bugzilla-daemon at bugzilla.mindrot.org
2015-Oct-26 21:02 UTC
[Bug 2483] New: use AI_ADDRCONFIG flag for getaddrinfo() hints on Solaris
https://bugzilla.mindrot.org/show_bug.cgi?id=2483 Bug ID: 2483 Summary: use AI_ADDRCONFIG flag for getaddrinfo() hints on Solaris Product: Portable OpenSSH Version: 6.8p1 Hardware: All OS: Solaris Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org Reporter: ivo.raisr at oracle.com Created attachment 2739 --> https://bugzilla.mindrot.org/attachment.cgi?id=2739&action=edit the proposed patch getaddrinfo() in several places around OpenSSH results in a name service (DNS) queury. For the detailed list, see below. On Solaris, when the address family specified in the getaddrinfo() hints is AF_UNSPEC, IPv4 and IPv6 queries are sent over the wire. This is regardless IPv4 or IPv6 interface is actually configured on the host. Now some sites configure only IPv4 interfaces on the hosts; and name service responds only to IPv4 queries (IPv6 ones are ignored). This has very grave impact on the getaddrinfo() execution time because IPv6 queries basically timeout. On Solaris, there is AI_ADDRCONFIG flag which can be set for getaddrinfo() hints. It specifies that: "If the AI_ADDRCONFIG flag is specified, IPv4 addresses are returned only if an IPv4 address is configured on the local system, and IPv6 addresses are returned only if an IPv6 address is configured on the local system. For this case, the loopback address is not considered to be as valid as a configured address. For example, when using the DNS, a query for AAAA records should occur only if the node has at least one IPv6 address configured (other than IPv6 loopback) and a query for A records should occur only if the node has at least one IPv4 address configured (other than the IPv4 loopback)." Therefore setting AI_ADDRCONFIG flag for getaddrinfo() hints when address family is AF_UNSPEC helps a lot in this situation. See attached patch for the proposed fix. Regression testing on Solaris went ok. On Linux, OpenSSH builds ok. Unit testing on Solaris: ------------------------ # Setup. Remove IPv6 address: ipadm delete-addr net0/v6 # Watch for DNS requests out: snoop port 53 <local-addr> | grep fake # AAAA means IPv6 lookups are done. # Test connectivity (change hostname every time to avoid caching): ssh fake2 # Cleanup. Eventually enable IPv6 addresses again: ipadm create-addr -T static -a <original-address> net0/v6 -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Oct-26 21:03 UTC
[Bug 2483] use AI_ADDRCONFIG flag for getaddrinfo() hints on Solaris
https://bugzilla.mindrot.org/show_bug.cgi?id=2483 Ivo Raisr <ivo.raisr at oracle.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ivo.raisr at oracle.com -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Oct-26 22:23 UTC
[Bug 2483] use AI_ADDRCONFIG flag for getaddrinfo() hints on Solaris
https://bugzilla.mindrot.org/show_bug.cgi?id=2483 --- Comment #1 from Darren Tucker <dtucker at zip.com.au> --- Comment on attachment 2739 --> https://bugzilla.mindrot.org/attachment.cgi?id=2739 the proposed patch>+ AC_DEFINE([HAVE_AI_ADDRCONFIG])If you were going to do this in configure you should be using AC_CHECK_DECLS, but AI_ADDRCONFIG is already a preprocessor symbol so it'd be simpler to just use that in the ifdef. All that said, having this different between portable and openbsd is a maintenance burden. If we're going to do this perhaps it should be done upstream? -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Oct-26 22:27 UTC
[Bug 2483] use AI_ADDRCONFIG flag for getaddrinfo() hints on Solaris
