Control: severity -1 minor Control: retitle -1 Clarify -4 and -6 flags in the manpage
Hi,
On Tue, 05 Feb 2019 at 16:06:49 +0000, Nick wrote:
> The man page for nc(1) says the -4 or -6 switch forces ipv4 or ipv6
> only, respectively. This suggests that using neither switch enables
> both.
netcat.openbsd won't listed on multiple addresses at the same time. The
‘-4’ and ‘-6’ flags only affect address resolution: they respectively
set ‘ai_family’ to AF_INET and AF_INET6 in getaddrinfo(3)'s ‘hints’
argument.
> | Server/Client | nc -4 127.0.0.1 4321 | nc -6 ::1 4321 |
> |---------------+----------------------+----------------|
> | nc -lkv 4321 | yes | no* |
$ strace -e trace=bind nc -l 4321 </dev/null
bind(3, {sa_family=AF_INET, sin_port=htons(4321),
sin_addr=inet_addr("0.0.0.0")}, 16) = 0
When no hostname is specified it makes sense to assume INADDR_ANY rather
than in6addr_any, both for historic reasons and because v4 is still more
widely deployed.
On Linux ≥2.6 I suppose we could instead bind to in6addr_any and unset
the IPV6_V6ONLY socket option.
> | nc -6lkv 4321 | yes* | yes |
> |---------------+----------------------+----------------|
$ strace -e trace=bind nc -6l 4321 </dev/null
bind(3, {sa_family=AF_INET6, sin6_port=htons(4321), inet_pton(AF_INET6,
"::", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = 0
The socket can be used to communicate with an IPv4-mapped IPv6 address
(::ffff:127.0.0.1 in your case) when the ‘net.ipv6.bindv6only’ kernel
parameter is set to false (the default), cf. ipv6(7). That's why the
connection from `nc -4 127.0.0.1 4321` is accepted.
Again, on Linux ≥2.6 we could in theory set the IPV6_V6ONLY socket
option to restrict it to IPv6 packets only, but that would change
upstream's behavior and possibly introduce regressions in scripts using
`nc -6`.
Cheers,
--
Guilhem.
signature.asc
Description: PGP signature
