From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 19788 invoked from network); 30 Apr 2021 16:52:53 -0000 Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 30 Apr 2021 16:52:53 -0000 Received: (qmail 20156 invoked by uid 550); 30 Apr 2021 16:52:51 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 20138 invoked from network); 30 Apr 2021 16:52:51 -0000 Date: Fri, 30 Apr 2021 12:52:38 -0400 From: Rich Felker To: Bastian Bittorf Cc: musl@lists.openwall.com Message-ID: <20210430165238.GY2546@brightrain.aerifal.cx> References: <3b4d958a-f00e-564a-7715-c92d7592ce3f@greenwavesystems.com> <20210430001301.GW2546@brightrain.aerifal.cx> <20210430123803.GX2546@brightrain.aerifal.cx> <20210430164033.lc7xu2c3dln3tni7@email> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210430164033.lc7xu2c3dln3tni7@email> User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [musl] getaddrinfo/AI_ADDRCONFIG with ipv6 disabled On Fri, Apr 30, 2021 at 04:40:33PM +0000, Bastian Bittorf wrote: > On Fri, Apr 30, 2021 at 08:38:04AM -0400, Rich Felker wrote: > > Someone should probably also ping OpenWRT about why they're using this > > arcane mechanism to block IPv6 to localhost. > > at least I can see: > https://git.openwrt.org/?p=openwrt/svn-archive/archive.git;a=blob;f=target/linux/generic/patches-3.19/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch;h=f32458df30ad466d4e3ac8224cbec1bd074b43ec;hb=35d90ba52069c96afd1a74600b91499e5feed0e0 > > I was last refreshed on Tue Mar 30 22:01:27 2021 +0100 > and says: > > "RFC6204 L-14 requires rejecting traffic from invalid addresses with > ICMPv6 Destination Unreachable, Code 5 (Source address failed ingress/ > egress policy) on the LAN side, so add an appropriate rule for that." > > But that is just guessing... Presumably that would be for traffic originating from another host OpenWRT is forwarding for (blocking it from spoofing ::1 on the wire?) not for traffic originating on the OpenWRT box itself (where ::1 should work). I'm worried that if we just "fix" this issue on the musl side, OpenWRT is just wrongly going to conclude there's no IPv6 coonnectivity rather than that they have a configuration error breaking it.. Rich