mojo IPv6 issues with trusted proxies

There's been a lot of fail reports from CPANTesters recently such as this one. At the very least these IPv6 tests should be hidden behind a TEST_IPV6 environment variable.

    #   Failed test 'right "Content-Length" value'
    #   at t/mojo/cgi.t line 202.
    #          got: '15'
    #     expected: '17'
    #   Failed test 'right content'
    #   at t/mojo/cgi.t line 204.
    #          got: '127.0.0.1:https'
    #     expected: '10.10.10.10:https'
    # Looks like you failed 2 tests of 6.

#   Failed test 'Trusted proxies'
#   at t/mojo/cgi.t line 205.
# Looks like you failed 1 test of 9.
t/mojo/cgi.t ............................... 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/9 subtests 
t/mojo/reactor_poll.t ...................... ok
t/mojo/request.t ........................... ok
t/mojo/request_cgi.t ....................... ok
t/mojo/response.t .......................... ok
t/mojo/roles.t ............................. skipped: Role::Tiny 2.000001+ required for this test!
t/mojo/signatures.t ........................ skipped: Perl 5.20+ required for this test!
t/mojo/subprocess.t ........................ skipped: set TEST_SUBPROCESS to enable this test (developer only!)
t/mojo/subprocess_ev.t ..................... skipped: set TEST_SUBPROCESS to enable this test (developer only!)
t/mojo/template.t .......................... ok
t/mojo/tls.t ............................... skipped: set TEST_TLS to enable this test (developer only!)
t/mojo/transactor.t ........................ ok
t/mojo/url.t ............................... ok
t/mojo/user_agent.t ........................ ok
t/mojo/user_agent_online.t ................. skipped: set TEST_ONLINE to enable this test (developer only!)
t/mojo/user_agent_socks.t .................. skipped: set TEST_SOCKS to enable this test (developer only!)
t/mojo/user_agent_tls.t .................... skipped: set TEST_TLS to enable this test (developer only!)
t/mojo/user_agent_unix.t ................... skipped: set TEST_UNIX to enable this test (developer only!)
    
    #   Failed test 'oversize v6 mask'
    #   at t/mojo/util.t line 493.
    
    #   Failed test 'v6 network contains addresss'
    #   at t/mojo/util.t line 516.
    
    #   Failed test 'v6 network contains addresss'
    #   at t/mojo/util.t line 517.
    
    #   Failed test 'v6 network contains addresss'
    #   at t/mojo/util.t line 518.
    
    #   Failed test 'v6 network contains addresss'
    #   at t/mojo/util.t line 519.
    
    #   Failed test 'v6 network contains addresss'
    #   at t/mojo/util.t line 520.
    
    #   Failed test 'v6 network contains addresss'
    #   at t/mojo/util.t line 521.
    
    #   Failed test 'v6 network contains addresss'
    #   at t/mojo/util.t line 522.
    
    #   Failed test 'v6 network contains addresss'
    #   at t/mojo/util.t line 523.
    
    #   Failed test 'v6 network contains addresss'
    #   at t/mojo/util.t line 524.
    
    #   Failed test 'v6 network contains addresss'
    #   at t/mojo/util.t line 525.
    
    #   Failed test 'v6 network contains addresss'
    #   at t/mojo/util.t line 526.
    
    #   Failed test 'v6 network contains addresss'
    #   at t/mojo/util.t line 527.
    
    #   Failed test 'v6 network contains addresss'
    #   at t/mojo/util.t line 528.
    
    #   Failed test 'v6 network contains addresss'
    #   at t/mojo/util.t line 529.
    
    #   Failed test 'v6 network contains addresss'
    #   at t/mojo/util.t line 530.
    
    #   Failed test 'v6 network contains addresss'
    #   at t/mojo/util.t line 531.
    
    #   Failed test 'v6 network contains addresss'
    #   at t/mojo/util.t line 532.
    # Looks like you failed 18 tests of 62.

#   Failed test 'network_contains'
#   at t/mojo/util.t line 552.
# Looks like you failed 1 test of 61.
t/mojo/util.t .............................. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/61 subtests

Mar 21 '21 13:03 kraih

Yes we could gate the v6 tests in util.t, though those are not USING v6 just the underlying Socket functions that do the math, they shouldn't need to be gated unless they aren't implemented in Socket, which I would doubt.

The problem is the first test failing (the content length test is just a knock on failure, ignore it). It says that for whatever reason it isn't seeing 127.0.0.1 as being in 127.0.0.0/8. That's unrelated to v6 and also completely weird. https://github.com/mojolicious/mojo/blob/529af01cdb4d5ee55b3194f1012a00c78d3fb409/t/mojo/cgi.t#L182-L205

Mar 29 '21 22:03 jberger

Looking into this more, not all the current windows failures fail the ipv6 tests, though all fail the cgi one.

Mar 31 '21 20:03 jberger

Hello!

Under windows7 x64:

# Generated by CPAN::Reporter 1.2018 test FAIL Mojolicious-9.15 (perl-5.32.1) MSWin32-x64-multi-thread 10.0.19042.746 test FAIL Mojolicious-9.16 (perl-5.32.1) MSWin32-x64-multi-thread 10.0.19042.746

Only one error occurs during installation. You can reproduce this error with the

C:\www\perl\cpan\build\Mojolicious-9.16-3>perl -Iblib\lib -Iblib\arch t\mojo\cgi.t ... ok 8 - Reverse proxy # Subtest: Trusted proxies ok 1 - right status ok 2 - right status ok 3 - right "Status" value not ok 4 - right "Content-Length" value # Failed test 'right "Content-Length" value' # at t\mojo\cgi.t line 231. # got: '15' # expected: '17' ok 5 - right "Content-Type" value not ok 6 - right content # Failed test 'right content' # at t\mojo\cgi.t line 233. # got: '127.0.0.1:https' # expected: '10.10.10.10:https' 1..6 # Looks like you failed 2 tests of 6. not ok 9 - Trusted proxies # Failed test 'Trusted proxies' # at t\mojo\cgi.t line 234. ... # Looks like you failed 1 test of 10.

Apr 12 '21 07:04 tastoronareki

Why are the IPv6 tests not hidden behind TEST_IPV6 yet?

Apr 12 '21 10:04 kraih

Hi @tastoronareki . I'm curious, what version of windows/perl/mojolicious and what version of Socket do you have? Assuming you have a relatively new version of mojo what happens if you upgrade Socket?

Apr 12 '21 11:04 jberger

These were Win7x64ProSP1 strawberry-perl-5.30.0.1-64bit.msi strawberry-perl-5.32.1.1-64bit.msi Mojolicious-9.15 Mojolicious-9.16

under Win10 with disabled IP6 Perl (v5.32.1, MSWin32) Mojolicious (9.14, Waffle) was installed whith no problem

If You mean IO::Socket:: versions IO::Socket::Socks 0.64+ (0.74) IO::Socket::SSL 2.009+ (2.069) and 2.066

Apr 12 '21 14:04 tastoronareki

Hello! On win7sp1x64 and win2k8r2 there is an error at t/mojo/cgi.t it occurs with strawberry-perl-5.32.1.1-32bit.msi strawberry-perl-5.32.1.1-64bit.msi

Socket::inet_pton function failed. It returns undef with any parameters in context of

  sub network_contains { #C:\www\perl\cpan\build\Mojolicious-9.17-0\blib\lib\Mojo\Util.pm
    sub remote_address { #C:\www\perl\cpan\build\Mojolicious-9.17-0\blib\lib\Mojo\Transaction.pm
      get '/proxy' => sub { #C:\www\perl\cpan\build\Mojolicious-9.17-0\t\mojo\cgi.t

However, everything will be fine if you add call of inet_pton at the beginning of cgi.t

as an option, diag(Socket::inet_pton(Socket::AF_INET, '127.0.0.1') ? "\tinet_pton defined" : "\tinet_pton returns undef"); can be inserted after all use comands.

t/mojo/cache.t ............................. ok
t/mojo/cgi.t ............................... #  inet_pton defined
t/mojo/cgi.t ............................... ok
t/mojo/collection.t ........................ ok
...
All tests successful.
Files=103, Tests=4800, 122 wallclock secs ( 1.69 usr +  0.36 sys =  2.04 CPU)
Result: PASS
Lockfile removed.
  SRI/Mojolicious-9.17.tar.gz
  C:\www\perl\c\bin\gmake.exe test -- OK

Apr 30 '21 17:04 tastoronareki

For your information about testing t/mojo/cgi.t.

[Environment] Windows 7 SP1 32 bit Strawberry Perl 5.32.1 32 bit

using Socket 2.032: FAIL.txt

using Socket 2.032 with a patch of rt#84600 (socket.patch): PASS.txt

May 01 '22 09:05 twata1