Snappy

go binaries use bind on startup, requiring network-bind

Bug #1595993 reported by Zygmunt Krynicki
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Snappy
Fix Released
Medium
Unassigned

Bug Description

This bug is here to investigate why spread, our test suite runner and a go binary uses bind() on startup, failing as it does not use the network-bind interface.

The strace log of "spread -list" is attached to the bug. The key parts seem to be:

socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
close(3) = 0

Hmm? ^^ Perhaps just a test if "Can I haz socket?"

socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = 3
setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0
bind(3, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
futex(0xb58cd0, FUTEX_WAKE, 1) = 1
futex(0xb58c10, FUTEX_WAKE, 1) = 1

We have a IPv6 TCP socket bound to ::1 as the fd 3

socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = 4
setsockopt(4, SOL_IPV6, IPV6_V6ONLY, [0], 4) = 0
bind(4, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "::ffff:127.0.0.1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=
futex(0xb58cd0, FUTEX_WAKE, 1) = 1
futex(0xb58c10, FUTEX_WAKE, 1) = 1

We have a IPv6 TCP socket bound to ::ffff:127.0.0.1 (aka IPv4 in IPv4 version of the ::1 above) as fd 4

close(4) = 0
close(3) = 0

Both sockets are closed here.

See original description
Revision history for this message
Zygmunt Krynicki (zyga) wrote :
Zygmunt Krynicki (zyga)
description: updated
description: updated
Jamie Strandboge (jdstrand)
tags: added: snapd-interface
removed: snapd-interfaces
Revision history for this message
Zygmunt Krynicki (zyga) wrote :

This seems to be go runtime startup:

// Should we try to use the IPv4 socket interface if we're
// only dealing with IPv4 sockets? As long as the host system
// understands IPv6, it's okay to pass IPv4 addresses to the IPv6
// interface. That simplifies our code and is most general.
// Unfortunately, we need to run on kernels built without IPv6
// support too. So probe the kernel to figure it out.
//
// probeIPv6Stack probes both basic IPv6 capability and IPv6 IPv4-
// mapping capability which is controlled by IPV6_V6ONLY socket
// option and/or kernel state "net.inet6.ip6.v6only".
// It returns two boolean values. If the first boolean value is
// true, kernel supports basic IPv6 functionality. If the second
// boolean value is true, kernel supports IPv6 IPv4-mapping.
func probeIPv6Stack() (supportsIPv6, supportsIPv4map bool) {
...
}

Revision history for this message
Zygmunt Krynicki (zyga) wrote :

And in addition this:

// BUG(rsc,mikio): On DragonFly BSD and OpenBSD, listening on the
// "tcp" and "udp" networks does not listen for both IPv4 and IPv6
// connections. This is due to the fact that IPv4 traffic will not be
// routed to an IPv6 socket - two separate sockets are required if
// both address families are to be supported.
// See inet6(4) for details.

func probeIPv4Stack() bool {
...
}

Revision history for this message
Zygmunt Krynicki (zyga) wrote :

Both functions are in golang-1.6-1.6.2/src/net/ipsock_posix.go

I'm renaming this bug to indicate that this is specific to go

summary: - go binary (spread) uses bind on startup, requiring network-bind
+ go binaries use bind on startup, requiring network-bind
Changed in snappy:
importance: High → Medium
status: New → Triaged
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This was addressed in https://github.com/snapcore/snapd/pull/1251

Changed in snappy:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.