Bug 145162

Created attachment 253371 [details] Screenshot of stuck loading progress My network presents a peculiar failure mode when using IPv6: It almost always allows successful connection establishment (over a 6to4 tunnel), but frequently hangs in the middle of e.g. an SSL handshake. WebKit's response to this behavior is to wait forever in the early stages of page load – see attached screenshot. I am able to work around the problem by simply disabling IPv6 altogether, but that seems counterproductive to the overall ip6 adoption effort. Steps to Reproduce: 1. Recreate the network environment that hangs ip6 traffic for established connections, but allows ip4 traffic to flow normally I suspect this is possible with some permutation of `ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j DROP` See below for some example curl/nc output that hopefully demonstrates the desired scenario 2. Attempt to load a page Effect: Safari waits forever for the dropped packets Desired Behavior: In preference order: 1. Some "Happy Eyeballs" heuristic that incorporates time to first byte (which the non-hung IPv4 connection will always win). 2. Safari times out the stalled connection and retries over IPv4, which loads the page normally. 3. A mechanism to control IPv6 connectivity on a page-by-page basis; i.e. a {white,black}list of sites that allows me to manually force certain websites to prefer IPv4. 4. A mechanism to disable IPv6 connectivity for all of Safari, which allows me to continue to use Thanks! Please let me know if I can provide any additional detail. Example curl of a failing website (https://en.wikipedia.org, http appears to work fine inasmuch as I can get and follow the redirect to https): # time curl -m 10 -6 --trace - https://en.wikipedia.org == Info: Rebuilt URL to: https://en.wikipedia.org/ == Info: Hostname was NOT found in DNS cache == Info: Trying 2620:0:861:ed1a::1... == Info: Connected to en.wikipedia.org (2620:0:861:ed1a::1) port 443 (#0) == Info: Operation timed out after 0 milliseconds with 0 out of 0 bytes received == Info: Closing connection 0 curl: (28) Operation timed out after 0 milliseconds with 0 out of 0 bytes received curl -m 10 -6 --trace - https://en.wikipedia.org 0.01s user 0.01s system 0% cpu 10.016 total This in opposition to a network route that works: # time curl -m 10 -6 --trace - https://google.com == Info: Rebuilt URL to: https://google.com/ == Info: Hostname was NOT found in DNS cache == Info: Trying 2607:f8b0:400a:806::200e... == Info: Connected to google.com (2607:f8b0:400a:806::200e) port 443 (#0) == Info: TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA == Info: Server certificate: *.google.com == Info: Server certificate: Google Internet Authority G2 == Info: Server certificate: GeoTrust Global CA => Send header, 74 bytes (0x4a) <snip> == Info: Connection #0 to host google.com left intact curl -m 10 -6 --trace - https://google.com 0.04s user 0.01s system 4% cpu 1.074 total nc -z demonstrates no such problem: # time nc -z6 en.wikipedia.org 443 Connection to en.wikipedia.org port 443 [tcp/https] succeeded! nc -z6 en.wikipedia.org 443 0.00s user 0.00s system 2% cpu 0.196 total # time nc -z6 google.com 443 Connection to google.com port 443 [tcp/https] succeeded! nc -z6 google.com 443 0.00s user 0.00s system 2% cpu 0.217 total