Re: Default value of net.ipv6.bindv6only should revert to 0

[Hendrik Sattler <post@hendrik-sattler.de>]

Am Montag 12 April 2010 23:25:16 schrieb Russ Allbery:
> Adam Borowski <kilobyte@angband.pl> writes:
> > Instead of listening on a single socket, you need to change every single
> > daemon to include a select() loop.  That's explicitely allowed by all
> > relevant RFCs and by POSIX, so breaking that is quite a regression.
> 
> Yeah, I understand why POSIX made the choice that they did.  I just think
> it's a bad tradeoff. 

It's a trade-off with a different goal in mind. So what. Both settings of 
bindv6only are if you cannot assume standard behaviour. Maybe we should patch 
this option _out_ of the linux kernel to get rid of the assumption that the 
default may be changed.

> BTW, I've not tried this myself: does someone know what happens if a
> daemon called from an inetd equivalent calls getpeername() on a socket
> bound by an IPv6-aware inetd using mapped addresses?  For IPv4
> connections, does it get back an IPv4 address or an IPv6 mapped address?
> Do the inetd implementations currently in Debian separately bind IPv4 and
> IPv6 sockets, or do they use mapped addresses?

Read about IPV6_ADDRFORM in ipv6(7). Use it. Change back to the default and 
forget about this discussion how hard it is to convert addresses to AF_INET 
style, so ACLs do match. Enjoy life :)

HS