tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Disabling IPV6_V6ONLY a bad idea?

On Fri, Apr 20, 2012 at 01:25:33AM +0200, Joerg Sonnenberger wrote:
> On Fri, Apr 20, 2012 at 01:16:23AM +0200, Jan Danielsson wrote:
> >    Should I be worried about disabling IPV6_V6ONLY on a socket?
> Not necessarily. Basically, as long as you don't do address based access
> control, it is perfectly fine to disable it. This includes issues like
> "only connections from localhost are allowed".

You can do 'address based access control' with it enabled - provided that
the software understands that it will see IPv4 addresses embedded
inside IPv6 ones.

There is also the problem of binding listeners to specific local
addresses - where the driver has to DTRT when an IPv6 mapped IPv4
address bind is attempted (ie not generate another method of intercepting
inward calls).
This is relatively easy provided there is a single TCP/IP stack
that supports both IPv4 and IPv6 - but rather more difficult for
some early implementations of IPv6.

Disabling IPV6_ONLY makes it a lot simpler to listen for inward
calls on both IPv4 and IPv6 since only a single socket is needed.


David Laight:

Home | Main Index | Thread Index | Old Index