can't bind socket: Permission denied for IPv6

W.C.A. Wijngaards wouter at nlnetlabs.nl
Mon Jul 2 07:50:17 UTC 2018 

Hi Nusenu,

On 30/06/18 18:07, nusenu via Unbound-users wrote:
> 
>>> I've got the following intermittent socket bind errors in my log files:
>>>
>>> error: can't bind socket: Permission denied for <IPv6 address>
>>
>> Does the patch fix the problem for you?  
> 
> I'm running 1.7.3 with this patch applied and still got an
> 
> can't bind socket: Permission denied for ...
> 
> error in the logs, but it feels like it is happening less frequently?
> 
> 
>> If so, the flowinfo or scopeid
>> information is changed and needs to be reset for the next assignment.
>> And somehow the information gets permission denied, maybe because of
>> privacy IPv6 address changes, those values refer to a no longer
>> accessible address?
> 
> The IPv6 addresses are statically assigned and should be available
> all the time (also verified via ping6).
> 
> How bad is that error actually (since everything appears to work fine)? 
> Should I disable IPv6 outgoing-interface lines to workaround this errors?

I think it is harmless, but the permission denied shouldn't really be
happening?  In the code repository is a patch that prints out the port
number as well, perhaps the port number is somehow reserved for a purpose.

No need to disable IPv6, but it is interesting to see what is permission
denied, as unbound uses randomised port numbers once in a while.
Unbound already avoids all IANA registered port numbers as well as <1024
port numbers.  Also, those port numbers should not give permission
denied, but a different failure (port already in use if it is in use).
So, perhaps also something with FreeBSD is going on, perhaps the
permissions system.

Best regards, Wouter

Index: util/net_help.c
===================================================================
--- util/net_help.c	(revision 4758)
+++ util/net_help.c	(working copy)
@@ -410,7 +410,7 @@
 	if(verbosity >= 4)
 		log_err("%s: %s for %s port %d (len %d)", str, err, dest,
 			(int)port, (int)addrlen);
-	else	log_err("%s: %s for %s", str, err, dest);
+	else	log_err("%s: %s for %s port %d", str, err, dest, (int)port);
 }

 int




> 
> thanks,
> nusenu
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180702/984021e2/attachment.bin>

More information about the Unbound-users mailing list