From: Brian Haley <brian.haley@hp.com>
To: David Woodhouse <dwmw2@infradead.org>
Cc: netdev@vger.kernel.org, "Yuniverg,
Michael" <michael.yuniverg@intel.com>,
"Yedvab, Nadav" <nadav.yedvab@intel.com>
Subject: Re: SO_BINDTODEVICE inconsistency between IPv4 and IPv6
Date: Thu, 17 Mar 2011 21:26:51 -0400 [thread overview]
Message-ID: <4D82B4DB.2060006@hp.com> (raw)
In-Reply-To: <1300357750.2589.46.camel@macbook.infradead.org>
On 03/17/2011 06:29 AM, David Woodhouse wrote:
> We've discovered strange behaviour when we listen on in6addr_any and use
> SO_BINDTODEVICE to bind to the lo device.
>
> We can connect to any IPv4 address that is local to the machine, on any
> interface. (This is true whether we listen on AF_INET6/in6addr_any and
> accept IPv4 connections on the IPv6 socket, or whether we just listen on
> AF_INET/INADDR_ANY).
>
> The IPv6 behaviour is different — the only IPv6 address that we can
> connect to is ::1.
>
> See attached test case, which listens with SO_BINDTODEVICE as described.
> Note that it needs to be run as root because SO_BINDTODEVICE is a
> privileged operation.
>
> Why this difference? Ideally, we want the Legacy IP behaviour to happen
> for IPv6 too; we want local clients to be able to connect to *any* local
> IP address to talk to our service, but we don't want to accept
> connections from the outside.
>
<snip>
> telnet> close
> Connection closed.
> [root@macbook dwmw2]# telnet 2001:8b0:10b:1:216:eaff:fe05:bbb8 9999
> Trying 2001:8b0:10b:1:216:eaff:fe05:bbb8...
> telnet: connect to address 2001:8b0:10b:1:216:eaff:fe05:bbb8: Connection refused
> telnet: Unable to connect to remote host: Connection refused
Hmm, "connection refused", do you have any iptables rules installed? Connecting
to a local global address worked fine for me on 2.6.32-30 using a home-grown
test app.
BTW, the one difference you will see with this is that trying to connect to
a link-local won't work without specifying a scope (like an interface), so
that is different than IPv4.
-Brian
next prev parent reply other threads:[~2011-03-18 1:26 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-17 10:29 SO_BINDTODEVICE inconsistency between IPv4 and IPv6 David Woodhouse
2011-03-18 1:26 ` Brian Haley [this message]
2011-03-18 8:54 ` David Woodhouse
2011-03-18 14:31 ` Brian Haley
2011-05-27 23:07 ` David Woodhouse
2011-06-07 12:55 ` Yuniverg, Michael
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D82B4DB.2060006@hp.com \
--to=brian.haley@hp.com \
--cc=dwmw2@infradead.org \
--cc=michael.yuniverg@intel.com \
--cc=nadav.yedvab@intel.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.