push apps failing in Android until you disable IPv6

Lorenzo Colitti lorenzo at google.com
Sat May 14 02:29:23 CEST 2016


On Sat, May 14, 2016 at 5:50 AM, Tore Anderson <tore at fud.no> wrote:

> > You're forgetting that the device might have an an IPv6 address on the
> > cellular interface, and an OS that uses the weak host model like Linux is
> > perfectly happy to use the cellular interface's IPv6 address to send
> > packets on the wifi interface.
>
> Hmm...so Android doesn't simulate a strong host model using
> per-interface network namespaces or private routing tables with
> associated policy rules?
>

It uses per-interface routing tables, but that by itself is not sufficient
to fix this particular problem. The Linux kernel implements RFC6724 with
the weak host model and rule 2 is higher priority than rule 5. In order to
fix this problem you need to restrict the RFC6724 candidate set to
addresses that are only on the interface. We only fixed that in this commit
<https://git.kernel.org/cgit/linux/kernel/git/davem/net-next.git/commit/?id=3985e8a3611a93bb36789f65db862e5700aab65e>
which
I think only went into 6.0. The strong model is RECOMMENDED by RFC 6724,
but not required:

   It is RECOMMENDED that the candidate source addresses be the set of
   unicast addresses assigned to the interface that will be used to send


> If not, how do you avoid running into BCP38 issues when both the
> cellular and wifi interfaces are connected and both have active global
> IPv6 addresses? (That is, the cellular address being used as the source
> in packets sent to the wifi default router or vice versa?)
>

When both those interfaces correctly have either no IPv6 configuration or
complete IPv6 configuration, that problem is easier to solve because RFC
6724 will do the right thing. This was already working in 5.0. (Prior to
5.0 Android did not support two interfaces with default routes being up at
the same time.)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cluenet.de/pipermail/ipv6-ops/attachments/20160514/48a80cbe/attachment.htm>


More information about the ipv6-ops mailing list