Bug 1101605 - ipv6 seems not working
Summary: ipv6 seems not working
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: audit
Version: 7.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Steve Grubb
QA Contact: Ondrej Moriš
Mirek Jahoda
Depends On:
Blocks: 1476406
TreeView+ depends on / blocked
Reported: 2014-05-27 15:33 UTC by Patrik Kis
Modified: 2018-04-10 12:20 UTC (History)
6 users (show)

Fixed In Version: audit-2.8.1-2.el7
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed: 2018-04-10 12:18:47 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:0760 0 None None None 2018-04-10 12:20:10 UTC

Comment 1 Steve Grubb 2014-05-27 15:53:58 UTC
A quick check of the daemon code shows its IPv4 only.

Comment 12 Steve Grubb 2017-10-02 01:32:59 UTC
Upstream commits:

986b7374c25212b7e9edd2a730b067f081fb2aca, and

should solve this issue.

Comment 13 Steve Grubb 2017-10-10 19:58:59 UTC
audit-2.8-1.el7 was built to resolve this issue.

Comment 15 Ondrej Moriš 2017-10-17 16:41:10 UTC
It looks like there is still something missing or broken. I am testing with audit-2.8.1-1 and IPv6 connection is refused by remote logging server:

# strace -f -p <audisp>
[pid 29783] connect(3, {sa_family=AF_INET6, sin6_port=htons(60), inet_pton(AF_INET6, "2620:52:0:25a2:d836:d0ff:fe6e:501d", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 ECONNREFUSED (Connection refused)

# journalctl -xe
Oct 17 16:28:42 sheep-49.lab.eng.brq.redhat.com audisp-remote[29783]: Error connecting to sheep-29.lab.eng.brq.redhat.

# netstat -ptna | grep :60
tcp        0      0    *               LISTEN      28521/auditd        

Clearly, auditd is not listening on IPv6. Test scenario is as follows: 

 * on server
   - listen on port 60, 
   - firewalld is not running, empty iptables

 * on client
   - active audit-remote plugin with remote_server set to server hostname,
   - no firewalld is not running, empty iptables
   - server hostname mapped to its global ipv6 address in /etc/hosts
   - nsswitch configured to check /etc/hosts only

With IPv4 address set to server hostname in /etc/hosts it works just fine. But with IPv6 connection is dropped by server.

Comment 16 Steve Grubb 2017-10-17 18:34:12 UTC
strange, it worked when I tested it. But clearly something is wrong. Upstream commit 659bfd3 makes the server bind to :::*.

Comment 17 Steve Grubb 2017-11-06 19:26:20 UTC
audit-2.8.1-2.el7 was built to fix the issue in #c15.

Comment 21 errata-xmlrpc 2018-04-10 12:18:47 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.