Re: Default value of net.ipv6.bindv6only should revert to 0
Am Montag 12 April 2010 23:25:16 schrieb Russ Allbery:
> Adam Borowski <email@example.com> writes:
> > Instead of listening on a single socket, you need to change every single
> > daemon to include a select() loop. That's explicitely allowed by all
> > relevant RFCs and by POSIX, so breaking that is quite a regression.
> Yeah, I understand why POSIX made the choice that they did. I just think
> it's a bad tradeoff.
It's a trade-off with a different goal in mind. So what. Both settings of
bindv6only are if you cannot assume standard behaviour. Maybe we should patch
this option _out_ of the linux kernel to get rid of the assumption that the
default may be changed.
> BTW, I've not tried this myself: does someone know what happens if a
> daemon called from an inetd equivalent calls getpeername() on a socket
> bound by an IPv6-aware inetd using mapped addresses? For IPv4
> connections, does it get back an IPv4 address or an IPv6 mapped address?
> Do the inetd implementations currently in Debian separately bind IPv4 and
> IPv6 sockets, or do they use mapped addresses?
Read about IPV6_ADDRFORM in ipv6(7). Use it. Change back to the default and
forget about this discussion how hard it is to convert addresses to AF_INET
style, so ACLs do match. Enjoy life :)