Re: broken IPv6 code
>>>>> "Peter" == Peter Cordes <peter@llama.nslug.ns.ca> writes:
Peter> Hmm, if that's the case, then if you only bind to the
Peter> ipv6-wildcard socket, another process could bind to the
Peter> ipv4-wildcard socket on the same port and intercept the
Peter> connections you were expecting to receive. If the port is
>> 1023, then that is a real security problem.
If you are worried that an application might bind to a port (IPv6 with
IPv4 support implied) and have it taken over by an IPv4 application, I
would be surprised if this is an issue.
Peter> Just thought I'd point that out, in case not everybody had
Peter> thought of this yet :)
I similar issue is if you run a daemon and another program is already
listening for incoming connections on that port (whether IPv4 or IPv6
or whatever), then both daemons will happily run, but only one will
accept incoming connections.
Personally (although I may be uniformed), I think the Linux approach
is stupid - you can't bind to all addresses returned by getaddrinfo
without either (a) skipping IPv4 addresses or (b) ignoring the return
value from bind. Applications should not have to deal with IPv4 as a
special case.
IPv6 should be treated as a unique protocol, just like any other
protocol supported by the sockets API. If this is not possible for
reasons I don't understand, then the API should be changed so that
applications can be protocol independent (eg. getaddrinfo shouldn't
return IPv4 addresses in this case).
--
Brian May <bam@debian.org>
Reply to: