42492 – glibc-2.3.2-r9 doing bitstring ipv6 reverse

Bug 42492 - glibc-2.3.2-r9 doing bitstring ipv6 reverse

Summary: glibc-2.3.2-r9 doing bitstring ipv6 reverse

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Please assign to toolchain

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-02-22 09:25 UTC by Bernhard Schmidt
Modified:	2004-02-23 13:11 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Proposed patch (glibc-2.3.2-fixip6reverse.patch,3.51 KB, patch) 2004-02-22 11:45 UTC, Bernhard Schmidt	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bernhard Schmidt 2004-02-22 09:25:26 UTC

glibc-2.3.2-r9 has a broken reverse resolving for IPv6 addresses. The bitstring reverse format has been deprecated in RFC3363 (3.2) because it simply does not work anywhere. Although this is the case, a patch to use bitstring first was introduced in the middle of November into Redhat/Fedora and is also in the 20031115 branch-update used for glibc-2.3.2-r9.

The relevant lines in the Changelog of the patch are

2003-10-26  Ulrich Drepper  <drepper@redhat.com>
[...]
      * resolv/nss_dns/dns-host.c (_nss_dns_gethostbyaddr_r): Default
        reverse lookup format for IPv6 addresses is using bitstring and
        .ip6.arpa suffix.
      * resolv/ns_name.c: Implement encoding and decoding bitstring in
        hex format.

There is one bug filed at redhat which contains the whole story
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=101261

The big (very big) problem is that most servers simply discard requests for a bitstring reverse lookup. Depending on your configuration you will have a timeout every time you query for an IPv6 reverse name. 

A test program is contained in the above mentioned redhat bug.

It is more an upstream bug in glibc, but perhaps it would be possible to revert the patch from the branch-update or even fix the behaviour completely (standard would be nibble reverse with ip6.arpa, if that one fails nibble with ip6.int)

Reproducible: Always
Steps to Reproduce:
1. update glibc to glibc-2.3.2-r9
2. compile the test program from the redhat-bugzilla
3. run ./a.out 2001:6f8:985:1000::2:1 while dumping your resolver (either tcpdump or querylogs on your nameserver)

Actual Results:  
Two requests to your nameserver

1.) \[x200106F8098510000000000000020001/128].ip6.arpa IN PTR
which will return either NXDOMAIN (if you are lucky) or simply time out (normally)
2.) 1.0.0.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.5.8.9.0.8.f.6.0.1.0.0.2.ip6.int IN PTR
which should return the right reverse name

Expected Results:  
1.) Query for
1.0.0.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.5.8.9.0.8.f.6.0.1.0.0.2.ip6.arpa IN PTR

if that one fails (6bone-space which has no nibble ip6.arpa delegated)

2.) Query for
1.0.0.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.5.8.9.0.8.f.6.0.1.0.0.2.ip6.int IN PTR


Portage 2.0.50-r1 (default-x86-1.4, gcc-3.3.2, glibc-2.3.2-r9, 2.6.2)
=================================================================
System uname: 2.6.2 i686 AMD Athlon(TM) XP 2000+
Gentoo Base System version 1.4.3.13
distcc 2.11.1 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
Autoconf: sys-devel/autoconf-2.58-r1
Automake: sys-devel/automake-1.7.7
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
COMPILER="gcc3"
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config
/usr/kde/3/share/config /usr/share/config /usr/share/texmf/tex/generic/config/
/usr/share/texmf/tex/platex/config/ /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d"
CXXFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache sandbox"
GENTOO_MIRRORS="ftp://obelix.birkenwald.intern
ftp://ftp.uni-erlangen.de/mirrors/gentoo
ftp://ftp.ipv6.uni-muenster.de/pub/linux/distributions/gentoo
http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ 
ftp://ftp.tu-clausthal.de/pub/linux/gentoo"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.de.gentoo.org/gentoo-portage"
USE="3dnow X alsa apm avi berkdb cdr crypt cups dvd encode esd foomaticdb gdbm
gif gpm gtk gtk2 guile imlib ipv6 java jpeg libg++ libwww mad mikmod motif
mozilla moznocompose moznomail mpeg ncurses nls oggvorbis opengl oss pam pdflib
perl pic png python qt quicktime radeon readline samba sdl slang spell sse ssl
svga tcltk tcpd tetex truetype x86 xml2 xmms xv zlib"

Comment 1 Bernhard Schmidt 2004-02-22 09:41:14 UTC

Looks like it has been fixed in version 1.39 of resolv/nss_dns/dns-host.c

http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/resolv/nss_dns/dns-host.c?cvsroot=glibc

Comment 2 Bernhard Schmidt 2004-02-22 11:45:58 UTC

Created attachment 26120 [details, diff]
Proposed patch

The attached patch fixes the problem entirely. It should be applied in the
ebuild just after the branch update

Compiles clean and works fine on x86.

Comment 3 Bernhard Schmidt 2004-02-22 15:59:44 UTC

Just for clarification, this patch is the original glibc-patch imported into glibc-CVS on Jan, 15th. 

In http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/resolv/?cvsroot=glibc

resolv.h           1.37  ->  1.38
res_debug.c        1.34  ->  1.35
nss_dns/dns-host.c 1.38  ->  1.39

The patch

res_init.c         1.34  ->  1.35

looks related as well, but it is definitely not needed to compile and work well.

Comment 4 Martin Schlemmer (RETIRED) gentoo-dev

2004-02-23 13:11:54 UTC

Added, thanks.