Open thdesy opened 3 years ago
addendum: I just noticed, that the behaviour is inconsistent between the transfer protocols and the using explicitly IPv4/IPv6 addresses. For WebDAV and gsiFTP apparently the handshake fails with the host cert DN, i.e., the FQDN, does not match the given address, i.e., the IP
> gfal-copy -f -vv davs://[2001:638:700:10bf::1:d8]:2880/pnfs/foo/baz /tmp/hartmath.1
INFO Davix: Impossible to Recover with Metalink: (Neon): Server certificate verification failed: certificate issued for a different hostname
gfal-copy error: 112 (Host is down) - Could not stat the source: Result (Neon): Server certificate verification failed: certificate issued for a different hostname after 1 attempts
> gfal-copy -f -vv root://[2001:638:700:10bf::1:d8]::1094/store/foo/baz /tmp/hartmath.1
INFO Event triggered: BOTH xroot TRANSFER:ENTER root://[2001:638:700:10bf::1:d8]:1094///store/foo/baz?xrd.gsiusrpxy=/tmp/x509up_u26551 => file://localhost///tmp/hartmath.1?xrd.gsiusrpxy=/tmp/x509up_u26551
event: [1603460504727] BOTH xroot TRANSFER:TYPE streamed
INFO Event triggered: BOTH xroot TRANSFER:TYPE streamed
I guess, it is probably related to the xrootd security model?
Hi Thomas, if i remember correctly this is a known issue and the flags work only with srm and gsiftp protocol, maybe @mpatrascoiu can have a look a the Jira for the related open issue. As a workaround for Xrootd you can specify the XRD_NETWORKSTACK var,
XRD_NETWORKSTACK=ipv4 gfal-copy -f -vv root://dcache-door-cms20.desy.de:1094/store/foo/baz /tmp/hartmath.1
cheers Andrea
Hello Thomas,
The discussion on IPv4/6 is picking up within DOMA.
Right now, only the GridFTP plugin offers support for changing the IP stack. I'm working on making Gfal2 offer better support for the XRootD and HTTP plugins as well.
Cheers, Mihai
Hello Thomas,
For Gfal2 XRootd plugin, I have opened this issue: https://github.com/xrootd/xrootd/issues/1472
Cheers, Mihai
Hi,
it seems that with gfal-copy version [1] the IP version switch does not have an affect.
We are currently debugging a routing problem and have noticed, that even with explicitly requirering IPv4 the IPv6 route is used E.g.,
resolving the A/AAAA records explicitly takes the expected protocol, i.e.,
the problem appears to be similar with the xrd-tools (v4.11.3), e.g.,
Cheers, Thomas
[1]