Salvo Tomaselli <tipos...@tiscali.it> writes: > On Monday 12 April 2010 18:19:08 Marco d'Itri wrote:
>> You keep missing the point. Let me try with shorter sentences, if you >> still do not get it maybe I can try a puppets show. > I keep on missing the point because you keep on changing it. Try to be > coherent please. You have removed the bsd thing, did you notice? Marco is not changing the point. What Marco describes has been the objection that several of us have had with bindv6only=0 from the very beginning. He's just more persistant about continuing to repeat the same point when people keep raising the same arguments against it without apparently being familiar with the previous discussion. >> Root configures daemon on IPv4-only system. >> Daemon can only bind to 0.0.0.0. >> Configuration works. >> IPv6 is enabled. >> Daemon now can bind to ::. >> Daemon accepts IPv4 connection on the IPv6 socket. >> Configuration broken. > So we introduce bugs in kernel to workaround bugs in daemons? The way to fix the bug in the daemon is to always use IPV6_V6ONLY in the networking code because no other way of handling listening sockets with a dual stack is even remotely sane. Until the daemon is modified to either use IPV6_V6ONLY or to deal with IPv4-mapped addresses, it's going to be broken, possibly in security-sensitive ways since the incoming IP addresses won't be what it expects. (If, for instance, you've blacklisted a particular IPv4 address, suddenly that address gets through without difficulty in an unmodified daemon because it's now showing up as an IPv6 address.) So it's a question of what bug do you want to have by default: not listening to IPv4 addresses when you bind an IPv6 socket, or getting incoming IP addresses unexpectedly and strangely transformed? Java assumed you wanted the second bug. BSD picked the first bug. We have to pick one or the other. Neither choice is attractive. > Open a bugreport _IF_ you can find any real daemon with this kind of > problem. Just about every daemon I've ever seen had this problem in its original conversion to IPv6 support. I've fixed it in all of my code by using IPV6_V6ONLY as soon as I became aware of its existence. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87sk70k0a3....@windlord.stanford.edu
