VirtualBox

Ticket #14038 (closed defect: fixed)

Opened 18 months ago

Last modified 17 months ago

VRDP not listening for IPv6 on Linux host [Fixed in SVN]

Reported by: tlhackque Owned by:
Priority: major Component: RDP
Version: VirtualBox 4.3.26 Keywords:
Cc: Guest type: other
Host type: other

Description

Host OS Fedora 17

4.3 claims IPv6 support for RDP, but it isn't listening.

In VBox.log:

VirtualBox VM 4.3.26_OSE r98988 linux.amd64 (Mar 24 2015 20:06:06) release log

00:00:00.258916 VRDP: TCP server listening on port 3392 (IPv4 and IPv6).

netstat -nltp | grep 3392
tcp 0 0 0.0.0.0:3392 0.0.0.0:*  LISTEN  24636/VBoxHeadless

If VRDP was listening on IPv6, there would be a tcp 0 0 :::3392 line

telnet :: 3392
Trying ::...
telnet: connect to address ::: Connection refused

The confusion may be that on some OSs a wildcard socket listen will accept connections from any address family. Or assume IPv4-compatible IPv6 addresses when listening on IPv6 sockets.

This is not the case on all Linux distributions. I don't think any accept either address family on an IPv4 listen. And whether IPv6 sockets accept IPv4 connections depends on the default for IPV6_ONLY, the default for which is configurable in /proc and varies by distribution.

VDRP appears to be listening on IPv4 0.0.0.0.

In the general case, VRDP needs to listen on two sockets to accept connections from both IPv4 and IPv6. This will work on any OS. Or there could be a configuration option to specify which address family to listen to.

In any case, the current log message is wrong and it doesn't seem possible to connect to VirtualBox's RDP over IPv6 on Fedora.

Related: it should be possible to bind the listen(s) to a specific IP address (v4 and/or v6). In a multihomed environment (which all IPv6 environments are), this can be useful. For example, one could use the default RDP port for all VMs if one could specify a dedicated IP address for each VM's RDP listener. Filtering by address can also reduce the number of rules required for some firewall situations.

Change History

comment:1 Changed 18 months ago by sunlover

Thanks for the report.

Please try https://www.virtualbox.org/download/testcase/Oracle_VM_VirtualBox_Extension_Pack-4.3.27-99580.vbox-extpack

This problem happened because getaddrinfo returned IPv4 address before IPv6 and the VRDP server created the IPv4 socket first, so the IPv6 socket (which tried to listen for IPv4 too) could not be set to listened state later.

comment:2 Changed 18 months ago by tlhackque

Thanks. Progress, but not complete success.

I installed 4.3.27-99580.vbox-extpack and shutdown/restarted one of my VMs.

VRDP now seems to be listening on IPv6 and IPv4 by default; one can connect to either port.

BUT, not if I specify a hostname that has both IPv6 and IPv4 addresses. Here is a failing case:

# host hagrid.sb.litts.net
hagrid.sb.litts.net has address 192.168.148.136
hagrid.sb.litts.net has IPv6 address 2001:4830:11a2:941::136

# vboxmanage modifyvm "d71777f5-a958-40ab-ae3b-d52e0358ae17" --vrdeaddress hagrid.sb.litts.net

(start VM)

# netstat -nltp | grep 3394
tcp        0      0 192.168.148.136:3394        0.0.0.0:*                   LISTEN      14424/VBoxHeadless
tcp        0      0 127.0.0.1:3394              0.0.0.0:*                   LISTEN      14424/VBoxHeadless

Here, VRDP is picking up the IPv4 address, but instead of the IPv6 address, it is using the IPv4 loopback address.

VBox.log
VirtualBox VM 4.3.26_OSE r98988 linux.amd64 (Mar 24 2015 20:06:06) release log
00:00:00.030762 Log opened 2015-04-15T13:16:53.083146000Z
00:00:00.030764 Build Type: release
00:00:00.030772 OS Product: Linux
00:00:00.030774 OS Release: 2.6.43.8-1.fc15.x86_64
00:00:00.030775 OS Version: #1 SMP Mon Jun 4 20:33:44 UTC 2012
00:00:00.031094 DMI Product Name: PowerEdge 1900
00:00:00.031112 DMI Product Version:
00:00:00.031395 Host RAM: 7981MB total, 4238MB available
00:00:00.031400 Executable: /opt/VirtualBox/VBoxHeadless
00:00:00.031401 Process ID: 14424
00:00:00.031402 Package type: LINUX_64BITS_GENERIC (OSE)
00:00:00.034605 Installed Extension Packs:
00:00:00.034619   Oracle VM VirtualBox Extension Pack (Version: 4.3.27 r99580; VRDE Module: VBoxVRDP)
00:00:00.040591 VRDP: Statistics created: [full], enabled: 0.
00:00:00.041906 VRDP: VRDP: VD: Frames=10 MinMS=15 MaxMS=300 HistoryMS=2000 VideoMS=300
00:00:00.052581 VRDP: TCP server listening on port 3394 (IPv4).

If I use an IPv6-only host name, I can listen only on IPv6:

# host hagrid.v6.sb.litts.net
hagrid.v6.sb.litts.net has IPv6 address 2001:4830:11a2:941::136

# vboxmanage modifyvm "d71777f5-a958-40ab-ae3b-d52e0358ae17" --vrdeaddress hagrid.v6.sb.litts.net
(start VM)
# netstat -nltp | grep 3394
tcp        0      0 2001:4830:11a2:941::13:3394 :::*                        LISTEN      14926/VBoxHeadless

(Netstat is truncating the IPv6 address for display; the actual listening socket is correct.)

VRDP really should be listening on every address family/address returned by getaddrinfo()... If a host has 2 IPv4 addresses and 6 IPv6 addresses registered in DNS, there should be 6 listening sockets.

Or at least, one per address family. (From getaddrinfo()'s list, or allow specifying 2 host names; e.g. --vrdeaddress hagrid.v6.sb.litts.net,hagrid.v4.sb.litts.net .)

But certainly NOT one random family + a loopback address.

Note that the order in which getaddrinfo returns addresses is unpredictable/a site choices. RFC 3484 says essentially that "the family with the best success rate should be returned first". This can be influenced by site configuration. (Under linux, see gai.conf.) See sections 6 and 10 in the RFC. However, note that this is oriented toward connect(), not listen().

It still isn't possible to specify the address that VRDE binds to in the VirtualBox GUI. Perhaps this can be added to the "Server Port" field of the "Remote Display" tab under "Display" settings. (e.g. [2001:db8::1]:3389 or host.example.com:3389)

comment:3 Changed 18 months ago by sunlover

Thanks for testing. The VRDP server actually listens on every AF_INET/AF_INET6 address returned by getaddrinfo() and creates separate listening sockets. I'll have to reproduce the case to see what is going wrong.

The dependency on the order in which getaddrinfo returns addresses was a bug in the VRDP server code, which is fixed in 4.3.27-99580 extpack.

comment:4 Changed 18 months ago by tlhackque

You can stop looking for a reproducer. I've tracked this down.

The latest confusion appears to be Fedora putting the IPv4 addresses -- including loopback -- in /etc/hosts, but not the IPv6 address. Adding the IPv6 address to /etc/hosts, thus matching DNS causes VRDP to open the three addresses (V4, V6, V4.loop) in /etc/hosts.

Looks like the new VRDP is doing the right thing as far as opening the listening sockets per getaddrinfo(). Sorry I didn't catch that sooner.

That leaves the inability to specify an address/hostname in the GUI.

Thanks.

comment:5 Changed 18 months ago by sunlover

  • Summary changed from VRDP not listening for IPv6 on Linux host to VRDP not listening for IPv6 on Linux host [Fixed in SVN]

Great, thanks. The fix will be of course available in the next 4.3 release.

Regarding GUI: there was a related request 7441. Frank's comment is still valid and reflects the current state.

comment:6 Changed 17 months ago by frank

  • Status changed from new to closed
  • Resolution set to fixed

Fix is part of VBox 4.3.28.

Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use