[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comment on v4mapped-api-harmful



>I think you're also assuming:
> - when the system headers/libs support IPV6_V6ONLY, the kernel also 
>supports it

	i consider such system totally broken.  header has to have items
	that is supported by kernel, period.

>> #ifdef IPV6_V6ONLY
>> 		if (res->ai_family == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
>> 		    IPV6_V6ONLY, &on, sizeof(on)) < 0) {
>> 			close(s);
>> 			continue;
>> 		}
>> #endif
>> 		if (bind(s, res->ai_addr, res->ai_addrlen) < 0) {
>> 			close(s);
>> 			continue;
>if your lib supports IPV6_V6ONLY (or, rather, the version where the
>program compiled with) but kernel doesn't, I believe this will end up
>listening to AF_INET only.
>Seems like a pretty nasty change of behaviour (== DoS) to me.

	we could ignore setsockopt() error and continue on, but if we do so,
	on certain stacks AF_INET/INET6 port number conflict happens on
	some of the platforms.

itojun