Bug 13839 - CTDB failover does not kill server end of connections for IPv4-mapped IPv6 addresses
CTDB failover does not kill server end of connections for IPv4-mapped IPv6 ad...
Status: ASSIGNED
Product: Samba 4.1 and newer
Classification: Unclassified
Component: CTDB
4.8.9
All All
: P5 normal
: ---
Assigned To: Karolin Seeger
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-03-14 05:17 UTC by Martin Schwenke
Modified: 2019-03-21 12:27 UTC (History)
1 user (show)

See Also:


Attachments
Patch for 4.10 (5.42 KB, patch)
2019-03-19 03:50 UTC, Martin Schwenke
amitay: review+
Details
Patch for 4.9 (5.42 KB, patch)
2019-03-19 03:51 UTC, Martin Schwenke
amitay: review+
Details
Patch for 4.8 (25.68 KB, patch)
2019-03-19 03:55 UTC, Martin Schwenke
amitay: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Schwenke 2019-03-14 05:17:37 UTC
CTDB's ip_from_string() function does not reinitialise a ctdb_sock_addr between parsing an address as IPv6 and reparsing it as IPv4.  This result in invisible garbage that is significant when the ctdb_sock_addr is hashed.

Reported via https://gitlab.com/samba-team/samba/merge_requests/295
Comment 1 Martin Schwenke 2019-03-19 03:50:40 UTC
Created attachment 14939 [details]
Patch for 4.10
Comment 2 Martin Schwenke 2019-03-19 03:51:04 UTC
Created attachment 14940 [details]
Patch for 4.9
Comment 3 Martin Schwenke 2019-03-19 03:55:52 UTC
Created attachment 14941 [details]
Patch for 4.8

Patch for 4.8 includes backports of 3 patches from bug #13520, which was not backported to 4.8 at the time.  Without these extra patches the testcase that is patched for this defect no longer passes when compiled with current GCC.

The alternative to including these patches here would be to reopen bug #13520 and apply just these 3 patches there. Backporting the whole patch series from that bug to 4.8 is a lot of work for little gain.
Comment 4 Amitay Isaacs 2019-03-20 00:20:10 UTC
Hi Karolin,

This is ready for v4-8, v4-9, v4-10.

I realize that with the release of 4.10.0, v4-8 branch in security release mode.  However, the patches for v4-8 also fix a test failure.  This failure is not being noticed on sn-devel with glibc 2.19.  However, on modern glibc the test does crash without the fix.  If we upgrade sn-devel (while 4.8.x is still active), the autobuild would fail, so I think it's a good candidate for fix.

Thanks.
Comment 5 Karolin Seeger 2019-03-21 12:27:41 UTC
(In reply to Amitay Isaacs from comment #4)
Hi Amitay,

pushed to autobuild-v4-{10,9,8}-test.
There will be a last 4.8 bugfix release.

Thanks!