Fixes #193: use strict IPv4 regex in nginx resolver to prevent crash#194
Open
d4c00 wants to merge 1 commit intolinuxserver:3.23from
Open
Fixes #193: use strict IPv4 regex in nginx resolver to prevent crash#194d4c00 wants to merge 1 commit intolinuxserver:3.23from
d4c00 wants to merge 1 commit intolinuxserver:3.23from
Conversation
### Problem
The current logic filters IPv6 addresses by counting colons (NF-1 <= 2). However, compressed IPv6 addresses like `fd00::1` contain only two colons, causing them to be incorrectly identified as IPv4. This leads to an invalid `resolver.conf` and Nginx fails to start with:
`[emerg] invalid port in resolver "fd00::1"`
Solution
Replaced the unreliable colon-counting logic with a strict IPv4 regex: ^[0-9]{1,3}(\.[0-9]{1,3}){3}$. This ensures only valid IPv4 addresses are added, maintaining the script's intent to "ignore ipv6 addresses" without crashing Nginx.
Impact
Fixes container startup failure on hosts with IPv6 ULA or compressed addresses in /etc/resolv.conf.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Thanks for opening this pull request! Be sure to follow the pull request template!
Contributor
|
I am a bot, here are the test results for this PR:
|
d4c00
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description:
Fixes #193. This PR addresses a critical Nginx startup failure in the /etc/s6-overlay/s6-rc.d/init-nginx/run script.
The previous logic used
awk -F ':' '{print NF-1}'to filter IPv6 addresses from/etc/resolv.conf. However, this method fails to account for compressed IPv6 addresses (e.g., fd00::1), which only contain two colons and thus bypass the filter. This results in an unformatted IPv6 address being written to/config/nginx/resolver.confwithout brackets [], causing the Nginx error:[emerg] invalid port in resolver "fd00::1".The fix implements a declarative regex to strictly validate IPv4 addresses, ensuring only valid IPv4 entries are passed to the resolver configuration.
Benefits of this PR and context:
In dual-stack environments (common in RHEL/Podman setups), both IPv4 and IPv6 nameservers are automatically passed into the container's
/etc/resolv.conf.This PR prevents the container from entering a crash loop by ensuring that compressed IPv6 addresses are correctly ignored rather than being misinterpreted as IPv4. By switching to a declarative regex validation
^[0-9]{1,3}(\.[0-9]{1,3}){3}$, we eliminate the edge cases inherent in the previous colon-counting approach, providing a more robust and predictable initialization process.How Has This Been Tested?
Environment: RHEL 10.1 with dual-stack networking and Podman.
Test Case: Added nameserver
10.0.0.1andfd00::1to the host's/etc/resolv.conf.Source / References: