Re: Default value of net.ipv6.bindv6only should revert to 0
Am Montag 12 April 2010 18:19:08 schrieb Marco d'Itri:
> On Apr 12, Salvo Tomaselli <firstname.lastname@example.org> wrote:
> > > If a kernel without IPv6 support is used then e.g. an ACL will contain
> > > plain IPv4 addresses as expected, but when a kernel with IPv6 support
> > > is installed in your scenario then that ACL will not work anymore
> > > (without special code) because now the IPv4 addresses would need to be
> > > converted to v6-mapped addresses.
> > 1 - In a kernel without IPv6 support, trying to accept IPv6 connections
> > will simply fail, so for the server program to work without it, it is
> > safe to
> You keep missing the point. Let me try with shorter sentences, if you
> still do not get it maybe I can try a puppets show.
> Root configures daemon on IPv4-only system.
> Daemon can only bind to 0.0.0.0.
So it opens an AF_INET socket because using an AF_INET6 would fail.
> Configuration works.
> IPv6 is enabled.
> Daemon now can bind to ::.
No, AF_INET socket cannot bind to ::, only AF_INET6 sockets can. So you assume
a program to try AF_INET6 first, then additionally AF_INET.
> Daemon accepts IPv4 connection on the IPv6 socket.
> Configuration broken.
So you try to fix some broken programs but asking other programs that assume
the documented default to be fixed, instead? That really makes sense :-/
A socket option must be used for those programs that may fail with the default
of bindv6only=1 because they use both AF_INET6 and AF_INET for the same port.
However, your example above then just fails for the opposite case of
bindv6only=0 and can by using the socket option correctly.
Why exactly makes that bindv6only=1 a good choice?