From bc0e84d689e2240a1bdfba3c04070485390bbfe9 Mon Sep 17 00:00:00 2001 From: Julian Squires Date: Fri, 30 Apr 2021 12:00:37 -0230 Subject: [PATCH] netifd: interface-ip: don't set fib6 policies if ipv6 disabled If IPv6 is disabled on a device, netifd still creates rules for it: 0: from all lookup local 32766: from all lookup main 4200000001: from all iif lo lookup unspec 12 4200000002: from all iif eth0 lookup unspec 12 4200000003: from all iif eth1 lookup unspec 12 When logread is asked to log to a remote system, it invokes usock such that getaddrinfo is called with AI_ADDRCONFIG in the flags; if ipv6 is disabled on lo, musl attempts to connect to ::1 but gets EACCES from the kernel, because of the reject policy added; this causes logread to fail to connect: socket(AF_INET6, SOCK_DGRAM|SOCK_CLOEXEC, IPPROTO_UDP) = 8 connect(8, {sa_family=AF_INET6, sin6_port=htons(65535), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}, 28) = -1 EACCES (Permission denied) See for a discussion of musl's handling of this. This change only sets up the v6 rules if ipv6 is enabled on the device. Signed-off-by: Julian Squires --- interface-ip.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/interface-ip.c b/interface-ip.c index 8b60963..986ab5b 100644 --- a/interface-ip.c +++ b/interface-ip.c @@ -1728,11 +1728,13 @@ void interface_ip_set_enabled(struct interface_ip_settings *ip, bool enabled) if (ip->iface->policy_rules_set != enabled && ip->iface->l3_dev.dev) { - set_ip_lo_policy(enabled, true, ip->iface); + if (ip->iface->l3_dev.dev->settings.ipv6) { + set_ip_lo_policy(enabled, true, ip->iface); + set_ip_source_policy(enabled, true, IPRULE_PRIORITY_REJECT + ip->iface->l3_dev.dev->ifindex, + NULL, 0, 0, ip->iface, "failed_policy", true); + } set_ip_lo_policy(enabled, false, ip->iface); - set_ip_source_policy(enabled, true, IPRULE_PRIORITY_REJECT + ip->iface->l3_dev.dev->ifindex, - NULL, 0, 0, ip->iface, "failed_policy", true); ip->iface->policy_rules_set = enabled; } } -- 2.30.2