Bug 13839 - CTDB failover does not kill server end of connections for IPv4-mapped IPv6 addresses
Summary: CTDB failover does not kill server end of connections for IPv4-mapped IPv6 ad...
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: CTDB (show other bugs)
Version: 4.8.9
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on:
Reported: 2019-03-14 05:17 UTC by Martin Schwenke
Modified: 2019-03-28 08:12 UTC (History)
1 user (show)

See Also:

Patch for 4.10 (5.42 KB, patch)
2019-03-19 03:50 UTC, Martin Schwenke
amitay: review+
Patch for 4.9 (5.42 KB, patch)
2019-03-19 03:51 UTC, Martin Schwenke
amitay: review+
Patch for 4.8 (25.68 KB, patch)
2019-03-19 03:55 UTC, Martin Schwenke
amitay: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Schwenke 2019-03-14 05:17:37 UTC
CTDB's ip_from_string() function does not reinitialise a ctdb_sock_addr between parsing an address as IPv6 and reparsing it as IPv4.  This result in invisible garbage that is significant when the ctdb_sock_addr is hashed.

Reported via https://gitlab.com/samba-team/samba/merge_requests/295
Comment 1 Martin Schwenke 2019-03-19 03:50:40 UTC
Created attachment 14939 [details]
Patch for 4.10
Comment 2 Martin Schwenke 2019-03-19 03:51:04 UTC
Created attachment 14940 [details]
Patch for 4.9
Comment 3 Martin Schwenke 2019-03-19 03:55:52 UTC
Created attachment 14941 [details]
Patch for 4.8

Patch for 4.8 includes backports of 3 patches from bug #13520, which was not backported to 4.8 at the time.  Without these extra patches the testcase that is patched for this defect no longer passes when compiled with current GCC.

The alternative to including these patches here would be to reopen bug #13520 and apply just these 3 patches there. Backporting the whole patch series from that bug to 4.8 is a lot of work for little gain.
Comment 4 Amitay Isaacs 2019-03-20 00:20:10 UTC
Hi Karolin,

This is ready for v4-8, v4-9, v4-10.

I realize that with the release of 4.10.0, v4-8 branch in security release mode.  However, the patches for v4-8 also fix a test failure.  This failure is not being noticed on sn-devel with glibc 2.19.  However, on modern glibc the test does crash without the fix.  If we upgrade sn-devel (while 4.8.x is still active), the autobuild would fail, so I think it's a good candidate for fix.

Comment 5 Karolin Seeger 2019-03-21 12:27:41 UTC
(In reply to Amitay Isaacs from comment #4)
Hi Amitay,

pushed to autobuild-v4-{10,9,8}-test.
There will be a last 4.8 bugfix release.

Comment 6 Martin Schwenke 2019-03-26 05:09:32 UTC
Hi Karolin,

I haven't seen this land in v4-8-test.  Just making sure we don't lose it...  :-)
Comment 7 Karolin Seeger 2019-03-26 07:49:03 UTC
(In reply to Martin Schwenke from comment #6)
Hi Martin,

autobuild failed several times, I am sorry. Re-trying...
Comment 8 Martin Schwenke 2019-03-26 07:54:12 UTC
(In reply to Karolin Seeger from comment #7)

Please don't be sorry...  :-)

I guess the bug is open because it hasn't been pushed to all the branches and I probably didn't need to prompt anyone...
Comment 9 Karolin Seeger 2019-03-28 08:12:31 UTC
Pushed to all branches.
Closing out bug report.