Re: Bindv6only once again

To: debian-devel@lists.debian.org
Subject: Re: Bindv6only once again
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Wed, 30 Jun 2010 19:09:35 -0300
Message-id: <[🔎] 20100630220935.GE30971@khazad-dum.debian.net>
In-reply-to: <[🔎] 7ibpasjl9r.fsf@lanthane.pps.jussieu.fr>
References: <[🔎] 87ocfhw28p.fsf@pirx.pps.jussieu.fr> <[🔎] 20100613080909.GA15068@upsilon.cc> <[🔎] m3d3vvz5fj.fsf@neo.luffy.cx> <[🔎] slrni197g4.rvp.nospam@sshway.ssh.pusling.com> <[🔎] 20100614063558.GB28689@bongo.bofh.it> <[🔎] AANLkTimsxDl3Ekus_5fsmma0pFrRAVlF6UG5B3vrWuTr@mail.gmail.com> <[🔎] 20100630202310.GB30971@khazad-dum.debian.net> <[🔎] 7ibpasjl9r.fsf@lanthane.pps.jussieu.fr>

(cc's dropped, sorry, I was in "kernel" ML netiquete mode).

On Wed, 30 Jun 2010, Juliusz Chroboczek wrote:
> Henrique de Moraes Holschuh:
> > one probably has to mess with /etc/gai.conf
> [...]
> > On a dual stack box and any application that does NOT work in ipv6only=1
> > mode, you likely have to firewall/ACL off IPv4, IPv6, IPv4-mapped-in-IPv6
> > ([::ffff:a.b.c.d]) and IPv6-compatible-IPv4 ([::a.b.c.d]).  Icky.
> 
> I suspect you don't really don't know what you're speaking about.

Maybe.

> With bindv6only=0, a v6 socket bound to :: will not accept v4
> connections, full stop.  With bindv6only=0, connecting a v6 socket to
> a v4-mapped address will not work, full stop.

Well:

http://www.mail-archive.com/debian-devel@lists.debian.org/msg277726.html

says: "When net.ipv6.bindv6only is set to 0, an application binding an
AF_INET6 listening socket to "any" will receive on the same socket IPv4
connections as well, with the endpoint addresses converted in the form
::ffff:1.2.3.4[1]."

So, which one is correct?

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

Follow-Ups:
- Re: Bindv6only once again
  - From: Juliusz Chroboczek <Juliusz.Chroboczek@pps.jussieu.fr>

References:
- Bindv6only once again
  - From: Juliusz Chroboczek <jch@pps.jussieu.fr>
- Re: Bindv6only once again
  - From: Stefano Zacchiroli <zack@debian.org>
- Re: Bindv6only once again
  - From: Vincent Bernat <bernat@debian.org>
- Re: Bindv6only once again
  - From: Sune Vuorela <nospam@vuorela.dk>
- Re: Bindv6only once again
  - From: md@Linux.IT (Marco d'Itri)
- Re: Bindv6only once again
  - From: Brian May <brian@microcomaustralia.com.au>
- Re: Bindv6only once again
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Bindv6only once again
  - From: Juliusz Chroboczek <Juliusz.Chroboczek@pps.jussieu.fr>

Prev by Date: Re: Bindv6only once again
Next by Date: Re: Bindv6only once again
Previous by thread: Re: Bindv6only once again
Next by thread: Re: Bindv6only once again
Index(es):
- Date
- Thread