[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bindv6only once again

Why is it that suddenly everyone is an expert in double-stack programming?

Brian May:

>> For me, bindv6only=0 seems like an ugly hack designed to make existing
>> applications work without change.

Bindv6only=0 is a way to allow servers to be written to listen to just
one socket, which allows making blocking accept calls.  With bindv6only=1,
you need to listen on two sockets simultaneously, which
requires some mildly more complex code (either forking or calling

(Yes, I know about setsockopt(IPV6_V6ONLY), and I use it whenever
possible, but that's not portable.)

Henrique de Moraes Holschuh:

> one probably has to mess with /etc/gai.conf
> On a dual stack box and any application that does NOT work in ipv6only=1
> mode, you likely have to firewall/ACL off IPv4, IPv6, IPv4-mapped-in-IPv6
> ([::ffff:a.b.c.d]) and IPv6-compatible-IPv4 ([::a.b.c.d]).  Icky.

I suspect you don't really don't know what you're speaking about.

With bindv6only=0, a v6 socket bound to :: will not accept v4
connections, full stop.  With bindv6only=0, connecting a v6 socket to
a v4-mapped address will not work, full stop.

No amount of tweaking /etc/gai.conf, no amount of firewalling will
change the above facts.


Attachment: pgp4__MhIBDn3.pgp
Description: PGP signature

Reply to: