User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:81.0) Gecko/20100101 Firefox/81.0

Steps to reproduce:

The OpenVPN service that I use assigns a unique local address (ULA) in the fde6:7a:7d20::/48 range to a client's tunnel interface. By default, getaddrinfo on Debian 10 assigns a lower precedence value to ULAs compared to IPv4 addresses. The result of this is that every application that uses getaddrinfo to resolve hostnames (presumably including Firefox) always prefers IPv4 over IPv6 whenever the OpenVPN connection is active.

Therefore, to force applications (including Firefox) to prefer IPv6 instead of IPv4 whenever an OpenVPN connection is active, I edited my system's /etc/gai.conf to force getaddrinfo to prioritize ULAs over IPv4 addresses. More details about this workaround may be found here: https://gist.github.com/e00E/70bcb5f7f0db216739029a7b7e342fdf. This is what my /etc/gai.conf file contains:

label ::1/128 0
label ::/0 1
label ::ffff:0:0/96 4
label 2002::/16 2
label 2001::/32 5
label fc00::/7 1
label ::/96 3
label fec0::/10 11
label 3ffe::/16 12
precedence ::1/128 50
precedence ::/0 40
precedence ::ffff:0:0/96 35
precedence 2002::/16 30
precedence 2001::/32 5
precedence fc00::/7 3
precedence ::/96 1
precedence fec0::/10 1
precedence 3ffe::/16 1

After installing the Flatpak version of Firefox 81.0, I hopped over to https://ipleak.net using an active OpenVPN connection. The Flatpak Firefox always defaulted to IPv4, even if the response time for IPv6 is shorter than that of IPv4. I used the Snap versions of Firefox before this, and the Snap versions of Firefox (80.0.1 and earlier) honored the settings of my modified /etc/gai.conf file.

I then set "network.http.fast-fallback-to-IPv4" to "false," but the Flatpak Firefox continued to always default to IPv4 when using an OpenVPN connection. I also tried using "flatpak override --filesystem=/etc/gai.conf:ro" and "flatpak override --filesystem=host-etc:ro," but the issue persisted. The Flatpak Firefox always defaults to IPv4.

I have attached a copy of my Flatpak Firefox's troubleshooting report to this bug report.

Actual results:

The Flatpak version of Firefox 81.0 ignores the changes I made to /etc/gai.conf. Firefox always defaults to IPv4, even if the IPv6 response time is shorter than that of IPv4. Setting "network.http.fast-fallback-to-IPv4" to "false" did not fix the issue, neither did running "flatpak override --filesystem=/etc/gai.conf:ro" or "flatpak override --filesystem=host-etc:ro."

Expected results:

Firefox should have always defaulted to IPv6, following the address selection preferences in my modified /etc/gai.conf file.

The Snap versions of Firefox (I used Firefox 80.0.1 and earlier) are unaffected by this issue. All other applications on my system also continue to honor my modified /etc/gai.conf.

Hi,

I dont have the technical knowledge nor right environment to test this on my end. I am setting a component for this in order to get the dev team involved.

Best,
Clara

They forgot to mention it, but this is tracked in Flatpak at https://github.com/flatpak/flatpak/issues/3877 .
Mozilla can/should work around this by adding --filesystem=/etc/gai.conf:ro to Firefox sandbox permissions, but eventually this has to be fixed by the Flatpak application, by handling this it like it already does for /etc/hosts & /etc/nsswitch.conf.

It turns out that the issue lies at the runtime level, not at the application level. This is why specifying flatpak override --filesystem=host-etc:ro org.mozilla.firefox does not resolve this issue.

The org.freedesktop.Platform runtime that the Firefox Flatpak relies on does not include a gai.conf file in its /etc sandbox, nor does it add a copy of the host's /etc/gai.conf file. This causes Flatpak applications that rely on org.freedesktop.Platform to receive getaddrinfo responses that contain results sorted according to getaddrinfo's default sorting algorithm.

Therefore, adding a copy of my system's /etc/gai.conf file to ~/.local/share/flatpak/runtime/org.freedesktop.Platform/x86_64/20.08/active/files/etc resolved this issue. (All of my Flatpaks are installed at the user level.) The Firefox Flatpak that I'm using now defaults to IPv6 when my system is connected to the VPN and is using the IPv6 ULA as its source IPv6 address. It no longer exhibits behavior that accord with getaddrinfo's default sorting algorithm.

I think that this issue may now be closed, as it apparently has nothing to do with Firefox itself.