feat(netlink): detect IPv6 using query to address

- If a default IPv6 route is found, query the ip:port defined by `IPV6_CHECK_ADDRESS` to check for internet access
2024-12-12 06:48:43 +00:00
parent dae44051f6
commit 5ca13021e7
13 changed files with 384 additions and 7 deletions
--- a/internal/netlink/ipv6.go
+++ b/internal/netlink/ipv6.go
@@ -1,7 +1,11 @@
 package netlink

 import (
+	"context"
 	"fmt"
+	"net"
+	"net/netip"
+	"time"
 )

 type IPv6SupportLevel uint8
@@ -21,7 +25,9 @@ func (i IPv6SupportLevel) IsSupported() bool {
 	return i == IPv6Supported || i == IPv6Internet
 }

-func (n *NetLink) FindIPv6SupportLevel() (level IPv6SupportLevel, err error) {
+func (n *NetLink) FindIPv6SupportLevel(ctx context.Context,
+	checkAddress netip.AddrPort, firewall Firewall,
+) (level IPv6SupportLevel, err error) {
 	routes, err := n.RouteList(FamilyV6)
 	if err != nil {
 		return IPv6Unsupported, fmt.Errorf("listing IPv6 routes: %w", err)
@@ -44,7 +50,14 @@ func (n *NetLink) FindIPv6SupportLevel() (level IPv6SupportLevel, err error) {
 		case sourceIsIPv4 && destinationIsIPv4,
 			destinationIsIPv6 && route.Dst.Addr().IsLoopback():
 		case route.Dst.Addr().IsUnspecified(): // default ipv6 route
-			n.debugLogger.Debugf("IPv6 internet access is enabled on link %s", link.Name)
+			n.debugLogger.Debugf("IPv6 default route found on link %s", link.Name)
+			err = dialAddrThroughFirewall(ctx, link.Name, checkAddress, firewall)
+			if err != nil {
+				n.debugLogger.Debugf("IPv6 query failed on %s: %w", link.Name, err)
+				level = IPv6Supported
+				continue
+			}
+			n.debugLogger.Debugf("IPv6 internet is accessible through link %s", link.Name)
 			return IPv6Internet, nil
 		default: // non-default ipv6 route found
 			n.debugLogger.Debugf("IPv6 is supported by link %s", link.Name)
@@ -57,3 +70,37 @@ func (n *NetLink) FindIPv6SupportLevel() (level IPv6SupportLevel, err error) {
 	}
 	return level, nil
 }
+
+func dialAddrThroughFirewall(ctx context.Context, intf string,
+	checkAddress netip.AddrPort, firewall Firewall,
+) (err error) {
+	const protocol = "tcp"
+	remove := false
+	err = firewall.AcceptOutput(ctx, protocol, intf,
+		checkAddress.Addr(), checkAddress.Port(), remove)
+	if err != nil {
+		return fmt.Errorf("accepting output traffic: %w", err)
+	}
+	defer func() {
+		remove = true
+		firewallErr := firewall.AcceptOutput(ctx, protocol, intf,
+			checkAddress.Addr(), checkAddress.Port(), remove)
+		if err == nil && firewallErr != nil {
+			err = fmt.Errorf("removing output traffic rule: %w", firewallErr)
+		}
+	}()
+
+	dialer := &net.Dialer{
+		Timeout: time.Second,
+	}
+	conn, err := dialer.DialContext(ctx, protocol, checkAddress.String())
+	if err != nil {
+		return fmt.Errorf("dialing: %w", err)
+	}
+	err = conn.Close()
+	if err != nil {
+		return fmt.Errorf("closing connection: %w", err)
+	}
+
+	return nil
+}