Am Montag 12 April 2010 18:19:08 schrieb Marco d'Itri: > On Apr 12, Salvo Tomaselli <tipos...@tiscali.it> wrote: > > > If a kernel without IPv6 support is used then e.g. an ACL will contain > > > plain IPv4 addresses as expected, but when a kernel with IPv6 support > > > is installed in your scenario then that ACL will not work anymore > > > (without special code) because now the IPv4 addresses would need to be > > > converted to v6-mapped addresses. > > > > 1 - In a kernel without IPv6 support, trying to accept IPv6 connections > > will simply fail, so for the server program to work without it, it is > > safe to > > You keep missing the point. Let me try with shorter sentences, if you > still do not get it maybe I can try a puppets show. > > Root configures daemon on IPv4-only system. > Daemon can only bind to 0.0.0.0.
So it opens an AF_INET socket because using an AF_INET6 would fail. > Configuration works. > IPv6 is enabled. > Daemon now can bind to ::. No, AF_INET socket cannot bind to ::, only AF_INET6 sockets can. So you assume a program to try AF_INET6 first, then additionally AF_INET. > Daemon accepts IPv4 connection on the IPv6 socket. > Configuration broken. So you try to fix some broken programs but asking other programs that assume the documented default to be fixed, instead? That really makes sense :-/ A socket option must be used for those programs that may fail with the default of bindv6only=1 because they use both AF_INET6 and AF_INET for the same port. However, your example above then just fails for the opposite case of bindv6only=0 and can by using the socket option correctly. Why exactly makes that bindv6only=1 a good choice? HS -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201004121951.08997.p...@hendrik-sattler.de
