OpenWrt/LEDE Project

  • Status Closed
  • Percent Complete
    100%
  • Task Type Bug Report
  • Category Base system
  • Assigned To No-one
  • Operating System All
  • Severity Low
  • Priority Very Low
  • Reported Version openwrt-21.02
  • Due in Version Undecided
  • Due Date Undecided
  • Private
Attached to Project: OpenWrt/LEDE Project
Opened by Tsuñami Ulukaï - 16.05.2021
Last edited by Jo-Philipp Wich - 17.05.2021

FS#3813 - OpenWRT not compliant with RFC6724

Summary:

Systems on which this has been tested with identical results

  • GL.iNet GL-B1300 - ipq40xx/generic - arm_cortex-a7_neon-vfpv4 - OpenWrt 21.02.0-rc1 r16046
  • NetGear WNDR3700 - ar71xx/generic - mips_24kc - OpenWrt 19.07.6 r11278
  • NetGear WNDR4300 - ar71xx/nand - mips_24kc - OpenWrt 19.07.6 r11278

A call to getaddrinfo(3) might return multiple answers.
According to RFC 3484/6724 these answers must be sorted so that the answer with the highest success rate is first in the list. The RFC provides an algorithm for the sorting. The static rules are not always adequate, though. For this reason, the RFC also requires that system administrators should have the possibility to dynamically change the sorting. For the glibc implementation, this can be achieved with the /etc/gai.conf file.

By default, the following policy table should be applied for destination-address selection when multiple alternatives are possible:

      Prefix        Precedence Label
      ::1/128               50     0
      ::/0                  40     1
      ::ffff:0:0/96         35     4
      2002::/16             30     2
      2001::/32              5     5
      fc00::/7               3    13
      ::/96                  1     3
      fec0::/10              1    11
      3ffe::/16              1    12

In this context, IPv4 addresses are matched with the ::ffff:0:0/96 prefix.

Therefore, for hosts whose address is obtained by DNS and for wich both A & AAAA record are returned, Openwrt should prefer gloobaly routable IPv6 destination address over IPv4 over IPv6 ULA addresses.

Nevertheless, OpenWrt seems to systematically prefer IPv6 over IPv4, as was foreseen in RFC3084 whose policy table was as follows:

      Prefix        Precedence Label
      ::1/128               50     0
      ::/0                  40     1
      2002::/16             30     2
      ::/96                 20     3
      ::ffff:0:0/96         10     4

Both RFCs state that “IPv6 implementations SHOULD support configurable address selection via a mechanism at least as powerful as the policy tables defined here.”

Linux systems based on glibc provide such a mechanism with the /etc/gai.conf file. But it seems that musl/getaddrinfo implementation lacks such a configuration mechanism.

The behaviour can be tested by using uclient-fetch towards hosts for which both AAAA & A records exist.

┌──[SSH://root@openwrt]──[~]────────
# nslookup google.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:      google.com
Address 1: 172.217.168.206
Address 2: 2a00:1450:400e:80c::200e

┌──[SSH://root@openwrt]──[~]────────
# nslookup nas.lan
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:      nas.lan
Address 1: 192.168.1.1
Address 2: fd6a:1d5e:8a36:2337::1


┌──[SSH://root@openwrt]──[~]────────
# uclient-fetch -O /dev/null http://google.com
Downloading 'http://google.com'
Connecting to 2a00:1450:400e:803::200e:80
Redirected to / on www.google.com
Writing to '/dev/null'

Download completed (13759 bytes)

┌──[SSH://root@openwrt]──[~]────────
# uclient-fetch -O /dev/null http://nas.lan
Downloading 'http://nas.lan'
Connecting to fd6a:1d5e:8a36:2337::1:80
Writing to '/dev/null'
Download completed (3506 bytes)
Closed by  Jo-Philipp Wich
17.05.2021 15:06
Reason for closing:  Won't implement
Admin
Jo-Philipp Wich commented on 17.05.2021 15:06

Please take this discussion upstream to musl libc, I don't see OpenWrt altering such core libc resolver functions anytime soon.

Project Manager
Baptiste Jonglez commented on 17.05.2021 21:02

Musl does implement (a minimal subset of) RFC 6724, see https://git.openwrt.org/7fea9d9f5dd282a7

Allowing to configure the policy table is a SHOULD in the RFC so it's not mandatory to do it.

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing