Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTP proxy used for ipv6 addresses which have equivalent (but not exact) no_proxy matches #5745

Closed
andrewflbarnes opened this issue Jul 29, 2020 · 2 comments

Comments

@andrewflbarnes
Copy link

andrewflbarnes commented Jul 29, 2020

I did this

Set http_proxy and include ::1 in the no_proxy variable or --noproxy option. Perform a curl command to a URL with an ipv6 IP equivalent to ::1 but not an exact match. e.g.

$ export http_proxy="some.proxy"
$ export no_proxy="::1"

$ curl [0:0:0:0:0:0:0:1]:5672 -s -v >/dev/null
* Uses proxy env variable no_proxy == '::1'
* Uses proxy env variable http_proxy == 'some.proxy'
* Could not resolve proxy: some.proxy
* Closing connection 0
# or
# curl -v -s --no-proxy="::1" http://[0:0:0:0:0:0:0:1]:5672 >/dev/null

Appears to break when equivalent addresses have truncation, trailing 0s and dual addresses. Other examples:

 curl --noproxy "0:0:0:0:0:0:7f00:1" [::7f00:1]:5672 -s -v >/dev/null
 curl --noproxy "::7f00:1" [0:0:0:0:0:0:7f00:1]:5672 -s -v >/dev/null
 curl --noproxy "0:0:0:0:0:0:7f00:1" [0:0:0:0:0:0:7f00:0001]:5672 -s -v >/dev/null
 curl --noproxy "0:0:0:0:0:0:7f00:0001" [0:0:0:0:0:0:7f00:1]:5672 -s -v >/dev/null
 curl --noproxy "::7f00:1" [::127.0.0.1]:5672 -s -v >/dev/null

I expected the following

curl doesn't use a proxy and attempts to connect to the host directly as it does in an exact match e.g.

$  curl --noproxy "::1" [::1]:5672 -s -v >/dev/null
*   Trying ::1:5672...
* Connected to ::1 (::1) port 5672 (#0)
> GET / HTTP/1.1
> Host: [::1]:5672
> User-Agent: curl/7.71.1
> Accept: */*
> 

# etc.

Side note: curl appears to have the ability to resolve/convert ipv6 elsewhere for verbose output e.g.

$ curl --noproxy "0:0:0:0:0:0:7f00:1" [0:0:0:0:0:0:7f00:1]:5672 -s -v >/dev/null 
*   Trying ::127.0.0.1:5672...

$ curl --noproxy "0:0:0:0:0:f:ff00:1" [0:0:0:0:0:f:ff00:1]:5672 -s -v >/dev/null 
*   Trying ::f:ff00:1:5672...

curl/libcurl version

$ curl -V
curl 7.71.1 (x86_64-apple-darwin18.7.0) libcurl/7.71.1 SecureTransport zlib/1.2.11
Release-Date: 2020-07-01
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IPv6 Largefile libz NTLM NTLM_WB SSL UnixSockets

operating system

Darwin MacBook-Pro.local 18.7.0 Darwin Kernel Version 18.7.0: Tue Aug 20 16:57:14 PDT 2019; root:xnu-4903.271.2~2/RELEASE_X86_64 x86_64

@bagder
Copy link
Member

bagder commented Jul 29, 2020

Confirmed, the noproxy matching is done on the plain string.

@bagder
Copy link
Member

bagder commented Aug 12, 2020

I'm leaning towards just documenting this behavior for now. I feel no personal urge to work on it.

bagder added a commit that referenced this issue Aug 22, 2020
Also: the current behavior is now documented in the curl.1 and
CURLOPT_NOPROXY.3 man pages.

Reported-by: Andrew Barnes
Closes #5745
@bagder bagder closed this as completed in 712d16c Aug 22, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants