Within my iOS project I have set up a MITM server that is being sent data from a Packet Tunnel Provider. I am currently seeing that all IPv6 requests aren't able to have their IP address resolved.
The server is binded on both IPv4 (127.0.0.1:9999) and IPv6 (::1). The other server settings are as follows:
self.bootstrap = ServerBootstrap(group: group)
.serverChannelOption(ChannelOptions.backlog, value: 256)
.serverChannelOption(ChannelOptions.socket(SOL_SOCKET, SO_REUSEADDR), value: 1)
.childChannelInitializer { channel in
channel.pipeline.addHandler(ByteToMessageHandler(HTTPRequestDecoder(leftOverBytesStrategy: .forwardBytes)))
.flatMap { channel.pipeline.addHandler(HTTPResponseEncoder()) }
.flatMap { channel.pipeline.addHandler(HttpHttpsConnectHandler()) }
}
.childChannelOption(ChannelOptions.socket(SOL_SOCKET, SO_REUSEADDR), value: 1)
The HttpHttpsConnectHandler is a slightly modified version of: this version.
On the Packet Tunnel Provider, I have set it to use the DNS's 8.8.8.8 and 8.8.4.4 that are also the system defaults.
I am able to receive both v4 and v6 traffic, with v4 traffic successfully being processed on ingress and egress as intended. IPv6 traffic is failing to resolve with the following error:
dev.thesis.apps.LocalProxyServer.ConnectHandler : [LocalPacketTunnelProvider] Connect failed: NIOConnectionError(host: "ipv6.mythic-beasts.com", port: 443, dnsAError: Optional(NIOCore.SocketAddressError.unknown(host: "ipv6.mythic-beasts.com", port: 443)), dnsAAAAError: Optional(NIOCore.SocketAddressError.unknown(host: "ipv6.mythic-beasts.com", port: 443)), connectionErrors: [])
ipv6.mythic-beasts.com for the purposes of this is just a test website I am using that only has a AAAA record associated with it:
When not connected to the Packet Tunnel Provider, the website is successfully resolved and can be viewed within the browser - so I have narrowed it down to the application and configuration specifically.
I have debugged through the SwiftNIO code and identified that it is using the GetaddrinfoResolver resolver, which I believe is the system default. I currently cannot see why this is failing if it is indeed using the system default. Having stepped through it does look like it conforms to the necessary RFC.
I am partially wondering if this is because the ai_family property is not being set on the hints in the resolver:
Could anyone provide me with a reason why this would be happening and if possible a link to a resource that could assist with remediating the issue? It likely will be down to how I have the server setup - specifically for DNS; but as I'll be the first to admit this isn't my forte so would appreciate some support if possible please.