Skip to content

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
    • Help
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
bitmask_android
bitmask_android
  • Project
    • Project
    • Details
    • Activity
    • Releases
    • Cycle Analytics
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Charts
  • Issues 90
    • Issues 90
    • List
    • Board
    • Labels
    • Milestones
  • Merge Requests 2
    • Merge Requests 2
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
    • Charts
  • Registry
    • Registry
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Charts
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • leap
  • bitmask_androidbitmask_android
  • Issues
  • #8939

Closed
Open
Opened Feb 04, 2019 by cyberta@cyberta
  • Report abuse
  • New issue
Report abuse New issue

Cannot connect with riseup's ipv6 adresses

For some yet unknown reason bitmask android doesn't handle ipv6 rejection correctly. Instead of a rejection the connection attempt runs into a timeout.

Some comments about that issue.

<micah> if you look up mail.riseup.net DNS, you see there is an A record (ipv4) and an AAAA record (ipv6)
<micah> mail.riseup.net has address 198.252.153.254
<micah> mail.riseup.net has address 198.252.153.22
<micah> mail.riseup.net has IPv6 address 2620:13:4000:4000:dead:beef:0:254
<micah> mail.riseup.net has IPv6 address 2620:13:4000:4000:dead:beef:0:22
<micah> mail.riseup.net mail is handled by 10 mx1.riseup.net.
<micah> when a client wants to connect there, it will look up the records, get that back, and then decide what to do. If it has ipv6 support, it will pick one of those and then try it
<micah> if it doesn't work, it will try one of the ipv4 ones
<micah> (actually you can configure this behavior on linux, to only try v4 for example, but I dont know if android can do it)
<cyberta> --> I'll need to figure that out
<micah> so the people who are using bitmask have ipv6, they try to connect to mail.r.n, get an ipv6 address, tries to connect to that, bitmask blocks it
<micah> that is all normal ^
<micah> but... on the linux side, we block ipv6 with a special flag, that causes it to fail quick

How fail early works on Bitmask desktop client

> <micah> ␛[7$   ip6tables("--append", BITMASK_CHAIN, "-p", "tcp", "--jump", "REJECT")
> <micah>     ip6tables("--append", BITMASK_CHAIN, "-p", "udp", "--jump", "REJECT")
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
No due date
0
Labels
None
Assign labels
  • View project labels
Reference: leap/bitmask_android#8939