2013-10-31 22:06:30 CET ---

Dan, thoughts on if this is intentional or a defect, and if so is it qemu or libvirt?

--- Additional comment from Daniel Berrange on 2013-11-01 09:56:23 CET ---

It is a bug - we should listen on ::1 by default, with v6-only=0 so that it also covers 127.0.0.1. At minimum it is a libvirt bug.

--- Additional comment from Jan Tomko on 2013-11-01 17:21:42 CET ---

::1 with IPV6_V6ONLY=0 does not cover 127.0.0.1, that only works for ::

Since QEMU only supports one listen address, we can't tell it to listen on both.

Even if we specify a hostname ('localhost') QEMU will only listen on the first address that works (usually ::1 on dual-stack systems) instead of listening on all of them.

Comment 2 Gerd Hoffmann 2013-12-10 09:36:23 UTC

Not going to happen for 7.0.  As correctly stated above IPV6_V6ONLY=0 can only be used with the wildcard address.  So fixing this implies going from a single listening socket to multiple listening sockets, one for 127.0.0.1:$port and one for [::1]:$port.  Which is a non-trivial change inside qemu and it also has implications for the external interfaces.  'info vnc' monitor command will have to report multiple listening addresses then for example.

Comment 12 Gerd Hoffmann 2016-06-23 13:58:53 UTC

Daniel?  I remember we discussed that, but I think iochannels don't support listening on two file handles (one v4, one v6), correct?

Comment 13 Daniel Berrangé 2016-06-23 14:05:13 UTC

Yeah, that's correct - I had a plan to introduce a separate generic abstraction for representing a network service with multiple independent socket listeners & multiple clients which we could reuse in all areas of qemu with this need.

Comment 16 Daniel Berrangé 2017-01-09 12:36:48 UTC

Fix depends on getting these two series into qemu 2.9:

https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg00574.html
https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg00582.html

The first series is pretty much ready. The second series needs a bit more work It is doable for 2.9 as long as no unexpected hurdles appear.

Comment 17 Gerd Hoffmann 2017-03-14 08:38:29 UTC

> https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg00574.html
> https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg00582.html

Patches are in, yay!
upstream commit 396f935a9aff3cefd288bdb2b20024fb9dcfa062 & parents

Comment 19 Guo, Zhiyi 2017-04-28 10:23:30 UTC

Test against qemu-kvm-rhev-2.8.0-6.el7.x86_64, start qemu and check port qemu-kvm listened:
# /usr/libexec/qemu-kvm -monitor stdio
QEMU 2.8.0 monitor - type 'help' for more information
(qemu) info vnc
Server:
     address: ::1:5900
        auth: none
Client: none
# netstat -tnap | grep qemu
tcp6       0      0 ::1:5900                :::*                    LISTEN      2433/qemu-kvm       

Follow same steps against qemu-kvm-rhev-2.9.0-1.el7.x86_64
# /usr/libexec/qemu-kvm -monitor stdio
QEMU 2.9.0 monitor - type 'help' for more information
(qemu) VNC server running on ::1:5900

(qemu) info vnc
Server:
     address: ::1:5900
        auth: none
Client: none
# netstat -tnap | grep qemu
tcp        0      0 127.0.0.1:5900          0.0.0.0:*               LISTEN      2076/qemu-kvm       
tcp6       0      0 ::1:5900                :::*                    LISTEN      2076/qemu-kvm

Comment 20 Guo, Zhiyi 2017-04-28 10:25:05 UTC

Hi Gerd,

   Can you comment whether this bug is verified per comment 19? Many thanks!

BR/
Guo, Zhiyi

Comment 21 Gerd Hoffmann 2017-04-28 10:39:19 UTC

>    Can you comment whether this bug is verified per comment 19? Many thanks!

Looks good.

Comment 22 Guo, Zhiyi 2017-05-09 00:55:30 UTC

Verified per comment 19 & 21

Comment 24 errata-xmlrpc 2017-08-01 23:27:12 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 25 errata-xmlrpc 2017-08-02 01:04:50 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 26 errata-xmlrpc 2017-08-02 01:56:50 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 27 errata-xmlrpc 2017-08-02 02:37:35 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 28 errata-xmlrpc 2017-08-02 03:02:18 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 29 errata-xmlrpc 2017-08-02 03:22:27 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Note You need to log in before you can comment on or make changes to this bug.