search

linuxserver / docker-code-server

GNU General Public License v3.0
1.54k stars 314 forks source link

listen on both ipv4 and ipv6 #179

Open aptalca opened 2 months ago

aptalca commented 2 months ago

closes #178

LinuxServer-CI commented 2 months ago
I am a bot, here are the test results for this PR: https://ci-tests.linuxserver.io/lspipepr/code-server/4.23.1-pkg-4284c89d-dev-79293112331036168cc4031bfe7c961af30d0498-pr-179/index.html https://ci-tests.linuxserver.io/lspipepr/code-server/4.23.1-pkg-4284c89d-dev-79293112331036168cc4031bfe7c961af30d0498-pr-179/shellcheck-result.xml Tag Passed
amd64-4.23.1-pkg-4284c89d-dev-79293112331036168cc4031bfe7c961af30d0498-pr-179
arm64v8-4.23.1-pkg-4284c89d-dev-79293112331036168cc4031bfe7c961af30d0498-pr-179
aptalca commented 2 months ago

No idea. It needs to be tested.

I'm surprised that even though we're telling it to listen on ipv6, it also listens on ipv4 but I couldn't find any documentation. Just github issue discussions.

thespad commented 2 months ago

Well that's just weird:

# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp6       0      0 :::8443                 :::*                    LISTEN      -   
$  docker ps | grep code
30ff101cac53   lspipepr/code-server:4.23.1-pkg-4284c89d-dev-79293112331036168cc4031bfe7c961af30d0498-pr-179   "/init"                  3 seconds ago   Up 3 seconds           0.0.0.0:8123->8443/tcp, :::8123->8443/tcp

And both

curl -4 -sL http://localhost:8123

And

curl -6 -sL http://localhost:8123

Work. They also work inside the container so it's not just the docker NAT layer doing something odd.

thespad commented 2 months ago

TIL https://www.rfc-editor.org/rfc/rfc3493#section-3.7

Applications may use AF_INET6 sockets to open TCP connections to IPv4 nodes, or send UDP packets to IPv4 nodes, by simply encoding the destination's IPv4 address as an IPv4-mapped IPv6 address, and passing that address, within a sockaddr_in6 structure, in the connect() or sendto() call. When applications use AF_INET6 sockets to accept TCP connections from IPv4 nodes, or receive UDP packets from IPv4 nodes, the system returns the peer's address to the application in the accept(), recvfrom(), or getpeername() call using a sockaddr_in6 structure encoded this way.

Also https://www.rfc-editor.org/rfc/rfc3493#section-5.3

As stated in section <3.7 Compatibility with IPv4 Nodes>, AF_INET6 sockets may be used for both IPv4 and IPv6 communications. Some applications may want to restrict their use of an AF_INET6 socket to IPv6 communications only. For these applications the IPV6_V6ONLY socket option is defined.

But that will still break with IPv4-only network stacks for obvious reasons.

miyurusankalpa commented 2 months ago

@thespad It will break on users who have disabled IPv6 on the kernel level, others will have no issues. Those who have will aware of the issues with messing with the default kernel values.

As IPv6 only servers are becoming common, having a middle ground is the better option.

It will be better to have a DISABLE IPv6 option for such users, as it done on the kasmvnc image.

https://github.com/linuxserver/docker-baseimage-kasmvnc/blob/master/root/etc/s6-overlay/s6-rc.d/init-nginx/run#L29

drizuid commented 2 months ago

Is this going to suddenly break a bunch of users who've explicitly disabled IPv6?

hopefully, maybe it'll teach them to stop doing silly things left over from 2004

LinuxServer-CI commented 1 month ago
I am a bot, here are the test results for this PR: https://ci-tests.linuxserver.io/lspipepr/code-server/4.89.1-pkg-2e2dbd2e-dev-43762e8d1a1bb73155a207732b808ca9c656e210-pr-179/index.html https://ci-tests.linuxserver.io/lspipepr/code-server/4.89.1-pkg-2e2dbd2e-dev-43762e8d1a1bb73155a207732b808ca9c656e210-pr-179/shellcheck-result.xml Tag Passed
amd64-4.89.1-pkg-2e2dbd2e-dev-43762e8d1a1bb73155a207732b808ca9c656e210-pr-179
arm64v8-4.89.1-pkg-2e2dbd2e-dev-43762e8d1a1bb73155a207732b808ca9c656e210-pr-179
LinuxServer-CI commented 2 weeks ago
I am a bot, here are the test results for this PR: https://ci-tests.linuxserver.io/lspipepr/code-server/4.90.2-pkg-ec2f2738-dev-6c3977dd4e90cacbac808c7c46de0104cdf7ea5f-pr-179/index.html https://ci-tests.linuxserver.io/lspipepr/code-server/4.90.2-pkg-ec2f2738-dev-6c3977dd4e90cacbac808c7c46de0104cdf7ea5f-pr-179/shellcheck-result.xml Tag Passed
amd64-4.90.2-pkg-ec2f2738-dev-6c3977dd4e90cacbac808c7c46de0104cdf7ea5f-pr-179
arm64v8-4.90.2-pkg-ec2f2738-dev-6c3977dd4e90cacbac808c7c46de0104cdf7ea5f-pr-179