https://bugzilla.mindrot.org/show_bug.cgi?id=2483 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at zip.com.au --- Comment #2 from Darren Tucker <dtucker at zip.com.au> --- (In reply to Ivo Raisr from comment #0)> Now some sites configure only IPv4 interfaces on the hosts; and name > service responds only to IPv4 queries (IPv6 ones are ignored). This > has very grave impact on the getaddrinfo() execution time because > IPv6 queries basically timeout.BTW that behaviour is so broken there's even an RFC for it: https://www.ietf.org/rfc/rfc4074.txt. Maybe they should fix their DNS. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Oct-30 06:51 UTC
[Bug 2483] use AI_ADDRCONFIG flag for getaddrinfo() hints on Solaris
https://bugzilla.mindrot.org/show_bug.cgi?id=2483 Ivo Raisr <ivo.raisr at oracle.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|6.8p1 |7.1p1 --- Comment #3 from Ivo Raisr <ivo.raisr at oracle.com> --- (In reply to Darren Tucker from comment #1)> Comment on attachment 2739 [details] > the proposed patch > > >+ AC_DEFINE([HAVE_AI_ADDRCONFIG]) > > If you were going to do this in configure you should be using > AC_CHECK_DECLS, but AI_ADDRCONFIG is already a preprocessor symbol > so it'd be simpler to just use that in the ifdef.Patch #2 is reworked according to your comment.> All that said, having this different between portable and openbsd is > a maintenance burden. If we're going to do this perhaps it should > be done upstream?I will try. Will go back here if that fails. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Oct-30 06:52 UTC
[Bug 2483] use AI_ADDRCONFIG flag for getaddrinfo() hints on Solaris
https://bugzilla.mindrot.org/show_bug.cgi?id=2483 Ivo Raisr <ivo.raisr at oracle.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2739|0 |1 is obsolete| | --- Comment #4 from Ivo Raisr <ivo.raisr at oracle.com> --- Created attachment 2743 --> https://bugzilla.mindrot.org/attachment.cgi?id=2743&action=edit the proposed patch #2 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Oct-30 10:14 UTC
[Bug 2483] use AI_ADDRCONFIG flag for getaddrinfo() hints on Solaris
https://bugzilla.mindrot.org/show_bug.cgi?id=2483 --- Comment #5 from Ivo Raisr <ivo.raisr at oracle.com> --- The bug was reported "upstream":>From Ivo Raisr <ivo.raisr at oracle.com>Subject a small change to OpenSSH upstream Date Fri, 30 Oct 2015 11:04:55 +0100 For details see: http://lists.openbsd.org/cgi-bin/mj_wwwusr?user=ivo.raisr%40oracle.com&passw=F854-3519-0B6F&list=bugs&brief=on&func=archive-get-part&extra=201510/90 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2020-Jan-25 11:23 UTC
[Bug 2483] use AI_ADDRCONFIG flag for getaddrinfo() hints on Solaris
https://bugzilla.mindrot.org/show_bug.cgi?id=2483 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |djm at mindrot.org Resolution|--- |WONTFIX --- Comment #6 from Damien Miller <djm at mindrot.org> --- closing five year old bug with no followup -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 05:02 UTC
[Bug 2483] use AI_ADDRCONFIG flag for getaddrinfo() hints on Solaris
https://bugzilla.mindrot.org/show_bug.cgi?id=2483 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #7 from Damien Miller <djm at mindrot.org> --- closing resolved bugs as of 8.6p1 release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
Reasonably Related Threads
- [PATCH tftpd-hpa] tftpd: don't use AI_CANONNAME and AI_ADDRCONFIG to resolve addresses for bind
- Bug#771441: [PATCH tftpd-hpa] tftpd: don't use AI_CANONNAME and AI_ADDRCONFIG to resolve addresses for bind
- tftpd: don't use AI_ADDRCONFIG to resolve addresses to bind(2)
- Bug#771441: [PATCH tftpd-hpa] tftpd: don't use AI_CANONNAME and AI_ADDRCONFIG to resolve addresses for bind
- tftpd: don't use AI_ADDRCONFIG to resolve addresses to bind(2)