[go] net: treat EPERM/EACCES in IPv6 probe as supported

10 views
Skip to first unread message

Ravi Sastry Kadali (Gerrit)

unread,
Feb 7, 2026, 2:40:54 PMFeb 7
to goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com

Ravi Sastry Kadali has uploaded the change for review

Commit message

net: treat EPERM/EACCES in IPv6 probe as supported

When a BPF/seccomp filter denies the bind in the IPv6 capability
probe with EPERM or EACCES, the probe incorrectly reports IPv6 as
unsupported even though socket creation and setsockopt succeeded.
This causes Listen on [::] to silently fall back to IPv4-only.

Treat EPERM/EACCES from the probe bind as "supported" since the
successful socket and setsockopt already confirm kernel capability.

Fixes #77430
Change-Id: Ie1164a3e835521dc441387af1c485a3d15e2e2d9

Change diff

diff --git a/src/net/ipsock_posix.go b/src/net/ipsock_posix.go
index 1ed37d7..339221e 100644
--- a/src/net/ipsock_posix.go
+++ b/src/net/ipsock_posix.go
@@ -70,12 +70,17 @@
continue
}
if err := syscall.Bind(s, sa); err != nil {
- continue
- }
- if i == 0 {
- p.ipv6Enabled = true
- } else {
- p.ipv4MappedIPv6Enabled = true
+ // If the bind was denied by a security policy (BPF, seccomp,
+ // SELinux, etc.), the kernel still supports IPv6 — the socket
+ // was created and setsockopt succeeded. Only treat errors like
+ // EADDRNOTAVAIL as lack of support. See go.dev/issue/77430.
+ if err == syscall.EPERM || err == syscall.EACCES {
+ if i == 0 {
+ p.ipv6Enabled = true
+ } else {
+ p.ipv4MappedIPv6Enabled = true
+ }
+ }
}
}
}
diff --git a/src/net/ipsock_test.go b/src/net/ipsock_test.go
index aede354..4181423 100644
--- a/src/net/ipsock_test.go
+++ b/src/net/ipsock_test.go
@@ -280,3 +280,33 @@
}
}
}
+
+func TestListenIPv6WildcardAddr(t *testing.T) {
+ if !supportsIPv6() {
+ t.Skip("IPv6 not supported")
+ }
+
+ ln, err := Listen("tcp", "[::]:0")
+ if err != nil {
+ t.Fatal(err)
+ }
+ defer ln.Close()
+
+ addr := ln.Addr().(*TCPAddr)
+ if addr.IP.To4() != nil {
+ t.Errorf("Listen(\"tcp\", \"[::]:0\") bound to %v, want IPv6 address", addr)
+ }
+}
+
+func TestProbeIPv6SocketImpliesSupport(t *testing.T) {
+ ln, err := Listen("tcp6", "[::1]:0")
+ if err != nil {
+ t.Skipf("cannot listen on [::1]: %v", err)
+ }
+ ln.Close()
+
+ if !supportsIPv6() {
+ t.Error("Listen on [::1] succeeded but supportsIPv6() is false; " +
+ "probe may be misinterpreting a bind error as lack of IPv6 support")
+ }
+}

Change information

Files:
  • M src/net/ipsock_posix.go
  • M src/net/ipsock_test.go
Change size: S
Delta: 2 files changed, 41 insertions(+), 6 deletions(-)
Open in Gerrit

Related details

Attention set is empty
Submit Requirements:
  • requirement is not satisfiedCode-Review
  • requirement satisfiedNo-Unresolved-Comments
  • requirement is not satisfiedReview-Enforcement
  • requirement is not satisfiedTryBots-Pass
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: newchange
Gerrit-Project: go
Gerrit-Branch: master
Gerrit-Change-Id: Ie1164a3e835521dc441387af1c485a3d15e2e2d9
Gerrit-Change-Number: 743080
Gerrit-PatchSet: 1
Gerrit-Owner: Ravi Sastry Kadali <ravis...@gmail.com>
unsatisfied_requirement
satisfied_requirement
open
diffy

Ravi Sastry Kadali (Gerrit)

unread,
Feb 7, 2026, 2:43:42 PMFeb 7
to goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com

Ravi Sastry Kadali uploaded new patchset

Ravi Sastry Kadali uploaded patch set #2 to this change.
Open in Gerrit

Related details

Attention set is empty
Submit Requirements:
  • requirement is not satisfiedCode-Review
  • requirement satisfiedNo-Unresolved-Comments
  • requirement is not satisfiedReview-Enforcement
  • requirement is not satisfiedTryBots-Pass
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: newpatchset
Gerrit-Project: go
Gerrit-Branch: master
Gerrit-Change-Id: Ie1164a3e835521dc441387af1c485a3d15e2e2d9
Gerrit-Change-Number: 743080
Gerrit-PatchSet: 2
unsatisfied_requirement
satisfied_requirement
open
diffy

Ravi Sastry Kadali (Gerrit)

unread,
Feb 13, 2026, 4:55:52 PM (12 days ago) Feb 13
to goph...@pubsubhelper.golang.org, Dmitri Shuralyov, Michael Pratt, Ian Lance Taylor, Damien Neil, Gopher Robot, golang-co...@googlegroups.com
Attention needed from Damien Neil and Ian Lance Taylor

Ravi Sastry Kadali added 1 comment

Patchset-level comments
File-level comment, Patchset 3 (Latest):
Ravi Sastry Kadali . resolved

Appreciate if you can get this reviewed

Open in Gerrit

Related details

Attention is currently required from:
  • Damien Neil
  • Ian Lance Taylor
Submit Requirements:
  • requirement is not satisfiedCode-Review
  • requirement satisfiedNo-Unresolved-Comments
  • requirement is not satisfiedReview-Enforcement
  • requirement is not satisfiedTryBots-Pass
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: go
Gerrit-Branch: master
Gerrit-Change-Id: Ie1164a3e835521dc441387af1c485a3d15e2e2d9
Gerrit-Change-Number: 743080
Gerrit-PatchSet: 3
Gerrit-Owner: Ravi Sastry Kadali <ravis...@gmail.com>
Gerrit-Reviewer: Damien Neil <dn...@google.com>
Gerrit-Reviewer: Ian Lance Taylor <ia...@golang.org>
Gerrit-CC: Dmitri Shuralyov <dmit...@golang.org>
Gerrit-CC: Gopher Robot <go...@golang.org>
Gerrit-CC: Michael Pratt <mpr...@google.com>
Gerrit-Attention: Ian Lance Taylor <ia...@golang.org>
Gerrit-Attention: Damien Neil <dn...@google.com>
Gerrit-Comment-Date: Fri, 13 Feb 2026 21:55:49 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
unsatisfied_requirement
satisfied_requirement
open
diffy

Sean Liao (Gerrit)

unread,
Feb 15, 2026, 5:21:50 PM (9 days ago) Feb 15
to Ravi Sastry Kadali, goph...@pubsubhelper.golang.org, Dmitri Shuralyov, Michael Pratt, Ian Lance Taylor, Damien Neil, Gopher Robot, golang-co...@googlegroups.com
Attention needed from Damien Neil, Ian Lance Taylor and Ravi Sastry Kadali

Sean Liao voted Commit-Queue+1

Commit-Queue+1
Open in Gerrit

Related details

Attention is currently required from:
  • Damien Neil
  • Ian Lance Taylor
  • Ravi Sastry Kadali
Submit Requirements:
  • requirement is not satisfiedCode-Review
  • requirement satisfiedNo-Unresolved-Comments
  • requirement is not satisfiedReview-Enforcement
  • requirement is not satisfiedTryBots-Pass
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: go
Gerrit-Branch: master
Gerrit-Change-Id: Ie1164a3e835521dc441387af1c485a3d15e2e2d9
Gerrit-Change-Number: 743080
Gerrit-PatchSet: 3
Gerrit-Owner: Ravi Sastry Kadali <ravis...@gmail.com>
Gerrit-Reviewer: Damien Neil <dn...@google.com>
Gerrit-Reviewer: Ian Lance Taylor <ia...@golang.org>
Gerrit-Reviewer: Sean Liao <se...@liao.dev>
Gerrit-CC: Dmitri Shuralyov <dmit...@golang.org>
Gerrit-CC: Gopher Robot <go...@golang.org>
Gerrit-CC: Michael Pratt <mpr...@google.com>
Gerrit-Attention: Ian Lance Taylor <ia...@golang.org>
Gerrit-Attention: Ravi Sastry Kadali <ravis...@gmail.com>
Gerrit-Attention: Damien Neil <dn...@google.com>
Gerrit-Comment-Date: Sun, 15 Feb 2026 22:21:42 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
unsatisfied_requirement
satisfied_requirement
open
diffy

Sean Liao (Gerrit)

unread,
Feb 15, 2026, 6:12:50 PM (9 days ago) Feb 15
to Ravi Sastry Kadali, goph...@pubsubhelper.golang.org, Go LUCI, Dmitri Shuralyov, Michael Pratt, Ian Lance Taylor, Damien Neil, Gopher Robot, golang-co...@googlegroups.com
Attention needed from Damien Neil, Ian Lance Taylor and Ravi Sastry Kadali

Sean Liao voted Commit-Queue+1

Commit-Queue+1
Open in Gerrit

Related details

Attention is currently required from:
  • Damien Neil
  • Ian Lance Taylor
  • Ravi Sastry Kadali
Submit Requirements:
  • requirement is not satisfiedCode-Review
  • requirement satisfiedNo-Unresolved-Comments
  • requirement is not satisfiedReview-Enforcement
  • requirement is not satisfiedTryBots-Pass
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: go
Gerrit-Branch: master
Gerrit-Change-Id: Ie1164a3e835521dc441387af1c485a3d15e2e2d9
Gerrit-Change-Number: 743080
Gerrit-PatchSet: 4
Gerrit-Owner: Ravi Sastry Kadali <ravis...@gmail.com>
Gerrit-Reviewer: Damien Neil <dn...@google.com>
Gerrit-Reviewer: Ian Lance Taylor <ia...@golang.org>
Gerrit-Reviewer: Sean Liao <se...@liao.dev>
Gerrit-CC: Dmitri Shuralyov <dmit...@golang.org>
Gerrit-CC: Gopher Robot <go...@golang.org>
Gerrit-CC: Michael Pratt <mpr...@google.com>
Gerrit-Attention: Ian Lance Taylor <ia...@golang.org>
Gerrit-Attention: Ravi Sastry Kadali <ravis...@gmail.com>
Gerrit-Attention: Damien Neil <dn...@google.com>
Gerrit-Comment-Date: Sun, 15 Feb 2026 23:12:44 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
unsatisfied_requirement
satisfied_requirement
open
diffy

Richlan Chavis (Gerrit)

unread,
Feb 15, 2026, 9:53:34 PM (9 days ago) Feb 15
to Ravi Sastry Kadali, goph...@pubsubhelper.golang.org, Go LUCI, Dmitri Shuralyov, Michael Pratt, Ian Lance Taylor, Damien Neil, Gopher Robot, golang-co...@googlegroups.com
Attention needed from Damien Neil, Ian Lance Taylor, Ravi Sastry Kadali and Sean Liao

Richlan Chavis added 1 comment

Patchset-level comments
File-level comment, Patchset 4 (Latest):
Richlan Chavis . resolved

Endpoint: /changes/*~*/message
Trace Id: 1771210348950-926b843e

Chavis...@gmail.com

Open in Gerrit

Related details

Attention is currently required from:
  • Damien Neil
  • Ian Lance Taylor
  • Ravi Sastry Kadali
  • Sean Liao
Submit Requirements:
  • requirement is not satisfiedCode-Review
  • requirement satisfiedNo-Unresolved-Comments
  • requirement is not satisfiedReview-Enforcement
  • requirement is not satisfiedTryBots-Pass
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: go
Gerrit-Branch: master
Gerrit-Change-Id: Ie1164a3e835521dc441387af1c485a3d15e2e2d9
Gerrit-Change-Number: 743080
Gerrit-PatchSet: 4
Gerrit-Owner: Ravi Sastry Kadali <ravis...@gmail.com>
Gerrit-Reviewer: Damien Neil <dn...@google.com>
Gerrit-Reviewer: Ian Lance Taylor <ia...@golang.org>
Gerrit-Reviewer: Sean Liao <se...@liao.dev>
Gerrit-CC: Dmitri Shuralyov <dmit...@golang.org>
Gerrit-CC: Gopher Robot <go...@golang.org>
Gerrit-CC: Michael Pratt <mpr...@google.com>
Gerrit-CC: Richlan Chavis <richlan...@gmail.com>
Gerrit-Attention: Sean Liao <se...@liao.dev>
Gerrit-Attention: Ian Lance Taylor <ia...@golang.org>
Gerrit-Attention: Ravi Sastry Kadali <ravis...@gmail.com>
Gerrit-Attention: Damien Neil <dn...@google.com>
Gerrit-Comment-Date: Mon, 16 Feb 2026 02:53:29 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
unsatisfied_requirement
satisfied_requirement
open
diffy

Damien Neil (Gerrit)

unread,
Feb 23, 2026, 5:45:26 PM (2 days ago) Feb 23
to Ravi Sastry Kadali, goph...@pubsubhelper.golang.org, Go LUCI, Dmitri Shuralyov, Michael Pratt, Ian Lance Taylor, Gopher Robot, golang-co...@googlegroups.com
Attention needed from Ian Lance Taylor and Ravi Sastry Kadali

Damien Neil added 1 comment

Patchset-level comments
Damien Neil . unresolved

Thanks.

The wasm failures look real.

Do we need to do something different for wasm? Or just skip the test on wasm, since it improves the situation on other platforms and makes things no worse on wasm?

Open in Gerrit

Related details

Attention is currently required from:
  • Ian Lance Taylor
  • Ravi Sastry Kadali
Submit Requirements:
    • requirement is not satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement is not satisfiedReview-Enforcement
    • requirement is not satisfiedTryBots-Pass
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: go
    Gerrit-Branch: master
    Gerrit-Change-Id: Ie1164a3e835521dc441387af1c485a3d15e2e2d9
    Gerrit-Change-Number: 743080
    Gerrit-PatchSet: 4
    Gerrit-Owner: Ravi Sastry Kadali <ravis...@gmail.com>
    Gerrit-Reviewer: Damien Neil <dn...@google.com>
    Gerrit-Reviewer: Ian Lance Taylor <ia...@golang.org>
    Gerrit-Reviewer: Sean Liao <se...@liao.dev>
    Gerrit-CC: Dmitri Shuralyov <dmit...@golang.org>
    Gerrit-CC: Gopher Robot <go...@golang.org>
    Gerrit-CC: Michael Pratt <mpr...@google.com>
    Gerrit-CC: Richlan Chavis <richlan...@gmail.com>
    Gerrit-Attention: Ian Lance Taylor <ia...@golang.org>
    Gerrit-Attention: Ravi Sastry Kadali <ravis...@gmail.com>
    Gerrit-Comment-Date: Mon, 23 Feb 2026 22:45:21 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No
    unsatisfied_requirement
    open
    diffy

    Ravi Sastry Kadali (Gerrit)

    unread,
    Feb 23, 2026, 7:29:51 PM (2 days ago) Feb 23
    to goph...@pubsubhelper.golang.org, Nicholas Husin, Go LUCI, Dmitri Shuralyov, Michael Pratt, Ian Lance Taylor, Damien Neil, Gopher Robot, golang-co...@googlegroups.com
    Attention needed from Ian Lance Taylor and Nicholas Husin

    Ravi Sastry Kadali added 1 comment

    Ravi Sastry Kadali . resolved

    The reported failures are unrelated to my change. Given that this fix improves behavior on other platforms and does not negatively impact wasm, I would request that the wasm test be skipped to help expedite landing this change.

    Open in Gerrit

    Related details

    Attention is currently required from:
    • Ian Lance Taylor
    • Nicholas Husin
    Submit Requirements:
    • requirement is not satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement is not satisfiedReview-Enforcement
    • requirement is not satisfiedTryBots-Pass
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: go
    Gerrit-Branch: master
    Gerrit-Change-Id: Ie1164a3e835521dc441387af1c485a3d15e2e2d9
    Gerrit-Change-Number: 743080
    Gerrit-PatchSet: 5
    Gerrit-Owner: Ravi Sastry Kadali <ravis...@gmail.com>
    Gerrit-Reviewer: Damien Neil <dn...@google.com>
    Gerrit-Reviewer: Ian Lance Taylor <ia...@golang.org>
    Gerrit-Reviewer: Nicholas Husin <n...@golang.org>
    Gerrit-Reviewer: Sean Liao <se...@liao.dev>
    Gerrit-CC: Dmitri Shuralyov <dmit...@golang.org>
    Gerrit-CC: Gopher Robot <go...@golang.org>
    Gerrit-CC: Michael Pratt <mpr...@google.com>
    Gerrit-CC: Richlan Chavis <richlan...@gmail.com>
    Gerrit-Attention: Ian Lance Taylor <ia...@golang.org>
    Gerrit-Attention: Nicholas Husin <n...@golang.org>
    Gerrit-Comment-Date: Tue, 24 Feb 2026 00:29:47 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No
    unsatisfied_requirement
    open
    diffy

    Nicholas Husin (Gerrit)

    unread,
    Feb 23, 2026, 8:08:54 PM (2 days ago) Feb 23
    to Ravi Sastry Kadali, goph...@pubsubhelper.golang.org, Go LUCI, Dmitri Shuralyov, Michael Pratt, Ian Lance Taylor, Damien Neil, Gopher Robot, golang-co...@googlegroups.com
    Attention needed from Ian Lance Taylor and Ravi Sastry Kadali

    Nicholas Husin added 1 comment

    Patchset-level comments
    Ravi Sastry Kadali . unresolved

    The reported failures are unrelated to my change. Given that this fix improves behavior on other platforms and does not negatively impact wasm, I would request that the wasm test be skipped to help expedite landing this change.

    Nicholas Husin

    Unfortunately, the reported failures are related to your change: your test fails when running in WASM.

    You can try it yourself by running:

    ```
    PATH="$PATH:$(go env GOROOT)/lib/wasm" \
    GOOS=js GOARCH=wasm \
    go test ./net -run=TestListenIPv6WildcardAddr
    ```

    Even if your code does not negatively impact WASM, we'd want to make sure that your test does not run for WASM here at least (assuming that we cannot make this work for WASM too), e.g.

    ```
    if runtime.GOARCH == "wasm" {
    t.Skip("reason")
    }
    ```
    Open in Gerrit

    Related details

    Attention is currently required from:
    • Ian Lance Taylor
    • Ravi Sastry Kadali
    Submit Requirements:
    • requirement is not satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement is not satisfiedReview-Enforcement
    • requirement is not satisfiedTryBots-Pass
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: go
    Gerrit-Branch: master
    Gerrit-Change-Id: Ie1164a3e835521dc441387af1c485a3d15e2e2d9
    Gerrit-Change-Number: 743080
    Gerrit-PatchSet: 5
    Gerrit-Owner: Ravi Sastry Kadali <ravis...@gmail.com>
    Gerrit-Reviewer: Damien Neil <dn...@google.com>
    Gerrit-Reviewer: Ian Lance Taylor <ia...@golang.org>
    Gerrit-Reviewer: Nicholas Husin <n...@golang.org>
    Gerrit-Reviewer: Sean Liao <se...@liao.dev>
    Gerrit-CC: Dmitri Shuralyov <dmit...@golang.org>
    Gerrit-CC: Gopher Robot <go...@golang.org>
    Gerrit-CC: Michael Pratt <mpr...@google.com>
    Gerrit-CC: Richlan Chavis <richlan...@gmail.com>
    Gerrit-Attention: Ian Lance Taylor <ia...@golang.org>
    Gerrit-Attention: Ravi Sastry Kadali <ravis...@gmail.com>
    Gerrit-Comment-Date: Tue, 24 Feb 2026 01:08:51 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No
    Comment-In-Reply-To: Ravi Sastry Kadali <ravis...@gmail.com>
    unsatisfied_requirement
    open
    diffy

    Ravi Sastry Kadali (Gerrit)

    unread,
    Feb 23, 2026, 9:20:20 PM (2 days ago) Feb 23
    to goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com
    Attention needed from Ian Lance Taylor and Ravi Sastry Kadali

    Ravi Sastry Kadali uploaded new patchset

    Ravi Sastry Kadali uploaded patch set #6 to this change.
    Open in Gerrit

    Related details

    Attention is currently required from:
    • Ian Lance Taylor
    • Ravi Sastry Kadali
    Submit Requirements:
    • requirement is not satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement is not satisfiedReview-Enforcement
    • requirement is not satisfiedTryBots-Pass
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: newpatchset
    Gerrit-Project: go
    Gerrit-Branch: master
    Gerrit-Change-Id: Ie1164a3e835521dc441387af1c485a3d15e2e2d9
    Gerrit-Change-Number: 743080
    Gerrit-PatchSet: 6
    unsatisfied_requirement
    open
    diffy

    Ravi Sastry Kadali (Gerrit)

    unread,
    Feb 23, 2026, 9:21:41 PM (2 days ago) Feb 23
    to goph...@pubsubhelper.golang.org, Nicholas Husin, Go LUCI, Dmitri Shuralyov, Michael Pratt, Ian Lance Taylor, Damien Neil, Gopher Robot, golang-co...@googlegroups.com
    Attention needed from Ian Lance Taylor and Nicholas Husin

    Ravi Sastry Kadali added 2 comments

    Patchset-level comments
    Ravi Sastry Kadali . resolved

    The reported failures are unrelated to my change. Given that this fix improves behavior on other platforms and does not negatively impact wasm, I would request that the wasm test be skipped to help expedite landing this change.

    Nicholas Husin

    Unfortunately, the reported failures are related to your change: your test fails when running in WASM.

    You can try it yourself by running:

    ```
    PATH="$PATH:$(go env GOROOT)/lib/wasm" \
    GOOS=js GOARCH=wasm \
    go test ./net -run=TestListenIPv6WildcardAddr
    ```

    Even if your code does not negatively impact WASM, we'd want to make sure that your test does not run for WASM here at least (assuming that we cannot make this work for WASM too), e.g.

    ```
    if runtime.GOARCH == "wasm" {
    t.Skip("reason")
    }
    ```
    Ravi Sastry Kadali

    Acknowledged

    File-level comment, Patchset 6 (Latest):
    Ravi Sastry Kadali . resolved

    Thank you @n...@golang.org

    Open in Gerrit

    Related details

    Attention is currently required from:
    • Ian Lance Taylor
    • Nicholas Husin
    Submit Requirements:
    • requirement is not satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement is not satisfiedReview-Enforcement
    • requirement is not satisfiedTryBots-Pass
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: go
    Gerrit-Branch: master
    Gerrit-Change-Id: Ie1164a3e835521dc441387af1c485a3d15e2e2d9
    Gerrit-Change-Number: 743080
    Gerrit-PatchSet: 6
    Gerrit-Owner: Ravi Sastry Kadali <ravis...@gmail.com>
    Gerrit-Reviewer: Damien Neil <dn...@google.com>
    Gerrit-Reviewer: Ian Lance Taylor <ia...@golang.org>
    Gerrit-Reviewer: Nicholas Husin <n...@golang.org>
    Gerrit-Reviewer: Sean Liao <se...@liao.dev>
    Gerrit-CC: Dmitri Shuralyov <dmit...@golang.org>
    Gerrit-CC: Gopher Robot <go...@golang.org>
    Gerrit-CC: Michael Pratt <mpr...@google.com>
    Gerrit-CC: Richlan Chavis <richlan...@gmail.com>
    Gerrit-Attention: Ian Lance Taylor <ia...@golang.org>
    Gerrit-Attention: Nicholas Husin <n...@golang.org>
    Gerrit-Comment-Date: Tue, 24 Feb 2026 02:21:38 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No
    Comment-In-Reply-To: Ravi Sastry Kadali <ravis...@gmail.com>
    Comment-In-Reply-To: Nicholas Husin <n...@golang.org>
    unsatisfied_requirement
    open
    diffy

    Nicholas Husin (Gerrit)

    unread,
    Feb 24, 2026, 1:34:12 PM (15 hours ago) Feb 24
    to Ravi Sastry Kadali, goph...@pubsubhelper.golang.org, Go LUCI, Dmitri Shuralyov, Michael Pratt, Ian Lance Taylor, Damien Neil, Gopher Robot, golang-co...@googlegroups.com
    Attention needed from Ian Lance Taylor and Ravi Sastry Kadali

    Nicholas Husin added 2 comments

    File src/net/ipsock_posix.go
    Line 29, Patchset 6 (Latest): switch runtime.GOOS {
    case "js", "wasip1":
    // Both ipv4 and ipv6 are faked; see net_fake.go.
    p.ipv4Enabled = true
    p.ipv6Enabled = true
    p.ipv4MappedIPv6Enabled = true
    return
    }
    Nicholas Husin . unresolved

    I think previously your test was failing because for WASM, `runtime.GOOS` would be set to `js`, and it seems like this special case automatically set `ipv6Enabled` to `true`.

    So, alternatively, rather than skipping the test when `runtime.GOARCH == "wasm"`, we can also fix `probe` to not automatically set `ipvEnabled = true` when `runtime.GOARCH = "wasm"` I think. Interestingly, the comments here seems to indicate that for `js`, IPv6 should always work as it is faked? I'm unfortunately not familiar with this part of the codebase, so not sure if `wasm` was just missed as a special case, or if there's a bug...

    @dn...@google.com might know more here.

    Line 73, Patchset 6 (Latest): // If the bind was denied by a security policy (BPF, seccomp,

    // SELinux, etc.), the kernel still supports IPv6 — the socket
    // was created and setsockopt succeeded. Only treat errors like
    // EADDRNOTAVAIL as lack of support. See go.dev/issue/77430.
    if err == syscall.EPERM || err == syscall.EACCES {
    if i == 0 {
    p.ipv6Enabled = true
    } else {
    p.ipv4MappedIPv6Enabled = true
    }
    }
    Nicholas Husin . unresolved

    Just to check: this change would cause behavioral difference when `err == nil` I think?

    Previously, when `err == nil`, we'd execute:

    ```
    if i == 0 {
    p.ipv6Enabled = true
    } else {
    p.ipv4MappedIPv6Enabled = true
    }
    ```

    but now that is totally skipped. Is that intentional?
    Open in Gerrit

    Related details

    Attention is currently required from:
    • Ian Lance Taylor
    • Ravi Sastry Kadali
    Submit Requirements:
    • requirement is not satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement is not satisfiedReview-Enforcement
    • requirement is not satisfiedTryBots-Pass
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: go
    Gerrit-Branch: master
    Gerrit-Change-Id: Ie1164a3e835521dc441387af1c485a3d15e2e2d9
    Gerrit-Change-Number: 743080
    Gerrit-PatchSet: 6
    Gerrit-Owner: Ravi Sastry Kadali <ravis...@gmail.com>
    Gerrit-Reviewer: Damien Neil <dn...@google.com>
    Gerrit-Reviewer: Ian Lance Taylor <ia...@golang.org>
    Gerrit-Reviewer: Nicholas Husin <n...@golang.org>
    Gerrit-Reviewer: Sean Liao <se...@liao.dev>
    Gerrit-CC: Dmitri Shuralyov <dmit...@golang.org>
    Gerrit-CC: Gopher Robot <go...@golang.org>
    Gerrit-CC: Michael Pratt <mpr...@google.com>
    Gerrit-CC: Richlan Chavis <richlan...@gmail.com>
    Gerrit-Attention: Ian Lance Taylor <ia...@golang.org>
    Gerrit-Attention: Ravi Sastry Kadali <ravis...@gmail.com>
    Gerrit-Comment-Date: Tue, 24 Feb 2026 18:34:08 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No
    unsatisfied_requirement
    open
    diffy

    Ravi Sastry Kadali (Gerrit)

    unread,
    Feb 24, 2026, 10:34:53 PM (6 hours ago) Feb 24
    to goph...@pubsubhelper.golang.org, Nicholas Husin, Go LUCI, Dmitri Shuralyov, Michael Pratt, Ian Lance Taylor, Damien Neil, Gopher Robot, golang-co...@googlegroups.com
    Attention needed from Damien Neil, Ian Lance Taylor and Nicholas Husin

    Ravi Sastry Kadali added 3 comments

    Patchset-level comments
    File-level comment, Patchset 4:
    Damien Neil . resolved

    Thanks.

    The wasm failures look real.

    Do we need to do something different for wasm? Or just skip the test on wasm, since it improves the situation on other platforms and makes things no worse on wasm?

    Ravi Sastry Kadali

    Done

    File src/net/ipsock_posix.go
    Line 29, Patchset 6 (Latest): switch runtime.GOOS {
    case "js", "wasip1":
    // Both ipv4 and ipv6 are faked; see net_fake.go.
    p.ipv4Enabled = true
    p.ipv6Enabled = true
    p.ipv4MappedIPv6Enabled = true
    return
    }
    Nicholas Husin . unresolved

    I think previously your test was failing because for WASM, `runtime.GOOS` would be set to `js`, and it seems like this special case automatically set `ipv6Enabled` to `true`.

    So, alternatively, rather than skipping the test when `runtime.GOARCH == "wasm"`, we can also fix `probe` to not automatically set `ipvEnabled = true` when `runtime.GOARCH = "wasm"` I think. Interestingly, the comments here seems to indicate that for `js`, IPv6 should always work as it is faked? I'm unfortunately not familiar with this part of the codebase, so not sure if `wasm` was just missed as a special case, or if there's a bug...

    @dn...@google.com might know more here.

    Ravi Sastry Kadali

    Good point. The test skip has been updated from `runtime.GOARCH == "wasm"` to `runtime.GOOS == "js" || runtime.GOOS == "wasip1"`, which mirrors the existing early-return in `probe()` exactly.

    As for whether this is a missed case or a bug in the fake networking: net_fake.go does implement socket() for these targets and technically accepts AF_INET6, but the wildcard [::]:0 assertion in the test (checking `addr.IP.To4() == nil`) doesn't hold reliably under the fake implementation. Since `probe()` already treats both `js` and `wasip1` as fully capable via the early-return (they're faked), skipping just this specific test is the right approach — it avoids masking a genuine issue while not regressing anything on those platforms.

    Line 73, Patchset 6 (Latest): // If the bind was denied by a security policy (BPF, seccomp,
    // SELinux, etc.), the kernel still supports IPv6 — the socket
    // was created and setsockopt succeeded. Only treat errors like
    // EADDRNOTAVAIL as lack of support. See go.dev/issue/77430.
    if err == syscall.EPERM || err == syscall.EACCES {
    if i == 0 {
    p.ipv6Enabled = true
    } else {
    p.ipv4MappedIPv6Enabled = true
    }
    }
    Nicholas Husin . unresolved

    Just to check: this change would cause behavioral difference when `err == nil` I think?

    Previously, when `err == nil`, we'd execute:

    ```
    if i == 0 {
    p.ipv6Enabled = true
    } else {
    p.ipv4MappedIPv6Enabled = true
    }
    ```

    but now that is totally skipped. Is that intentional?
    Ravi Sastry Kadali

    Great catch, thank you. The restructured if-block did inadvertently drop the success path — when `syscall.Bind` returns nil, neither `ipv6Enabled` nor `ipv4MappedIPv6Enabled` was being set, which would break IPv6 detection on normal kernels.

    Fixed by inverting the condition: now the continue (skip/unsupported) fires for any error that is `not EPERM or EACCES`, and both the success case and the permission-denied case fall through to set the capability flag:

    ```

    if err := syscall.Bind(s, sa); err != nil {
        if err != syscall.EPERM && err != syscall.EACCES {
    continue

    }
    }
    if i == 0 {
    p.ipv6Enabled = true
    } else {
    p.ipv4MappedIPv6Enabled = true
    }
    ```
    Open in Gerrit

    Related details

    Attention is currently required from:
    • Damien Neil
    • Ian Lance Taylor
    • Nicholas Husin
    Submit Requirements:
    • requirement is not satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement is not satisfiedReview-Enforcement
    • requirement is not satisfiedTryBots-Pass
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: go
    Gerrit-Branch: master
    Gerrit-Change-Id: Ie1164a3e835521dc441387af1c485a3d15e2e2d9
    Gerrit-Change-Number: 743080
    Gerrit-PatchSet: 6
    Gerrit-Owner: Ravi Sastry Kadali <ravis...@gmail.com>
    Gerrit-Reviewer: Damien Neil <dn...@google.com>
    Gerrit-Reviewer: Ian Lance Taylor <ia...@golang.org>
    Gerrit-Reviewer: Nicholas Husin <n...@golang.org>
    Gerrit-Reviewer: Sean Liao <se...@liao.dev>
    Gerrit-CC: Dmitri Shuralyov <dmit...@golang.org>
    Gerrit-CC: Gopher Robot <go...@golang.org>
    Gerrit-CC: Michael Pratt <mpr...@google.com>
    Gerrit-CC: Richlan Chavis <richlan...@gmail.com>
    Gerrit-Attention: Ian Lance Taylor <ia...@golang.org>
    Gerrit-Attention: Damien Neil <dn...@google.com>
    Gerrit-Attention: Nicholas Husin <n...@golang.org>
    Gerrit-Comment-Date: Wed, 25 Feb 2026 03:34:49 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No
    Comment-In-Reply-To: Damien Neil <dn...@google.com>
    Comment-In-Reply-To: Nicholas Husin <n...@golang.org>
    unsatisfied_requirement
    open
    diffy

    Ravi Sastry Kadali (Gerrit)

    unread,
    Feb 24, 2026, 10:34:59 PM (6 hours ago) Feb 24
    to goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com
    Attention needed from Damien Neil, Ian Lance Taylor and Nicholas Husin

    Ravi Sastry Kadali uploaded new patchset

    Ravi Sastry Kadali uploaded patch set #7 to this change.
    Open in Gerrit

    Related details

    Attention is currently required from:
    • Damien Neil
    • Ian Lance Taylor
    • Nicholas Husin
    Submit Requirements:
    • requirement is not satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement is not satisfiedReview-Enforcement
    • requirement is not satisfiedTryBots-Pass
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: newpatchset
    Gerrit-Project: go
    Gerrit-Branch: master
    Gerrit-Change-Id: Ie1164a3e835521dc441387af1c485a3d15e2e2d9
    Gerrit-Change-Number: 743080
    Gerrit-PatchSet: 7
    unsatisfied_requirement
    open
    diffy

    Ravi Sastry Kadali (Gerrit)

    unread,
    Feb 24, 2026, 10:38:00 PM (6 hours ago) Feb 24
    to goph...@pubsubhelper.golang.org, Nicholas Husin, Go LUCI, Dmitri Shuralyov, Michael Pratt, Ian Lance Taylor, Damien Neil, Gopher Robot, golang-co...@googlegroups.com
    Attention needed from Damien Neil, Ian Lance Taylor and Nicholas Husin

    Ravi Sastry Kadali added 3 comments

    Patchset-level comments
    Ravi Sastry Kadali . resolved

    Thank you @n...@golang.org and @dn...@google.com. Please re-review.

