From debbugs-submit-bounces@debbugs.gnu.org Mon May 09 06:45:44 2022
Received: (at submit) by debbugs.gnu.org; 9 May 2022 10:45:44 +0000
Received: from localhost ([127.0.0.1]:56328 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1no0tc-0005qv-2v
	for submit@debbugs.gnu.org; Mon, 09 May 2022 06:45:44 -0400
Received: from lists.gnu.org ([209.51.188.17]:48478)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mail@cbaines.net>) id 1no0ta-0005pc-R7
 for submit@debbugs.gnu.org; Mon, 09 May 2022 06:45:43 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:58300)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mail@cbaines.net>) id 1no0tY-000330-3W
 for bug-guix@gnu.org; Mon, 09 May 2022 06:45:40 -0400
Received: from mira.cbaines.net
 ([2a01:7e00:e000:2f8:fd4d:b5c7:13fb:3d27]:52997)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <mail@cbaines.net>) id 1no0tW-0005G3-8j
 for bug-guix@gnu.org; Mon, 09 May 2022 06:45:39 -0400
Received: from localhost (unknown [IPv6:2a02:8010:68c1:0:54d1:d5d4:280e:f699])
 by mira.cbaines.net (Postfix) with ESMTPSA id 6E73E27BBE9
 for <bug-guix@gnu.org>; Mon,  9 May 2022 11:45:34 +0100 (BST)
Received: from felis (localhost [127.0.0.1])
 by localhost (OpenSMTPD) with ESMTP id fa72f84e
 for <bug-guix@gnu.org>; Mon, 9 May 2022 10:45:30 +0000 (UTC)
User-agent: mu4e 1.6.10; emacs 27.2
From: Christopher Baines <mail@cbaines.net>
To: bug-guix@gnu.org
Subject: openssh-service no longer listens on IPv6
Date: Mon, 09 May 2022 11:39:47 +0100
Message-ID: <87r153q913.fsf@cbaines.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
Received-SPF: pass client-ip=2a01:7e00:e000:2f8:fd4d:b5c7:13fb:3d27;
 envelope-from=mail@cbaines.net; helo=mira.cbaines.net
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.4 (--)

--=-=-=
Content-Type: text/plain

This looks to be a recent regression, probably connected with the
shepherd now doing the listening, rather than sshd itself.

Previously, you could use both IPv4 and IPv6.

  netstat -tlnp | grep sshd
  tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      26683/sshd: /gnu/st
  tcp6       0      0 :::22                   :::*                    LISTEN      26683/sshd: /gnu/st

Now though, it looks like with shepherd doing the listening, you can
only use IPv4.

  netstat -tlnp | grep 22
  tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1/guile


On an affected machine, you can reproduce this by trying to SSH over v6.

  cbaines@lakeside ~$ ssh 127.0.0.1
  The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
  ED25519 key fingerprint is SHA256:1wV7w84awrGv5ilP5e8k5ygIvSkXSJ6LIy3MnqZG2Jw.
  This key is not known by any other names
  Are you sure you want to continue connecting (yes/no/[fingerprint])? ^C

  cbaines@lakeside ~$ ssh ::1
  ssh: connect to host ::1 port 22: Connection refused


This isn't an issue if you're not using IPv6, but if you have a machine
only accessible via IPv6, then you can't ssh in. The main workaround
I've found is getting access via other means, then starting sshd
listening on a different port (as the shepherd is using 22).

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmJ48MhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh
aW5lcy5uZXQACgkQXiijOwuE9Xej5BAAuTPOUHID47ahLzs49HfFGQzGKPWFZoOj
RbneFfm27U3/NXsHY19To/yj/OtVK9L5hWtWiLF93nHYWUQDHvS/XXEGWHOCD0jM
ToVBfvGRu+KFuGsB3au9vZHGoiZprQWOhKw1r8rfQ3Cs2rKy/QCfTAcAa7Ie7vtB
G/sQyFhbH8i6+pJaGifkdvMaX01vdlIyFfhIXuKvmcOexHvneN0jXEnbQR8sWzD9
hhKPMAw3NJGrrB/eJgkKE9rcoeXRo3SAESBDdj6ZTyePaJRxXf/enpkCMUy8+nJr
a/KWl7h8EOJnGSzI55Fltk2K+MKqHURSp2JTuin6CinNLIAzRcROlrDFh5aCMLFh
lE57sGvuccxVCWBOxVEwiZg2dWWuSXxWI8FiKzYXDWDrEwy4vphA4Ed7fo9nzPP8
e49iEPQveoQ4vOfXVQSHwDnuTt0yFMQH929OAr0nzJS4AaLkjos2KZfawsdPCO67
Ngwpf03gCPeDaoXU7Pf8qO9DudvR+0GM2WOvrp4hwTobyVGTnl8kfFPHg0lrLWSU
lhSplkvGmXaAiCLQKqB2DFCV5X7C/9Dt2/pcLWtmbg1u2l5J16slAx2TJaoPga5t
K5zTMJy0TpHslkuW2yLxNb/y/l7jWgq8ZuXlCuTnusshbVjASoNrDz0TzLRfPRvw
SNcfJV0Sofg=
=55Mq
-----END PGP SIGNATURE-----
--=-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Thu May 12 08:37:40 2022
Received: (at control) by debbugs.gnu.org; 12 May 2022 12:37:40 +0000
Received: from localhost ([127.0.0.1]:39958 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1np84a-0004og-3p
	for submit@debbugs.gnu.org; Thu, 12 May 2022 08:37:40 -0400
Received: from eggs.gnu.org ([209.51.188.92]:56042)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1np84Y-0004oP-Du
 for control@debbugs.gnu.org; Thu, 12 May 2022 08:37:38 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:35238)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>) id 1np84S-00063R-Ve
 for control@debbugs.gnu.org; Thu, 12 May 2022 08:37:33 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-version:Subject:From:To:Date:in-reply-to:
 references; bh=9JYgcxvxldp0OYxmE7VdWPgb4BoQmSchovfIl5qXWpQ=; b=DoZ98qJvzchVjg
 bdqfinoz1E0a3qGxqkmQ0XfBsgmBlR2HpmG7FLTT11WpVXNgsgUuKbzLUYnWmmEaEv7PrSfSh6uxf
 8CX/BVCcODrZqgpxxDSagsip/yriXx5yCIPzzwAsbOZuI+g/7jFQomWCia1O/LebJWgLrfa/OU12/
 /IpA1hc8VhjW339n7GzTvAQgu+OXO03w6yCL/2TiF0hG8ol8e5TRiOk5mnx3R1+uYdWO07BNxpzpd
 EFB16f9mtbe9KPlYnvom7p8K/MBMMJ2PlqheMh2/kpWOyr6/tZ77uBu1mcs97cl0Te1K6FjPNAwUa
 jldDal60aCSjMpmfYE/A==;
Received: from [193.50.110.244] (port=52706 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>) id 1np84S-0000S0-HX
 for control@debbugs.gnu.org; Thu, 12 May 2022 08:37:32 -0400
Date: Thu, 12 May 2022 14:37:30 +0200
Message-Id: <87a6bnj59x.fsf@gnu.org>
To: control@debbugs.gnu.org
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
Subject: control message for bug #55335
MIME-version: 1.0
Content-type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

severity 55335 important
quit





From debbugs-submit-bounces@debbugs.gnu.org Fri May 13 10:18:23 2022
Received: (at 55335) by debbugs.gnu.org; 13 May 2022 14:18:23 +0000
Received: from localhost ([127.0.0.1]:44449 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1npW7L-0006gX-UW
	for submit@debbugs.gnu.org; Fri, 13 May 2022 10:18:22 -0400
Received: from mira.cbaines.net ([212.71.252.8]:41294)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mail@cbaines.net>) id 1npW7K-0006gQ-VY
 for 55335@debbugs.gnu.org; Fri, 13 May 2022 10:18:07 -0400
Received: from localhost (unknown [IPv6:2a02:8010:68c1:0:54d1:d5d4:280e:f699])
 by mira.cbaines.net (Postfix) with ESMTPSA id D905D27BBE9
 for <55335@debbugs.gnu.org>; Fri, 13 May 2022 15:18:05 +0100 (BST)
Received: from felis (localhost [127.0.0.1])
 by localhost (OpenSMTPD) with ESMTP id a95c4463
 for <55335@debbugs.gnu.org>; Fri, 13 May 2022 14:18:03 +0000 (UTC)
References: <87r153q913.fsf@cbaines.net>
User-agent: mu4e 1.6.10; emacs 27.2
From: Christopher Baines <mail@cbaines.net>
To: 55335@debbugs.gnu.org
Subject: Re: bug#55335: openssh-service no longer listens on IPv6
Date: Fri, 13 May 2022 13:21:47 +0100
In-reply-to: <87r153q913.fsf@cbaines.net>
Message-ID: <87ilq9qzxg.fsf@cbaines.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 55335
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

--=-=-=
Content-Type: text/plain


Christopher Baines <mail@cbaines.net> writes:

> This looks to be a recent regression, probably connected with the
> shepherd now doing the listening, rather than sshd itself.
>
> Previously, you could use both IPv4 and IPv6.
>
>   netstat -tlnp | grep sshd
>   tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      26683/sshd: /gnu/st
>   tcp6       0      0 :::22                   :::*                    LISTEN      26683/sshd: /gnu/st
>
> Now though, it looks like with shepherd doing the listening, you can
> only use IPv4.
>
>   netstat -tlnp | grep 22
>   tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1/guile
>
>
> On an affected machine, you can reproduce this by trying to SSH over v6.
>
>   cbaines@lakeside ~$ ssh 127.0.0.1
>   The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
>   ED25519 key fingerprint is SHA256:1wV7w84awrGv5ilP5e8k5ygIvSkXSJ6LIy3MnqZG2Jw.
>   This key is not known by any other names
>   Are you sure you want to continue connecting (yes/no/[fingerprint])? ^C
>
>   cbaines@lakeside ~$ ssh ::1
>   ssh: connect to host ::1 port 22: Connection refused
>
>
> This isn't an issue if you're not using IPv6, but if you have a machine
> only accessible via IPv6, then you can't ssh in. The main workaround
> I've found is getting access via other means, then starting sshd
> listening on a different port (as the shepherd is using 22).

I've had another look at how this might be fixed.

One workaround that seems to work is having the service just listen on
an IPv6 socket as I believe Linux translates IPv4 connections to
IPv6. The openssh system test seems to pass, and I believe this would
fix not being able to connect over IPv6, although it seems likely that
this would break things relying on IPv4 usage, like configuration based
on specific IP addresses.

I think the more rigerous approach would be to have shepherd listen on
two sockets, one for IPv4 and another for IPv6. That's currently
difficult though because of the above behaviour, the IPv6 socket blocks
opening the IPv4 one. I've got a patch [1] to Guile that adds the
constants needed for the setsockopt call and once that's possible, I
believe the setsockopt call would need to happen in
make-inetd-constructor.

1: https://lists.gnu.org/archive/html/guile-devel/2022-05/msg00007.html

Without reverting to the previous behaviour, maybe the best way forward
is to at least allow having the service listen via IPv6. That would mean
those affected by the loss of IPv6 support could enable it, and would
hopefully avoid breaking anyones configuration where they're relying on
native IPv4 connections. I'll send a patch for this shortly.

Chris

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmJ+aJtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh
aW5lcy5uZXQACgkQXiijOwuE9XeZZg/+P1lC9/Uv7yOFmkjyydmCWbRp5oCbG1pE
HM08CzQWuzflKvmNYHj/yUoCMdEksW1HCbhax7P/63putmmtlE1mWShbH6+uyY5R
cX4JJOmVcGfj3zmOXTkqezUBJOvCBt90vrrrvgA4380CP0oNQBwpaKDXBzDYMGCX
DVGXmrUE+XEeDr4RQXOG4Jut/uOM6Aq786ebw7yQlxIfTQLYrJfV9TpnX/LX9zdL
eoImRPsIxVD+b5PPBGfa2X5yuhViiCHn9DpUQ2chojkGVgUw9WmCrn/EyPR/WhDQ
0j+KrCOowcrP6m7L4Wh56/9OH+5FKGXz+jJa6wrMXAXHR9YqlT4D1fj20TuIAJ/X
C7hkJDrCP3jabNYvHQPaY+uuY/BVQnqhEUDA/wVSbGU+FMKl5rKibRfdXFbOxZ7/
tCafzI+u51K1GeWaZuyporme08E7srCWMfRMCAqOj9ZkUdB/eUV6zf2az6wrqovK
CxUWYEANYC2kpBKwoIbtfXKxniJoto6U3SISyNBVuvbfCTkkseRprn9TBPxOFBiQ
2FsI4byadec/yPhxGLmaILhyBWmf8B4S9nT96DxanOwtT7r45DshdlxtKOt3XWHx
Q5cMn/Vdf/EIk64MHAmwIbKhqdlBjBMSz4TwEveBK8JS+YWlUkJi2CbKgo012wXw
9QkM2tQrOos=
=PRe5
-----END PGP SIGNATURE-----
--=-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Fri May 13 10:23:16 2022
Received: (at 55335) by debbugs.gnu.org; 13 May 2022 14:23:16 +0000
Received: from localhost ([127.0.0.1]:44486 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1npWCJ-0006t0-Os
	for submit@debbugs.gnu.org; Fri, 13 May 2022 10:23:16 -0400
Received: from mira.cbaines.net ([212.71.252.8]:41296)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mail@cbaines.net>) id 1npWCH-0006sn-Cd
 for 55335@debbugs.gnu.org; Fri, 13 May 2022 10:23:13 -0400
Received: from localhost (unknown [IPv6:2a02:8010:68c1:0:54d1:d5d4:280e:f699])
 by mira.cbaines.net (Postfix) with ESMTPSA id 97A4927BBE9
 for <55335@debbugs.gnu.org>; Fri, 13 May 2022 15:23:12 +0100 (BST)
Received: from localhost (localhost [local])
 by localhost (OpenSMTPD) with ESMTPA id 4e558ddc
 for <55335@debbugs.gnu.org>; Fri, 13 May 2022 14:23:12 +0000 (UTC)
From: Christopher Baines <mail@cbaines.net>
To: 55335@debbugs.gnu.org
Subject: [PATCH] services: Allow shepherd to listen for IPv6 connections to
 openssh.
Date: Fri, 13 May 2022 15:23:12 +0100
Message-Id: <20220513142312.21382-1-mail@cbaines.net>
X-Mailer: git-send-email 2.36.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 55335
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Prior to the switch to the openssh service using inetd, you could connect over
IPv4 or IPv6. With inetd, you can only connect over IPv4, meaning for machines
with just IPv6 connectivity, you can't connect.

Switching to listing via IPv6 should support IPv4 connections, as Linux is
capable of translating IPv4 connections to IPv6. I think there's a risk that
switching to this approach will affect some uses of the openssh
service. Therefore, this commit makes this a configuration option, which is #f
by default.

In the future, once it's easy to do so via Guile and the shepherd, it would be
good if two sockets were used, one for IPv4 and one for IPv6. That's not easy
at the moment, as the IPv6 socket conflicts with the IPv4 one, due to the
translation behaviour described above.

* gnu/services/ssh.scm (openssh-listen-via-ipv6?): New procedure.
(openssh-shepherd-service): Factor in listen-via-ipv6? when constructing the
socket address.
* doc/guix.texi (Networking Services): Document the new listen-via-ipv6?
field.
---
 doc/guix.texi        |  9 +++++++++
 gnu/services/ssh.scm | 13 +++++++++++--
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index c168a66072..b168cb379e 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -19119,6 +19119,15 @@ Match Address 192.168.0.1
   PermitRootLogin yes"))
 @end lisp
 
+@item @code{listen-via-ipv6?} (default: @code{#f})
+When listening via a inetd-style Shepherd service, connections will only
+be accepted via IPv4.
+
+To have the shepherd listen instead via IPv6, set this option to
+#t. Depending on how network connections are handled, this will either
+enable connecting via IPv6 and translated IPv4, or just enable IPv6
+connections only.
+
 @end table
 @end deftp
 
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 7fbbe383e5..427f0e4739 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -363,7 +363,13 @@ (define-record-type* <openssh-configuration>
   ;; proposed in <https://bugs.gnu.org/27155>.  Keep it internal/undocumented
   ;; for now.
   (%auto-start?          openssh-auto-start?
-                         (default #t)))
+                         (default #t))
+
+  ;; Boolean
+  ;; XXX: The service should really listen via IPv4 and IPv6 by default, but
+  ;; this is a little tricky. See https://issues.guix.gnu.org/55335
+  (listen-via-ipv6?      openssh-listen-via-ipv6?
+                         (default #f)))
 
 (define %openssh-accounts
   (list (user-group (name "sshd") (system? #t))
@@ -535,7 +541,10 @@ (define openssh-command
          (start #~(if (defined? 'make-inetd-constructor)
                       (make-inetd-constructor
                        (append #$openssh-command '("-i"))
-                       (make-socket-address AF_INET INADDR_ANY
+                       (make-socket-address #$(if (openssh-listen-via-ipv6? config)
+                                                  #~AF_INET6
+                                                  #~AF_INET)
+                                            INADDR_ANY
                                             #$port-number)
                        #:max-connections #$max-connections)
                       (make-forkexec-constructor #$openssh-command
-- 
2.34.0





From debbugs-submit-bounces@debbugs.gnu.org Fri May 13 11:23:26 2022
Received: (at 55335) by debbugs.gnu.org; 13 May 2022 15:23:26 +0000
Received: from localhost ([127.0.0.1]:44618 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1npX8X-0002gQ-Oi
	for submit@debbugs.gnu.org; Fri, 13 May 2022 11:23:25 -0400
Received: from minsky.hcoop.net ([104.248.1.95]:60326)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <jackhill@jackhill.us>) id 1npX8W-0002gC-QS
 for 55335@debbugs.gnu.org; Fri, 13 May 2022 11:23:25 -0400
Received: from marsh.hcoop.net ([45.55.52.66])
 by minsky.hcoop.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.92) (envelope-from <jackhill@jackhill.us>)
 id 1npX8R-0007C4-BO; Fri, 13 May 2022 11:23:19 -0400
Date: Fri, 13 May 2022 11:23:18 -0400 (EDT)
From: Jack Hill <jackhill@jackhill.us>
X-X-Sender: jackhill@marsh.hcoop.net
To: Christopher Baines <mail@cbaines.net>
Subject: Re: bug#55335: [PATCH] services: Allow shepherd to listen for IPv6
 connections to openssh.
In-Reply-To: <20220513142312.21382-1-mail@cbaines.net>
Message-ID: <alpine.DEB.2.21.2205131110120.11587@marsh.hcoop.net>
References: <87r153q913.fsf@cbaines.net>
 <20220513142312.21382-1-mail@cbaines.net>
User-Agent: Alpine 2.21 (DEB 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset=US-ASCII
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 55335
Cc: 55335@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Thanks for looking into this! Does this fix work for you (I assume so)? I 
tried a simpler patch to use a v6 socket:


--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -535,7 +535,7 @@ (define openssh-command
           (start #~(if (defined? 'make-inetd-constructor)
                        (make-inetd-constructor
                         (append #$openssh-command '("-i"))
-                       (make-socket-address AF_INET INADDR_ANY
+                       (make-socket-address AF_INET6 INADDR_ANY
                                              #$port-number)
                         #:max-connections #$max-connections)
                        (make-forkexec-constructor #$openssh-command

and that does indeed produce a v6 socket that also accepts v4 connection. 
The output of `ss -tulpen`:

tcp       LISTEN     0          10 
*:22                       *:*         users:(("shepherd",pid=1,fd=29)) ino:1522146 sk:2001 cgroup:/ v6only:0 <->

However, while ssh is now able to connect to the socket, something is 
going wrong in the handoff to sshd. I see the following message printed on 
the console when trying to connect:

Uncaught exception in task:
In fibers.scm:
   150:8 4 (_)
In shepherd/service.scm:
   1435:21 3 (_)
   1280:30 2 (socket-address->string #(10 # 37896 0 0))
In unknown file:
           1 (inet-ntop 2 42540578165178177408896616697074944157)
In ice-9/boot-9.scm:
   1685:16 0 (raise-exception _ #:continualbe? _)
ice-9/boot-9.scm:1685:16: In procecure raise-exception:
Value our of range 0 to 18446744073709551615: 42540578165178177408896616697074944157

Best,
Jack




From debbugs-submit-bounces@debbugs.gnu.org Fri May 13 11:25:58 2022
Received: (at 55335) by debbugs.gnu.org; 13 May 2022 15:25:59 +0000
Received: from localhost ([127.0.0.1]:44628 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1npXB0-0002mD-K6
	for submit@debbugs.gnu.org; Fri, 13 May 2022 11:25:58 -0400
Received: from minsky.hcoop.net ([104.248.1.95]:60342)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <jackhill@jackhill.us>) id 1npXAy-0002lw-Nz
 for 55335@debbugs.gnu.org; Fri, 13 May 2022 11:25:56 -0400
Received: from marsh.hcoop.net ([45.55.52.66])
 by minsky.hcoop.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.92) (envelope-from <jackhill@jackhill.us>)
 id 1npXAt-0007IH-LH; Fri, 13 May 2022 11:25:51 -0400
Date: Fri, 13 May 2022 11:25:51 -0400 (EDT)
From: Jack Hill <jackhill@jackhill.us>
X-X-Sender: jackhill@marsh.hcoop.net
To: Christopher Baines <mail@cbaines.net>
Subject: Re: bug#55335: [PATCH] services: Allow shepherd to listen for IPv6
 connections to openssh.
In-Reply-To: <alpine.DEB.2.21.2205131110120.11587@marsh.hcoop.net>
Message-ID: <alpine.DEB.2.21.2205131125260.11587@marsh.hcoop.net>
References: <87r153q913.fsf@cbaines.net>
 <20220513142312.21382-1-mail@cbaines.net>
 <alpine.DEB.2.21.2205131110120.11587@marsh.hcoop.net>
User-Agent: Alpine 2.21 (DEB 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 55335
Cc: 55335@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

On Fri, 13 May 2022, Jack Hill wrote:

> Thanks for looking into this! Does this fix work for you (I assume so)? I 
> tried a simpler patch to use a v6 socket:
>
>
> --- a/gnu/services/ssh.scm
> +++ b/gnu/services/ssh.scm
> @@ -535,7 +535,7 @@ (define openssh-command
>          (start #~(if (defined? 'make-inetd-constructor)
>                       (make-inetd-constructor
>                        (append #$openssh-command '("-i"))
> -                       (make-socket-address AF_INET INADDR_ANY
> +                       (make-socket-address AF_INET6 INADDR_ANY
>                                             #$port-number)
>                        #:max-connections #$max-connections)
>                       (make-forkexec-constructor #$openssh-command
>
> and that does indeed produce a v6 socket that also accepts v4 connection. The 
> output of `ss -tulpen`:
>
> tcp       LISTEN     0          10 *:22                       *:* 
> users:(("shepherd",pid=1,fd=29)) ino:1522146 sk:2001 cgroup:/ v6only:0 <->
>
> However, while ssh is now able to connect to the socket, something is going 
> wrong in the handoff to sshd. I see the following message printed on the 
> console when trying to connect:
>
> Uncaught exception in task:
> In fibers.scm:
>  150:8 4 (_)
> In shepherd/service.scm:
>  1435:21 3 (_)
>  1280:30 2 (socket-address->string #(10 # 37896 0 0))
> In unknown file:
>          1 (inet-ntop 2 42540578165178177408896616697074944157)
> In ice-9/boot-9.scm:
>  1685:16 0 (raise-exception _ #:continualbe? _)
> ice-9/boot-9.scm:1685:16: In procecure raise-exception:
> Value our of range 0 to 18446744073709551615: 
> 42540578165178177408896616697074944157
>
> Best,
> Jack

I should have specified: now neither v4 or v6 work.

Best,
Jack




From debbugs-submit-bounces@debbugs.gnu.org Sat May 14 04:42:37 2022
Received: (at 55335) by debbugs.gnu.org; 14 May 2022 08:42:38 +0000
Received: from localhost ([127.0.0.1]:45717 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1npnMD-0008UV-I4
	for submit@debbugs.gnu.org; Sat, 14 May 2022 04:42:37 -0400
Received: from eggs.gnu.org ([209.51.188.92]:56360)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1npnMB-0008UG-HX
 for 55335@debbugs.gnu.org; Sat, 14 May 2022 04:42:36 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:51934)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1npnM1-0007VO-VO; Sat, 14 May 2022 04:42:27 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=A+PZ63IJ3sui7DOPfhq7ud5EUpGAcwaHO2j17R7iwuo=; b=GiJvXk31LYTBlMbMPt8Q
 w7Ey29dx95EQyKOQO0HHNg/lOV55X+n1apji0pG9jYuE7zOOPbf3S9nO0AKnai+YYk8M1Stvj2Rmc
 CU1NtEsCAAUuaAMX5GXKi0zyjE1q+Q4fKTEDvkdbnLaAHw1RjPJxln8UV/F7Xigjb7Ut6UDAJVUv7
 T2LkKKk0hhPDakKJ2maLWHuxTwbs11YrehSrQk0Q8dpU4uQ/w488m75hIDD34AOquy10FcKIn/Nfh
 U354FChmBDJwFK59OcM1gMuaxtdljzL8LE4OaUrC5gaz880j7QxwcmQyv3eOUZX1c/rPDqdZJ9d0n
 a7L02rUklCd9NQ==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:57695
 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1npnLz-0000tt-7G; Sat, 14 May 2022 04:42:23 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
To: Jack Hill <jackhill@jackhill.us>
Subject: Re: bug#55335: openssh-service no longer listens on IPv6
References: <87r153q913.fsf@cbaines.net>
 <20220513142312.21382-1-mail@cbaines.net>
 <alpine.DEB.2.21.2205131110120.11587@marsh.hcoop.net>
Date: Sat, 14 May 2022 10:42:20 +0200
In-Reply-To: <alpine.DEB.2.21.2205131110120.11587@marsh.hcoop.net> (Jack
 Hill's message of "Fri, 13 May 2022 11:23:18 -0400 (EDT)")
Message-ID: <87r14wh5eb.fsf_-_@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 55335
Cc: Christopher Baines <mail@cbaines.net>, 55335@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi,

Jack Hill <jackhill@jackhill.us> skribis:

> However, while ssh is now able to connect to the socket, something is
> going wrong in the handoff to sshd. I see the following message
> printed on the console when trying to connect:
>
> Uncaught exception in task:
> In fibers.scm:
>   150:8 4 (_)
> In shepherd/service.scm:
>   1435:21 3 (_)
>   1280:30 2 (socket-address->string #(10 # 37896 0 0))
> In unknown file:
>           1 (inet-ntop 2 42540578165178177408896616697074944157)
> In ice-9/boot-9.scm:
>   1685:16 0 (raise-exception _ #:continualbe? _)
> ice-9/boot-9.scm:1685:16: In procecure raise-exception:
> Value our of range 0 to 18446744073709551615: 425405781651781774088966166=
97074944157

Oops, another embarrassing bug, now fixed in Shepherd commit
27dd4df9d83e9c59668bd9e6ca05a3a4983e10d2.

Thanks,
Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Sat May 14 10:16:51 2022
Received: (at 55335) by debbugs.gnu.org; 14 May 2022 14:16:51 +0000
Received: from localhost ([127.0.0.1]:47189 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1npsZf-00006b-Bv
	for submit@debbugs.gnu.org; Sat, 14 May 2022 10:16:51 -0400
Received: from eggs.gnu.org ([209.51.188.92]:42754)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1npsZd-00006P-K5
 for 55335@debbugs.gnu.org; Sat, 14 May 2022 10:16:50 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:55564)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1npsZY-0002P5-BK; Sat, 14 May 2022 10:16:44 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=plexalgA5hrEeRoWv1TGsAgEfLE6/deYpJ5ETTCPUiE=; b=eS273/19sy51OjWIrTLB
 aq2SEMEkMfO/sAbhEiWC5yrq3g279VPJroRljRYUBp1fXaGfDYk2fps7cLXRjr0BZ5EyNnmGqfThb
 47KpMtyBLeJgsZf2sl/wgKrTWaegYtkq9oMh+kOGFNyYSkktRNkM4ESg0LiqQF0Uror8dx/YaK2vo
 eBqonfwRyBrQAaSqx+k7FuEYSPWjoMi5DjfCjZJ3tTt8TQUEiw4fO/w4zIhwirKYow1pumD4mCRLC
 XpZqdLEcesj/FO8/6+Mx8CsgyJ60uRDjfEC0HC2R49FxojE+p3GlGPjF+p8Vv54w5E2OEH3Quazu7
 UjzB23xQ82jk+Q==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:49181
 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1npsZX-0000AB-VA; Sat, 14 May 2022 10:16:44 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
To: Christopher Baines <mail@cbaines.net>
Subject: Re: bug#55335: openssh-service no longer listens on IPv6
References: <87r153q913.fsf@cbaines.net>
 <20220513142312.21382-1-mail@cbaines.net>
Date: Sat, 14 May 2022 16:16:42 +0200
In-Reply-To: <20220513142312.21382-1-mail@cbaines.net> (Christopher Baines's
 message of "Fri, 13 May 2022 15:23:12 +0100")
Message-ID: <87zgjkfbcl.fsf_-_@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 55335
Cc: 55335@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi,

Christopher Baines <mail@cbaines.net> skribis:

> Prior to the switch to the openssh service using inetd, you could connect=
 over
> IPv4 or IPv6. With inetd, you can only connect over IPv4, meaning for mac=
hines
> with just IPv6 connectivity, you can't connect.
>
> Switching to listing via IPv6 should support IPv4 connections, as Linux is
> capable of translating IPv4 connections to IPv6. I think there's a risk t=
hat
> switching to this approach will affect some uses of the openssh
> service. Therefore, this commit makes this a configuration option, which =
is #f
> by default.
>
> In the future, once it's easy to do so via Guile and the shepherd, it wou=
ld be
> good if two sockets were used, one for IPv4 and one for IPv6. That's not =
easy
> at the moment, as the IPv6 socket conflicts with the IPv4 one, due to the
> translation behaviour described above.

Yes, I was going to suggest turning the =E2=80=98address=E2=80=99 argument =
of
=E2=80=98make-inetd-constructor=E2=80=99 into =E2=80=98addresses=E2=80=99 (=
plural), with backward
compatibility.  For sshd, we=E2=80=99d do:

         (make-inetd-constructor
          (append #$openssh-command '("-i"))
          (list (make-socket-address AF_INET INADDR_ANY #$port-number)
                (make-socket-address AF_INET6 INADDR_ANY #$port-number)))

It=E2=80=99s not that simple, due to the v6-to-v4 translation you mention:

--8<---------------cut here---------------start------------->8---
scheme@(guile-user)> (define v4 (make-socket-address AF_INET INADDR_ANY 555=
5))
scheme@(guile-user)> (define v6 (make-socket-address AF_INET6 INADDR_ANY 55=
55))
scheme@(guile-user)> (define s4 (socket AF_INET SOCK_STREAM 0))
scheme@(guile-user)> (define s6 (socket AF_INET6 SOCK_STREAM 0))
scheme@(guile-user)> (bind s4 v4)
scheme@(guile-user)> (bind s6 v6)
ice-9/boot-9.scm:1685:16: In procedure raise-exception:
In procedure bind: Address already in use

Entering a new prompt.  Type `,bt' for a backtrace or `,q' to continue.
--8<---------------cut here---------------end--------------->8---

=E2=80=A6 but it can be made to work:

--8<---------------cut here---------------start------------->8---
scheme@(guile-user)> (define s4 (socket AF_INET SOCK_STREAM 0))
scheme@(guile-user)> (define s6 (socket AF_INET6 SOCK_STREAM 0))
scheme@(guile-user)> (define IPPROTO_IPV6 41)
scheme@(guile-user)> (define IPV6_V6ONLY 26)
scheme@(guile-user)> (setsockopt s6 IPPROTO_IPV6 IPV6_V6ONLY 1)
scheme@(guile-user)> (bind s4 v4)
scheme@(guile-user)> (bind s6 v6)
--8<---------------cut here---------------end--------------->8---

So =E2=80=98make-inetd-constructor=E2=80=99 would interpret v6 addresses as=
 v6-only,
with the understanding that the caller has to explicitly pass all the
relevant addresses.

Thoughts?

We could release Shepherd shortly with the fixes that have accumulated.
The service in Guix would be able to use it, but only if PID=C2=A01 is rece=
nt
enough.

Thanks,
Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Sat May 14 11:49:56 2022
Received: (at 55335) by debbugs.gnu.org; 14 May 2022 15:49:56 +0000
Received: from localhost ([127.0.0.1]:47324 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1npu1j-00056Q-LV
	for submit@debbugs.gnu.org; Sat, 14 May 2022 11:49:55 -0400
Received: from eggs.gnu.org ([209.51.188.92]:58032)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1npu1h-00056A-8B
 for 55335@debbugs.gnu.org; Sat, 14 May 2022 11:49:53 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:56296)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1npu1O-0003Fi-Jx; Sat, 14 May 2022 11:49:47 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=K3GNxDqUk4JnvEtP3SmJgVQpLkHbxFrc3V1iv8j0jI4=; b=W/szFDG214x+OU5O48r8
 /YSPBYQLUmO3aW036oJllwFcDs8J/wGc/0wVRO0k643/sdDLRWL4gPLlqqEC6L09K2y/YU86/DDRV
 g/aWVWVwxRLXqy1CGFOOD6PiAG4QzU44lsqBBPvNLkjYjmG2g+UvxRqjm/ONn/wep91OWT1I5ooJb
 b5lW+GAC2TgoVjBaXBEfD2JQfOqvDboiwoclupExEXCv5MTUOg9zXW24kDM01LzVpkzhj2XgUzI/3
 NZ79J1n3sQWxuDHgHaHrvPIXYQxXZcSs3yQkulepZqzwzCi8j4qzYU0ZXnWa1LJi3YtfBSyOi97V7
 B3/7nuO+NSncqQ==;
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=49342 helo=ribbon)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>)
 id 1npu1N-0000Sv-QA; Sat, 14 May 2022 11:49:34 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
To: Christopher Baines <mail@cbaines.net>
Subject: Re: bug#55335: openssh-service no longer listens on IPv6
References: <87r153q913.fsf@cbaines.net>
 <20220513142312.21382-1-mail@cbaines.net>
Date: Sat, 14 May 2022 17:49:31 +0200
In-Reply-To: <20220513142312.21382-1-mail@cbaines.net> (Christopher Baines's
 message of "Fri, 13 May 2022 15:23:12 +0100")
Message-ID: <87lev4f71w.fsf_-_@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 55335
Cc: 55335@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi,

Christopher Baines <mail@cbaines.net> skribis:

> Switching to listing via IPv6 should support IPv4 connections, as Linux is
> capable of translating IPv4 connections to IPv6. I think there's a risk t=
hat
> switching to this approach will affect some uses of the openssh
> service. Therefore, this commit makes this a configuration option, which =
is #f
> by default.

[...]

> +                       (make-socket-address #$(if (openssh-listen-via-ip=
v6? config)
> +                                                  #~AF_INET6
> +                                                  #~AF_INET)
> +                                            INADDR_ANY
>                                              #$port-number)

Thinking about it, what do you think is the risk of using AF_INET6
unconditionally?

AFAICS it just works.  Is there a switch somewhere that might affect
that behavior?

(I still think that changing =E2=80=98make-inetd-constructor=E2=80=99 to ac=
cept multiple
addresses is a better fix longer-term, but if we can have this quick
fix, that=E2=80=99s great.)

Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Sat May 14 15:10:04 2022
Received: (at 55335) by debbugs.gnu.org; 14 May 2022 19:10:04 +0000
Received: from localhost ([127.0.0.1]:47520 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1npx9Q-0002O9-5M
	for submit@debbugs.gnu.org; Sat, 14 May 2022 15:10:04 -0400
Received: from minsky.hcoop.net ([104.248.1.95]:42418)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <jackhill@jackhill.us>) id 1npx9O-0002NW-6W
 for 55335@debbugs.gnu.org; Sat, 14 May 2022 15:10:02 -0400
Received: from marsh.hcoop.net ([45.55.52.66])
 by minsky.hcoop.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.92) (envelope-from <jackhill@jackhill.us>)
 id 1npx9H-0002rA-R6; Sat, 14 May 2022 15:09:55 -0400
Date: Sat, 14 May 2022 15:09:55 -0400 (EDT)
From: Jack Hill <jackhill@jackhill.us>
X-X-Sender: jackhill@marsh.hcoop.net
To: =?ISO-8859-15?Q?Ludovic_Court=E8s?= <ludo@gnu.org>
Subject: Re: bug#55335: openssh-service no longer listens on IPv6
In-Reply-To: <87lev4f71w.fsf_-_@gnu.org>
Message-ID: <alpine.DEB.2.21.2205141505570.11587@marsh.hcoop.net>
References: <87r153q913.fsf@cbaines.net>
 <20220513142312.21382-1-mail@cbaines.net> <87lev4f71w.fsf_-_@gnu.org>
User-Agent: Alpine 2.21 (DEB 202 2017-01-01)
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="925712948-1546090832-1652555395=:11587"
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 55335
Cc: Christopher Baines <mail@cbaines.net>, 55335@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--925712948-1546090832-1652555395=:11587
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8BIT

On Sat, 14 May 2022, Ludovic Courtès wrote:

> Hi,
>
> Thinking about it, what do you think is the risk of using AF_INET6
> unconditionally?
>
> AFAICS it just works.  Is there a switch somewhere that might affect
> that behavior?

