can't bind socket: Permission denied for IPv6

[W.C.A. Wijngaards]

Hi nusenu,

On 24/06/18 13:12, nusenu via Unbound-users wrote:
> Hi,
> 
> I've got the following intermittent socket bind errors in my log files:
> 
> error: can't bind socket: Permission denied for <IPv6 address>

Does the patch fix the problem for you?  If so, the flowinfo or scopeid
information is changed and needs to be reset for the next assignment.
And somehow the information gets permission denied, maybe because of
privacy IPv6 address changes, those values refer to a no longer
accessible address?


Index: services/outside_network.c
===================================================================
--- services/outside_network.c	(revision 4753)
+++ services/outside_network.c	(working copy)
@@ -1036,6 +1036,8 @@
 		int freebind = 0;
 		struct sockaddr_in6 sa = *(struct sockaddr_in6*)addr;
 		sa.sin6_port = (in_port_t)htons((uint16_t)port);
+		sa.sin6_flowinfo = 0;
+		sa.sin6_scope_id = 0;
 		if(pfxlen != 0) {
 			freebind = 1;
 			sai6_putrandom(&sa, pfxlen, rnd);


Best regards, Wouter

> 
> Frequency: 1-3 per day
> 
> The config contains 10 specific IPv6 addresses and 4 IPv4
> 'outgoing-interface:'
> addresses.
> The errors show only IPv6 addresses (no IPv4).
> The IPv6 addresses appear to work fine though.
> 
> The config also has:
> prefer-ip6: yes
> 
> 
> I found an old (from 2014) thread in the ML archive [1]
> with a similar error but it did not include a solution for me.
> 
> This is unbound 1.7.2 on FreeBSD.
> 
> Any hints would be appreciated.
> As a workaround I could disable the IPv6 'outgoing-interface'
> configuration lines.
> 
> kind regards,
> nusenu
> 
> 
> [1] https://www.unbound.net/pipermail/unbound-users/2014-October/003552.html
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180626/123837c2/attachment.bin>