Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1187531 - curl occasionally fails to connect on dual-stacked hosts
Summary: curl occasionally fails to connect on dual-stacked hosts
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: curl
Version: 21
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Kamil Dudka
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-01-30 11:07 UTC by Rupesh Patel
Modified: 2015-02-28 10:23 UTC (History)
2 users (show)

Fixed In Version: curl-7.37.0-13.fc21
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-02-28 10:23:20 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1182168 0 unspecified CLOSED curl chokes on IPV4-only internet connection 2022-05-16 11:32:56 UTC

Internal Links: 1182168

Description Rupesh Patel 2015-01-30 11:07:51 UTC
Description of problem:

I haven't check in earlier versions but the recent version probably have this issue. I am connected to wireless network (adsl dhcp wifi modem) with only ipv4. Probably my modem is configure to work with ipv6 but isp not (pretty much sure). 

While trying "software" application in gui to up to date my system, it seems to process for longer time and eventually does nothing. So i check in backend with dnf and found something strange. 

[rupesh@rupesh ~]$ sudo dnf update -y
Error: Failed to synchronize cache for repo 'updates' from 'https://mirrors.fedoraproject.org/metalink?repo=updates-released-f21&arch=x86_64': Cannot prepare internal mirrorlist: Curl error: Couldn't connect to server for https://mirrors.fedoraproject.org/metalink?repo=updates-released-f21&arch=x86_64 [Failed to connect to mirrors.fedoraproject.org port 443: Network is unreachable]
[rupesh@rupesh ~]$

However, telnet was working well,

[rupesh@rupesh ~]$ telnet mirrors.fedoraproject.org 443
Trying 209.132.181.16...
Connected to mirrors.fedoraproject.org.
Escape character is '^]'.
^]q

telnet> q
Connection closed.
[rupesh@rupesh ~]$ 

Further i debug with curl -vvv and it showing some strange output.

[rupesh@rupesh ~]$ curl https://mirrors.fedoraproject.org/metalink?repo=updates-released-f21&arch=x86_64
[1] 7761
[rupesh@rupesh ~]$ curl: (7) Failed to connect to mirrors.fedoraproject.org port 443: Network is unreachable

[rupesh@rupesh ~]$ curl -vvv https://mirrors.fedoraproject.org/metalink
* Hostname was NOT found in DNS cache
*   Trying 66.135.62.201...
*   Trying 2001:4178:2:1269::fed2...
* connect to 2001:4178:2:1269::fed2 port 443 failed: Network is unreachable
*   Trying 2607:f188::dead:beef:cafe:fed1...
* connect to 2607:f188::dead:beef:cafe:fed1 port 443 failed: Network is unreachable
*   Trying 2610:28:3090:3001:dead:beef:cafe:fed3...
* connect to 2610:28:3090:3001:dead:beef:cafe:fed3 port 443 failed: Network is unreachable
* Failed to connect to mirrors.fedoraproject.org port 443: Network is unreachable
* Closing connection 0
curl: (7) Failed to connect to mirrors.fedoraproject.org port 443: Network is unreachable
[rupesh@rupesh ~]$ 

It says trying but eventually doesn't seems to trying? It only try port 443 against ipv6 and not to ipv4?

[rupesh@rupesh ~]$ curl -4  -vvv https://mirrors.fedoraproject.org --- works
[rupesh@rupesh ~]$ sudo dnf -4 update -- works

Here is more debug output, looks like internally when it connect to ipv4, get connected and never try ipv6 (expected) but when it "connect to" ipv6 and failed, it does not seems to trying ipv4? 

    [rupesh@rupesh ~]$ curl -svo/dev/null http://6to4.nro.net/
    * Hostname was NOT found in DNS cache
    *   Trying 202.12.29.234...
    *   Trying 2001:dc0:2001:11::234...
    * Connected to 6to4.nro.net (202.12.29.234) port 80 (#0)
    > GET / HTTP/1.1
    > User-Agent: curl/7.37.0
    > Host: 6to4.nro.net
    > Accept: */*
    >
    < HTTP/1.1 200 OK
    < Date: Fri, 30 Jan 2015 10:02:54 GMT
    * Server Apache/2.2.3 (CentOS) is not blacklisted
    < Server: Apache/2.2.3 (CentOS)
    < Vary: Accept-Encoding,User-Agent
    < Connection: close
    < Transfer-Encoding: chunked
    < Content-Type: text/html; charset=ISO-8859-1
    <
    { [data not shown]
     
    * Closing connection 0
    [rupesh@rupesh ~]$
    [rupesh@rupesh ~]$ curl -svo/dev/null http://6to4.nro.net/
    * Hostname was NOT found in DNS cache
    *   Trying 202.12.29.234...
    *   Trying 2001:dc0:2001:11::234...
    * connect to 2001:dc0:2001:11::234 port 80 failed: Network is unreachable
    *   Trying 2002:ca0c:1dea::1...
    * connect to 2002:ca0c:1dea::1 port 80 failed: Network is unreachable
    * Failed to connect to 6to4.nro.net port 80: Network is unreachable
    * Closing connection 0
    [rupesh@rupesh ~]$
     
    [rupesh@rupesh ~]$ strace -e trace=connect curl -svo/dev/null http://6to4.nro.net/
    * Hostname was NOT found in DNS cache
    *   Trying 202.12.29.234...
    connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("202.12.29.234")}, 16) = -1 EINPROGRESS (Operation now in progress)
    * Connected to 6to4.nro.net (202.12.29.234) port 80 (#0)
    > GET / HTTP/1.1
    > User-Agent: curl/7.37.0
    > Host: 6to4.nro.net
    > Accept: */*
    >
    < HTTP/1.1 200 OK
    < Date: Fri, 30 Jan 2015 10:01:53 GMT
    * Server Apache/2.2.3 (CentOS) is not blacklisted
    < Server: Apache/2.2.3 (CentOS)
    < Vary: Accept-Encoding,User-Agent
    < Connection: close
    < Transfer-Encoding: chunked
    < Content-Type: text/html; charset=ISO-8859-1
    <
    { [data not shown]
    * Closing connection 0
    +++ exited with 0 +++
     
    [rupesh@rupesh ~]$ strace -e trace=connect curl -svo/dev/null http://6to4.nro.net/
    * Hostname was NOT found in DNS cache
    *   Trying 202.12.29.234...
    connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("202.12.29.234")}, 16) = -1 EINPROGRESS (Operation now in progress)
    *   Trying 2001:dc0:2001:11::234...
    connect(4, {sa_family=AF_INET6, sin6_port=htons(80), inet_pton(AF_INET6, "2001:dc0:2001:11::234", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 EINPROGRESS (Operation now in progress)
    * connect to 2001:dc0:2001:11::234 port 80 failed: Network is unreachable
    *   Trying 2002:ca0c:1dea::1...
    connect(5, {sa_family=AF_INET6, sin6_port=htons(80), inet_pton(AF_INET6, "2002:ca0c:1dea::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 EINPROGRESS (Operation now in progress)
    * connect to 2002:ca0c:1dea::1 port 80 failed: Network is unreachable
    * Failed to connect to 6to4.nro.net port 80: Network is unreachable
    * Closing connection 0
    +++ exited with 7 +++
    [rupesh@rupesh ~]$

Version:- 
curl-7.37.0-12.fc21.x86_64
libcurl-7.37.0-12.fc21.x86_64

Comment 2 Rupesh Patel 2015-01-30 11:12:04 UTC
Before my fedora takes another updates, here are the libc rpms currently installed. 

[rupesh@rupesh ~]$ rpm -qa | grep glibc
glibc-headers-2.20-7.fc21.x86_64
glibc-common-2.20-7.fc21.x86_64
glibc-devel-2.20-7.fc21.x86_64
glibc-2.20-7.fc21.x86_64
glibc-2.20-7.fc21.i686
[rupesh@rupesh ~]$

Comment 3 Kamil Dudka 2015-02-12 12:39:22 UTC
While trying to debug it, I hit yet another problem of the Happy Eyeballs implementation in libcurl.  If the protocol versions are mixed in the DNS response (IPv6 -> IPv4 -> IPv6), it sometimes skips the IPv4 address altogether.

This is caused by the tricky list-traversing algorithm in trynextip(), which somehow assumes that the addresses in the list are grouped by protocol version.  Otherwise, the addresses skipped by the inner loop can be left behind without actually trying them out.

Comment 4 Kamil Dudka 2015-02-12 13:03:39 UTC
The problem described in comment #0 is orthogonal to this:  If the last address in the second protocol family fails, it makes the curl handle fail immediately.  We need to make it wait for already running connection attempt(s) in the first protocol family.

Comment 6 Kamil Dudka 2015-02-23 12:38:35 UTC
upstream commits:

https://github.com/bagder/curl/compare/5d87b1f22c...e08a12dab1

Comment 7 Kamil Dudka 2015-02-23 13:19:00 UTC
fixed in curl-7.40.0-3.fc23 and curl-7.40.0-2.fc22

Comment 8 Fedora Update System 2015-02-23 14:22:30 UTC
curl-7.37.0-13.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/curl-7.37.0-13.fc21

Comment 9 Fedora Update System 2015-02-25 13:28:56 UTC
Package curl-7.37.0-13.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing curl-7.37.0-13.fc21'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-2526/curl-7.37.0-13.fc21
then log in and leave karma (feedback).

Comment 10 Fedora Update System 2015-02-28 10:23:20 UTC
curl-7.37.0-13.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.