From c3655b89e7c06555a2e0bf13affb8a63a49f4296 Mon Sep 17 00:00:00 2001
From: Jarek Prokop <jprokop@redhat.com>
Date: Fri, 26 Jan 2024 11:19:48 +0100
Subject: [PATCH] Revert "Set AI_ADDRCONFIG when making getaddrinfo(3) calls
 for outgoing conns (#7295)"

This reverts commit d2ba8ea54a4089959afdeecdd963e3c4ff391748.

The purpose of the commit is to workaround a GLIBC bug [0] still present
in older Ubuntu [1]. C8S/RHEL 8 has the fix for some time [2] and the
Ruby workaround is causing problems for us [3]. Therefore we can
revert it for EL8, EL9, and Fedora distros.

[0] https://sourceware.org/bugzilla/show_bug.cgi?id=26600
[1] https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1961697
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1868106
[3] https://bugs.ruby-lang.org/issues/20208
---
 ext/socket/extconf.rb   |   2 -
 ext/socket/ipsocket.c   |  11 +--
 test/socket/test_tcp.rb | 164 ----------------------------------------
 3 files changed, 2 insertions(+), 175 deletions(-)

diff --git a/ext/socket/extconf.rb b/ext/socket/extconf.rb
index 544bed5298..1ca52da366 100644
--- a/ext/socket/extconf.rb
+++ b/ext/socket/extconf.rb
@@ -607,8 +607,6 @@ def %(s) s || self end
 EOS
   end
 
-  have_const('AI_ADDRCONFIG', headers)
-
   case with_config("lookup-order-hack", "UNSPEC")
   when "INET"
     $defs << "-DLOOKUP_ORDER_HACK_INET"
diff --git a/ext/socket/ipsocket.c b/ext/socket/ipsocket.c
index 0a693655b4..0c13620258 100644
--- a/ext/socket/ipsocket.c
+++ b/ext/socket/ipsocket.c
@@ -54,22 +54,15 @@ init_inetsock_internal(VALUE v)
     VALUE connect_timeout = arg->connect_timeout;
     struct timeval tv_storage;
     struct timeval *tv = NULL;
-    int remote_addrinfo_hints = 0;
 
     if (!NIL_P(connect_timeout)) {
         tv_storage = rb_time_interval(connect_timeout);
         tv = &tv_storage;
     }
 
-    if (type == INET_SERVER) {
-      remote_addrinfo_hints |= AI_PASSIVE;
-    }
-#ifdef HAVE_CONST_AI_ADDRCONFIG
-    remote_addrinfo_hints |= AI_ADDRCONFIG;
-#endif
-
     arg->remote.res = rsock_addrinfo(arg->remote.host, arg->remote.serv,
-                                     family, SOCK_STREAM, remote_addrinfo_hints);
+                                     family, SOCK_STREAM,
+                                     (type == INET_SERVER) ? AI_PASSIVE : 0);
 
 
     /*
diff --git a/test/socket/test_tcp.rb b/test/socket/test_tcp.rb
index 35d361f060..7f9dc53cae 100644
--- a/test/socket/test_tcp.rb
+++ b/test/socket/test_tcp.rb
@@ -140,168 +140,4 @@ def test_accept_multithread
       server_threads.each(&:join)
     end
   end
-
-  def test_ai_addrconfig
-    # This test verifies that we pass AI_ADDRCONFIG to the DNS resolver when making
-    # an outgoing connection.
-    # The verification of this is unfortunately incredibly convoluted. We perform the
-    # test by setting up a fake DNS server to receive queries. Then, we construct
-    # an environment which has only IPv4 addresses and uses that fake DNS server. We
-    # then attempt to make an outgoing TCP connection. Finally, we verify that we
-    # only received A and not AAAA queries on our fake resolver.
-    # This test can only possibly work on Linux, and only when run as root. If either
-    # of these conditions aren't met, the test will be skipped.
-
-    # The construction of our IPv6-free environment must happen in a child process,
-    # which we can put in its own network & mount namespaces.
-
-    omit "This test is disabled.  It is retained to show the original intent of [ruby-core:110870]"
-
-    IO.popen("-") do |test_io|
-      if test_io.nil?
-        begin
-          # Child program
-          require 'fiddle'
-          require 'resolv'
-          require 'open3'
-
-          libc = Fiddle.dlopen(nil)
-          begin
-            unshare = Fiddle::Function.new(libc['unshare'], [Fiddle::TYPE_INT], Fiddle::TYPE_INT)
-          rescue Fiddle::DLError
-            # Test can't run because we don't have unshare(2) in libc
-            # This will be the case on not-linux, and also on very old glibc versions (or
-            # possibly other libc's that don't expose this syscall wrapper)
-            $stdout.write(Marshal.dump({result: :skip, reason: "unshare(2) or mount(2) not in libc"}))
-            exit
-          end
-
-          # Move our test process into a new network & mount namespace.
-          # This environment will be configured to be IPv6 free and point DNS resolution
-          # at a fake DNS server.
-          # (n.b. these flags are CLONE_NEWNS | CLONE_NEWNET)
-          ret = unshare.call(0x00020000 | 0x40000000)
-          errno = Fiddle.last_error
-          if ret == -1 && errno == Errno::EPERM::Errno
-            # Test can't run because we're not root.
-            $stdout.write(Marshal.dump({result: :skip, reason: "insufficient permissions to unshare namespaces"}))
-            exit
-          elsif ret == -1 && (errno == Errno::ENOSYS::Errno || errno == Errno::EINVAL::Errno)
-            # No unshare(2) in the kernel (or kernel too old to know about this namespace type)
-            $stdout.write(Marshal.dump({result: :skip, reason: "errno #{errno} calling unshare(2)"}))
-            exit
-          elsif ret == -1
-            # Unexpected failure
-            raise "errno #{errno} calling unshare(2)"
-          end
-
-          # Set up our fake DNS environment. Clean out /etc/hosts...
-          fake_hosts_file = Tempfile.new('ruby_test_hosts')
-          fake_hosts_file.write <<~HOSTS
-            127.0.0.1 localhost
-            ::1 localhost
-          HOSTS
-          fake_hosts_file.flush
-
-          # Have /etc/resolv.conf point to 127.0.0.1...
-          fake_resolv_conf = Tempfile.new('ruby_test_resolv')
-          fake_resolv_conf.write <<~RESOLV
-            nameserver 127.0.0.1
-          RESOLV
-          fake_resolv_conf.flush
-
-          # Also stub out /etc/nsswitch.conf; glibc can have other resolver modules
-          # (like systemd-resolved) configured in there other than just using dns,
-          # so rewrite it to remove any `hosts:` lines and add one which just uses
-          # dns.
-          real_nsswitch_conf = File.read('/etc/nsswitch.conf') rescue ""
-          fake_nsswitch_conf = Tempfile.new('ruby_test_nsswitch')
-          real_nsswitch_conf.lines.reject { _1 =~ /^\s*hosts:/ }.each do |ln|
-            fake_nsswitch_conf.puts ln
-          end
-          fake_nsswitch_conf.puts "hosts: files myhostname dns"
-          fake_nsswitch_conf.flush
-
-          # This is needed to make sure our bind-mounds aren't visible outside this process.
-          system 'mount', '--make-rprivate', '/', exception: true
-          # Bind-mount the fake files over the top of the real files.
-          system 'mount', '--bind', '--make-private', fake_hosts_file.path, '/etc/hosts', exception: true
-          system 'mount', '--bind', '--make-private', fake_resolv_conf.path, '/etc/resolv.conf', exception: true
-          system 'mount', '--bind', '--make-private', fake_nsswitch_conf.path, '/etc/nsswitch.conf', exception: true
-
-          # Create a dummy interface with only an IPv4 address
-          system 'ip', 'link', 'add', 'dummy0', 'type', 'dummy', exception: true
-          system 'ip', 'addr', 'add', '192.168.1.2/24', 'dev', 'dummy0', exception: true
-          system 'ip', 'link', 'set', 'dummy0', 'up', exception: true
-          system 'ip', 'link', 'set', 'lo', 'up', exception: true
-
-          # Disable IPv6 on this interface (this is needed to disable the link-local
-          # IPv6 address)
-          File.open('/proc/sys/net/ipv6/conf/dummy0/disable_ipv6', 'w') do |f|
-            f.puts "1"
-          end
-
-          # Create a fake DNS server which will receive the DNS queries triggered by TCPSocket.new
-          fake_dns_server_socket = UDPSocket.new
-          fake_dns_server_socket.bind('127.0.0.1', 53)
-          received_dns_queries = []
-          fake_dns_server_thread = Thread.new do
-            Socket.udp_server_loop_on([fake_dns_server_socket]) do |msg, msg_src|
-              request = Resolv::DNS::Message.decode(msg)
-              received_dns_queries << request
-              response = request.dup.tap do |r|
-                r.qr = 0
-                r.rcode = 3 # NXDOMAIN
-              end
-              msg_src.reply response.encode
-            end
-          end
-
-          # Make a request which will hit our fake DNS swerver - this needs to be in _another_
-          # process because glibc will cache resolver info across the fork otherwise.
-          load_path_args = $LOAD_PATH.flat_map { ['-I', _1] }
-          Open3.capture3('/proc/self/exe', *load_path_args, '-rsocket', '-e', <<~RUBY)
-            TCPSocket.open('www.example.com', 4444)
-          RUBY
-
-          fake_dns_server_thread.kill
-          fake_dns_server_thread.join
-
-          have_aaaa_qs = received_dns_queries.any? do |query|
-            query.question.any? do |question|
-              question[1] == Resolv::DNS::Resource::IN::AAAA
-            end
-          end
-
-          have_a_q = received_dns_queries.any? do |query|
-            query.question.any? do |question|
-              question[0].to_s == "www.example.com"
-            end
-          end
-
-          if have_aaaa_qs
-            $stdout.write(Marshal.dump({result: :fail, reason: "got AAAA queries, expected none"}))
-          elsif !have_a_q
-            $stdout.write(Marshal.dump({result: :fail, reason: "got no A query for example.com"}))
-          else
-            $stdout.write(Marshal.dump({result: :success}))
-          end
-        rescue => ex
-          $stdout.write(Marshal.dump({result: :fail, reason: ex.full_message}))
-        ensure
-          # Make sure the child process does not transfer control back into the test runner.
-          exit!
-        end
-      else
-        test_result = Marshal.load(test_io.read)
-
-        case test_result[:result]
-        when :skip
-          omit test_result[:reason]
-        when :fail
-          fail test_result[:reason]
-        end
-      end
-    end
-  end
 end if defined?(TCPSocket)
-- 
2.43.0