fix(telegram): fallback to alternative API IP when DNS-resolved endpoint is unreachable#48812
Closed
Cypherm wants to merge 1 commit intoopenclaw:mainfrom
Closed
fix(telegram): fallback to alternative API IP when DNS-resolved endpoint is unreachable#48812Cypherm wants to merge 1 commit intoopenclaw:mainfrom
Cypherm wants to merge 1 commit intoopenclaw:mainfrom
Conversation
openclaw-barnacle
bot
added
channel: telegram
Contributor
Greptile SummaryThis PR adds a third tier to the existing Telegram transport retry chain in
Confidence Score: 4/5
Prompt To Fix All With AIThis is a comment left during a code review.
Path: extensions/telegram/src/fetch.ts
Line: 49
Comment:
**Hardcoded fallback IP with no update mechanism**
`149.154.167.220` is hardcoded as the only fallback IP with no rotation, staleness detection, or easy update path. If Telegram retires or reassigns this IP (even if stable today), the fallback tier will silently fail for all users with the bad DNS routing — which is precisely the scenario this PR is designed to fix.
Consider at minimum adding a comment documenting how to verify and update this IP (e.g. `dig api.telegram.org` or `curl -sv https://api.telegram.org`), or expanding the array to include the full set of known Telegram Bot API IPs (Telegram publicly documents ranges `149.154.167.0/22` and `91.108.4.0/22`). Having more than one IP increases resilience and makes future rotation less urgent.
```suggestion
const TELEGRAM_FALLBACK_IPS: readonly string[] = [
"149.154.167.220", // primary fallback – verify periodically with `dig api.telegram.org`
];
```
How can I resolve this? If you propose a fix, please make it concise.
---
This is a comment left during a code review.
Path: extensions/telegram/src/fetch.ts
Line: 144-149
Comment:
**`family` is hardcoded to `4` for all fallback addresses**
All entries in `fallbackIps` are reported as `family: 4` regardless of their actual format. This is correct for the current single IPv4 entry, but if an IPv6 address is ever added to `TELEGRAM_FALLBACK_IPS` the lookup would advertise an IPv6 address as family 4, which undici would likely reject or misroute.
Consider detecting the family dynamically using `net.isIPv4` / `net.isIPv6`:
```suggestion
if (opts && "all" in opts && opts.all) {
(callback as (err: null, addresses: dns.LookupAddress[]) => void)(
null,
fallbackIps.map((addr) => ({
address: addr,
family: net.isIPv4(addr) ? 4 : 6,
})),
);
} else {
(callback as (err: null, address: string, family: number) => void)(
null,
ip,
net.isIPv4(ip) ? 4 : 6,
);
}
```
(Requires `import * as net from "node:net"` at the top of the file.)
How can I resolve this? If you propose a fix, please make it concise.
---
This is a comment left during a code review.
Path: extensions/telegram/src/fetch.ts
Line: 527-529
Comment:
**`connect` and `proxyTls` share the same object reference**
The established pattern throughout this file (see `resolveTelegramDispatcherPolicy` and `createTelegramDispatcher`) always passes independent copies of the connect options to `connect` and `proxyTls`:
```ts
connect: { ...connect }, proxyTls: { ...connect }
```
Here, both fields receive the same object reference. If `EnvHttpProxyAgent` ever mutates the options object during construction or request dispatch (e.g., to normalise or cache a field), mutations through one reference would silently affect the other. Align with the existing pattern:
```suggestion
fallbackIpDispatcher = stickyShouldUseEnvProxy
? new EnvHttpProxyAgent({ connect: { ...connect }, proxyTls: { ...connect } })
: new Agent({ connect });
```
How can I resolve this? If you propose a fix, please make it concise.Last reviewed commit: 29a3d59 |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| * Used as a last-resort fallback when the DNS-resolved IP is unreachable. | ||
| * Connected via DNS pinning (custom lookup) so TLS validates against api.telegram.org. | ||
| */ | ||
| const TELEGRAM_FALLBACK_IPS: readonly string[] = ["149.154.167.220"]; |
Contributor
There was a problem hiding this comment.
149.154.167.220 is hardcoded as the only fallback IP with no rotation, staleness detection, or easy update path. If Telegram retires or reassigns this IP (even if stable today), the fallback tier will silently fail for all users with the bad DNS routing — which is precisely the scenario this PR is designed to fix.
Consider at minimum adding a comment documenting how to verify and update this IP (e.g. dig api.telegram.org or curl -sv https://api.telegram.org), or expanding the array to include the full set of known Telegram Bot API IPs (Telegram publicly documents ranges 149.154.167.0/22 and 91.108.4.0/22). Having more than one IP increases resilience and makes future rotation less urgent.
Suggested change
| const TELEGRAM_FALLBACK_IPS: readonly string[] = ["149.154.167.220"]; | |
| const TELEGRAM_FALLBACK_IPS: readonly string[] = [ | |
| "149.154.167.220", // primary fallback – verify periodically with `dig api.telegram.org` | |
| ]; |
Prompt To Fix With AI
This is a comment left during a code review.
Path: extensions/telegram/src/fetch.ts
Line: 49
Comment:
**Hardcoded fallback IP with no update mechanism**
`149.154.167.220` is hardcoded as the only fallback IP with no rotation, staleness detection, or easy update path. If Telegram retires or reassigns this IP (even if stable today), the fallback tier will silently fail for all users with the bad DNS routing — which is precisely the scenario this PR is designed to fix.
Consider at minimum adding a comment documenting how to verify and update this IP (e.g. `dig api.telegram.org` or `curl -sv https://api.telegram.org`), or expanding the array to include the full set of known Telegram Bot API IPs (Telegram publicly documents ranges `149.154.167.0/22` and `91.108.4.0/22`). Having more than one IP increases resilience and makes future rotation less urgent.
```suggestion
const TELEGRAM_FALLBACK_IPS: readonly string[] = [
"149.154.167.220", // primary fallback – verify periodically with `dig api.telegram.org`
];
```
How can I resolve this? If you propose a fix, please make it concise.
Comment on lines
+144
to
+149
| (callback as (err: null, addresses: dns.LookupAddress[]) => void)( | ||
| null, | ||
| fallbackIps.map((addr) => ({ address: addr, family: 4 })), | ||
| ); | ||
| } else { | ||
| (callback as (err: null, address: string, family: number) => void)(null, ip, 4); |
Contributor
There was a problem hiding this comment.
family is hardcoded to 4 for all fallback addresses
All entries in fallbackIps are reported as family: 4 regardless of their actual format. This is correct for the current single IPv4 entry, but if an IPv6 address is ever added to TELEGRAM_FALLBACK_IPS the lookup would advertise an IPv6 address as family 4, which undici would likely reject or misroute.
Consider detecting the family dynamically using net.isIPv4 / net.isIPv6:
Suggested change
| (callback as (err: null, addresses: dns.LookupAddress[]) => void)( | |
| null, | |
| fallbackIps.map((addr) => ({ address: addr, family: 4 })), | |
| ); | |
| } else { | |
| (callback as (err: null, address: string, family: number) => void)(null, ip, 4); | |
| if (opts && "all" in opts && opts.all) { | |
| (callback as (err: null, addresses: dns.LookupAddress[]) => void)( | |
| null, | |
| fallbackIps.map((addr) => ({ | |
| address: addr, | |
| family: net.isIPv4(addr) ? 4 : 6, | |
| })), | |
| ); | |
| } else { | |
| (callback as (err: null, address: string, family: number) => void)( | |
| null, | |
| ip, | |
| net.isIPv4(ip) ? 4 : 6, | |
| ); | |
| } |
(Requires import * as net from "node:net" at the top of the file.)
Prompt To Fix With AI
This is a comment left during a code review.
Path: extensions/telegram/src/fetch.ts
Line: 144-149
Comment:
**`family` is hardcoded to `4` for all fallback addresses**
All entries in `fallbackIps` are reported as `family: 4` regardless of their actual format. This is correct for the current single IPv4 entry, but if an IPv6 address is ever added to `TELEGRAM_FALLBACK_IPS` the lookup would advertise an IPv6 address as family 4, which undici would likely reject or misroute.
Consider detecting the family dynamically using `net.isIPv4` / `net.isIPv6`:
```suggestion
if (opts && "all" in opts && opts.all) {
(callback as (err: null, addresses: dns.LookupAddress[]) => void)(
null,
fallbackIps.map((addr) => ({
address: addr,
family: net.isIPv4(addr) ? 4 : 6,
})),
);
} else {
(callback as (err: null, address: string, family: number) => void)(
null,
ip,
net.isIPv4(ip) ? 4 : 6,
);
}
```
(Requires `import * as net from "node:net"` at the top of the file.)
How can I resolve this? If you propose a fix, please make it concise.
Comment on lines
+527
to
+529
| fallbackIpDispatcher = stickyShouldUseEnvProxy | ||
| ? new EnvHttpProxyAgent({ connect, proxyTls: connect }) | ||
| : new Agent({ connect }); |
Contributor
There was a problem hiding this comment.
connect and proxyTls share the same object reference
The established pattern throughout this file (see resolveTelegramDispatcherPolicy and createTelegramDispatcher) always passes independent copies of the connect options to connect and proxyTls:
connect: { ...connect }, proxyTls: { ...connect }Here, both fields receive the same object reference. If EnvHttpProxyAgent ever mutates the options object during construction or request dispatch (e.g., to normalise or cache a field), mutations through one reference would silently affect the other. Align with the existing pattern:
Suggested change
| fallbackIpDispatcher = stickyShouldUseEnvProxy | |
| ? new EnvHttpProxyAgent({ connect, proxyTls: connect }) | |
| : new Agent({ connect }); | |
| fallbackIpDispatcher = stickyShouldUseEnvProxy | |
| ? new EnvHttpProxyAgent({ connect: { ...connect }, proxyTls: { ...connect } }) | |
| : new Agent({ connect }); |
Prompt To Fix With AI
This is a comment left during a code review.
Path: extensions/telegram/src/fetch.ts
Line: 527-529
Comment:
**`connect` and `proxyTls` share the same object reference**
The established pattern throughout this file (see `resolveTelegramDispatcherPolicy` and `createTelegramDispatcher`) always passes independent copies of the connect options to `connect` and `proxyTls`:
```ts
connect: { ...connect }, proxyTls: { ...connect }
```
Here, both fields receive the same object reference. If `EnvHttpProxyAgent` ever mutates the options object during construction or request dispatch (e.g., to normalise or cache a field), mutations through one reference would silently affect the other. Align with the existing pattern:
```suggestion
fallbackIpDispatcher = stickyShouldUseEnvProxy
? new EnvHttpProxyAgent({ connect: { ...connect }, proxyTls: { ...connect } })
: new Agent({ connect });
```
How can I resolve this? If you propose a fix, please make it concise.
Cypherm
force-pushed
the
fix/telegram-ip-fallback
branch
from
29a3d59 to
c040a6f
Compare
Cypherm
force-pushed
the
fix/telegram-ip-fallback
branch
from
c040a6f to
065548d
Compare
Contributor
|
Superseded by #49148. I kept the same fallback goal, but rewrote it as one ordered transport retry chain shared by normal Telegram API calls and media downloads, instead of adding another special-case branch inside |
Contributor
|
Closing as duplicate; this was superseded by #49148. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When
api.telegram.orgDNS resolves to an IP that is unreachable from certain ISPs (confirmed: Taiwan/HiNet), the bot enters a permanent failure loop — default fetch times out, IPv4-only retry also times out (same bad IP), polling restarts, repeat forever.This PR adds a third fallback tier to the existing retry chain in
resolveTelegramTransport():connect.lookup) → successThe fallback uses the same technique as
curl --resolve: connects to an alternative IP (149.154.167.220) while TLS validates againstapi.telegram.orgvia SNI. This is fully transparent — no config changes, no user intervention.Key properties
NO_PROXYbypass and env proxy settingsVerification
Tested by simulating DNS failure via
/etc/hostspointingapi.telegram.orgto an unreachable IP (192.0.2.1):Also verified that all three DNS resolvers (system, Google 8.8.8.8, Cloudflare 1.1.1.1) return the same IP for
api.telegram.org, confirming that DNS-level fallback would not help — direct IP pinning is the correct approach.Relates to #45372, #28835
Test plan
fetch.test.tstests pass (18 pre-existing failures unrelated to this change, 2 passing — confirmed identical with and without patch)pnpm format:check)pnpm tsgo— no new errors)/etc/hostsoverride to unreachable IP → fallback recovers automatically🤖 Generated with Claude Code
Co-Authored-By: Claude Opus 4.6 [email protected]