fix: Fall back to ipv4 if dual stack sockets are disabled

Author: rustybee42

Cargo.lock

@@ -16,7 +16,7 @@ use sqlite::{TransactionExt, check_affected_rows};
 use sqlite_check::sql;
 use std::fmt::Debug;
 use std::future::Future;
-use std::net::{SocketAddr, TcpListener};
+use std::net::SocketAddr;
 use std::pin::Pin;
 use tonic::transport::{Identity, Server, ServerTlsConfig};
 use tonic::{Code, Request, Response, Status};
@@ -210,19 +210,10 @@ pub(crate) fn serve(ctx: Context, mut shutdown: RunStateHandle) -> Result<()> {
         },
     );
 
-    let mut serve_addr = SocketAddr::new("::".parse()?, ctx.info.user_config.grpc_port);
-
-    // Test for IPv6 available, fall back to IPv4 sockets if not
-    match TcpListener::bind(serve_addr) {
-        Ok(_) => {}
-        Err(err) if err.raw_os_error() == Some(libc::EAFNOSUPPORT) => {
-            log::debug!("gRPC: IPv6 not available, falling back to IPv4 sockets");
-            serve_addr = SocketAddr::new("0.0.0.0".parse()?, ctx.info.user_config.grpc_port);
-        }
-        Err(err) => {
-            anyhow::bail!(err);
-        }
-    }
+    let serve_addr = SocketAddr::new(
+        shared::nic::select_bind_addr(),
+        ctx.info.user_config.grpc_port,
+    );
 
     log::info!("Serving gRPC requests on {serve_addr}");
 

mgmtd/src/grpc.rs

@@ -27,7 +27,7 @@ use sqlite::TransactionExt;
 use sqlite_check::sql;
 use std::collections::HashSet;
 use std::future::Future;
-use std::net::{SocketAddr, TcpListener};
+use std::net::SocketAddr;
 use std::sync::Arc;
 use tokio::net::UdpSocket;
 use tokio::sync::mpsc;
@@ -60,19 +60,10 @@ pub async fn start(info: StaticInfo, license: LicenseVerifier) -> Result<RunCont
     // Static configuration which doesn't change at runtime
     let info = Box::leak(Box::new(info));
 
-    let mut beemsg_serve_addr = SocketAddr::new("::".parse()?, info.user_config.beemsg_port);
-
-    // Test for IPv6 available, fall back to IPv4 sockets if not
-    match TcpListener::bind(beemsg_serve_addr) {
-        Ok(_) => {}
-        Err(err) if err.raw_os_error() == Some(libc::EAFNOSUPPORT) => {
-            log::debug!("BeeMsg: IPv6 not available, falling back to IPv4 sockets");
-            beemsg_serve_addr = SocketAddr::new("0.0.0.0".parse()?, info.user_config.beemsg_port);
-        }
-        Err(err) => {
-            anyhow::bail!(err);
-        }
-    }
+    let beemsg_serve_addr = SocketAddr::new(
+        shared::nic::select_bind_addr(),
+        info.user_config.beemsg_port,
+    );
 
     // UDP socket for in- and outgoing messages
     let udp_socket = Arc::new(UdpSocket::bind(beemsg_serve_addr).await?);

mgmtd/src/lib.rs

@@ -12,6 +12,7 @@ bee_serde_derive = { path = "../bee_serde_derive" }
 
 anyhow = { workspace = true }
 bytes = { workspace = true }
+libc = { workspace = true }
 log = { workspace = true }
 pnet_datalink = "0"
 protobuf = { workspace = true, optional = true }

shared/Cargo.toml

@@ -2,7 +2,8 @@ use crate::types::NicType;
 use anyhow::{Result, anyhow};
 use serde::Deserializer;
 use serde::de::{Unexpected, Visitor};
-use std::net::IpAddr;
+use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
+use std::os::fd::{AsRawFd, FromRawFd, OwnedFd};
 use std::str::FromStr;
 
 /// Network protocol
@@ -207,6 +208,68 @@ pub fn query_nics(filter: &[NicFilter]) -> Result<Vec<Nic>> {
     Ok(filtered_nics)
 }
 
+/// Selects address to bind to for listening: Checks if IPv6 sockets are available on this host
+/// according to our rules: IPv6 must be enabled during boot and at runtime, and IPv6 sockets must
+/// be dual stack. Then it returns `::` (IPv6), otherwise `0.0.0.0` (IPv4).
+pub fn select_bind_addr() -> IpAddr {
+    // SAFETY: Any data used in the libc calls is local only
+    unsafe {
+        // Check if IPv6 socket can be created
+        let sock = libc::socket(libc::AF_INET6, libc::SOCK_STREAM, 0);
+        if sock < 0 {
+            log::info!("IPv6 is unavailable on this host, falling back to IPv4 sockets");
+            return Ipv4Addr::UNSPECIFIED.into();
+        }
+        // Make sure the socket is closed on drop
+        let sock = OwnedFd::from_raw_fd(sock);
+
+        // Check if we can connect the socket to ipv6. We are not interested in an actual connection
+        // here but rather if it fails with EADDRNOTAVAIL, which indicates ipv6 is loaded in
+        // kernel but disabled at runtime
+        libc::fcntl(sock.as_raw_fd(), libc::F_SETFL, libc::O_NONBLOCK);
+        let addr_in6 = libc::sockaddr_in6 {
+            sin6_family: libc::AF_INET6 as u16,
+            sin6_port: 35037, // Just a random port
+            sin6_flowinfo: 0,
+            sin6_addr: libc::in6_addr {
+                s6_addr: Ipv6Addr::LOCALHOST.octets(),
+            },
+            sin6_scope_id: 0,
+        };
+        let res = libc::connect(
+            sock.as_raw_fd(),
+            &addr_in6 as *const _ as *const _,
+            size_of::<libc::sockaddr_in6>() as u32,
+        );
+
+        if res < 0 && std::io::Error::last_os_error().raw_os_error() == Some(libc::EADDRNOTAVAIL) {
+            log::info!("IPv6 is disabled on this host, falling back to IPv4 sockets");
+            return Ipv4Addr::UNSPECIFIED.into();
+        }
+
+        // Check if dual stack sockets are enabled by querying the socket option
+        let mut ipv6_only: std::ffi::c_int = 0;
+        let mut ipv6_only_size = size_of::<std::ffi::c_int>();
+
+        let res = libc::getsockopt(
+            sock.as_raw_fd(),
+            libc::IPPROTO_IPV6,
+            libc::IPV6_V6ONLY,
+            &mut ipv6_only as *mut _ as *mut _,
+            &mut ipv6_only_size as *mut _ as *mut _,
+        );
+
+        if res < 0 || ipv6_only == 1 {
+            log::info!(
+                "IPv6 dual stack sockets are unavailable on this host, falling back to IPv4 sockets"
+            );
+            return Ipv4Addr::UNSPECIFIED.into();
+        }
+    }
+
+    Ipv6Addr::UNSPECIFIED.into()
+}
+
 #[cfg(test)]
 mod test {
     use super::*;