Yes, I beleive that it's in sysctl:

```
$ sysctl net.ipv6.bindv6only
net.ipv6.bindv6only = 0
```

If enabled, the v6 socket wouldn't work for v4. Disabled is the default on 
Guix System. I don't know what would happen if v6 were disabled entirely. 
Hopefully that's not something we have to worry about in 2022.

HTH,
Jack
--925712948-1546090832-1652555395=:11587--




From debbugs-submit-bounces@debbugs.gnu.org Tue May 17 17:35:03 2022
Received: (at 55335) by debbugs.gnu.org; 17 May 2022 21:35:03 +0000
Received: from localhost ([127.0.0.1]:58188 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1nr4qM-0001vg-Rp
	for submit@debbugs.gnu.org; Tue, 17 May 2022 17:35:03 -0400
Received: from mira.cbaines.net ([212.71.252.8]:41298)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mail@cbaines.net>) id 1nr4qL-0001vE-CV
 for 55335@debbugs.gnu.org; Tue, 17 May 2022 17:35:01 -0400
Received: from localhost (unknown [IPv6:2a02:8010:68c1:0:54d1:d5d4:280e:f699])
 by mira.cbaines.net (Postfix) with ESMTPSA id EE17F27BBE9;
 Tue, 17 May 2022 22:34:59 +0100 (BST)
Received: from felis (localhost [127.0.0.1])
 by localhost (OpenSMTPD) with ESMTP id 01ccbfa7;
 Tue, 17 May 2022 21:34:57 +0000 (UTC)
References: <87r153q913.fsf@cbaines.net>
 <20220513142312.21382-1-mail@cbaines.net> <87lev4f71w.fsf_-_@gnu.org>
User-agent: mu4e 1.6.10; emacs 27.2
From: Christopher Baines <mail@cbaines.net>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Subject: Re: bug#55335: openssh-service no longer listens on IPv6
Date: Tue, 17 May 2022 22:33:29 +0100
In-reply-to: <87lev4f71w.fsf_-_@gnu.org>
Message-ID: <877d6jonb4.fsf@cbaines.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 55335
Cc: 55335@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


Ludovic Court=C3=A8s <ludo@gnu.org> writes:

> Hi,
>
> Christopher Baines <mail@cbaines.net> skribis:
>
>> Switching to listing via IPv6 should support IPv4 connections, as Linux =
is
>> capable of translating IPv4 connections to IPv6. I think there's a risk =
that
>> switching to this approach will affect some uses of the openssh
>> service. Therefore, this commit makes this a configuration option, which=
 is #f
>> by default.
>
> [...]
>
>> +                       (make-socket-address #$(if (openssh-listen-via-i=
pv6? config)
>> +                                                  #~AF_INET6
>> +                                                  #~AF_INET)
>> +                                            INADDR_ANY
>>                                              #$port-number)
>
> Thinking about it, what do you think is the risk of using AF_INET6
> unconditionally?

I'm assuming that configuration that looks at the IP addresses will be
affected, e.g. things like:

  Match Address 127.0.0.*
    PubkeyAuthentication yes

But this is just a guess.

> AFAICS it just works.  Is there a switch somewhere that might affect
> that behavior?
>
> (I still think that changing =E2=80=98make-inetd-constructor=E2=80=99 to =
accept multiple
> addresses is a better fix longer-term, but if we can have this quick
> fix, that=E2=80=99s great.)

I'm also interested in a quick fix. I'd like to either make the switch
to using AF_INET6 unconditionally, or push the patch I sent for allowing
it to be used through a configuration option.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmKEFP9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh
aW5lcy5uZXQACgkQXiijOwuE9XdS6A/+JZQVoML9XUz6m4UV10FlF88x9jyVqk4P
Ikfq7S6Ure3rdskN6nFGeDMqkIpxdvRsfW2BkwczVCNcdzHm+olJyoj1+VNYvdF6
vqQe52X1hIkiK82SbxSXjiB1jOqsRGdpGGBHEcJC4UcWz/LvJM1ciEf9ocnISnXL
vHU871TRzTpZPouZHeCiefg1hZ453X8Rky+9qSP6iv+Cm+7dRgToCwIwW50Bp84V
2N73aFohLTYTtq65tWqx8szvLHlAp1V8k4vwQtcfiSK5UtUU+snJPXGkXZkhD2HB
LQ2hEOZVnWHVW/PqxaReqn3bxGn1wy64B0OypMWNLkpZJ7RoBmLf1RU5VlccdUDV
BVbE1BV03XSBSjNiVuOKTny5NCSCvrL6orHJMW6asjVaJDdWf5FqI7FgBQTzSam/
ZkKcEyivNVvY0E+rNYGYxGIwjaOz1GCyWjUap0kjNRElvxNSRd/34UJdTVUvWSWk
lTJnFnOq4Uh2EbYNEgjmCwVh54iPXgmux0khT/2gqqUaA1W1EToY9tUSz5Exr8pj
bqsQpBUWdeA7ixpxY7wriMtZ8f/H7xzRnpOTVzT/FyM1O5lgl2yMyphyOx4jCyd+
k2+3xH3nkI0jzP8Y+Y5kr9UF2nzmQeb07zX663B0ol7AQ8TMUCELEp3KXvOIjgLA
o0xp2vaSExo=
=wDqi
-----END PGP SIGNATURE-----
--=-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Wed May 18 05:31:11 2022
Received: (at 55335) by debbugs.gnu.org; 18 May 2022 09:31:12 +0000
Received: from localhost ([127.0.0.1]:59051 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1nrG1P-0006uf-8V
	for submit@debbugs.gnu.org; Wed, 18 May 2022 05:31:11 -0400
Received: from eggs.gnu.org ([209.51.188.92]:37856)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1nrG19-0006Yp-8u
 for 55335@debbugs.gnu.org; Wed, 18 May 2022 05:31:10 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:53890)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1nrG13-0008TC-V7; Wed, 18 May 2022 05:30:49 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=bSPwW3tp31blt/pXZ5BALIlmenENwCwmposmtpj8Xh0=; b=WfcJYQxynQkSPqfjnkrE
 S7V3FgCYnulTOgABWAVNId24R0WE7b9O9kW4IG0eKVmrmNJUizynB6hz7vA+6OwgZmB6lCJyXRAlH
 dXJ1cHDC6tS3hrKFJcm81vRVxPTLiew93RKqB7DabAPfCYye83cr0MW9GkWjJijm08n4lI4m/ZLbN
 oCPpCwnJbcDuRLf1hmJm4yUzq3awF0wtTKy7Dp9i7yPZEaAt1u6crh48YEDvGzbk7ZUYVMGIWHTOx
 24NbG+78/BHpVymKP6E/zx1teFaFvwSZZwCk9fhYa8eTEOTKzkhm6vC4SaZePUio++jsv4Y2MOeI8
 xhGNd6jH2Vzbeg==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:55731
 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1nrG13-0002lG-Iy; Wed, 18 May 2022 05:30:49 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
To: Christopher Baines <mail@cbaines.net>
Subject: Re: bug#55335: openssh-service no longer listens on IPv6
References: <87r153q913.fsf@cbaines.net>
 <20220513142312.21382-1-mail@cbaines.net> <87lev4f71w.fsf_-_@gnu.org>
 <877d6jonb4.fsf@cbaines.net>
Date: Wed, 18 May 2022 11:30:46 +0200
In-Reply-To: <877d6jonb4.fsf@cbaines.net> (Christopher Baines's message of
 "Tue, 17 May 2022 22:33:29 +0100")
Message-ID: <871qwr427t.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 55335
Cc: 55335@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi Chris,

Christopher Baines <mail@cbaines.net> skribis:

> I'm also interested in a quick fix. I'd like to either make the switch
> to using AF_INET6 unconditionally, or push the patch I sent for allowing
> it to be used through a configuration option.

How about going with unconditional AF_INET6 for now?  That way we
wouldn=E2=80=99t have that new option that will likely become a no-op
afterwards.

I=E2=80=99ll propose changes to the Shepherd soon, so we can fix it for goo=
d.

Thanks,
Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Wed May 18 10:07:07 2022
Received: (at 55335) by debbugs.gnu.org; 18 May 2022 14:07:07 +0000
Received: from localhost ([127.0.0.1]:33076 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1nrKKR-0003sF-84
	for submit@debbugs.gnu.org; Wed, 18 May 2022 10:07:07 -0400
Received: from eggs.gnu.org ([209.51.188.92]:53350)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1nrKKO-0003rN-Pd
 for 55335@debbugs.gnu.org; Wed, 18 May 2022 10:07:05 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:58648)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1nrKKJ-0000dY-Jk; Wed, 18 May 2022 10:06:59 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=GW4Yk8ERHTjUOBm66OoS9bzUoS+4CKSsdBHVNr+0WhQ=; b=Ha13SyDOCTd1dYL4ML0U
 ms1Kit5XEx80oQ02JV7WgdXjY3qaCPsJ8UKbwpOEMS9DIfwwMpQoeThX7xu20lJoHB81jKWr2gT8R
 Bo38uqFH7/xw2KVJkOxCGolX38uKgARncMm+jVnYy0TsvEO8znSl1OIW3w7NeWmPY/5scaO2odPT8
 l1YyaoOKng7kXkBrQZZA5UeQzvs3AYzsjT/aXSBJnhlHNmAifrc2W1a2cT+DqsEqpyDJAl+VwFbTH
 PNql4C1hUJ/ULzCJSFltZ+RcTb2djk8TAlBmI8SkRbNXtqJ3zfyuWA2HraNIXJ26520qSb+j7bbcy
 O8ObGxkVoSfVjQ==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:56764
 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1nrKKJ-0003x7-7M; Wed, 18 May 2022 10:06:59 -0400
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
To: 55335@debbugs.gnu.org
Subject: [PATCH Shepherd 2/3] tests: Update inetd tests to pass a list of
 endpoints.
Date: Wed, 18 May 2022 16:06:44 +0200
Message-Id: <20220518140645.17144-3-ludo@gnu.org>
X-Mailer: git-send-email 2.36.0
In-Reply-To: <20220518140645.17144-1-ludo@gnu.org>
References: <87zgjkfbcl.fsf_-_@gnu.org> <20220518140645.17144-1-ludo@gnu.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 55335
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* tests/inetd.sh: Pass 'make-inetd-constructor' a list of endpoints.
---
 tests/inetd.sh | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/tests/inetd.sh b/tests/inetd.sh
index ef18800..83037bf 100644
--- a/tests/inetd.sh
+++ b/tests/inetd.sh
@@ -42,15 +42,18 @@ cat > "$conf" <<EOF
  (make <service>
    #:provides '(test-inetd)
    #:start (make-inetd-constructor %command
-                                   (make-socket-address AF_INET
-                                                        INADDR_LOOPBACK
-                                                        $PORT))
+                                   (list
+                                    (endpoint (make-socket-address
+                                               AF_INET
+                                               INADDR_LOOPBACK
+                                               $PORT))))
    #:stop  (make-inetd-destructor))
  (make <service>
    #:provides '(test-inetd-unix)
    #:start (make-inetd-constructor %command
-                                   (make-socket-address AF_UNIX
-                                                        "$service_socket")
+                                   (list
+                                    (endpoint (make-socket-address
+                                               AF_UNIX "$service_socket")))
                                    #:max-connections 5)
    #:stop  (make-inetd-destructor)))
 
-- 
2.36.0





From debbugs-submit-bounces@debbugs.gnu.org Wed May 18 10:07:13 2022
Received: (at 55335) by debbugs.gnu.org; 18 May 2022 14:07:13 +0000
Received: from localhost ([127.0.0.1]:33078 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1nrKKW-0003sb-L5
	for submit@debbugs.gnu.org; Wed, 18 May 2022 10:07:13 -0400
Received: from eggs.gnu.org ([209.51.188.92]:53336)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1nrKKP-0003rM-H6
 for 55335@debbugs.gnu.org; Wed, 18 May 2022 10:07:06 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:58646)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1nrKKJ-0000d2-0W; Wed, 18 May 2022 10:06:59 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=zWEXQK4+c0kwJXUklc5tuDS2DmkWMHz1KjO2KWfKF0U=; b=lDQt8PL7snT0S9fBBIvU
 kq9nuZVVZxWhy+9xXE6C6101Y4HAAQOtBlUu555v6jN+ide5JqOF15JjCrecnBcCa6ECi7PTweXlM
 SwQoa7uS2cSrhd2nKnThx/l8q3V9Ff5yoIq75n6ZUhHCqFY4sEl+or8xJLJH/ICI5Tze27HN/d1oV
 hUv/1NHjxecspCqslUy+fDfRQ/xTBkzT7ZIv1/XwYCVZQGaKPr/Rahk6GxdnZIcGdzfGUDZoUYA5F
 vPlaj2bpdcnwp7SzbosUV4ZfLwJ0PywflU32JMBAXJz+F9TlhVW8dJzrCgVb+9efNbAUlw5Z2cEB9
 k7gZ7A2XXZO17w==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:56764
 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1nrKKI-0003x7-Js; Wed, 18 May 2022 10:06:58 -0400
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
To: 55335@debbugs.gnu.org
Subject: [PATCH Shepherd 1/3] service: 'make-inetd-constructor' accepts a list
 of endpoints.
Date: Wed, 18 May 2022 16:06:43 +0200
Message-Id: <20220518140645.17144-2-ludo@gnu.org>
X-Mailer: git-send-email 2.36.0
In-Reply-To: <20220518140645.17144-1-ludo@gnu.org>
References: <87zgjkfbcl.fsf_-_@gnu.org> <20220518140645.17144-1-ludo@gnu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 55335
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* modules/shepherd/service.scm (endpoint->listening-socket)
(open-sockets): New procedures.
(make-inetd-constructor): Change 'address' parameter to 'endpoints'.
Mark #:socket-style, #:socket-owner, #:socket-group, #:socket-directory-permissions,
and #:listen-backlog as deprecated.
[spawn-child-service, accept-clients]: Take 'server-address' parameter
and use it.  Update callers.
Add compatibility later for when ENDPOINTS is an address.
(make-inetd-destructor): Adjust.
(make-systemd-destructor)[endpoint->listening-socket, open-sockets]:
Remove.
Adjust to new return value of 'open-sockets'.
* NEWS: Mention it.
---
 NEWS                         |  13 ++
 doc/shepherd.texi            |  54 ++++----
 modules/shepherd/service.scm | 255 +++++++++++++++++------------------
 3 files changed, 161 insertions(+), 161 deletions(-)

diff --git a/NEWS b/NEWS
index c51e8e2..4ce7a48 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,19 @@ Copyright © 2013-2014, 2016, 2018-2020, 2022 Ludovic Courtès <ludo@gnu.org>
 Please send Shepherd bug reports to bug-guix@gnu.org.
 
 * Changes in version 0.9.1
+** ‘make-inetd-constructor’ now accepts a list of endpoints
+
+In 0.9.0, ‘make-inetd-constructor’ would take a single address as returned by
+‘make-socket-address’.  This was insufficiently flexible since it didn’t let
+you have an inetd service with multiple endpoints.  ‘make-inetd-constructor’
+now takes a list of endpoints, similar to what ‘make-systemd-constructor’
+already did.
+
+For compatibility with 0.9.0, if the second argument to
+‘make-systemd-constructor’ is an address, it is automatically converted to a
+list of endpoints.  This behavior will be preserved for at least the whole
+0.9.x series.
+
 ** ‘shepherd’ reports whether a service is transient
 ** ‘herd status’ shows whether a service is transient
 ** Fix possible file descriptor leak in ‘make-inetd-constructor’
diff --git a/doc/shepherd.texi b/doc/shepherd.texi
index 3d01186..9efc48e 100644
--- a/doc/shepherd.texi
+++ b/doc/shepherd.texi
@@ -1082,11 +1082,28 @@ services, specifically those in @code{nowait} mode where the daemon is
 passed the newly-accepted socket connection while @command{shepherd} is
 in charge of listening.
 
-@deffn {procedure} make-inetd-constructor @var{command} @var{address}
-  [#:service-name-stem _] [#:requirements '()] @
-  [#:socket-style SOCK_STREAM] [#:listen-backlog 10] @
+Listening endpoints for such services are described as records built
+using the @code{endpoint} procedure:
+
+@deffn {procedure} endpoint @var{address} [#:name "unknown"] @
+  [#:style SOCK_STREAM] [#:backlog 128] @
   [#:socket-owner (getuid)] [#:socket-group (getgid)] @
-  [#:socket-directory-permissions #o755] @
+  [#:socket-directory-permissions #o755]
+Return a new endpoint called @var{name} of @var{address}, an address as
+return by @code{make-socket-address}, with the given @var{style} and
+@var{backlog}.
+
+When @var{address} is of type @code{AF_UNIX}, @var{socket-owner} and
+@var{socket-group} are strings or integers that specify its ownership and that
+of its parent directory; @var{socket-directory-permissions} specifies the
+permissions for its parent directory.
+@end deffn
+
+The inetd service constructor takes a command and a list of such
+endpoints:
+
+@deffn {procedure} make-inetd-constructor @var{command} @var{endpoints}
+  [#:service-name-stem _] [#:requirements '()] @
   [#:max-connections (default-inetd-max-connections)] @
   [#:user #f] @
   [#:group #f] @
@@ -1095,14 +1112,9 @@ in charge of listening.
   [#:file-creation-mask #f] [#:create-session? #t] @
   [#:resource-limits '()] @
   [#:environment-variables (default-environment-variables)]
-Return a procedure that opens a socket listening to @var{address}, an
-object as returned by @code{make-socket-address}, and accepting connections in
-the background; the @var{listen-backlog} argument is passed to @var{accept}.
-
-When @var{address} is of type @code{AF_UNIX}, @var{socket-owner} and
-@var{socket-group} are strings or integers that specify its ownership and that
-of its parent directory; @var{socket-directory-permissions} specifies the
-permissions for its parent directory.
+Return a procedure that opens sockets listening to @var{endpoints}, a list
+of objects as returned by @code{endpoint}, and accepting connections in the
+background.
 
 Upon a client connection, a transient service running @var{command} is
 spawned.  Only up to @var{max-connections} simultaneous connections are
@@ -1133,24 +1145,6 @@ environment (see below), which usually checks them using the libsystemd
 or libelogind
 @uref{https://www.freedesktop.org/software/systemd/man/sd_listen_fds.html,
 client library helper functions}.
-
-Listening endpoints for such services are described as records built
-using the @code{endpoint} procedure:
-
-@deffn {procedure} endpoint @var{address} [#:name "unknown"] @
-  [#:style SOCK_STREAM] [#:backlog 128] @
-  [#:socket-owner (getuid)] [#:socket-group (getgid)] @
-  [#:socket-directory-permissions #o755]
-Return a new endpoint called @var{name} of @var{address}, an address as
-return by @code{make-socket-address}, with the given @var{style} and
-@var{backlog}.
-
-When @var{address} is of type @code{AF_UNIX}, @var{socket-owner} and
-@var{socket-group} are strings or integers that specify its ownership and that
-of its parent directory; @var{socket-directory-permissions} specifies the
-permissions for its parent directory.
-@end deffn
-
 The constructor and destructor for systemd-style daemons are described
 below.
 
diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm
index ded8283..e93466a 100644
--- a/modules/shepherd/service.scm
+++ b/modules/shepherd/service.scm
@@ -1225,6 +1225,90 @@ as argument, where SIGNAL defaults to `SIGTERM'."
   (lambda (ignored . args)
     (not (zero? (status:exit-val (system (apply string-append command)))))))
 
+
+;;;
+;;; Server endpoints.
+;;;
+
+;; Endpoint of a systemd-style or inetd-style service.
+(define-record-type <endpoint>
+  (make-endpoint name address style backlog owner group permissions)
+  endpoint?
+  (name        endpoint-name)                          ;string
+  (address     endpoint-address)                       ;socket address
+  (style       endpoint-style)                         ;SOCK_STREAM, etc.
+  (backlog     endpoint-backlog)                       ;integer
+  (owner       endpoint-socket-owner)                  ;integer
+  (group       endpoint-socket-group)                  ;integer
+  (permissions endpoint-socket-directory-permissions)) ;integer
+
+(define* (endpoint address
+                   #:key (name "unknown") (style SOCK_STREAM)
+                   (backlog 128)
+                   (socket-owner (getuid)) (socket-group (getgid))
+                   (socket-directory-permissions #o755))
+  "Return a new endpoint called @var{name} of @var{address}, an address as
+return by @code{make-socket-address}, with the given @var{style} and
+@var{backlog}.
+
+When @var{address} is of type @code{AF_UNIX}, @var{socket-owner} and
+@var{socket-group} are strings or integers that specify its ownership and that
+of its parent directory; @var{socket-directory-permissions} specifies the
+permissions for its parent directory."
+  (make-endpoint name address style backlog
+                 socket-owner socket-group
+                 socket-directory-permissions))
+
+(define (endpoint->listening-socket endpoint)
+  "Return a listening socket for ENDPOINT."
+  (match endpoint
+    (($ <endpoint> name address style backlog
+                   owner group permissions)
+     (let* ((sock    (non-blocking-port
+                      (socket (sockaddr:fam address) style 0)))
+            (owner   (if (integer? owner)
+                         owner
+                         (passwd:uid (getpwnam owner))))
+            (group   (if (integer? group)
+                         group
+                         (group:gid (getgrnam group)))))
+       (setsockopt sock SOL_SOCKET SO_REUSEADDR 1)
+       (when (= AF_UNIX (sockaddr:fam address))
+         (mkdir-p (dirname (sockaddr:path address)) permissions)
+         (chown (dirname (sockaddr:path address)) owner group)
+         (catch-system-error (delete-file (sockaddr:path address))))
+
+       (bind sock address)
+       (listen sock backlog)
+
+       (when (= AF_UNIX (sockaddr:fam address))
+         (chown sock owner group)
+         (chmod sock #o666))
+
+       sock))))
+
+(define (open-sockets endpoints)
+  "Return a list of listening sockets corresponding to ENDPOINTS, in the same
+order as ENDPOINTS.  If opening of binding one of them fails, an exception is
+thrown an previously-opened sockets are closed."
+  (let loop ((endpoints endpoints)
+             (result   '()))
+    (match endpoints
+      (()
+       (reverse result))
+      ((head tail ...)
+       (let ((sock (catch 'system-error
+                     (lambda ()
+                       (endpoint->listening-socket head))
+                     (lambda args
+                       ;; When opening one socket fails, abort the whole
+                       ;; process.
+                       (for-each (match-lambda
+                                   ((_ . socket) (close-port socket)))
+                                 result)
+                       (apply throw args)))))
+         (loop tail (cons sock result)))))))
+
 
 ;;;
 ;;; Inetd-style services.
@@ -1311,18 +1395,13 @@ as argument, where SIGNAL defaults to `SIGTERM'."
   ;; service.
   (make-parameter 100))
 
-(define* (make-inetd-constructor command address
+(define* (make-inetd-constructor command endpoints
                                  #:key
                                  (service-name-stem
                                   (match command
                                     ((program . _)
                                      (basename program))))
                                  (requirements '())
-                                 (socket-style SOCK_STREAM)
-                                 (socket-owner (getuid))
-                                 (socket-group (getgid))
-                                 (socket-directory-permissions #o755)
-                                 (listen-backlog 10)
                                  (max-connections
                                   (default-inetd-max-connections))
                                  (user #f)
@@ -1333,15 +1412,17 @@ as argument, where SIGNAL defaults to `SIGTERM'."
                                  (create-session? #t)
                                  (environment-variables
                                   (default-environment-variables))
-                                 (resource-limits '()))
-  "Return a procedure that opens a socket listening to @var{address}, an
-object as returned by @code{make-socket-address}, and accepting connections in
-the background; the @var{listen-backlog} argument is passed to @var{accept}.
+                                 (resource-limits '())
 
-When @var{address} is of type @code{AF_UNIX}, @var{socket-owner} and
-@var{socket-group} are strings or integers that specify its ownership and that
-of its parent directory; @var{socket-directory-permissions} specifies the
-permissions for its parent directory.
+                                 ;; Deprecated.
+                                 (socket-style SOCK_STREAM)
+                                 (socket-owner (getuid))
+                                 (socket-group (getgid))
+                                 (socket-directory-permissions #o755)
+                                 (listen-backlog 10))
+  "Return a procedure that opens sockets listening to @var{endpoints}, a list
+of objects as returned by @code{endpoint}, and accepting connections in the
+background.
 
 Upon a client connection, a transient service running @var{command} is
 spawned.  Only up to @var{max-connections} simultaneous connections are
@@ -1370,7 +1451,7 @@ The remaining arguments are as for @code{make-forkexec-constructor}."
                   connection-count (canonical-name service))
     (default-service-termination-handler service status))
 
-  (define (spawn-child-service connection client-address)
+  (define (spawn-child-service connection server-address client-address)
     (let* ((name    (child-service-name))
            (service (make <service>
                       #:provides (list name)
@@ -1387,7 +1468,7 @@ The remaining arguments are as for @code{make-forkexec-constructor}."
                                #:file-creation-mask file-creation-mask
                                #:create-session? create-session?
                                #:environment-variables
-                               (append (inetd-variables address
+                               (append (inetd-variables server-address
                                                         client-address)
                                    environment-variables)
                                #:resource-limits resource-limits)
@@ -1396,7 +1477,7 @@ The remaining arguments are as for @code{make-forkexec-constructor}."
       (register-services service)
       (start service)))
 
-  (define (accept-clients sock)
+  (define (accept-clients server-address sock)
     ;; Return a thunk that accepts client connections from SOCK.
     (lambda ()
       (let loop ()
@@ -1407,7 +1488,7 @@ The remaining arguments are as for @code{make-forkexec-constructor}."
                  (local-output
                   (l10n "Maximum number of ~a clients reached; \
 rejecting connection from ~:[~a~;~*local process~].")
-                  (socket-address->string address)
+                  (socket-address->string server-address)
                   (= AF_UNIX (sockaddr:fam client-address))
                   (socket-address->string client-address))
                  (close-port connection))
@@ -1415,46 +1496,35 @@ rejecting connection from ~:[~a~;~*local process~].")
                  (set! connection-count (+ 1 connection-count))
                  (local-output
                   (l10n "Accepted connection on ~a from ~:[~a~;~*local process~].")
-                  (socket-address->string address)
+                  (socket-address->string server-address)
                   (= AF_UNIX (sockaddr:fam client-address))
                   (socket-address->string client-address))
-                 (spawn-child-service connection client-address)))))
+                 (spawn-child-service connection
+                                      server-address client-address)))))
         (loop))))
 
   (lambda args
-    (let ((owner (if (integer? socket-owner)
-                     socket-owner
-                     (passwd:uid (getpwnam socket-owner))))
-          (group (if (integer? socket-group)
-                     socket-group
-                     (group:gid (getgrnam socket-group))))
-          (sock  (socket (sockaddr:fam address) socket-style 0)))
-      (catch #t
-        (lambda ()
-          (non-blocking-port sock)
-          (setsockopt sock SOL_SOCKET SO_REUSEADDR 1)
-
-          (when (= AF_UNIX (sockaddr:fam address))
-            (mkdir-p (dirname (sockaddr:path address))
-                     socket-directory-permissions)
-            (chown (dirname (sockaddr:path address)) owner group)
-            (catch-system-error (delete-file (sockaddr:path address))))
-          (bind sock address)
-          (when (= AF_UNIX (sockaddr:fam address))
-            (chown sock owner group)
-            (chmod sock #o666))
-
-          (listen sock listen-backlog)
-          (spawn-fiber (accept-clients sock))
-          sock)
-        (lambda args
-          (close-port sock)
-          (apply throw args))))))
+    (let* ((endpoints (match endpoints
+                        (((? endpoint?) ...) endpoints)
+                        (address (list (endpoint address
+                                                 #:style socket-style
+                                                 #:backlog listen-backlog
+                                                 #:socket-owner socket-owner
+                                                 #:socket-group socket-group
+                                                 #:socket-directory-permissions
+                                                 socket-directory-permissions)))))
+           (sockets   (open-sockets endpoints)))
+      (for-each (lambda (endpoint socket)
+                  (spawn-fiber
+                   (accept-clients (endpoint-address endpoint)
+                                   socket)))
+                endpoints sockets)
+      sockets)))
 
 (define (make-inetd-destructor)
   "Return a procedure that terminates an inetd service."
-  (lambda (sock)
-    (close-port sock)
+  (lambda (sockets)
+    (for-each close-port sockets)
     #f))
 
 
@@ -1462,35 +1532,6 @@ rejecting connection from ~:[~a~;~*local process~].")
 ;;; systemd-style services.
 ;;;
 
-;; Endpoint of a systemd-style service.
-(define-record-type <endpoint>
-  (make-endpoint name address style backlog owner group permissions)
-  endpoint?
-  (name        endpoint-name)                          ;string
-  (address     endpoint-address)                       ;socket address
-  (style       endpoint-style)                         ;SOCK_STREAM, etc.
-  (backlog     endpoint-backlog)                       ;integer
-  (owner       endpoint-socket-owner)                  ;integer
-  (group       endpoint-socket-group)                  ;integer
-  (permissions endpoint-socket-directory-permissions)) ;integer
-
-(define* (endpoint address
-                   #:key (name "unknown") (style SOCK_STREAM)
-                   (backlog 128)
-                   (socket-owner (getuid)) (socket-group (getgid))
-                   (socket-directory-permissions #o755))
-  "Return a new endpoint called @var{name} of @var{address}, an address as
-return by @code{make-socket-address}, with the given @var{style} and
-@var{backlog}.
-
-When @var{address} is of type @code{AF_UNIX}, @var{socket-owner} and
-@var{socket-group} are strings or integers that specify its ownership and that
-of its parent directory; @var{socket-directory-permissions} specifies the
-permissions for its parent directory."
-  (make-endpoint name address style backlog
-                 socket-owner socket-group
-                 socket-directory-permissions))
-
 (define (wait-for-readable ports)
   "Suspend the current task until one of @var{ports} is available for
 reading."
@@ -1538,58 +1579,10 @@ The colon-separated list of endpoint names.
 
 This must be paired with @code{make-systemd-destructor}."
   (lambda args
-    (define (endpoint->listening-socket endpoint)
-      ;; Return a listening socket for ENDPOINT.
-      (match endpoint
-        (($ <endpoint> name address style backlog
-                       owner group permissions)
-         (let* ((sock    (non-blocking-port
-                          (socket (sockaddr:fam address) style 0)))
-                (owner   (if (integer? owner)
-                             owner
-                             (passwd:uid (getpwnam owner))))
-                (group   (if (integer? group)
-                             group
-                             (group:gid (getgrnam group)))))
-           (setsockopt sock SOL_SOCKET SO_REUSEADDR 1)
-           (when (= AF_UNIX (sockaddr:fam address))
-             (mkdir-p (dirname (sockaddr:path address)) permissions)
-             (chown (dirname (sockaddr:path address)) owner group)
-             (catch-system-error (delete-file (sockaddr:path address))))
-
-           (bind sock address)
-           (listen sock backlog)
-
-           (when (= AF_UNIX (sockaddr:fam address))
-             (chown sock owner group)
-             (chmod sock #o666))
-
-           sock))))
-
-    (define (open-sockets addresses)
-      (let loop ((endpoints endpoints)
-                 (result   '()))
-        (match endpoints
-          (()
-           (reverse result))
-          ((head tail ...)
-           (let ((sock (catch 'system-error
-                         (lambda ()
-                           (endpoint->listening-socket head))
-                         (lambda args
-                           ;; When opening one socket fails, abort the whole
-                           ;; process.
-                           (for-each (match-lambda
-                                       ((_ . socket) (close-port socket)))
-                                     result)
-                           (apply throw args)))))
-             (loop tail
-                   `((,(endpoint-name head) . ,sock) ,@result)))))))
-
-    (let* ((sockets   (open-sockets endpoints))
-           (ports     (match sockets
-                        (((names . ports) ...)
-                         ports)))
+    (let* ((ports     (open-sockets endpoints))
+           (sockets   (map (lambda (endpoint socket)
+                             (cons (endpoint-name endpoint) socket))
+                           endpoints ports))
            (variables (list (string-append "LISTEN_FDS="
                                            (number->string (length sockets)))
                             (string-append "LISTEN_FDNAMES="
-- 
2.36.0





From debbugs-submit-bounces@debbugs.gnu.org Wed May 18 10:07:14 2022
Received: (at 55335) by debbugs.gnu.org; 18 May 2022 14:07:14 +0000
Received: from localhost ([127.0.0.1]:33080 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1nrKKX-0003se-K0
	for submit@debbugs.gnu.org; Wed, 18 May 2022 10:07:14 -0400
Received: from eggs.gnu.org ([209.51.188.92]:53362)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1nrKKP-0003rO-DI
 for 55335@debbugs.gnu.org; Wed, 18 May 2022 10:07:07 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:58652)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1nrKKK-0000dy-7P; Wed, 18 May 2022 10:07:00 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=5jIG4E8LPC++EfiAKatlUMPRyiIKO0S1bhQGpEgZMlQ=; b=F+xCvk7BabhMiZukejj/
 3XLnjVPHlcBfmXohpAl6wQruekCp55cyEI6uE4iVlbmBCQ7SG42hnFfrDlQ7qq2hlzMnPbIAZfqeA
 X2kQGoVB8vYO+TnfEnYCzw9qEPM4gproysC4Vde5uOfOua0HKK2+uB9DMV9v0hAO9bFXLcSw5Z+4D
 bGihridVgQAlpU2pJhe+IrR7DFEpvXqGtIQ6cWnt0pMEqxQ3UzOyiZ/vMuNH6hWEz/57y5jFyZ4EX
 810fx0esB+yqem9xqzzIhTP7zxl0ok3wGLWLIt63CRkc109NVBalAN4+HUEpmPbOprXtI1zgIy8n4
 HRS6+Zzv/0zM0Q==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:56764
 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1nrKKJ-0003x7-QX; Wed, 18 May 2022 10:07:00 -0400
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
To: 55335@debbugs.gnu.org
Subject: [PATCH Shepherd 3/3] Interpret AF_INET6 endpoints as IPv6-only.
Date: Wed, 18 May 2022 16:06:45 +0200
Message-Id: <20220518140645.17144-4-ludo@gnu.org>
X-Mailer: git-send-email 2.36.0
In-Reply-To: <20220518140645.17144-1-ludo@gnu.org>
References: <87zgjkfbcl.fsf_-_@gnu.org> <20220518140645.17144-1-ludo@gnu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 55335
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* configure.ac: Check the values of IPPROTO_IPV6 and IPV6_V6ONLY.
* modules/shepherd/system.scm.in (ipv6-only): New procedure.
* modules/shepherd/service.scm (endpoint->listening-socket): Call it if
ADDRESS is AF_INET6.
(define-as-needed): New macro.
(IN6ADDR_LOOPBACK, IN6ADDR_ANY): New variables.
* tests/inetd.sh: Add 'test-inetd6' and 'test-inetd-v6-only' services.
Test them.
---
 NEWS                           | 11 +++++++
 configure.ac                   | 12 +++++++
 doc/shepherd.texi              | 14 ++++++++
 modules/shepherd/service.scm   | 19 +++++++++++
 modules/shepherd/system.scm.in | 11 +++++++
 tests/inetd.sh                 | 58 ++++++++++++++++++++++++++++++++++
 6 files changed, 125 insertions(+)

diff --git a/NEWS b/NEWS
index 4ce7a48..3798b31 100644
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,17 @@ For compatibility with 0.9.0, if the second argument to
 list of endpoints.  This behavior will be preserved for at least the whole
 0.9.x series.
 
+** ‘AF_INET6’ endpoints are now interpreted as IPv6-only
+
+In 0.9.0, using an ‘AF_INET6’ endpoint for ‘make-systemd-constructor’ would
+usually have the effect of making the service available on both IPv6 and IPv4.
+This is due to the default behavior of Linux, which is to bind IPv6 addresses
+as IPv4 as well (the default behavior can be changed by running
+‘sysctl net.ipv6.bindv6only 1’).
+
+‘AF_INET6’ endpoints are now interpreted as IPv6-only.  Thus, if a service is
+to be made available both as IPv6 and IPv4, two endpoints must be used.
+
 ** ‘shepherd’ reports whether a service is transient
 ** ‘herd status’ shows whether a service is transient
 ** Fix possible file descriptor leak in ‘make-inetd-constructor’
diff --git a/configure.ac b/configure.ac
index bf91560..b745813 100644
--- a/configure.ac
+++ b/configure.ac
@@ -141,6 +141,18 @@ AC_SUBST([SIG_BLOCK])
 AC_SUBST([SIG_UNBLOCK])
 AC_SUBST([SIG_SETMASK])
 
+dnl Check for constants not exported by Guile as of 3.0.8.
+AC_MSG_CHECKING([<netinet/in.h> constants])
+AC_COMPUTE_INT([IPPROTO_IPV6], [IPPROTO_IPV6], [
+  #include <sys/socket.h>
+  #include <netinet/in.h>])
+AC_COMPUTE_INT([IPV6_V6ONLY], [IPV6_V6ONLY], [
+  #include <sys/socket.h>
+  #include <netinet/in.h>])
+AC_MSG_RESULT([done])
+AC_SUBST([IPPROTO_IPV6])
+AC_SUBST([IPV6_V6ONLY])
+
 AC_MSG_CHECKING([whether to build crash handler])
 case "$host_os" in
   linux-gnu*)  build_crash_handler=yes;;
diff --git a/doc/shepherd.texi b/doc/shepherd.texi
index 9efc48e..841b854 100644
--- a/doc/shepherd.texi
+++ b/doc/shepherd.texi
@@ -1093,6 +1093,20 @@ Return a new endpoint called @var{name} of @var{address}, an address as
 return by @code{make-socket-address}, with the given @var{style} and
 @var{backlog}.
 
