[gentoo-portage-dev] Re: [PATCH] process: add _has_ipv6() function - gentoo-portage-dev

From:	Mike Gilbert <floppym@g.o>
To:	Zac Medico <zmedico@g.o>
Cc:	gentoo-portage-dev@l.g.o
Subject:	[gentoo-portage-dev] Re: [PATCH] process: add _has_ipv6() function
Date:	Sun, 04 Aug 2019 13:35:03
Message-Id:	`CAJ0EP40XiOvhASZKGk2MHXyLEJU2fJNbM8DMABMihLpEAFTO0Q@mail.gmail.com`
In Reply to:	[gentoo-portage-dev] Re: [PATCH] process: add _has_ipv6() function by Mike Gilbert

1

On Sat, Aug 3, 2019 at 7:37 PM Mike Gilbert <floppym@g.o> wrote:

2

>

3

> On Sat, Aug 3, 2019 at 3:30 PM Zac Medico <zmedico@g.o> wrote:

4

> >

5

> > Add _has_ipv6() function and use it in _configure_loopback_interface()

6

> > to decide whether to add an IPv6 address.

7

> >

8

> > Bug: https://bugs.gentoo.org/691290

9

> > ---

10

> >  lib/portage/process.py | 40 +++++++++++++++++++++++++++++++++++++---

11

> >  1 file changed, 37 insertions(+), 3 deletions(-)

12

> >

13

> > diff --git a/lib/portage/process.py b/lib/portage/process.py

14

> > index 690421815..ca8b0c172 100644

15

> > --- a/lib/portage/process.py

16

> > +++ b/lib/portage/process.py

17

> > @@ -339,6 +339,9 @@ def spawn(mycommand, env=None, opt_name=None, fd_pipes=None, returnpid=False,

18

> >                 fd_pipes[1] = pw

19

> >                 fd_pipes[2] = pw

20

> >

21

> > +       # Cache _has_ipv6() result for use in child processes.

22

> > +       _has_ipv6()

23

> > +

24

> >         # This caches the libc library lookup and _unshare_validator results

25

> >         # in the current process, so that results are cached for use in

26

> >         # child processes.

27

> > @@ -446,6 +449,38 @@ def spawn(mycommand, env=None, opt_name=None, fd_pipes=None, returnpid=False,

28

> >         # Everything succeeded

29

> >         return 0

30

> >

31

> > +__has_ipv6 = None

32

> > +

33

> > +def _has_ipv6():

34

> > +       """

35

> > +       Test that both userland and kernel support IPv6, by attempting

36

> > +       to create a socket and listen on any unused port of the IPv6

37

> > +       ::1 loopback address.

38

> > +

39

> > +       @rtype: bool

40

> > +       @return: True if IPv6 is supported, False otherwise.

41

> > +       """

42

> > +       global __has_ipv6

43

> > +

44

> > +       if __has_ipv6 is None:

45

> > +               if socket.has_ipv6:

46

> > +                       sock = None

47

> > +                       try:

48

> > +                               # python2.7 sockets do not support context management protocol

49

> > +                               sock = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM)

50

> > +                               sock.bind(('::1', 0))

51

> > +                       except EnvironmentError:

52

> > +                               __has_ipv6 = False

53

> > +                       else:

54

> > +                               __has_ipv6 = True

55

> > +                       finally:

56

> > +                               if sock is not None:

57

> > +                                       sock.close()

58

> > +               else:

59

> > +                       __has_ipv6 = False

60

> > +

61

> > +       return __has_ipv6

62

> > +

63

> >  def _configure_loopback_interface():

64

> >         """

65

> >         Configure the loopback interface.

66

> > @@ -478,9 +513,8 @@ def _configure_loopback_interface():

67

> >

68

> >         try:

69

> >                 subprocess.call(['ip', 'address', 'add', '10.0.0.1/8', 'dev', 'lo'])

70

> > -               with open(os.devnull, 'wb', 0) as devnull:

71

> > -                       subprocess.call(['ip', 'address', 'add', 'fd00::1/8', 'dev', 'lo'],

72

> > -                               stdout=devnull, stderr=devnull)

73

> > +               if _has_ipv6():

74

> > +                       subprocess.call(['ip', 'address', 'add', 'fd00::1/8', 'dev', 'lo'])

75

> >         except EnvironmentError as e:

76

> >                 writemsg("Error calling 'ip': %s\n" % e.strerror, noiselevel=-1)

77

> >

78

> > --

79

> > 2.21.0

80

> >

81

>

82

> This seems reasonable, though I don't have an IPv6-less system to test it on.

83

84

While chatting in #gentoo-desktop, we found that it is possible to

85

have IPv6 enabled, but prohibit IPv6 addresses from being added to

86

interfaces. This produces the following error from ip:

87

88

RTNETLINK answers: Permission denied

89

90

https://www.kernel.org/doc/Documentation/networking/ipv6.txt

91

92

ipv6.disabled = 0

93

ipv6.disable_ipv6 = 1

94

95

I don't think your __has_ipv6 function will catch this.

Gentoo Archives: gentoo-portage-dev

Replies

1	On Sat, Aug 3, 2019 at 7:37 PM Mike Gilbert <floppym@g.o> wrote:
2	>
3	> On Sat, Aug 3, 2019 at 3:30 PM Zac Medico <zmedico@g.o> wrote:
4	> >
5	> > Add _has_ipv6() function and use it in _configure_loopback_interface()
6	> > to decide whether to add an IPv6 address.
7	> >
8	> > Bug: https://bugs.gentoo.org/691290
9	> > ---
10	> > lib/portage/process.py \| 40 +++++++++++++++++++++++++++++++++++++---
11	> > 1 file changed, 37 insertions(+), 3 deletions(-)
12	> >
13	> > diff --git a/lib/portage/process.py b/lib/portage/process.py
14	> > index 690421815..ca8b0c172 100644
15	> > --- a/lib/portage/process.py
16	> > +++ b/lib/portage/process.py
17	> > @@ -339,6 +339,9 @@ def spawn(mycommand, env=None, opt_name=None, fd_pipes=None, returnpid=False,
18	> > fd_pipes[1] = pw
19	> > fd_pipes[2] = pw
20	> >
21	> > + # Cache _has_ipv6() result for use in child processes.
22	> > + _has_ipv6()
23	> > +
24	> > # This caches the libc library lookup and _unshare_validator results
25	> > # in the current process, so that results are cached for use in
26	> > # child processes.
27	> > @@ -446,6 +449,38 @@ def spawn(mycommand, env=None, opt_name=None, fd_pipes=None, returnpid=False,
28	> > # Everything succeeded
29	> > return 0
30	> >
31	> > +__has_ipv6 = None
32	> > +
33	> > +def _has_ipv6():
34	> > + """
35	> > + Test that both userland and kernel support IPv6, by attempting
36	> > + to create a socket and listen on any unused port of the IPv6
37	> > + ::1 loopback address.
38	> > +
39	> > + @rtype: bool
40	> > + @return: True if IPv6 is supported, False otherwise.
41	> > + """
42	> > + global __has_ipv6
43	> > +
44	> > + if __has_ipv6 is None:
45	> > + if socket.has_ipv6:
46	> > + sock = None
47	> > + try:
48	> > + # python2.7 sockets do not support context management protocol
49	> > + sock = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM)
50	> > + sock.bind(('::1', 0))
51	> > + except EnvironmentError:
52	> > + __has_ipv6 = False
53	> > + else:
54	> > + __has_ipv6 = True
55	> > + finally:
56	> > + if sock is not None:
57	> > + sock.close()
58	> > + else:
59	> > + __has_ipv6 = False
60	> > +
61	> > + return __has_ipv6
62	> > +
63	> > def _configure_loopback_interface():
64	> > """
65	> > Configure the loopback interface.
66	> > @@ -478,9 +513,8 @@ def _configure_loopback_interface():
67	> >
68	> > try:
69	> > subprocess.call(['ip', 'address', 'add', '10.0.0.1/8', 'dev', 'lo'])
70	> > - with open(os.devnull, 'wb', 0) as devnull:
71	> > - subprocess.call(['ip', 'address', 'add', 'fd00::1/8', 'dev', 'lo'],
72	> > - stdout=devnull, stderr=devnull)
73	> > + if _has_ipv6():
74	> > + subprocess.call(['ip', 'address', 'add', 'fd00::1/8', 'dev', 'lo'])
75	> > except EnvironmentError as e:
76	> > writemsg("Error calling 'ip': %s\n" % e.strerror, noiselevel=-1)
77	> >
78	> > --
79	> > 2.21.0
80	> >
81	>
82	> This seems reasonable, though I don't have an IPv6-less system to test it on.
83
84	While chatting in #gentoo-desktop, we found that it is possible to
85	have IPv6 enabled, but prohibit IPv6 addresses from being added to
86	interfaces. This produces the following error from ip:
87
88	RTNETLINK answers: Permission denied
89
90	https://www.kernel.org/doc/Documentation/networking/ipv6.txt
91
92	ipv6.disabled = 0
93	ipv6.disable_ipv6 = 1
94
95	I don't think your __has_ipv6 function will catch this.