If IPv6 is disabled on a device, netifd still creates rules for it:
0: from all lookup local
32766: from all lookup main
4200000001: from all iif lo lookup unspec 12
4200000002: from all iif eth0 lookup unspec 12
4200000003: from all iif eth1 lookup unspec 12
When logread is asked to log to a remote system, it invokes usock such
that getaddrinfo is called with AI_ADDRCONFIG in the flags; if ipv6 is
disabled on lo, musl attempts to connect to ::1 but gets EACCES from
the kernel, because of the reject policy added; this causes logread to
fail to connect:
socket(AF_INET6, SOCK_DGRAM|SOCK_CLOEXEC, IPPROTO_UDP) = 8
connect(8, {sa_family=AF_INET6, sin6_port=htons(65535), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}, 28) = -1 EACCES (Permission denied)
See <https://www.openwall.com/lists/musl/2021/04/30/2> for a
discussion of musl's handling of this.
This change only sets up the v6 rules if ipv6 is enabled on the
device.
Signed-off-by: Julian Squires <julian@cipht.net>
if (ip->iface->policy_rules_set != enabled &&
ip->iface->l3_dev.dev) {
- set_ip_lo_policy(enabled, true, ip->iface);
+ if (ip->iface->l3_dev.dev->settings.ipv6) {
+ set_ip_lo_policy(enabled, true, ip->iface);
+ set_ip_source_policy(enabled, true, IPRULE_PRIORITY_REJECT + ip->iface->l3_dev.dev->ifindex,
+ NULL, 0, 0, ip->iface, "failed_policy", true);
+ }
set_ip_lo_policy(enabled, false, ip->iface);
- set_ip_source_policy(enabled, true, IPRULE_PRIORITY_REJECT + ip->iface->l3_dev.dev->ifindex,
- NULL, 0, 0, ip->iface, "failed_policy", true);
ip->iface->policy_rules_set = enabled;
}
}