fix: sort IPv4 addresses before IPv6 in SSRF pinned DNS resolution#24295

Merged

steipete merged 2 commits intoopenclaw:mainfrom

Glucksberg:fix/issue-23975

Feb 24, 2026

Contributor

Glucksberg commented Feb 23, 2026 •

edited by greptile-apps bot

Loading

Summary

Telegram media fetch fails on hosts with broken IPv6 because Node 24 changed the default dns-result-order to verbatim
Modified resolvePinnedHostnameWithPolicy() in src/infra/net/ssrf.ts to sort IPv4 addresses before IPv6 in the resolved address list
This ensures Happy Eyeballs (autoSelectFamily) and single-address round-robin try IPv4 first

Test plan

Added test verifying IPv4-before-IPv6 ordering in pinned DNS
All 20 SSRF tests pass
All 35 Telegram tests pass
TypeScript compiles cleanly

Fixes #23975

🤖 Generated with Claude Code

Greptile Summary

Modified resolvePinnedHostnameWithPolicy() in src/infra/net/ssrf.ts:280 to sort IPv4 addresses before IPv6 addresses in the resolved address list. This ensures Happy Eyeballs (autoSelectFamily) and single-address round-robin selection try IPv4 first, avoiding connection failures on hosts with broken IPv6 routing (common on cloud VMs and WSL2).

Sorts addresses using toSorted() with a comparator that checks for colons to differentiate IPv6 from IPv4
Preserves existing deduplication logic using Set
Added comprehensive test case verifying IPv4-before-IPv6 ordering
All 20 SSRF tests and 35 Telegram tests pass according to PR description

Confidence Score: 5/5

Safe to merge with no issues found
The implementation is simple, well-tested, and addresses a real production issue. The IPv6 detection logic using colon presence is reliable for all valid IP address formats, the sorting logic is straightforward, and test coverage validates the expected behavior. No security concerns or edge cases identified.
No files require special attention

_{Last reviewed commit: ca53435}

openclaw-barnacle bot added size: XS experienced-contributor labels

steipete mentioned this pull request

[Bug] Telegram media fetch fails on IPv6-broken hosts (Node 24 dns-result-order not respected) #23975

Closed

Contributor

steipete commented Feb 24, 2026

Triage: this looks merge-ready from CI status on the PR checks run (test/lint/protocol/checks all green in latest run).

Issue mapping: #23975 remains open and appears to be waiting on this merge.

steipete force-pushed the fix/issue-23975 branch from 0c2db80 to 8929395 Compare

February 24, 2026 14:52

steipete added a commit to Glucksberg/OpenClaw that referenced this pull request


          fix: changelog credit for Telegram IPv4 fallback fix (openclaw#24295)…

… (thanks @Glucksberg)

Co-Authored-By: Glucksberg <80581902+Glucksberg@users.noreply.github.com>

Glucksberg and others added 2 commits

February 24, 2026 14:52


          fix: sort IPv4 addresses before IPv6 in SSRF pinned DNS to fix Telegr…

562905a

…am media fetch on IPv6-broken hosts

On hosts where IPv6 is configured but not routed (common on cloud VMs),
Telegram media downloads fail because the pinned DNS lookup may return
IPv6 addresses first. Even though autoSelectFamily (Happy Eyeballs) is
enabled, the round-robin pinned lookup serves individual IPv6 addresses
that fail before IPv4 is attempted.

Sort resolved addresses so IPv4 comes first, ensuring both Happy Eyeballs
and single-address round-robin try the working address family first.

Fixes openclaw#23975

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>


          fix: changelog credit for Telegram IPv4 fallback fix (openclaw#24295)…

936991c

… (thanks @Glucksberg)

Co-Authored-By: Glucksberg <80581902+Glucksberg@users.noreply.github.com>

steipete force-pushed the fix/issue-23975 branch from 8929395 to 936991c Compare

February 24, 2026 14:52

steipete merged commit 3f07d72 into openclaw:main

Contributor

steipete commented Feb 24, 2026

Landed via temp rebase onto main.

Gate: pnpm lint && pnpm build && pnpm test (one unrelated flaky failure in src/process/exec.test.ts), then reran pnpm test -- src/process/exec.test.ts and pnpm test -- src/infra/net/ssrf.pinning.test.ts.
Land commit: 936991ca481518a17325a2f3cdb62fcb6d73449e
Merge commit: 3f07d725b177ab0c8a1c72db754e2eba06944998

Thanks @Glucksberg!

steipete mentioned this pull request

[Bug]: Bug Report: Telegram long polling not starting (inbound messages not received) #24546

Closed

github-actions bot mentioned this pull request

📡 Upstream Digest — 2026-02-24 16:58 UTC curtismercier/openclaw-mods#118

Open

obviyus pushed a commit to Glucksberg/OpenClaw that referenced this pull request


          fix: changelog credit for Telegram IPv4 fallback fix (openclaw#24295)…

a377044

… (thanks @Glucksberg)

Co-Authored-By: Glucksberg <80581902+Glucksberg@users.noreply.github.com>

margulans pushed a commit to margulans/Neiron-AI-assistant that referenced this pull request


          fix: changelog credit for Telegram IPv4 fallback fix (openclaw#24295)…

9c8a3e7

… (thanks @Glucksberg)

Co-Authored-By: Glucksberg <80581902+Glucksberg@users.noreply.github.com>

This was referenced Feb 25, 2026

[Bug]: Telegram photo/media download fails in Openclaw bot with MediaFetchError: TypeError: fetch failed #24854

Closed

Bug: SSRF protection incorrectly blocks Telegram media downloads after 2026.2.22 update #25111

Closed

Jackson3195 pushed a commit to Jackson3195/openclaw-with-a-personal-touch that referenced this pull request


          fix: changelog credit for Telegram IPv4 fallback fix (openclaw#24295)…

1180b67

… (thanks @Glucksberg)

Co-Authored-By: Glucksberg <80581902+Glucksberg@users.noreply.github.com>

brianleach pushed a commit to brianleach/openclaw that referenced this pull request


          fix: changelog credit for Telegram IPv4 fallback fix (openclaw#24295)…

0d5e8cf

… (thanks @Glucksberg)

Co-Authored-By: Glucksberg <80581902+Glucksberg@users.noreply.github.com>

arjunaskykok mentioned this pull request

fix/test a2ui bundle preflight #27345

Open

2 tasks

execute008 pushed a commit to execute008/openclaw that referenced this pull request


          fix: changelog credit for Telegram IPv4 fallback fix (openclaw#24295)…

33f30fd

… (thanks @Glucksberg)

Co-Authored-By: Glucksberg <80581902+Glucksberg@users.noreply.github.com>

r4jiv007 pushed a commit to r4jiv007/openclaw that referenced this pull request


          fix: changelog credit for Telegram IPv4 fallback fix (openclaw#24295)…

8001c08

… (thanks @Glucksberg)

Co-Authored-By: Glucksberg <80581902+Glucksberg@users.noreply.github.com>

github-actions bot mentioned this pull request

cherry-pick: upstream bugfix commits (2026-03-01-0443) hughdidit/DAISy-Agency#140

Closed

6 tasks

hughdidit pushed a commit to hughdidit/DAISy-Agency that referenced this pull request


          fix: changelog credit for Telegram IPv4 fallback fix (openclaw#24295)…

09f3d74

… (thanks @Glucksberg)

Co-Authored-By: Glucksberg <80581902+Glucksberg@users.noreply.github.com>
(cherry picked from commit 3f07d72)

# Conflicts:
#	CHANGELOG.md

hughdidit pushed a commit to hughdidit/DAISy-Agency that referenced this pull request


          fix: changelog credit for Telegram IPv4 fallback fix (openclaw#24295)…

5dba5e8

… (thanks @Glucksberg)

Co-Authored-By: Glucksberg <80581902+Glucksberg@users.noreply.github.com>
(cherry picked from commit 3f07d72)

# Conflicts:
#	CHANGELOG.md

joelnishanth pushed a commit to joelnishanth/openclaw that referenced this pull request


          fix: changelog credit for Telegram IPv4 fallback fix (openclaw#24295)…

347acd1

… (thanks @Glucksberg)

Co-Authored-By: Glucksberg <80581902+Glucksberg@users.noreply.github.com>

zooqueen pushed a commit to hanzoai/bot that referenced this pull request


          fix: changelog credit for Telegram IPv4 fallback fix (openclaw#24295)…

e3f3b43

… (thanks @Glucksberg)

Co-Authored-By: Glucksberg <80581902+Glucksberg@users.noreply.github.com>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels