[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comment on v4mapped-api-harmful



On Mon, 18 Nov 2002 itojun@iijlab.net wrote:
> >I think you're also assuming:
> > - when the system headers/libs support IPV6_V6ONLY, the kernel also 
> >supports it
> 
> 	i consider such system totally broken.  header has to have items
> 	that is supported by kernel, period.

This is is an easy consideration, but it just doesn't hold, e.g. in two 
cases:
 1) incremental OS upgrades ("to upgrade X, you must also upgrade Y 
immediately and reboot or else hell breaks loose"), or
 2) libc and kernel managed by different people (eg. linux, possibly 
others)

YMMV.

> >if your lib supports IPV6_V6ONLY (or, rather, the version where the
> >program compiled with) but kernel doesn't, I believe this will end up
> >listening to AF_INET only.
> >Seems like a pretty nasty change of behaviour (== DoS) to me.
> 
> 	we could ignore setsockopt() error and continue on, but if we do so,
> 	on certain stacks AF_INET/INET6 port number conflict happens on
> 	some of the platforms.

Exactly.. which is why some form of more reliable indicator of the system 
support would be nice.

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords