[jboss-jira] [JBoss JIRA] (AS7-4509) CLONE - Server start without any problem or message even specification of IP address(-s) is ambiguous
[
https://issues.jboss.org/browse/AS7-4509?page=com.atlassian.jira.plugin.s...
]
Pavel Janousek commented on AS7-4509:
-------------------------------------
Just one more note - it's curious for me, but this works too:{code}
[pjanouse@pjanouse EAP]$ ping6 ::1%1
PING ::1%1(::1) 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=64 time=0.063 ms
^C
--- ::1%1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.063/0.063/0.063/0.000 ms
[pjanouse@pjanouse EAP]$ ping6 ::1%2
PING ::1%2(::1) 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=64 time=0.058 ms
^C
--- ::1%2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.058/0.058/0.058/0.000 ms
[pjanouse@pjanouse EAP]$ ping6 ::1%3
PING ::1%3(::1) 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=64 time=0.040 ms
64 bytes from ::1: icmp_seq=2 ttl=64 time=0.062 ms
^C
--- ::1%3 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.040/0.051/0.062/0.011 ms
[pjanouse@pjanouse EAP]${code}
But EAP6 fails to bind to for ex. ::1%2
CLONE - Server start without any problem or message even
specification of IP address(-s) is ambiguous
-----------------------------------------------------------------------------------------------------
Key: AS7-4509
URL: https://issues.jboss.org/browse/AS7-4509
Project: Application Server 7
Issue Type: Bug
Components: Domain Management
Affects Versions: 7.1.1.Final
Reporter: Pavel Janousek
Assignee: Brian Stansberry
Labels: eap6_ipv6
Fix For: 7.1.2.Final-redhat1
In IPv6 world it is possible if two or more network interfaces has the same IPv6 address.
It is legally and true especially in Link-local address scope.
So if we configure 2 or more network interfaces with a manually defined IPv6 address
(link-local prefix fe80::/10 is the best) and try to start-up EAP and do this
like:{code}./standalone.sh -Djava.net.preferIPv4Stack=false -b=fe80::200:ff:fe00:5
-bmanagement=fe80::200:ff:fe00:5 -c standalone-full.xml{code}there isn't *any* warning
message reported, nor any notice that this specification is ambiguous.
I prefer in a such case to reject this specification as ambiguous (especially for the
case - there is a risk of accidentally open EAP instance to the world), refuse start with
error message and immediately exit. Although this situation has its roots in administrator
mistake, it can became very hard risk of customer's data when it will be overseen for
awhile. (*)
(*) some case-studies report blind clear MS Windows station is attacked up to 10 minutes
from it boot when is directly connected to unsecure Internet network without any firewall
etc... my own personal experience is at least the same... - yes, it is dangerous to work
in a such environment and situation on a Internet directly connected server host, but an
admins really works like that...
Anyway - the missed part of specification needed for correct set-up in this case is *zone
id* identifier. When it is supplied, star-up is correct.
Although this is really +edge case+ of using EAP and its configuration, it can
accidentally expose customer's sensitive data so we should take it very carefully.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira