[Bug 2483] New: use AI_ADDRCONFIG flag for getaddrinfo() hints on Solaris
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Oct 27 08:02:50 AEDT 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2483
Bug ID: 2483
Summary: use AI_ADDRCONFIG flag for getaddrinfo() hints on
Solaris
Product: Portable OpenSSH
Version: 6.8p1
Hardware: All
OS: Solaris
Status: NEW
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs at mindrot.org
Reporter: ivo.raisr at oracle.com
Created attachment 2739
--> https://bugzilla.mindrot.org/attachment.cgi?id=2739&action=edit
the proposed patch
getaddrinfo() in several places around OpenSSH results in a name
service (DNS) queury. For the detailed list, see below.
On Solaris, when the address family specified in the getaddrinfo()
hints is AF_UNSPEC, IPv4 and IPv6 queries are sent over the wire. This
is regardless IPv4 or IPv6 interface is actually configured on the
host.
Now some sites configure only IPv4 interfaces on the hosts; and name
service responds only to IPv4 queries (IPv6 ones are ignored). This has
very grave impact on the getaddrinfo() execution time because IPv6
queries basically timeout.
On Solaris, there is AI_ADDRCONFIG flag which can be set for
getaddrinfo() hints. It specifies that:
"If the AI_ADDRCONFIG flag is specified, IPv4 addresses are returned
only if an IPv4 address is configured on the local system, and IPv6
addresses are returned only if an IPv6 address is configured on the
local system. For this case, the loopback address is not considered to
be as valid as a configured address. For example, when using the DNS, a
query for AAAA records should occur only if the node has at least one
IPv6 address configured (other than IPv6 loopback) and a query for A
records should occur only if the node has at least one IPv4 address
configured (other than the IPv4 loopback)."
Therefore setting AI_ADDRCONFIG flag for getaddrinfo() hints when
address family is AF_UNSPEC helps a lot in this situation.
See attached patch for the proposed fix.
Regression testing on Solaris went ok. On Linux, OpenSSH builds ok.
Unit testing on Solaris:
------------------------
# Setup. Remove IPv6 address:
ipadm delete-addr net0/v6
# Watch for DNS requests out:
snoop port 53 <local-addr> | grep fake
# AAAA means IPv6 lookups are done.
# Test connectivity (change hostname every time to avoid caching):
ssh fake2
# Cleanup. Eventually enable IPv6 addresses again:
ipadm create-addr -T static -a <original-address> net0/v6
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list