[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: comment on v4mapped-api-harmful
On Mon, 18 Nov 2002 itojun@iijlab.net wrote:
> >I think you're also assuming:
> > - when the system headers/libs support IPV6_V6ONLY, the kernel also
> >supports it
>
> i consider such system totally broken. header has to have items
> that is supported by kernel, period.
This is is an easy consideration, but it just doesn't hold, e.g. in two
cases:
1) incremental OS upgrades ("to upgrade X, you must also upgrade Y
immediately and reboot or else hell breaks loose"), or
2) libc and kernel managed by different people (eg. linux, possibly
others)
YMMV.
> >if your lib supports IPV6_V6ONLY (or, rather, the version where the
> >program compiled with) but kernel doesn't, I believe this will end up
> >listening to AF_INET only.
> >Seems like a pretty nasty change of behaviour (== DoS) to me.
>
> we could ignore setsockopt() error and continue on, but if we do so,
> on certain stacks AF_INET/INET6 port number conflict happens on
> some of the platforms.
Exactly.. which is why some form of more reliable indicator of the system
support would be nice.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords