Jump to content
Tuts 4 You
Sign in to follow this  
LCF-AT

IP6 vs IP4 issues....?

Recommended Posts

LCF-AT

Hi guys,

I have another short question today about using getaddrinfo function and calling diffrents about IP4 & IP6 addresses you can choose.

So I found some diffrents when calling IP4 or IP6 with specific ports (http or https).So normaly I always get an answer by the server I do call anyway if I do call it with port 80 or 443 but I see in some cases it seems not be possible to call a IP6 with port 80 and I do get a "refused" error message (WSAECONNREFUSED (0000274D)) on calling connect function.As I said, it seems only to happen for some sites I have test and other sites are working to connect and send any response back.So now I am no more sure whether calling any IP6 address in first case anymore when I also get a IP4 address of a site I can choose.In best case I want to get a successfully connection anyway whether using IP6 or IP4 version but it seems that its more better using the IP4 version.

Example: 
pagexy.com:443 = success over IP4
pagexy.com:80  = success over IP4 getting 301 moved response

pagexy.com:443 = success over IP6
pagexy.com:80  = failed  over IP6 getting WSAECONNREFUSED

So what do you think guys?Should I just trust in IP4 addresses to call them when I have the choice between IP4 & IP6?In the example above you can see that I get any answer back from server when using IP4 but not in case of IP6 = taken a while before it returns from connect function (few seconds) or more worse when I am using a timeout so then it does hang in the select function for the whole timeout I did set manually before.Lets say I set a timeout of 20 seconds then it does hang into select function for 20 seconds = really bad of course.Anyway, so all in all I just wanted to know your opinion what you do think about that IPx issues etc you know.

greetz

Share this post


Link to post
atom0s

Your IPv4 info resembles a typical website attempting to enforce SSL where all http:// traffic is forwarded to the proper https:// instead.

Your IPv6 info resembles a server misconfigured for the same thing and not properly handling the forwarding.

  • Like 1

Share this post


Link to post
LCF-AT

Hi,

good ok its an server side issue I can't do anything about it.Could that problem example I did post above also happen the other way round too?

So what would be best?Lets say I am getting some diffrent AF_INET and AF_INET6 structs filled back after calling getaddrinfo function.In normal case I am just reading the first one I found in the ADDRINFO struct anyway if AF_INET or AF_INET6 version and use it to create a socket / connect etc.

So my question now would be whether I should call the first struct (all AF_INET or AF_INET6) and if this does fail should I the loop all structs till any of them does work?

By the way, I have again another question about that getaddrinfo function and the last paramter...

INT WSAAPI getaddrinfo(
  PCSTR           pNodeName,
  PCSTR           pServiceName,
  const ADDRINFOA *pHints,
  PADDRINFOA      *ppResult  <----
);

...the descriptions isnt really good to understand on MSDN.Normaly in real action I do just enter a store location address DWORD into this paramter and after calling that function I get a pointer into back to filled ADDRINFOA struct.It means the function itself does handle it already by itself.On MSDN I can see some example looking so...

    struct addrinfo *result = NULL;
    struct addrinfo *ptr = NULL;
    struct addrinfo hints;
....
    //--------------------------------
    // Setup the hints address info structure
    // which is passed to the getaddrinfo() function
    ZeroMemory( &hints, sizeof(hints) );
    hints.ai_family = AF_UNSPEC;
    hints.ai_socktype = SOCK_STREAM;
    hints.ai_protocol = IPPROTO_TCP;

    printf("Calling getaddrinfo with following parameters:\n");
    printf("\tnodename = %s\n", argv[1]);
    printf("\tservname (or port) = %s\n\n", argv[2]);
//--------------------------------
// Call getaddrinfo(). If the call succeeds,
// the result variable will hold a linked list
// of addrinfo structures containing response
// information
    dwRetval = getaddrinfo(argv[1], argv[2], &hints, &result); <---------
    if ( dwRetval != 0 ) {
        printf("getaddrinfo failed with error: %d\n", dwRetval);
        WSACleanup();
        return 1;
    }

....so what is in &result now?A pointer address to a ADDRINFOA struct would be same like in &hints paramter.Or is it a pointer to pointer to a free size ADDRINFOA struct?So this last paramter is anyhow confusing and it seems I really don't need to handle this and just putting a free address into only.Maybe you know that and could tell me how to manage this paramter correctly etc.

Thank you

Share this post


Link to post
JMC31337

This site (in Chinese) explains a bit about that last parameter structure 

“The fourth parameter ppResult is a pointer of type PADDRINFOA, that is, a double pointer of type addrinfo”

https://www.cnblogs.com/Ishore/p/4009205.html

 

  • Like 1

Share this post


Link to post
Progman

Often servers have global settings and per domain or IP settings.  So globally require SSL is on.  But only the IPv4 address is configured for the redirect.  The redirect should have been global possibly or defined also for the IPv6.  Actually usually it's done on domain names which makes more sense.  There are further tricks since SSL can validate IPs and there is some complexity to getting all this to work right in all scenarios such as shared certificates for multiple domains, etc.

  • Like 1

Share this post


Link to post
LCF-AT

Hi again,

good ok and thanks for that info about the double pointer to the struct.For me its still not clear why doing that.As I can read is the 4. parameter used only to get infos into in return and not used to set some request paramters like in param 3.So for me it makes no sense pointing the 4. parameter to another pointer to a ADDRINFOA struct!?I can also call the function getaddrinfo without the 4. paramter (just zero) and I get the same back = pointer to filled ADDRINFOA struct,Do you know what I mean?Thats why I'am asking for whether its needed to handle the 4 paramter or not.

Example: I am using curl to request any page just because curl used getaddrinfo function.

03A7FBF4   0053D789  RETURN to curl.0053D789 from WS2_32.getaddrinfo
03A7FBF8   01C79C68  ASCII "www.bbc.com"
03A7FBFC   03A7FC34  ASCII "80"
03A7FC00   01C99674
03A7FC04   03A7FC08  <-- pointer1

03A7FC08   03A7FC30  <-- pointer2

03A7FC30   01C99670  <-- ADDRINFOA

ADDRINFOA
$ ==>    01C99670  00000000 ai_flags
$+4      01C99674  00000000 ai_family
$+8      01C99678  00000000 ai_socktype
$+C      01C9967C  00000001 ai_protocol    IPPROTO_ICMP = 1 only set paramter into
$+10     01C99680  00000000 ai_addrlen
$+14     01C99684  00000000 ai_canonname
$+18     01C99688  00000000 ai_addr
$+1C     01C9968C  00000000 ai_next
$+20    

Now when the function comes back then the struct curl did set pointers into was not changed or used etc and I am getting a new address back of a filled struct.At the moment it looks like usless extra work I have to do for that paramter 4 which I dont have to do.So did anyone check this already out a little?For me there is no logic (at the moment) using that 4. paramter like description of function says.But of course I wanna use that function correctly but I am still unsure about it. :( Any more hints about that would be welcome of course.Thanks.

greetz

Share this post


Link to post
JMC31337
On 6/24/2020 at 2:49 PM, LCF-AT said:

Hi again,

good ok and thanks for that info about the double pointer to the struct.For me its still not clear why doing that.As I can read is the 4. parameter used only to get infos into in return and not used to set some request paramters like in param 3.So for me it makes no sense pointing the 4. parameter to another pointer to a ADDRINFOA struct!?I can also call the function getaddrinfo without the 4. paramter (just zero) and I get the same back = pointer to filled ADDRINFOA struct,Do you know what I mean?Thats why I'am asking for whether its needed to handle the 4 paramter or not.

Example: I am using curl to request any page just because curl used getaddrinfo function.


03A7FBF4   0053D789  RETURN to curl.0053D789 from WS2_32.getaddrinfo
03A7FBF8   01C79C68  ASCII "www.bbc.com"
03A7FBFC   03A7FC34  ASCII "80"
03A7FC00   01C99674
03A7FC04   03A7FC08  <-- pointer1

03A7FC08   03A7FC30  <-- pointer2

03A7FC30   01C99670  <-- ADDRINFOA

ADDRINFOA
$ ==>    01C99670  00000000 ai_flags
$+4      01C99674  00000000 ai_family
$+8      01C99678  00000000 ai_socktype
$+C      01C9967C  00000001 ai_protocol    IPPROTO_ICMP = 1 only set paramter into
$+10     01C99680  00000000 ai_addrlen
$+14     01C99684  00000000 ai_canonname
$+18     01C99688  00000000 ai_addr
$+1C     01C9968C  00000000 ai_next
$+20    

Now when the function comes back then the struct curl did set pointers into was not changed or used etc and I am getting a new address back of a filled struct.At the moment it looks like usless extra work I have to do for that paramter 4 which I dont have to do.So did anyone check this already out a little?For me there is no logic (at the moment) using that 4. paramter like description of function says.But of course I wanna use that function correctly but I am still unsure about it. :( Any more hints about that would be welcome of course.Thanks.

greetz

the fourth parameter is holding your results that you see in protocol family etc

the third parameter is the type of connection you want to send 

MSDN:

ZeroMemory( &hints, sizeof(hints) ); hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; hints.ai_protocol = IPPROTO_TCP;
 

clears the memory holding ADDRINFO of sending type... then fills it with the type of connection of TCP socket unspecified family (auto detect IPv4 IPv6) in this case

once that gets sent out we want our servers reply: that’s the info stored in parameter 4 results

You then read the “results” starting at 01C99670

Before you call getaddrinfo breakpoint it on curl and see what the params’ point to

 

  • Like 1

Share this post


Link to post
LCF-AT

Hi,

so lets just talk about again that 4. paramter only.I still dont check that part because we are using already paramter 3 to fill a ADDRINFOA struct with values we want to request so this 3. paramters is glass clear so far.So for what do I need now the 4. parameter?

Maybe it would be make more sense to see a example when this ADDRINFOA struct in paramter 4 gets filled anyhow.In my tests it never get changed.Another try using Curl and checking the results in OllyDBG....

Before the call to getaddrinfo
0316F890   008AD789  RETURN to curl.008AD789 from WS2_32.getaddrinfo
0316F894   02B389A8  ASCII "www.google.com"
0316F898   0316F8D0  ASCII "80"
0316F89C   02B596D4
0316F8A0   0316F8A4

ADDRINFOA struct for paramter 3
$ ==>    02B596D4   00000000 ai_flags    = not set
$+4      02B596D8   00000000 ai_family   = AF_UNSPEC
$+8      02B596DC   00000001 ai_socktype = SOCK_STREAM
$+C      02B596E0   00000000 ai_protocol = IPPROTO_IP
$+10     02B596E4   00000000
$+14     02B596E8   00000000
$+18     02B596EC   00000000
$+1C     02B596F0   00000000

$ ==>    0316F8A4   0316F8CC
$ ==>    0316F8CC   02B596D0

ADDRINFOA struct paramter 4
$ ==>    02B596D0   00000000
$+4      02B596D4   00000000
$+8      02B596D8   00000000
$+C      02B596DC   00000001 ai_protocol = IPPROTO_ICMP ? <-- why this?
$+10     02B596E0   00000000
$+14     02B596E4   00000000
$+18     02B596E8   00000000
$+1C     02B596EC   00000000

...why does Curl set value 1 into ai_protocol?So when I change this value from 1 to 6 = IPPROTO_TCP then the function fails and I get the error WSAESOCKTNOSUPPORT back.Look this...

033CF788   008AD789  RETURN to curl.008AD789 from WS2_32.getaddrinfo
033CF78C   02D19D10  ASCII "www.google.com"
033CF790   033CF7C8  ASCII "80"
033CF794   02D396D4
033CF798   01530000  <-- new test

$ ==>    02D396D4   00000000
$+4      02D396D8   00000000
$+8      02D396DC   00000001
$+C      02D396E0   00000000
$+10     02D396E4   00000000
$+14     02D396E8   00000000
$+18     02D396EC   00000000
$+1C     02D396F0   00000000

Nothing / no pointer
$ ==>    01530000   00000000
$+4      01530004   00000000
$+8      01530008   00000000
$+C      0153000C   00000000
$+10     01530010   00000000
$+14     01530014   00000000
$+18     01530018   00000000
$+1C     0153001C   00000000

Now after function call I got this filled in parameter 4 address

$ ==>    01530000   00E12030 <--- filled by function
$+4      01530004   00000000
$+8      01530008   00000000
$+C      0153000C   00000000
$+10     01530010   00000000
$+14     01530014   00000000
$+18     01530018   00000000
$+1C     0153001C   00000000

$ ==>    00E12030   00000000
$+4      00E12034   00000017  AF_INET6
$+8      00E12038   00000001  SOCK_STREAM
$+C      00E1203C   00000000
$+10     00E12040   0000001C  ai_addrlen
$+14     00E12044   00000000
$+18     00E12048   00E12288  ai_addr
$+1C     00E1204C   00E12378  ai_next
etc

....here I just entered a free address in parm 4 which points to just zero bytes.In return I get a address back from function which points to filled ADDRINFOA struct made by the function itself.In this case I get some IP6 & IP4 structs filled back = same as would I do what Curl does using 4. paramter to set pointer to pointer to ADDRINFOA struct with one filled paramter ai_protocol = IPPROTO_ICMP (dont check why this is set here).Do you know what I mean?Anyhow I get the same back = no diffrent.Maybe you can show / tell me when it makes sense using 4. paramter with which filled infos inside etc.I still dont check this.Specially because I dont get any infos filled into the struct in paramter 4 if I set it or using Curl and checking this in Olly.The function getaddrinfo always just returns a NEW pointer address to the filled with results ADDRINFOA struct and the struct in param 4 keeps unchanged etc.

So I just wanna understand that behavior of param 4 and why I should use it when I get already same back when using not a ADDRINFOA struct + double (sensless) address pointers.You know.I also dont understand the reason why we have to use double pointer addresses in param 4.Why not just a simple single pointer address?Strange.

greetz

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...