distbin icon indicating copy to clipboard operation
distbin copied to clipboard

Published 20 hours ago verified publisher icon gobengo

IPV6

Open yalh76 opened this issue 6 years ago • 13 comments

I made some test from an IPV6 only server to https://distbin.com but as https://distbin.com doesn't have IPV6 activated and configured, I've broken some post :/// For example:

  • https://distbin.com/activities/9b78e993-cf33-49b2-8512-7c307c948dd6
  • https://distbin.com/activities/a03000f7-b4bb-4585-9af7-21ff2abc7041
  • https://distbin.com/activities/10533ce2-5c2b-4424-bbfe-b927ecf2e5a7

Sorry

yalh76 avatar Feb 07 '19 23:02 yalh76

In addition but difficult to explain: On IPV6 only server (or with a wrong IPV4 address) when going to a post: https://example.com/activities/6e1b2688-596c-44ac-8b0c-5d63787957a2, distbin is unable to display the post.

It's like he tried to display the post using IPV4 first instead of IPV6 first. But according to the official standards it should prefer IPv6..

I don't think it come from distbin directly but more from the librairies...

yalh76 avatar Feb 07 '19 23:02 yalh76

But according to the official standards it should prefer IPv6..

I don't disagree, but will you share more about what standards you're referring to?

gobengo avatar Mar 06 '19 21:03 gobengo

https://distbin.com/activities/9b78e993-cf33-49b2-8512-7c307c948dd6

Here is the .json: https://distbin.com/activities/9b78e993-cf33-49b2-8512-7c307c948dd6.json

Did you create this post? I can't see anything in the JSON that references another server that's ipv6 only or something.

Unclear why the html page rendering results in an ENETUNREACH 2a01:e34:ec2f:cf62:215:5dff:fea8:32a:443. What is it resolving to that ipv6 addr?

What I'm trying to understand is that is this a problem with distbin itself as deployed? Or only when interacting with another server (yours?) that is ipv6-only?

btw this is the stack trace from logs behind the scenes

distbin-com-distbin-5bfd89bc95-rmqlf distbin { Error: connect ENETUNREACH 2a01:e34:ec2f:cf62:215:5dff:fea8:32a:443 - Local (:::0)
distbin-com-distbin-5bfd89bc95-rmqlf distbin     at Object._errnoException (util.js:992:11)
distbin-com-distbin-5bfd89bc95-rmqlf distbin     at _exceptionWithHostPort (util.js:1014:20)
distbin-com-distbin-5bfd89bc95-rmqlf distbin     at internalConnect (net.js:960:16)
distbin-com-distbin-5bfd89bc95-rmqlf distbin     at defaultTriggerAsyncIdScope (internal/async_hooks.js:284:19)
distbin-com-distbin-5bfd89bc95-rmqlf distbin     at GetAddrInfoReqWrap.emitLookup [as callback] (net.js:1106:9)
distbin-com-distbin-5bfd89bc95-rmqlf distbin     at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:97:10)
distbin-com-distbin-5bfd89bc95-rmqlf distbin   code: 'ENETUNREACH',
distbin-com-distbin-5bfd89bc95-rmqlf distbin   errno: 'ENETUNREACH',
distbin-com-distbin-5bfd89bc95-rmqlf distbin   syscall: 'connect',
distbin-com-distbin-5bfd89bc95-rmqlf distbin   address: '2a01:e34:ec2f:cf62:215:5dff:fea8:32a',
distbin-com-distbin-5bfd89bc95-rmqlf distbin   port: 443 }

gobengo avatar Mar 06 '19 21:03 gobengo

Btw traffic into https://distbin.com goes through: AWS ELB -> one of several kubernetes workers running nginx ingresses where hostnames are matched for distbin.com -> distbin containers themselves.

It's looking like this error may not be due to my particular deployment, but the application code, just sharing so others can help diagnose.

gobengo avatar Mar 06 '19 21:03 gobengo

@yalh76 I'm not sure how to reproduce this. Can you create a reduced test case, either as a script that I can run to produce more bad posts locally, or as step-by-step instructions?

gobengo avatar Mar 07 '19 19:03 gobengo

Did you create this post? I can't see anything in the JSON that references another server that's ipv6 only or something.

Unclear why the html page rendering results in an ENETUNREACH 2a01:e34:ec2f:cf62:215:5dff:fea8:32a:443. What is it resolving to that ipv6 addr?

Aha. I can see at https://distbin.com/activities/9b78e993-cf33-49b2-8512-7c307c948dd6/replies that you submitted a reply with id https://test.yh.yalh.net/activities/a4c3da7a-219b-44c7-a297-d6f14ef28d67. And that domain name resolves to the above ipv6 address. That clears that up.

Now, when I fetch that URL from my laptop, I get a ECONNREFUSED, since the server is down. For ancestors of any given activity being rendered by distbin-html/an-activity, I catch ECONNREFUSED and render a placeholder. But I don't watch for ENETUNREACH. https://github.com/gobengo/distbin/blob/master/src/distbin-html/an-activity.ts#L513

  • [ ] - Catch ENETUNREACH in fetchReplyAncestors to prevent big ugly error. I should be able to post a reply to https://test.yh.yalh.net/activities/a4c3da7a-219b-44c7-a297-d6f14ef28d67 (while it is not listening at the address indicated by its dns), and render the HTML page without getting an http 500. Instead, the reply body should still show, but the unfetchable parent should render as a placeholder with "failed to fetch" messaging.

Notably, when rendering descendants (replies), I do no such error catching if nod's http fetch fails.

  • [ ] - Catch all the same Errors in fetchDescendants as I do for fetchReplyAncestors. Activities that have a reply like https://test.yh.yalh.net/activities/a4c3da7a-219b-44c7-a297-d6f14ef28d67 should still be renderable by an-activity, but the reply should either not show or show as a placeholder with "failed to fetch" messaging.

Finally, I actually do want my deployment to support fetching federated URLs that resolve to ipv6 addrs.

  • [ ] - distbin.com's hosting environment should allow it to make outbound ipv6 tcp requests, and when distbin fetches them, they should not result in ENETUNREACH
    • I can probably figure this out, but won't be in a place to configure my AWS VPC and subnet rules for a few days so can't do right away.

gobengo avatar Mar 07 '19 20:03 gobengo

Reproduction steps:

  • Go to https://distbin.com
  • Type a quick comment. Make sure it is in reply to "https://test.yh.yalh.net/activities/a4c3da7a-219b-44c7-a297-d6f14ef28d67"
  • Click the 'post' button

Actual Behavior:

  • I am at https://distbin.com/
  • The response body is Error: Error: connect ENETUNREACH 2a01:e34:ec2f:cf62:215:5dff:fea8:32a:443
  • HTTP response has status 500

Expected Behavior:

  • I am at https://distbin.com/activities/{uuid-of-new-activity}
  • The response body is a bunch of HTML that shows my new comment's body, plus an indication that it is a reply
  • HTTP response is 200

gobengo avatar Mar 07 '19 20:03 gobengo

Did you create this post?

Yes I created it, as far as I remember...

ENETUNREACH 2a01:e34:ec2f:cf62:215:5dff:fea8:32a:443. What is it resolving to that ipv6 addr?

It was the IPV6 address of the server I made some test from.

@yalh76 I'm not sure how to reproduce this. Can you create a reduced test case, either as a script that I can run to produce more bad posts locally, or as step-by-step instructions?

I'll let you now when I reinstalled a new server and made some tests... (I will keep the server up longer) Not sure I'm able to write some code... I'm a windows system administrator... far from bash, javascript, etc...

yalh76 avatar Mar 07 '19 22:03 yalh76

@yalh76 Got it. It's not so important for you to bring the server back online. I believe the current error will happen even then, as my deployment of distbin still won't be able to reach any ipv6 addresses (ENUTUNREACHABLE).

But if you do bring it back up, and the error changes, that would invalidate my hypothesis and be useful.

gobengo avatar Mar 12 '19 15:03 gobengo

@gobengo I've two VMs up and running: First one IPV4 (78.194.252.246) and IPV6 (2a01:e34:ec2f:cf62:d8fd:cbff:fea0:d261) available from internet:

  • https://distbin.yalh.net/

Second one with only IPV6 (2a01:e34:ec2f:cf62:215:5dff:fea8:32a) available from internet

  • https://test.yh.yalh.net
  • https://test2.yh.yalh.net/distbin/

I made a test:

  1. write a post content #Test A1: https://distbin.com/activities/0fbb5888-4cf9-4c9e-a613-e652a1192cc1
  2. make a local response: using https://distbin.com/?inReplyTo=https://distbin.com/activities/0fbb5888-4cf9-4c9e-a613-e652a1192cc1
  3. make a response from host with IPV4 and IPV6 available from internet using https://distbin.yalh.net/?inReplyTo=https://distbin.com/activities/0fbb5888-4cf9-4c9e-a613-e652a1192cc1
  4. make a response from IPV6 only host using https://test.yh.yalh.net/?inReplyTo=https://distbin.com/activities/0fbb5888-4cf9-4c9e-a613-e652a1192cc1
  5. make a response from from IPV6 only host using https://test2.yh.yalh.net/distbin/?inReplyTo=https://distbin.com/activities/0fbb5888-4cf9-4c9e-a613-e652a1192cc1

As soon as I made a response from an IPV6 only, the original post on https://distbin.com/activities/0fbb5888-4cf9-4c9e-a613-e652a1192cc1 content goes to : Error: Error: connect ENETUNREACH 2a01:e34:ec2f:cf62:215:5dff:fea8:32a:443 - Local (:::0)

yalh76 avatar Mar 14 '19 19:03 yalh76

@yalh76 This is perfect, thanks.

You have no idea how happy seeing this federate makes me: https://distbin.yalh.net/activities/27c20a2e-9a79-47b5-80ea-19d81e7645d9

Been waiting for 3 years!

gobengo avatar Mar 14 '19 21:03 gobengo

Lol, I didn't knew that you was waiting for that for so long ^^

As distbin is packaged for Yunohost, it's like one click to install it on Debian Jessie, Stretch, Testing and Raspberry Pi . I hope we will see others ^^ (It would be good to add distbin on https://the-federation.info/ and https://fediverse.network/)

Next step for me, be able to install it in a sub path and Syntax Highlighting, but a few other projects to close first for Yunohost

PS: If you need some access to the VMs, to checks logs, etc... don't hesitate

yalh76 avatar Mar 14 '19 21:03 yalh76

Made another test from IPV6:

  1. A first post : https://distbin.com/activities/1edb06bb-9ddd-4ba7-a1ad-703739a7d0fd
  2. A reply from an IPV6 only distbin instance https://test.yh.yalh.net/activities/d5dbab94-5e08-48ce-b45c-d56a74ed69c2

After replying, original post shows: Error: Error: connect ENETUNREACH 2a01:e34:ec2f:cf62:215:5dff:fea8:32a:443 - Local (:::0)

IPV6 server IP address is: 2a01:e34:ec2f:cf62:215:5dff:fea8:32a

yalh76 avatar Mar 20 '19 23:03 yalh76