http://bugzilla.novell.com/show_bug.cgi?id=597616 http://bugzilla.novell.com/show_bug.cgi?id=597616#c0 Summary: Please assign global scope to RFC 1918 addresses in getaddrinfo() Classification: openSUSE Product: openSUSE 11.3 Version: Factory Platform: All OS/Version: All Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: tore.anderson@redpill-linpro.com QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/5329 (KHTML, like Gecko) Chrome/4.0.305.0 Safari/532.9 The sorting algorithm used by getaddrinfo() is defined by RFC 3484. The purpose of the algorithm is to make sure the best possible source and destination address pair is chosen as the first to try, when a client is establishing a connection to a remote server. This is especially important when servers that have several addresses to choose from, e.g. both an IPv4 and an IPv6 one. One of the stated goals of the RFC is to «avoid the use of transitional addresses when native addresses are available», which makes a lot of sense - transitional connectivity is inherently less reliable than the native connectivity it runs on top of. Unfortunately, there is a shortcoming in the RFC that makes it fail to attain that goal, in some situations commonly found on today's internet. This is the situation where a end user station has a private IPv4 address (from a RFC 1918 prefix), as well as a transitional IPv6 address (e.g. using anycasted 6to4 as defined in RFC 3068). RFC 3484 makes the assumption that RFC 1918-based addresses are unable to communicate with hosts on the global internet, and are therefore assigned a site-local scope. As you're no doubt aware - use of IPv4 NAT is extremely commonplace on today's internet, which makes this assumption incorrect. To the RFC 3484 authors' defence, though, it probably made sense at the time of writing (Feb 2003), but in any case it have created an operational problem on today's internet - in the situation described above, the end user station will prefer to use IPv6/6to4 connectivity to connect to the remote server, instead of native IPv4/NAT, and if 6to4 then does not work - which is quite common - the IPv6 connection attempt have to time out before the client application falls back to IPv4. Applications that are latency-sensitive and make use of many connections (HTTP in particular) will be rendered unuseable. This in turn causes web site operators to postpone deploying IPv6 - nobody wants to make their web site unavailable for potential readers. I have been doing measurements of such client loss (end users being unable to access a web site with both IPv4 and IPv6 addresses, while having no problems with a IPv4-only one) in the last few months, and at the time of writing over 60% of all client loss is attributable to Mac OS X, because it too suffers from this exact problem. See: http://thread.gmane.org/gmane.org.operators.ipv6/3248 Rémi Denis-Courmont have described the problem at length here: http://tools.ietf.org/html/draft-denis-v6ops-nat-addrsel-00 And the IETF is working on revising RFC 3484 to fix this problem (amongst others), see: http://tools.ietf.org/html/draft-arifumi-6man-rfc3484-revise-02 The proposed solution for the problem (section 2.7) is to simply assign the global scope to RFC 1918 adresses. It is also well worth mentioning that getaddrinfo() in Microsoft Windows, which could very well be considered the reference implementation of (the Microsoft-authored) RFC 3484, is already doing exactly this. So does FreeBSD's implementation. I have requested the glibc upstream to do likewise, see: http://sourceware.org/bugzilla/show_bug.cgi?id=11438 However, he declined to apply the patch and thus diverge from the RFC-mandated behaviour. However, he acknowledged the problem, suggesting that the distributors making the change locally until the IETF has finished its standardisation process. Fedora and Ubuntu have already done so: https://bugzilla.redhat.com/show_bug.cgi?id=577626 https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/555210 IPv4 exhaustion is on the horizon, and you'll be seeing more and more web sites deploying IPv6 in the near future. To ensure that your users (those that do not have native IPv6 connectivity) will be able to access these sites as reliably as before, you will need to make this change as well - as soon as possible. I hope that you will! It can either be done by modifying getaddrinfo.c, or by shipping the /etc/gai.conf file - I will attach patches shortly. Best regards, Tore Anderson Reproducible: Always -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.