[cvsnt] ipv6 handling in cvsnt is broken

Arkadiusz Miskiewicz arekm at maven.pl
Sun Nov 9 23:30:04 GMT 2008 

On Sunday 09 of November 2008, Tony Hoyle wrote:
> Arkadiusz Miskiewicz wrote:
> > IPv6 support seems quite broken in cvsnt (looking at 2.5.04.3236)
> >
> > It doesn't support [ipv6]:port notation, binds to ::1 port while it
> > should bind to ipv4 address, too (cvslockd as example. Server tries to
> > use "localhost" name which resolves only to 127.0.0.1 address, tries to
> > connect to it but lockserver is available only at ::1).
>
> The production cvs.cvsnt.org server has been running on ipv6 for several
> years with no issues.  All the test boxes at the Salford site are ipv6
> enabled as well*.
>
> cvslockd (and cvsservice, which is substantially the same code) binds to
> all available protocols, not limited to ipv4 and ipv6 even (it doesn't
> care).
>
> On many OSs (linux for example) binding to ::1 causes an automatic bind
> to 127.0.0.1, 

This rule only applies to ::, not ::1.

> which causes the second bind to fail, but that's expected 
> and entirely harmless.  

On Linux this is controlled by net.ipv6.bindv6only syscall. Users can have 
both behaviours if they wish (default is 0, so socket bound to :: also gets 
127.0.0.1 directed connections). Better is to have constant behaviour thanks 
to IPV6_V6ONLY opt.

> cvsnt doesn't specifically support *any* notation - that's 100% an OS
> issue.  

You are wrong here. Tell me how to specify LockServer being ::1 with port 432 
in PServer config file? Parsing is done in cvsnt, I see strchr used there for 
example.

[ipv6address]:port notation is defined in RFC2732 and it comonly used not only 
for URLs. This should be fixed in cvsnt itself.

> If you want to specify the lockserver at ip6-localhost then then you can
> - although it's entirely pointless unless you're trying to run a single
> stack ipv6 host, and I've never seen that done on a production machine
> as there's so much software that simply won't work in that environment.

Somehow cvslockd is bound only to ::1 and not 127.0.0.1 here. Which is weird 
since getaddrinfo(NULL seems to be used).

Consider adding code like this in CSocketIO::create():

#ifdef IPV6_V6ONLY
                /* Only communicate in IPv6 over AF_INET6 sockets. */
                if (ai->ai_family == AF_INET6) {
                        if (::setsockopt(listen_sock, IPPROTO_IPV6, 
IPV6_V6ONLY,
                            &on, sizeof(on)) == -1)
                                CServerIo::trace(3, "setsockopt 
IPV6_V6ONLY: %s",
                                    strerror(errno));
                }
#endif


It will cause IPv6 sockets to do not interfere with IPv4 traffic. Tested here 
locally - fixes the problem for me.

Complete patch:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/cvsnt-ipv6.patch?rev=1.1;content-type=text%2Fplain

> Tony


-- 
Arkadiusz Miśkiewicz        PLD/Linux Team
arekm / maven.pl            http://ftp.pld-linux.org/

More information about the cvsnt mailing list