+When @var{address} is of type @code{AF_INET6}, the endpoint is
+@emph{IPv6-only}.  Thus, if you want a service available both on IPv4
+and IPv6, you need two endpoints.  For example, below is a list of
+endpoints to listen on port 4444 on all the network interfaces, both in
+IPv4 and IPv6 (``0.0.0.0'' for IPv4 and ``::0'' for IPv6):
+
+@lisp
+(list (endpoint (make-socket-address AF_INET INADDR_ANY 4444))
+      (endpoint (make-socket-address AF_INET6 IN6ADDR_ANY 4444)))
+@end lisp
+
+This is the list you would pass to @code{make-inetd-constructor} or
+@code{make-systemd-constructor}---see below.
+
 When @var{address} is of type @code{AF_UNIX}, @var{socket-owner} and
 @var{socket-group} are strings or integers that specify its ownership and that
 of its parent directory; @var{socket-directory-permissions} specifies the
diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm
index e93466a..6df550c 100644
--- a/modules/shepherd/service.scm
+++ b/modules/shepherd/service.scm
@@ -1251,6 +1251,10 @@ as argument, where SIGNAL defaults to `SIGTERM'."
 return by @code{make-socket-address}, with the given @var{style} and
 @var{backlog}.
 
+When @var{address} is of type @code{AF_INET6}, the endpoint is
+@emph{IPv6-only}.  Thus, if you want a service available both on IPv4 and
+IPv6, you need two endpoints.
+
 When @var{address} is of type @code{AF_UNIX}, @var{socket-owner} and
 @var{socket-group} are strings or integers that specify its ownership and that
 of its parent directory; @var{socket-directory-permissions} specifies the
@@ -1273,6 +1277,11 @@ permissions for its parent directory."
                          group
                          (group:gid (getgrnam group)))))
        (setsockopt sock SOL_SOCKET SO_REUSEADDR 1)
+       (when (= AF_INET6 (sockaddr:fam address))
+         ;; Interpret AF_INET6 endpoints as IPv6-only.  This is contrary to
+         ;; the Linux defaults where listening on an IPv6 address also listens
+         ;; on its IPv4 counterpart.
+         (ipv6-only sock))
        (when (= AF_UNIX (sockaddr:fam address))
          (mkdir-p (dirname (sockaddr:path address)) permissions)
          (chown (dirname (sockaddr:path address)) owner group)
@@ -1309,6 +1318,16 @@ thrown an previously-opened sockets are closed."
                        (apply throw args)))))
          (loop tail (cons sock result)))))))
 
+(define-syntax-rule (define-as-needed name value)
+  (unless (defined? 'name)
+    (module-define! (current-module) 'name value)
+    (module-export! (current-module) '(name))))
+
+;; These values are not defined as of Guile 3.0.8.  Provide them as a
+;; convenience.
+(define-as-needed IN6ADDR_LOOPBACK 1)
+(define-as-needed IN6ADDR_ANY 0)
+
 
 ;;;
 ;;; Inetd-style services.
diff --git a/modules/shepherd/system.scm.in b/modules/shepherd/system.scm.in
index 2562764..0978c18 100644
--- a/modules/shepherd/system.scm.in
+++ b/modules/shepherd/system.scm.in
@@ -32,6 +32,7 @@
             prctl
             PR_SET_CHILD_SUBREAPER
             getpgid
+            ipv6-only
             SFD_CLOEXEC
             signalfd
             consume-signalfd-siginfo
@@ -141,6 +142,16 @@ ctrlaltdel(8) and see kernel/reboot.c in Linux."
                    (list err))
             result)))))
 
+(define (ipv6-only port)
+  "Make PORT, a file port backed by a socket, IPv6-only (using the IPV6_V6ONLY
+socket option) and return PORT.
+
+This is useful when willing to make a listening socket that operates on IPv6
+only (by default, Linux binds AF_INET6 addresses on IPv4 as well)."
+  ;; As of Guile 3.0.8, IPPROTO_IPV6 and IPV6_V6ONLY are not exported.
+  (setsockopt port @IPPROTO_IPV6@ @IPV6_V6ONLY@ 1)
+  port)
+
 (define (allocate-sigset)
   (bytevector->pointer (make-bytevector @SIZEOF_SIGSET_T@)))
 
diff --git a/tests/inetd.sh b/tests/inetd.sh
index 83037bf..c05d6fe 100644
--- a/tests/inetd.sh
+++ b/tests/inetd.sh
@@ -48,6 +48,28 @@ cat > "$conf" <<EOF
                                                INADDR_LOOPBACK
                                                $PORT))))
    #:stop  (make-inetd-destructor))
+ (make <service>
+   #:provides '(test-inetd6)
+   #:start (make-inetd-constructor %command
+                                   (list
+                                    (endpoint (make-socket-address
+                                               AF_INET
+                                               INADDR_LOOPBACK
+                                               $PORT))
+                                    (endpoint (make-socket-address
+                                               AF_INET6
+                                               IN6ADDR_LOOPBACK
+                                               $PORT))))
+   #:stop  (make-inetd-destructor))
+ (make <service>
+   #:provides '(test-inetd-v6-only)
+   #:start (make-inetd-constructor %command
+                                   (list
+                                    (endpoint (make-socket-address
+                                               AF_INET6
+                                               IN6ADDR_LOOPBACK
+                                               $PORT))))
+   #:stop  (make-inetd-destructor))
  (make <service>
    #:provides '(test-inetd-unix)
    #:start (make-inetd-constructor %command
@@ -81,6 +103,7 @@ test $($herd status | grep '\+' | wc -l) -eq 2
 converse_with_echo_server ()
 {
     guile -c "(use-modules (ice-9 match) (ice-9 rdelim))
+      (define IN6ADDR_LOOPBACK 1)
       (define address $1)
       (define sock (socket (sockaddr:fam address) SOCK_STREAM 0))
       (connect sock address)
@@ -98,10 +121,45 @@ do
 	"(make-socket-address AF_INET INADDR_LOOPBACK $PORT)"
 done
 
+# Unavailable on IPv6.
+! converse_with_echo_server \
+    "(make-socket-address AF_INET6 IN6ADDR_LOOPBACK $PORT)"
+
 $herd stop test-inetd
 ! converse_with_echo_server \
   "(make-socket-address AF_INET INADDR_LOOPBACK $PORT)"
 
+if guile -c '(socket AF_INET6 SOCK_STREAM 0)'; then
+    # Test IPv6 support.
+    $herd start test-inetd6
+
+    converse_with_echo_server \
+	"(make-socket-address AF_INET6 IN6ADDR_LOOPBACK $PORT)"
+    converse_with_echo_server \
+	"(make-socket-address AF_INET INADDR_LOOPBACK $PORT)"
+
+    $herd stop test-inetd6
+
+    ! converse_with_echo_server \
+	"(make-socket-address AF_INET6 IN6ADDR_LOOPBACK $PORT)"
+    ! converse_with_echo_server \
+	"(make-socket-address AF_INET INADDR_LOOPBACK $PORT)"
+
+    $herd start test-inetd-v6-only
+
+    converse_with_echo_server \
+	"(make-socket-address AF_INET6 IN6ADDR_LOOPBACK $PORT)"
+    ! converse_with_echo_server \
+	"(make-socket-address AF_INET INADDR_LOOPBACK $PORT)"
+
+    $herd stop test-inetd-v6-only
+
+    ! converse_with_echo_server \
+	"(make-socket-address AF_INET6 IN6ADDR_LOOPBACK $PORT)"
+    ! converse_with_echo_server \
+	"(make-socket-address AF_INET INADDR_LOOPBACK $PORT)"
+fi
+
 # Now test inetd on a Unix-domain socket.
 
 $herd start test-inetd-unix
-- 
2.36.0





From debbugs-submit-bounces@debbugs.gnu.org Wed May 18 10:07:14 2022
Received: (at 55335) by debbugs.gnu.org; 18 May 2022 14:07:14 +0000
Received: from localhost ([127.0.0.1]:33082 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1nrKKY-0003sm-9o
	for submit@debbugs.gnu.org; Wed, 18 May 2022 10:07:14 -0400
Received: from eggs.gnu.org ([209.51.188.92]:53326)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1nrKKO-0003rK-AT
 for 55335@debbugs.gnu.org; Wed, 18 May 2022 10:07:08 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:58644)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1nrKKI-0000cl-Ce; Wed, 18 May 2022 10:06:58 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=AafJ4eaDPM7dm8+Ifl0a+q5JO83vx5gqwWmmRxBVmP8=; b=D3X9q3KjlwbyWi7WhcwZ
 0f+p8TwDmHfBvBB3gOEjFQyUQvT3MwSz3rFvdKtotgVdyE4u3oMZ0k+tKgVFk33zOmo2glekXpqH0
 3b4z1eM+K2u0QGEfWoogdLp4ZIft0UH1eO9EsoaFVNevcLHhGWNI6bMjph/N7hDw+YL6K+MHAPNQf
 NE2ZVf0vfvux2j+kd7BlZ9nA5xkHoS709e404JBMmxbPGGwRo9uwCVG6ziztIcUsGPSe1AdGFP1rq
 xvuOcpJJfVKiftvn0IcKq6yVVjGzQ965IkPP6j4qScOH2aCf4uTHjhZ3135ll9eGcChnMVaBtuowe
 77p6Qa2IeSH0iQ==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:56764
 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1nrKKI-0003x7-0R; Wed, 18 May 2022 10:06:58 -0400
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
To: 55335@debbugs.gnu.org
Subject: [PATCH Shepherd 0/3] Endpoints for inetd services + IPv6-only
 endpoints
Date: Wed, 18 May 2022 16:06:42 +0200
Message-Id: <20220518140645.17144-1-ludo@gnu.org>
X-Mailer: git-send-email 2.36.0
In-Reply-To: <87zgjkfbcl.fsf_-_@gnu.org>
References: <87zgjkfbcl.fsf_-_@gnu.org>
X-Debbugs-Cc: Jack Hill <jackhill@jackhill.us>,
 Christopher Baines <mail@cbaines.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 55335
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi!

Here’s a couple of changes to the Shepherd addressing the concerns
Chris raised in <https://issues.guix.gnu.org/55335>:

  • ‘make-inetd-constructor’ now accepts a list of endpoints, like
    ‘make-systemd-constructor’, instead of a single address.

  • AF_INET6 endpoints are now interpreted as IPv6-only.

I’ve pushed this in the Shepherd repo as ‘wip-inetd-ipv6’.  You’re
welcome to test that branch in Guix System VMs or something.

Lemme know what you think!  If it’s good, we can merge it and
release the Shepherd 0.9.1 with this and other fixes that have
accumulated.

Ludo’.

Ludovic Courtès (3):
  service: 'make-inetd-constructor' accepts a list of endpoints.
  tests: Update inetd tests to pass a list of endpoints.
  Interpret AF_INET6 endpoints as IPv6-only.

 NEWS                           |  24 +++
 configure.ac                   |  12 ++
 doc/shepherd.texi              |  68 ++++----
 modules/shepherd/service.scm   | 274 +++++++++++++++++----------------
 modules/shepherd/system.scm.in |  11 ++
 tests/inetd.sh                 |  71 ++++++++-
 6 files changed, 294 insertions(+), 166 deletions(-)


base-commit: 05f169e896ea6520a8daebee68e5844e605526c4
-- 
2.36.0





From debbugs-submit-bounces@debbugs.gnu.org Wed May 18 10:28:53 2022
Received: (at 55335) by debbugs.gnu.org; 18 May 2022 14:28:53 +0000
Received: from localhost ([127.0.0.1]:33141 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1nrKfV-0004Rh-Dh
	for submit@debbugs.gnu.org; Wed, 18 May 2022 10:28:53 -0400
Received: from eggs.gnu.org ([209.51.188.92]:58804)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1nrKfT-0004RS-V4
 for 55335@debbugs.gnu.org; Wed, 18 May 2022 10:28:52 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:59084)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>) id 1nrKfO-00043p-OD
 for 55335@debbugs.gnu.org; Wed, 18 May 2022 10:28:46 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=UMq8Ey198O8FUsxDfI5sEZ5izaXVbGaXSkU82fl96uA=; b=bXEp6c9iy5bFPPQi8bTb
 qDSoi0EGO/v6U5mZkwXe2+U6R2u3m7yGE1zDNEJZ0nu9RFNSjFZkIE7ytRCyF6LpnAwkbNO6hgA89
 yZvUaHDgCcfksjZiQlV8bJawvWtzhYOIAhm0UDRdf3yqZpXrwioiV7DtZ+QUdCcjp/QE7LesBR4M1
 p8ft27XrhRScReahDmQJyRvP6H7vQhA5iUFAfrETtctswFggFjiPBsBTz7+lVcAN25wtuos7XKDZj
 ZVKAIUoRz17MqVm9BtPfRplYwtVeUq6mMU346BF9PZKXBUl3nYR3DHes4lfBNppHro4ugX+DRe/oA
 vZYYP9spTIsJ+Q==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:60450
 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>) id 1nrKfO-0002Xn-5w
 for 55335@debbugs.gnu.org; Wed, 18 May 2022 10:28:46 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
To: 55335@debbugs.gnu.org
Subject: Re: bug#55335: openssh-service no longer listens on IPv6
References: <87zgjkfbcl.fsf_-_@gnu.org> <20220518140645.17144-1-ludo@gnu.org>
 <20220518140645.17144-4-ludo@gnu.org>
Date: Wed, 18 May 2022 16:28:43 +0200
In-Reply-To: <20220518140645.17144-4-ludo@gnu.org> ("Ludovic =?utf-8?Q?Cou?=
 =?utf-8?Q?rt=C3=A8s=22's?=
 message of "Wed, 18 May 2022 16:06:45 +0200")
Message-ID: <87h75m3of8.fsf_-_@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 55335
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Ludovic Court=C3=A8s <ludo@gnu.org> skribis:

> + (make <service>
> +   #:provides '(test-inetd6)
> +   #:start (make-inetd-constructor %command
> +                                   (list
> +                                    (endpoint (make-socket-address
> +                                               AF_INET
> +                                               INADDR_LOOPBACK
> +                                               $PORT))
> +                                    (endpoint (make-socket-address
> +                                               AF_INET6
> +                                               IN6ADDR_LOOPBACK
> +                                               $PORT))))
> +   #:stop  (make-inetd-destructor))
> + (make <service>
> +   #:provides '(test-inetd-v6-only)
> +   #:start (make-inetd-constructor %command
> +                                   (list
> +                                    (endpoint (make-socket-address
> +                                               AF_INET6
> +                                               IN6ADDR_LOOPBACK
> +                                               $PORT))))
> +   #:stop  (make-inetd-destructor))

I should point out that this new test hangs with Fibers 1.1.0; we need
this fix:

  https://github.com/wingo/fibers/commit/c25dcb9cc4b5b977474ffe555b40ce2f1d=
0d1edc

I=E2=80=99ve contacted Aleix to see if we could release Fibers 1.1.1.  Othe=
rwise
we=E2=80=99ll use a snapshot in Guix.

Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Sun May 22 16:08:56 2022
Received: (at 55335-done) by debbugs.gnu.org; 22 May 2022 20:08:56 +0000
Received: from localhost ([127.0.0.1]:46493 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1nsrsl-0006wC-Vq
	for submit@debbugs.gnu.org; Sun, 22 May 2022 16:08:56 -0400
Received: from eggs.gnu.org ([209.51.188.92]:40546)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1nsrsk-0006vw-Fa
 for 55335-done@debbugs.gnu.org; Sun, 22 May 2022 16:08:54 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:45968)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1nsrsf-0003EE-6g; Sun, 22 May 2022 16:08:49 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=LCXWYBgj3j6/ikekdvf/bUfgHQBZxKtw9rgX1NWvTaY=; b=JK2Gz9W/feKZvQweRIS4
 w3ACzUwxuAC7fUIzKsoyZ4hRYJi54Iw/034A/s35souIHIlQtg5810Ac17Lpr3Z0ol+cAEjVKFttM
 F9iS4tK6VYMkJhspicRE4eY0HhrJs2mPqvzuELP67zB1i0WBjBuWErJWaUnquSAdYeKph5+DO3htw
 uLMBVG4rHMMTXLnEBY5mX/PS6Lc88IGG0EtUdOgNgrJ/bL+OZuVndyFBCM+UTkxZZ5ugybeUQgHv0
 fyKZ+UQgUqgSpMEY/KQcNqqiW43sJvlzlU1K6RRAoShAFjO6ddzRGD74Q9QUNlxR6hOnx2YgatHjo
 CIEDlFc+/pw5EA==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:59844
 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1nsrse-0001cN-MY; Sun, 22 May 2022 16:08:49 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
To: 55335-done@debbugs.gnu.org, Christopher Baines <mail@cbaines.net>, Jack
 Hill <jackhill@jackhill.us>
Subject: Re: bug#55335: openssh-service no longer listens on IPv6
References: <87zgjkfbcl.fsf_-_@gnu.org> <20220518140645.17144-1-ludo@gnu.org>
 <20220518140645.17144-4-ludo@gnu.org> <87h75m3of8.fsf_-_@gnu.org>
Date: Sun, 22 May 2022 22:08:46 +0200
In-Reply-To: <87h75m3of8.fsf_-_@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s?=
 =?utf-8?Q?=22's?= message of "Wed, 18 May 2022 16:28:43 +0200")
Message-ID: <87a6b9qqi9.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 55335-done
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hello!

With Shepherd 0.9.1 released, I believe Guix commit
d2b3400f79ffaed3357650307376ab69a7ec3b1b fixes this bug for good, also
adding a system test for SSH access over IPv6 (both with OpenSSH and
Dropbear).

Let me know if anything=E2=80=99s amiss!

Thanks,
Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Sun May 22 18:35:49 2022
Received: (at 55335-done) by debbugs.gnu.org; 22 May 2022 22:35:50 +0000
Received: from localhost ([127.0.0.1]:46647 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1nsuAv-0000Em-PI
	for submit@debbugs.gnu.org; Sun, 22 May 2022 18:35:49 -0400
Received: from minsky.hcoop.net ([104.248.1.95]:51394)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <jackhill@jackhill.us>) id 1nsuAu-0000Ea-I8
 for 55335-done@debbugs.gnu.org; Sun, 22 May 2022 18:35:48 -0400
Received: from marsh.hcoop.net ([45.55.52.66])
 by minsky.hcoop.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.92) (envelope-from <jackhill@jackhill.us>)
 id 1nsuAp-0007fW-Bk; Sun, 22 May 2022 18:35:43 -0400
Date: Sun, 22 May 2022 18:35:43 -0400 (EDT)
From: Jack Hill <jackhill@jackhill.us>
X-X-Sender: jackhill@marsh.hcoop.net
To: =?ISO-8859-15?Q?Ludovic_Court=E8s?= <ludo@gnu.org>
Subject: Re: bug#55335: openssh-service no longer listens on IPv6
In-Reply-To: <87a6b9qqi9.fsf@gnu.org>
Message-ID: <alpine.DEB.2.21.2205221832510.11587@marsh.hcoop.net>
References: <87zgjkfbcl.fsf_-_@gnu.org> <20220518140645.17144-1-ludo@gnu.org>
 <20220518140645.17144-4-ludo@gnu.org> <87h75m3of8.fsf_-_@gnu.org>
 <87a6b9qqi9.fsf@gnu.org>
User-Agent: Alpine 2.21 (DEB 202 2017-01-01)
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="925712948-1327574119-1653258943=:11587"
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 55335-done
Cc: Christopher Baines <mail@cbaines.net>, 55335-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--925712948-1327574119-1653258943=:11587
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8BIT

On Sun, 22 May 2022, Ludovic Courtès wrote:

> Hello!
>
> With Shepherd 0.9.1 released, I believe Guix commit
> d2b3400f79ffaed3357650307376ab69a7ec3b1b fixes this bug for good, also
> adding a system test for SSH access over IPv6 (both with OpenSSH and
> Dropbear).
>
> Let me know if anything’s amiss!
>
> Thanks,
> Ludo’.

It's working well for me, allowing connections over both v4 and v6. I have 
another host that I can only access with a v6 via wireguard address, which 
I haven't been able to upgrade yet. I don't anticipate any problems there 
though.

Many thanks!
Jack
--925712948-1327574119-1653258943=:11587--




From debbugs-submit-bounces@debbugs.gnu.org Mon May 23 09:30:31 2022
Received: (at 55335-done) by debbugs.gnu.org; 23 May 2022 13:30:31 +0000
Received: from localhost ([127.0.0.1]:47669 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1nt88k-0007Pm-SW
	for submit@debbugs.gnu.org; Mon, 23 May 2022 09:30:31 -0400
Received: from eggs.gnu.org ([209.51.188.92]:37330)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1nt88j-0007PW-IH
 for 55335-done@debbugs.gnu.org; Mon, 23 May 2022 09:30:29 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:34062)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1nt88d-0007oz-WF; Mon, 23 May 2022 09:30:24 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=pZqtnm370tYc0n5GC9W/dU2XqcFCAR7BafeIhDCG8lM=; b=IjdG5RX++U+a8lWSmUe0
 iyUX7afJCw6LqSGHzCISGHy2iqYJqCQns17rkiLNWLx0fvGeA+wiBagI5wnuNI/YvvvE4z1RH/t3U
 GorGXJ2M6kt85tgqrKEM84S9LgD4hlZH+RWxDywQjNtno6ecBX21K17Y8SCt+vHW+GZURD9eqdjlR
 U+HbMcCets+LJG0Ux/hPzu+8kXe9h6NDCps22rgTXGdMlQr6UImWJr/wHlj83X/KoEtwyyaJW5JkB
 Sbp3Z6Y9ece59JfohRqG3W0Z3zhY0oIUchsVQxRyYLFIhkLPD8IvELsc5LHcxf71j0fogZdyFb0Uz
 /EhyXAuInH5oFQ==;
Received: from [193.50.110.143] (port=48298 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1nt88V-0007zD-Mz; Mon, 23 May 2022 09:30:23 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
To: Jack Hill <jackhill@jackhill.us>
Subject: Re: bug#55335: openssh-service no longer listens on IPv6
References: <87zgjkfbcl.fsf_-_@gnu.org> <20220518140645.17144-1-ludo@gnu.org>
 <20220518140645.17144-4-ludo@gnu.org> <87h75m3of8.fsf_-_@gnu.org>
 <87a6b9qqi9.fsf@gnu.org>
 <alpine.DEB.2.21.2205221832510.11587@marsh.hcoop.net>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 4 Prairial an 230 de la =?utf-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Mon, 23 May 2022 15:30:12 +0200
In-Reply-To: <alpine.DEB.2.21.2205221832510.11587@marsh.hcoop.net> (Jack
 Hill's message of "Sun, 22 May 2022 18:35:43 -0400 (EDT)")
Message-ID: <878rqs74wr.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 55335-done
Cc: Christopher Baines <mail@cbaines.net>, 55335-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi Jack,

Jack Hill <jackhill@jackhill.us> skribis:

> It's working well for me, allowing connections over both v4 and v6. I
> have another host that I can only access with a v6 via wireguard
> address, which I haven't been able to upgrade yet. I don't anticipate
> any problems there though.

Good, thanks for reporting back!

Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Mon May 23 11:29:20 2022
Received: (at 55335) by debbugs.gnu.org; 23 May 2022 15:29:20 +0000
Received: from localhost ([127.0.0.1]:50041 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1nt9zj-0004yN-T6
	for submit@debbugs.gnu.org; Mon, 23 May 2022 11:29:20 -0400
Received: from smtprelay01.ispgateway.de ([80.67.31.24]:15243)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <simon@netpanic.org>) id 1nt9zi-0004yF-4q
 for 55335@debbugs.gnu.org; Mon, 23 May 2022 11:29:18 -0400
Received: from [91.40.251.249] (helo=motorball)
 by smtprelay01.ispgateway.de with esmtpsa (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2)
 (envelope-from <simon@netpanic.org>)
 id 1nt9zj-0000kg-6I; Mon, 23 May 2022 17:29:19 +0200
From: Simon Streit <simon@netpanic.org>
To: 55335@debbugs.gnu.org
Subject: Re: bug#55335: openssh-service no longer listens on IPv6
References: <87zgjkfbcl.fsf_-_@gnu.org> <20220518140645.17144-1-ludo@gnu.org>
 <20220518140645.17144-4-ludo@gnu.org> <87h75m3of8.fsf_-_@gnu.org>
 <87a6b9qqi9.fsf@gnu.org>
Gcc: nnfolder+archive:sent.2022-05
Date: Mon, 23 May 2022 17:29:15 +0200
In-Reply-To: <87a6b9qqi9.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?=
 =?utf-8?Q?s?= message of "Sun, 22 May 2022 22:08:46 +0200")
Message-ID: <yguilpw2rp0.fsf@netpanic.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Df-Sender: bGlzdHNAbmV0cGFuaWMub3Jn
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 55335
Cc: ludo@gnu.org, mail@cbaines.net
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Ludovic Court=C3=A8s <ludo@gnu.org> writes:

> Let me know if anything=E2=80=99s amiss!

Looking all good.  v4 and v6 connections are working now.





From unknown Sat Jun 14 18:59:31 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Tue, 21 Jun 2022 11:24:04 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator