mailing list of musl libc
 help / color / mirror / Atom feed
From: Rich Felker <dalias@libc.org>
To: Bob Richmond <robert.richmond@greenwavesystems.com>
Cc: musl@lists.openwall.com
Subject: Re: [musl] getaddrinfo/AI_ADDRCONFIG with ipv6 disabled
Date: Fri, 30 Apr 2021 08:38:04 -0400
Message-ID: <20210430123803.GX2546@brightrain.aerifal.cx> (raw)
In-Reply-To: <20210430001301.GW2546@brightrain.aerifal.cx>

On Thu, Apr 29, 2021 at 08:13:03PM -0400, Rich Felker wrote:
> On Wed, Dec 04, 2019 at 06:44:29PM -0800, Bob Richmond wrote:
> > connect() to the IPv6 loopback address can fail with EACCES on Linux
> > if IPv6 is disabled on the lo interface, and causes getaddrinfo to
> > fail without returning IPv4 addresses. It should be treated as if
> > IPv6 is disabled.
> > 
> > echo 1 >/proc/sys/net/ipv6/conf/lo/disable_ipv6
> > 
> > struct addrinfo hints, *res = NULL;
> > hints.ai_family = PF_UNSPEC;
> > hints.ai_flags = AI_ADDRCONFIG;
> > getaddrinfo("192.168.1.1", "80", &hints, &res);
> > 
> > strace:
> > ======start=======
> > socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, IPPROTO_UDP) = 14
> > connect(14, {sa_family=AF_INET, sin_port=htons(65535),
> > sin_addr=inet_addr("127.0.0.1")}, 16) = 0
> > close(14)                         = 0
> > 
> > socket(AF_INET6, SOCK_DGRAM|SOCK_CLOEXEC, IPPROTO_UDP) = 14
> > 
> > connect(14, {sa_family=AF_INET6, sin6_port=htons(65535),
> > inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=htonl(0),
> > sin6_scope_id=0}, 28) = -1 EACCES (Permission denied)
> > close(14)                         = 0
> > writev(2, [{iov_base="[warn] getaddrinfo: Permission denied\n",
> > iov_len=38}, {iov_base=NULL, iov_len=0}], 2) = 38
> > ======end=========
> 
> > --- musl-1.1.24/src/network/getaddrinfo.c	2019-10-13 14:58:27.000000000 -0700
> > +++ musl-1.1.24/src/network/getaddrinfo.c	2019-12-04 14:52:11.003784091 -0800
> > @@ -76,6 +76,7 @@
> >  			case EHOSTUNREACH:
> >  			case ENETDOWN:
> >  			case ENETUNREACH:
> > +			case EACCES:
> >  				break;
> >  			default:
> >  				return EAI_SYSTEM;
> 
> This patch was overlooked at the time, and another user just stopped
> by #musl to ask why it wasn't applied. I'm going to go ahead and apply
> it now. Sorry for the long delay!

It's been raised that this is NOT a result of

    echo 1 >/proc/sys/net/ipv6/conf/lo/disable_ipv6

but rather appears to be fib6 policy setup by OpenWRT for some reason,
whereby the kernel (net/ipv6/fib6_rules.c: fib6_rule_action)
synthesizes error codes for routing policy reasons. This is probably
wrong for the kernel to do -- especially their re-appropriation of
EINVAL for FR_ACT_BLACKHOLE when POSIX already specifies it for

    "The address_len argument is not a valid length for the address
    family; or invalid address family in the sockaddr structure."

So in light of this mess, the patch may be correct, despite the
problem being misattributed, but it should probably also handle the
EINVAL case. Also it's not 100% clear whether we should interpret this
as "no IPv6" or ignore it as an access control policy rather than
reflection of IPv6 existing. If there are any other ways the kernel
can return EACCES or EINVAL here, we would not want to misinterpret
that in a way that breaks IPv6.

Someone should probably also ping OpenWRT about why they're using this
arcane mechanism to block IPv6 to localhost.

Rich

  reply	other threads:[~2021-04-30 12:38 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-05  2:44 Bob Richmond
2021-04-30  0:13 ` [musl] " Rich Felker
2021-04-30 12:38   ` Rich Felker [this message]
2021-04-30 16:40     ` Bastian Bittorf
2021-04-30 16:52       ` Rich Felker
2021-04-30 17:59         ` Julian Squires
2021-04-30 16:59     ` Jeffrey Walton
2021-04-30 18:49       ` Markus Wichmann
2021-04-30 19:50         ` Rich Felker

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210430123803.GX2546@brightrain.aerifal.cx \
    --to=dalias@libc.org \
    --cc=musl@lists.openwall.com \
    --cc=robert.richmond@greenwavesystems.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

mailing list of musl libc

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://inbox.vuxu.org/musl

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 musl musl/ https://inbox.vuxu.org/musl \
		musl@inbox.vuxu.org
	public-inbox-index musl

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.musl


code repositories for the project(s) associated with this inbox:

	https://git.vuxu.org/mirror/musl/

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git