Allow to bind to IPv6 address specified by name, not address

[gozdal]

No description provided.

[tilgovi]

Should we bind to all addresses returned from getaddrinfo, or just the first one that succeeds?

[gozdal]

I think we should bind to them all, try at least. IIUC getaddrinfo returns the result in unspecified order. It means that one call may return [IPv6 address, IPv4 address] and the next [IPv4 address, IPv6 address]. If binding only to the first one we'd be introducing non-determinism between runs.

[tilgovi]

I'd like to see some_sock_succeeded moved inside the outermost loop, and an exit if we fail to bind any of the specified bind addresses to at least one of their infos. I think the indentation of this check and the some_sock_succeeded = False should be done for each specified bind address. That would be consistent with the previous behavior.

[gozdal]

That would be consistent with the previous behavior.

Indeed, though I wonder if it's the best behavior - if a hostname resolves to both IPv4 and IPv6 or the user passed multiple addresses, failure to bind to any of them results in sys.exit(1).

I guess this could be left in the name of backwards compatibility but doing sys.exit(1) if any bind failed seemed pretty harsh to me.

[gozdal]

@tilgovi can I do something to help getting this merged?

[gozdal]

@tilgovi @benoitc
can I do something to help getting this merged?

[ddzialak]

Rebased and resolved conflicts

[pajod]

(just my commentary, not what is blocking this PR from moving forward)

• Prior to this change an invalid bind setting (such as a lone dot) went through to Can't connect to error output, and possibly a more specific root cause, such as OverflowError: bind(): port must be 0-65535.
• After this change you can crash via UnicodeError: encoding with 'idna' codec failed or OverflowError: Python int too large to convert to C long
• After this change all the bind addresses requested by the user might be skipped over.. leading to a crash wish IndexError: list index out of range in the worker
• Proposed mitigation:
  • Widen except, add both original and resolved addr in logs.
  • Strictly error out when the user instructed to bind somewhere and that attempt was abandoned.
• Follow-up idea: Depending on the skip-and-warn or strict-error behavior of this PR, the somewhat confusing behavior when mixing address in config and inheriting existing sockets could be changed to match that design decision in a later PR.

Interesting test cases: ".:0", "[::ffff:b1c:00f]:0", "[::ffff:127.0.0.1]:0", "0:0", "[::]:-1", "invalid.:0", "localhost.:0", "localhost:0", "0:210000000000000000000", "[]:0"

[gozdal]

UnicodeError: encoding with 'idna' codec failed

How can you get UnicodeError in this code?

[pajod]

UnicodeError: encoding with 'idna' codec failed

How can you get UnicodeError in this code?

When a typo or incorrect variable expansion produces a host name that fails the sanity checks during conversion to ascii form ("Punycode"), e.g leading dot, consecutive dots, labels exceeding >63 ascii bytes.
I tested on CPython 3.12: gunicorn --bind=.:0 -- app - see my previous comment for more interesting test cases.