hashicorp · rboyer · Feb 19, 2021 · Feb 12, 2021 · Feb 16, 2021 · Feb 17, 2021
diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go
@@ -690,12 +690,22 @@ func (s *Server) makeExposedCheckListener(cfgSnap *proxycfg.ConfigSnapshot, clus
 			advertiseLen = 128
 		}
 
+		ranges := make([]*envoycore.CidrRange, 0, 3)
+		ranges = append(ranges,
+			&envoycore.CidrRange{AddressPrefix: "127.0.0.1", PrefixLen: &wrappers.UInt32Value{Value: 8}},
+			&envoycore.CidrRange{AddressPrefix: advertise, PrefixLen: &wrappers.UInt32Value{Value: uint32(advertiseLen)}},
+		)
+
+		if ok, err := kernelSupportsIPv6(); err != nil {
+			return nil, err
+		} else if ok {
+			ranges = append(ranges,
+				&envoycore.CidrRange{AddressPrefix: "::1", PrefixLen: &wrappers.UInt32Value{Value: 128}},
+			)
+		}
+
 		chain.FilterChainMatch = &envoylistener.FilterChainMatch{
-			SourcePrefixRanges: []*envoycore.CidrRange{
-				{AddressPrefix: "127.0.0.1", PrefixLen: &wrappers.UInt32Value{Value: 8}},
-				{AddressPrefix: "::1", PrefixLen: &wrappers.UInt32Value{Value: 128}},
-				{AddressPrefix: advertise, PrefixLen: &wrappers.UInt32Value{Value: uint32(advertiseLen)}},
-			},
+			SourcePrefixRanges: ranges,
 		}
 	}
 

diff --git a/agent/xds/net_fallback.go b/agent/xds/net_fallback.go
@@ -0,0 +1,7 @@
+// +build !linux
+
+package xds
+
+func kernelSupportsIPv6() (bool, error) {
+	return true, nil
+}
diff --git a/agent/xds/net_linux.go b/agent/xds/net_linux.go
@@ -0,0 +1,35 @@
+// +build linux
+
+package xds
+
+import (
+	"fmt"
+	"os"
+	"sync"
+)
+
+const ipv6SupportProcFile = "/proc/net/if_inet6"
+
+var (
+	ipv6SupportOnce  sync.Once
+	ipv6Supported    bool
+	ipv6SupportedErr error
+)
+
+func kernelSupportsIPv6() (bool, error) {
+	ipv6SupportOnce.Do(func() {
+		ipv6Supported, ipv6SupportedErr = checkIfKernelSupportsIPv6()
+	})
+	return ipv6Supported, ipv6SupportedErr
+}
+
+func checkIfKernelSupportsIPv6() (bool, error) {
+	_, err := os.Stat(ipv6SupportProcFile)
+	if os.IsNotExist(err) {
+		return false, nil
+	} else if err != nil {
+		return false, fmt.Errorf("error checking for ipv6 support file %s: %w", ipv6SupportProcFile, err)
+	}
+
+	return true, nil
+}