loginbroker: strip off zone off published interface name

The JVM uses an extension to IPv6 addresses spec to specify over which interface a particular site-local or link-local address is accessible. For dCache, this information is "useless" (we currently assume site- and link-local addresses are unique for any client that might use them) and causes problems when generating URLs. This patch strips off the zone identifier from the canonical name if the reverse DNS failed to specify a canonical name. Target: master Request: 2.12 Request: 2.11 Request: 2.10 Requires-notes: yes Requires-book: no Patch: https://rb.dcache.org/r/8106/ Acked-by: Gerd Behrmann
dCache · Apr 11, 2015 · 942ab09 · 942ab09
1 parent 87631f4
commit 942ab09
Showing 1 changed file with 31 additions and 1 deletion.
diff --git a/modules/common/src/main/java/org/dcache/util/NetworkUtils.java b/modules/common/src/main/java/org/dcache/util/NetworkUtils.java
@@ -298,7 +298,37 @@ public static boolean isInetAddress(String hostname) {
     public static InetAddress withCanonicalAddress(InetAddress address)
     {
         try {
-            return InetAddress.getByAddress(address.getCanonicalHostName(), address.getAddress());
+            String name = address.getCanonicalHostName();
+
+            // Java uses an extension to IPv6 addressing
+            // [draft-ietf-ipngwg-scoping-arch-04.txt] where a '%' is appended
+            // to the String representation of an IPv6 link-local and
+            // site-local address to disambiguate addresses that are potentially
+            // not globally unique.
+            //
+            // For dCache, this makes no sense: the zone identifiers are local
+            // to the door (e.g., "eth0", "eth1", etc).  There is no guarantee
+            // the client machine will share the same mapping; e.g., the link-
+            // local address #1 accessible via eth0 on the door may be accessible
+            // via eth1 on the client machine.
+            //
+            // Therefore we strip off any zone identifiers, if no canonical name
+            // is provided.  This makes a tacit assumption that any site-local
+            // or link-local address is unique to clients that can connect over
+            // those addresses.
+            //
+            // Note that, due to a bug in Guava[1], we can't detect when the
+            // canonical is an IP address; however, as '%' is not a character
+            // for a DNS entry, we can apply the work-around for all IPv6
+            // addresses.
+            //
+            // [1] https://code.google.com/p/guava-libraries/issues/detail?id=1557
+            //
+            if (address instanceof Inet6Address) {
+                name = stripScope(name);
+            }
+
+            return InetAddress.getByAddress(name, address.getAddress());
         } catch (UnknownHostException e) {
             return address;
         }