From: Stanislav Fomichev <stfomichev@gmail.com>
To: David Woodhouse <dwmw2@infradead.org>
Cc: Saeed Mahameed <saeedm@nvidia.com>,
Leon Romanovsky <leon@kernel.org>,
Tariq Toukan <tariqt@nvidia.com>, Mark Bloch <mbloch@nvidia.com>,
Andrew Lunn <andrew+netdev@lunn.ch>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Simon Horman <horms@kernel.org>,
Nikolay Aleksandrov <razor@blackwall.org>,
Ido Schimmel <idosch@nvidia.com>,
Martin KaFai Lau <martin.lau@linux.dev>,
Daniel Borkmann <daniel@iogearbox.net>,
John Fastabend <john.fastabend@gmail.com>,
Stanislav Fomichev <sdf@fomichev.me>,
Alexei Starovoitov <ast@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>,
Eduard Zingerman <eddyz87@gmail.com>, Song Liu <song@kernel.org>,
Yonghong Song <yonghong.song@linux.dev>,
KP Singh <kpsingh@kernel.org>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>,
Kuniyuki Iwashima <kuniyu@google.com>,
Willem de Bruijn <willemb@google.com>,
David Ahern <dsahern@kernel.org>,
Neal Cardwell <ncardwell@google.com>,
Johannes Berg <johannes@sipsolutions.net>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Florian Westphal <fw@strlen.de>, Phil Sutter <phil@nwl.cc>,
Guillaume Nault <gnault@redhat.com>,
David Woodhouse <dwmw@amazon.co.uk>, Kees Cook <kees@kernel.org>,
Alexei Lazar <alazar@nvidia.com>, Gal Pressman <gal@nvidia.com>,
Paul Moore <paul@paul-moore.com>,
netdev@vger.kernel.org, linux-rdma@vger.kernel.org,
linux-kernel@vger.kernel.org, oss-drivers@corigine.com,
bridge@lists.linux.dev, bpf@vger.kernel.org,
linux-wireless@vger.kernel.org, netfilter-devel@vger.kernel.org,
coreteam@netfilter.org, torvalds@linux-foundation.org,
jon.maddog.hall@gmail.com
Subject: Re: [PATCH 6/6] net: Warn when processes listen on AF_INET sockets
Date: Wed, 1 Apr 2026 09:20:58 -0700 [thread overview]
Message-ID: <ac1F6hIHcoZo-soO@mini-arch> (raw)
In-Reply-To: <20260401074509.1897527-7-dwmw2@infradead.org>
On 04/01, David Woodhouse wrote:
> From: David Woodhouse <dwmw@amazon.co.uk>
>
> There is no need to listen on AF_INET sockets; a modern application can
> listen on IPv6 (without IPV6_V6ONLY) and will accept connections from
> the 20th century via IPv4-mapped addresses (::ffff:x.x.x.x) on the IPv6
> socket.
>
> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
> ---
> net/ipv4/af_inet.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
> index dc358faa1647..3838782a8437 100644
> --- a/net/ipv4/af_inet.c
> +++ b/net/ipv4/af_inet.c
> @@ -240,6 +240,9 @@ int inet_listen(struct socket *sock, int backlog)
> struct sock *sk = sock->sk;
> int err = -EINVAL;
>
> + pr_warn_once("process '%s' (pid %d) is listening on an AF_INET socket. Consider using AF_INET6 with IPV6_V6ONLY=0 instead.\n",
> + current->comm, task_pid_nr(current));
> +
> lock_sock(sk);
>
> if (sock->state != SS_UNCONNECTED || sock->type != SOCK_STREAM)
> --
> 2.51.0
>
Does this also need to look at the proto? inet6_stream_ops seem to be
using inet_listen as well.
const struct proto_ops inet6_stream_ops = {
.family = PF_INET6,
.owner = THIS_MODULE,
.release = inet6_release,
.bind = inet6_bind,
.connect = inet_stream_connect, /* ok */
.socketpair = sock_no_socketpair, /* a do nothing */
.accept = inet_accept, /* ok */
.getname = inet6_getname,
.poll = tcp_poll, /* ok */
.ioctl = inet6_ioctl, /* must change */
.gettstamp = sock_gettstamp,
.listen = inet_listen, /* ok */
next prev parent reply other threads:[~2026-04-01 16:21 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-01 7:44 [PATCH 0/6] Deprecate Legacy IP David Woodhouse
2026-04-01 7:44 ` [PATCH 1/6] net: Simplify tautological CONFIG_INET/CONFIG_IPV6 guards David Woodhouse
2026-04-01 7:44 ` [PATCH 2/6] net: Add CONFIG_LEGACY_IP option David Woodhouse
2026-04-01 9:01 ` bot+bpf-ci
2026-04-01 7:44 ` [PATCH 3/6] net: Guard Legacy IP entry points with CONFIG_LEGACY_IP David Woodhouse
2026-04-01 9:14 ` Eric Dumazet
2026-04-01 9:34 ` David Woodhouse
2026-04-01 9:38 ` bot+bpf-ci
2026-04-01 7:44 ` [PATCH 4/6] net: Make IPv4-only Kconfig options depend on LEGACY_IP David Woodhouse
2026-04-01 8:36 ` bot+bpf-ci
2026-04-01 7:44 ` [PATCH 5/6] net: Change CONFIG_INET to CONFIG_LEGACY_IP for IPv4-only code David Woodhouse
2026-04-01 9:01 ` bot+bpf-ci
2026-04-01 7:44 ` [PATCH 6/6] net: Warn when processes listen on AF_INET sockets David Woodhouse
2026-04-01 9:11 ` Eric Dumazet
2026-04-01 9:28 ` David Woodhouse
2026-04-01 15:06 ` Stephen Hemminger
2026-04-01 16:25 ` Linus Torvalds
2026-04-02 0:20 ` Jakub Kicinski
2026-04-01 9:26 ` bot+bpf-ci
2026-04-01 16:20 ` Stanislav Fomichev [this message]
2026-04-01 8:07 ` [PATCH 0/6] Deprecate Legacy IP Fernando Fernandez Mancera
2026-04-01 8:25 ` David Woodhouse
2026-04-02 20:27 ` Mauro Carvalho Chehab
2026-04-01 16:35 ` Bjoern A. Zeeb
2026-04-02 0:24 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ac1F6hIHcoZo-soO@mini-arch \
--to=stfomichev@gmail.com \
--cc=alazar@nvidia.com \
--cc=andrew+netdev@lunn.ch \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=bridge@lists.linux.dev \
--cc=coreteam@netfilter.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=dwmw2@infradead.org \
--cc=dwmw@amazon.co.uk \
--cc=eddyz87@gmail.com \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=gal@nvidia.com \
--cc=gnault@redhat.com \
--cc=haoluo@google.com \
--cc=horms@kernel.org \
--cc=idosch@nvidia.com \
--cc=johannes@sipsolutions.net \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=jon.maddog.hall@gmail.com \
--cc=kees@kernel.org \
--cc=kpsingh@kernel.org \
--cc=kuba@kernel.org \
--cc=kuniyu@google.com \
--cc=leon@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=mbloch@nvidia.com \
--cc=ncardwell@google.com \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=oss-drivers@corigine.com \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=paul@paul-moore.com \
--cc=phil@nwl.cc \
--cc=razor@blackwall.org \
--cc=saeedm@nvidia.com \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=tariqt@nvidia.com \
--cc=torvalds@linux-foundation.org \
--cc=willemb@google.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.