Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
IPv6 issues with curl 7.87.0 + c-ares 1.16.1
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Peter Krefting via curl-users <curl-users_at_lists.haxx.se>
Date: Tue, 17 Jan 2023 09:32:56 +0100 (CET)
Hi!
I am upgrading our version of curl and c-ares on an embedded device, and
after upgrading, I find that on a system where IPv6 setup is incomplete
(only internal network configured [1]), I am unable to perform any https
requests; IPv4 fall-back does not happen.
We were using curl 7.54.0 with c-ares 1.12.0 and OpenSSL 1.1.1s, with these
version HTTPS requests [2] work as expected (i.e, I get the IPv4 fall-back).
After upgrading to curl 7.87.0 with c-ares 1.18.1, connections are no longer
going through (it looks like it is trying IPv6 only and timing out).
Keeping curl 7.87.0 but building with c-ares 1.12.0, connections *do* work,
and if I drop-in the 1.18.1 c-ares (libcares.so.2.4.1) they still work, so
it seems like an unintended side-effect of the interaction between the two
versions.
I have not tested whether this also happens on x86, my builds are on an
embedded powerpc e500mc device.
In summary:
curl c-ares result
7.54.0 built against 1.12.0 + 1.12.0 = OK
7.87.0 built against 1.18.1 + 1.18.1 = FAIL
7.87.0 built against 1.12.0 + 1.12.0 = OK
7.87.0 built against 1.12.0 + 1.18.1 = OK!!
[1]
$ ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP100> mtu 1500 qlen 1000
inet6 2a06:2400:1:0:224:64ff:fe00:1f63/64 scope global dynamic
valid_lft 2591992sec preferred_lft 604792sec
inet6 fe80::224:64ff:fe00:1f63/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP100> mtu 1500 qlen 1000
inet6 2a06:2400:1:1030:224:64ff:fe00:1f64/64 scope global dynamic
valid_lft 2592000sec preferred_lft 604800sec
inet6 fe80::224:64ff:fe00:1f64/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP100> mtu 1500 qlen 1000
inet6 2a06:2400:1:0:224:64ff:fe00:1f65/64 scope global dynamic
valid_lft 2591992sec preferred_lft 604792sec
inet6 fe80::224:64ff:fe00:1f65/64 scope link
valid_lft forever preferred_lft forever
[2] (sorry for the slight URL obfuscation; nothing fun there, just trying
to avoid unintended traffic; response will echo the IP you connected
from, so I can easily tell if it used IPv4 or IPv6)
curl $(base64 -d <<<aHR0cHM6Ly9saWNlbnNlLm1pY3JvYW5hbHl0aWNzLm9yZy9waW5n)
Date: Tue, 17 Jan 2023 09:32:56 +0100 (CET)
Hi!
I am upgrading our version of curl and c-ares on an embedded device, and
after upgrading, I find that on a system where IPv6 setup is incomplete
(only internal network configured [1]), I am unable to perform any https
requests; IPv4 fall-back does not happen.
We were using curl 7.54.0 with c-ares 1.12.0 and OpenSSL 1.1.1s, with these
version HTTPS requests [2] work as expected (i.e, I get the IPv4 fall-back).
After upgrading to curl 7.87.0 with c-ares 1.18.1, connections are no longer
going through (it looks like it is trying IPv6 only and timing out).
Keeping curl 7.87.0 but building with c-ares 1.12.0, connections *do* work,
and if I drop-in the 1.18.1 c-ares (libcares.so.2.4.1) they still work, so
it seems like an unintended side-effect of the interaction between the two
versions.
I have not tested whether this also happens on x86, my builds are on an
embedded powerpc e500mc device.
In summary:
curl c-ares result
7.54.0 built against 1.12.0 + 1.12.0 = OK
7.87.0 built against 1.18.1 + 1.18.1 = FAIL
7.87.0 built against 1.12.0 + 1.12.0 = OK
7.87.0 built against 1.12.0 + 1.18.1 = OK!!
[1]
$ ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP100> mtu 1500 qlen 1000
inet6 2a06:2400:1:0:224:64ff:fe00:1f63/64 scope global dynamic
valid_lft 2591992sec preferred_lft 604792sec
inet6 fe80::224:64ff:fe00:1f63/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP100> mtu 1500 qlen 1000
inet6 2a06:2400:1:1030:224:64ff:fe00:1f64/64 scope global dynamic
valid_lft 2592000sec preferred_lft 604800sec
inet6 fe80::224:64ff:fe00:1f64/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP100> mtu 1500 qlen 1000
inet6 2a06:2400:1:0:224:64ff:fe00:1f65/64 scope global dynamic
valid_lft 2591992sec preferred_lft 604792sec
inet6 fe80::224:64ff:fe00:1f65/64 scope link
valid_lft forever preferred_lft forever
[2] (sorry for the slight URL obfuscation; nothing fun there, just trying
to avoid unintended traffic; response will echo the IP you connected
from, so I can easily tell if it used IPv4 or IPv6)
curl $(base64 -d <<<aHR0cHM6Ly9saWNlbnNlLm1pY3JvYW5hbHl0aWNzLm9yZy9waW5n)
-- \\// Peter - http://www.softwolves.pp.se/ -- Unsubscribe: https://lists.haxx.se/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-01-17