    File src/net/ipsock_posix.go
    Line 29, Patchset 6: switch runtime.GOOS {

    case "js", "wasip1":
    // Both ipv4 and ipv6 are faked; see net_fake.go.
    p.ipv4Enabled = true
    p.ipv6Enabled = true
    p.ipv4MappedIPv6Enabled = true
    return
    }
    Nicholas Husin . resolved

    I think previously your test was failing because for WASM, `runtime.GOOS` would be set to `js`, and it seems like this special case automatically set `ipv6Enabled` to `true`.

    So, alternatively, rather than skipping the test when `runtime.GOARCH == "wasm"`, we can also fix `probe` to not automatically set `ipvEnabled = true` when `runtime.GOARCH = "wasm"` I think. Interestingly, the comments here seems to indicate that for `js`, IPv6 should always work as it is faked? I'm unfortunately not familiar with this part of the codebase, so not sure if `wasm` was just missed as a special case, or if there's a bug...

    @dn...@google.com might know more here.

    Ravi Sastry Kadali

    Good point. The test skip has been updated from `runtime.GOARCH == "wasm"` to `runtime.GOOS == "js" || runtime.GOOS == "wasip1"`, which mirrors the existing early-return in `probe()` exactly.

    As for whether this is a missed case or a bug in the fake networking: net_fake.go does implement socket() for these targets and technically accepts AF_INET6, but the wildcard [::]:0 assertion in the test (checking `addr.IP.To4() == nil`) doesn't hold reliably under the fake implementation. Since `probe()` already treats both `js` and `wasip1` as fully capable via the early-return (they're faked), skipping just this specific test is the right approach — it avoids masking a genuine issue while not regressing anything on those platforms.

    Ravi Sastry Kadali

    Done

    Line 73, Patchset 6: // If the bind was denied by a security policy (BPF, seccomp,

    // SELinux, etc.), the kernel still supports IPv6 — the socket
    // was created and setsockopt succeeded. Only treat errors like
    // EADDRNOTAVAIL as lack of support. See go.dev/issue/77430.
    if err == syscall.EPERM || err == syscall.EACCES {
    if i == 0 {
    p.ipv6Enabled = true
    } else {
    p.ipv4MappedIPv6Enabled = true
    }
    }
    Nicholas Husin . resolved

    Just to check: this change would cause behavioral difference when `err == nil` I think?

    Previously, when `err == nil`, we'd execute:

    ```
    if i == 0 {
    p.ipv6Enabled = true
    } else {
    p.ipv4MappedIPv6Enabled = true
    }
    ```

    but now that is totally skipped. Is that intentional?
    Ravi Sastry Kadali

    Great catch, thank you. The restructured if-block did inadvertently drop the success path — when `syscall.Bind` returns nil, neither `ipv6Enabled` nor `ipv4MappedIPv6Enabled` was being set, which would break IPv6 detection on normal kernels.

    Fixed by inverting the condition: now the continue (skip/unsupported) fires for any error that is `not EPERM or EACCES`, and both the success case and the permission-denied case fall through to set the capability flag:

    ```
    if err := syscall.Bind(s, sa); err != nil {
    if err != syscall.EPERM && err != syscall.EACCES {
    continue
    }
    }
    if i == 0 {
    p.ipv6Enabled = true
    } else {
    p.ipv4MappedIPv6Enabled = true
    }
    ```
    Ravi Sastry Kadali

    Done

    Open in Gerrit

    Related details

    Attention is currently required from:
    • Damien Neil
    • Ian Lance Taylor
    • Nicholas Husin
    Submit Requirements:
      • requirement is not satisfiedCode-Review
      • requirement satisfiedNo-Unresolved-Comments
      • requirement is not satisfiedReview-Enforcement
      • requirement is not satisfiedTryBots-Pass
      Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
      Gerrit-MessageType: comment
      Gerrit-Project: go
      Gerrit-Branch: master
      Gerrit-Change-Id: Ie1164a3e835521dc441387af1c485a3d15e2e2d9
      Gerrit-Change-Number: 743080
      Gerrit-PatchSet: 6
      Gerrit-Owner: Ravi Sastry Kadali <ravis...@gmail.com>
      Gerrit-Reviewer: Damien Neil <dn...@google.com>
      Gerrit-Reviewer: Ian Lance Taylor <ia...@golang.org>
      Gerrit-Reviewer: Nicholas Husin <n...@golang.org>
      Gerrit-Reviewer: Sean Liao <se...@liao.dev>
      Gerrit-CC: Dmitri Shuralyov <dmit...@golang.org>
      Gerrit-CC: Gopher Robot <go...@golang.org>
      Gerrit-CC: Michael Pratt <mpr...@google.com>
      Gerrit-CC: Richlan Chavis <richlan...@gmail.com>
      Gerrit-Attention: Ian Lance Taylor <ia...@golang.org>
      Gerrit-Attention: Damien Neil <dn...@google.com>
      Gerrit-Attention: Nicholas Husin <n...@golang.org>
      Gerrit-Comment-Date: Wed, 25 Feb 2026 03:37:55 +0000
      Gerrit-HasComments: Yes
      Gerrit-Has-Labels: No
      unsatisfied_requirement
      satisfied_requirement
      open
      diffy
      Reply all
      Reply to author
      Forward
      0 new messages