[erlang-questions] IPV6_V6ONLY

Per Hedeland per@REDACTED
Tue Aug 24 17:20:00 CEST 2010


Raimo Niskanen <raimo+erlang-questions@REDACTED> wrote:
>
>It seems the situation has changed since Stevens' Unix Network Programming
>- The Sockets Networking API, third edition. There it seems one of the strong
>points of a IPv6 socket is that it accepts IPv4 connections _unless_ the
>IPV6_V6ONLY socket option is set.

Yes, it sounds nice in theory, but practice seems to be another thing.

>Where can these network community discussions be followed where
>can one find a motivation to why FreeBSD has diverged from Stevens' book
>(if that is the case)...

The *BSD family did indeed start out with the "map by default" logic,
but reverted their default some years back (for FreeBSD I believe it was
with 5.0). I haven't found any significant discussion *preceding* the
FreeBSD change (nor even explicit mention of it in release notes), but
from references after-the-fact in mailing lists etc it seems to have
been primarily security-motivated, boiling down to the fact that the
application cannot differentiate between "real" IPv4 connections that
are mapped by the stack, and connections that use mapped addresses on
the wire. Frequently referenced are:

http://tools.ietf.org/html/draft-cmetz-v6ops-v4mapped-api-harmful-00

http://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02

(arguing for opposite fixes to the problem:-). Google also turned up

http://books.google.se/books?id=JYhA5uqOxIAC&printsec=frontcover#v=snippet&q=ipv4-mapped&f=false

Personally I also see usability issues, e.g.:

- Having "real" IPv4 connections show up in the mapped form in status
info and logs is confusing/misleading.

- Server applications typically allow for configuration of (multiple)
addresses to listen on - if you want to configure specific addresses,
the stack-mapping can't come into play, and you always need to configure
IPv4 and IPv6 separately (and the application needs to use separate
sockets). But if you want to configure a wildcard, you should configure
*only* IPv6 (and the appearance of IPv4 connections changes per above).
And it's not even possible (without extra config options) to configure
"wildcard but only IPv6". Inconsistent/confusing.

>> Since one strong point of Erlang/OTP is to as far as possible isolate
>> the Erlang programmer from these annoying differences between OSes,
>> could it be considered to make inet_drv always apply IPV6_V6ONLY (if it
>> exists) for IPv6 sockets?
>
>Since Linux (and previously Solaris) are the chief platforms for Erlang/OTP
>I would prefer trying to always get the Linux behaviour, if possible.

I guess you have a point, even though I think it's the wrong choice.:-)

--Per


More information about the erlang-questions mailing list