Why is it that suddenly everyone is an expert in double-stack programming?
Brian May:
>> For me, bindv6only=0 seems like an ugly hack designed to make existing
>> applications work without change.
Bindv6only=0 is a way to allow servers to be written to listen to just
one socket, which allows making blocking accept calls. With bindv6only=1,
you need to listen on two sockets simultaneously, which
requires some mildly more complex code (either forking or calling
select/poll.)
(Yes, I know about setsockopt(IPV6_V6ONLY), and I use it whenever
possible, but that's not portable.)
Henrique de Moraes Holschuh:
> one probably has to mess with /etc/gai.conf
[...]
> On a dual stack box and any application that does NOT work in ipv6only=1
> mode, you likely have to firewall/ACL off IPv4, IPv6, IPv4-mapped-in-IPv6
> ([::ffff:a.b.c.d]) and IPv6-compatible-IPv4 ([::a.b.c.d]). Icky.
I suspect you don't really don't know what you're speaking about.
With bindv6only=0, a v6 socket bound to :: will not accept v4
connections, full stop. With bindv6only=0, connecting a v6 socket to
a v4-mapped address will not work, full stop.
No amount of tweaking /etc/gai.conf, no amount of firewalling will
change the above facts.
Juliusz
Attachment:
pgp4__MhIBDn3.pgp
Description: PGP signature