[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Disabling IPV6_V6ONLY a bad idea?
On Fri, Apr 20, 2012 at 01:25:33AM +0200, Joerg Sonnenberger wrote:
> On Fri, Apr 20, 2012 at 01:16:23AM +0200, Jan Danielsson wrote:
> > Should I be worried about disabling IPV6_V6ONLY on a socket?
> Not necessarily. Basically, as long as you don't do address based access
> control, it is perfectly fine to disable it. This includes issues like
> "only connections from localhost are allowed".
You can do 'address based access control' with it enabled - provided that
the software understands that it will see IPv4 addresses embedded
inside IPv6 ones.
There is also the problem of binding listeners to specific local
addresses - where the driver has to DTRT when an IPv6 mapped IPv4
address bind is attempted (ie not generate another method of intercepting
This is relatively easy provided there is a single TCP/IP stack
that supports both IPv4 and IPv6 - but rather more difficult for
some early implementations of IPv6.
Disabling IPV6_ONLY makes it a lot simpler to listen for inward
calls on both IPv4 and IPv6 since only a single socket is needed.
David Laight: david%l8s.co.uk@localhost
Main Index |
Thread Index |