ngx_http_proxy_connect_create_peer randomly chooses ipv6 address on ipv4-only host #147
Description
Ⅰ. Issue Description
It appears that the ngx_http_proxy_connect_create_peer randomly chooses ipv6 address on ipv4-only host.
Ⅱ. Describe what happened
Running nginx (built with ipv6 support) on an ipv4 only host, I see random failures like these:
2020/04/07 22:15:45 [crit] 12#12: *32 bind(10.10.176.1) failed (22: Invalid argument) while connecting to upstream, client: 10.10.176.4, server: , request: "CONNECT www.google.com:443 HT
TP/1.1", host: "www.google.com:443"
2020/04/07 22:20:42 [crit] 12#12: *35 bind(10.10.176.1) failed (22: Invalid argument) while connecting to upstream, client: 10.10.176.4, server: , request: "CONNECT www.google.com:443 HT
TP/1.1", host: "www.google.com:443"
It is apparently triggered by the ipv6 address seen here:
$ host www.google.com
www.google.com has address 172.217.11.164
www.google.com has IPv6 address 2607:f8b0:4007:802::2004
If I build nginx with ipv6 support disabled, then it suppresses the problem.
Ⅲ. Describe what you expected to happen
I expect the ngx_http_proxy_connect_create_peer function to choose an DNS result of the same family as the address specified by my proxy_connect_bind setting, however instead it appears to choose a random address/family with this code:
i = ngx_random() % ur->naddrs; /* i<-0 for ur->naddrs == 1 */
Ⅳ. How to reproduce it (as minimally and precisely as possible)
- Build nginx with ipv6 support enabled
- Use proxy_connect_bind to select a ipv4 address
- Use HTTPS_PROXY with
curl https://www.google.com
Ⅴ. Anything else we need to know?
Ⅵ. Environment:
- Tengine/Nginx/OpenResty version (use
sbin/nginx -v):
nginx version: nginx/1.16.1
- Which patch do you use?
proxy_connect_rewrite_101504.patch