832121 – Treat ::0 as a wildcard address

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 832121 - Treat ::0 as a wildcard address

Summary: Treat ::0 as a wildcard address

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	virt-viewer
Sub Component:
Version:	6.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	beta
Target Release:	6.4
Assignee:	Daniel Berrangé
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-06-14 15:01 UTC by David Jaša
Modified:	2016-04-26 15:01 UTC (History)
CC List:	10 users (show)
Fixed In Version:	virt-viewer-0.5.2-12.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-02-21 09:33:18 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2013:0361	0	normal	SHIPPED_LIVE	virt-viewer bug fix and enhancement update	2013-02-20 20:53:07 UTC

Description David Jaša 2012-06-14 15:01:13 UTC

Description of problem:
when connecting to remote libvirt-managed spice display that listens on ::0, virt-viewer doesn't treat it as a wildcard and tries to connect to it, leading to ultimate connection failure.


Version-Release number of selected component (if applicable):
virt-viewer-0.5.2-9

How reproducible:
always

Steps to Reproduce:
1. have libvirt that listens for remote tcp or tls connections
2. start a VM that will listen on ::0
    <graphics type='spice'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>
3. connect to the VM from remote machine
virt-viewer -c qemu+(tcp|tls)://ipv4_or_ipv6_address/system VM_NAME
  
Actual results:
virt-viewer will fail to connect with message that connection to ::0:PORT failed

Expected results:
virt-viewer connects to the VM

Additional info:
* doesn't occur on localhost
* you can also use host's ipv4 address in libvirt URI
* ::0 means by default that the program listens on both ipv4 and ipv6 so sticking the host address given in libvirt URI seem most sensible of possible addresses
* I used ipv4 address in libvirt URI in both cases (qemu+tcp://10.34.29.7)
* proposing as zstream as this can affect customers in dual-stack environments


--debug output with listen="::0"
================================

** (virt-viewer:3864): DEBUG: Guest graphics address is ::0:3000
** (virt-viewer:3864): DEBUG: Set connect info: 10.34.29.7,::0,3000,-1,tcp,(null),(null),0
** (virt-viewer:3864): DEBUG: Error operation virDomainOpenGraphics forbidden for read only access
** (virt-viewer:3864): DEBUG: After open connection callback fd=-1
** (virt-viewer:3864): DEBUG: Opening direct TCP connection to display at ::0:3000:-1


--debug output with listen="0.0.0.0"
====================================

** (virt-viewer:3945): DEBUG: Guest graphics address is 0.0.0.0:3000
** (virt-viewer:3945): DEBUG: Guest graphics listen '0.0.0.0' is NULL or a wildcard, replacing with '10.34.29.7'
** (virt-viewer:3945): DEBUG: Set connect info: 10.34.29.7,10.34.29.7,3000,-1,tcp,(null),(null),0
** (virt-viewer:3945): DEBUG: Error operation virDomainOpenGraphics forbidden for read only access
** (virt-viewer:3945): DEBUG: After open connection callback fd=-1
** (virt-viewer:3945): DEBUG: Opening direct TCP connection to display at 10.34.29.7:3000:-1

Comment 1 David Jaša 2012-06-14 15:02:33 UTC

the graphics elements in steps to reproduce should look like this of course:
    <graphics type='spice'>
      <listen type='address' address='::0'/>
    </graphics>

Comment 2 Daniel Berrangé 2012-06-14 15:08:29 UTC

Hmm, we are already doing that:

    /* If the XML listen attribute shows a wildcard address, we need to
     * throw that away since you obviously can't 'connect(2)' to that
     * from a remote host. Instead we fallback to the hostname used in
     * the libvirt URI. This isn't perfect but it is better than nothing
     */
    if (!ghost ||
        (strcmp(ghost, "0.0.0.0") == 0 ||
         strcmp(ghost, "::") == 0)) {
        DEBUG_LOG("Guest graphics listen '%s' is NULL or a wildcard, replacing with '%s'",
                  ghost ? ghost : "", host);
        g_free(ghost);
        ghost = g_strdup(host);
    }

But it seems like "::" is not the only string format a IPv6 wildcard can take. Basically any combination of exclusively ':' and 0' is a wildcard eg

 ::
 ::0
 0:0:0:0:0:0:0:0
 0::0

and so on

Comment 3 RHEL Program Management 2012-07-10 06:58:24 UTC

This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.

Comment 4 RHEL Program Management 2012-07-11 02:02:05 UTC

This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development.  This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4.

Comment 7 Geyang Kong 2012-10-15 07:22:38 UTC

Verified pass on the following build:
virt-viewer-0.5.2-13.el6.x86_64

Reproduce steps:
1. Have a host with ipv6 address
2. Have a running guest.
3. Edit the guest xml, make sure the graphic device is listening to ::, 0::, and so on.
4. Run remote-viewer spice(or vnc)://[ipv6 address]:port

Actual:
1. Connect to guest successfully.

So mark as this bug as VERIFIED.

Comment 9 errata-xmlrpc 2013-02-21 09:33:18 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0361.html

Note You need to log in before you can comment on or make changes to this bug.