ipv6 revision 499b34cea04a46823d003d4c0520c8b03e8513cb
499b34cea04a46823d003d4c0520c8b03e8513cbBrian WellingtonCopyright (C) 2000, 2001 Internet Software Consortium.
816e576f77e2c46df3e3d97d65822aa8aded7c4bDavid LawrenceSee COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffCurrently, there are multiple interesting problems with ipv6
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffimplementations on various platforms. These problems range from not
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffbeing able to use ipv6 with bind9 (or in particular the ISC socket
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Grafflibrary, contained in libisc) to listen-on lists not being respected,
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffto strange warnings but seemingly correct behavior of named.
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffCOMPILE-TIME ISSUES
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graff-------------------
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffThe socket library requires a certain level of support from the
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffoperating system. In particular, it must follow the advanced ipv6
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffsocket API to be usable. The systems which do not follow this will
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffcurrently not get any warnings or errors, but ipv6 will simply not
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Grafffunction on them.
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffThese systems currently include, but are not limited to:
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graff AIX 3.4 (with ipv6 patches)
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffRUN-TIME ISSUES
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graff---------------
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffIn the original drafts of the ipv6 RFC documents, binding an ipv6
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffsocket to the ipv6 wildcard address would also cause the socket to
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffaccept ipv4 connections and datagrams. When an ipv4 packet is
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffreceived on these systems, it is mapped into an ipv6 address. For
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffexample, 1.2.3.4 would be mapped into ffff::1.2.3.4. The intent of
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffthis mapping was to make transition from an ipv4-only application into
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffipv6 easier, by only requiring one socket to be open on a given port.
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffLater, it was discovered that this was generally a bad idea. For one,
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffmany firewalls will block connection to 1.2.3.4, but will let through
9023c42352944fd58ae14d961b60c46cd246ed25Andreas Gustafssonffff::1.2.3.4. This, of course, is bad. Also, access control lists
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffwritten to accept only ipv4 addresses were suddenly ignored unless
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffthey were rewritten to handle the ipv6 mapped addresses as well.
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffIn bind9, we always bind to the ipv6 wildcard port for both TCP and
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffUDP, and specific addresses for ipv4 sockets. This causes some
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffinteresting behavior depending on the system implementation of ipv6.
9023c42352944fd58ae14d961b60c46cd246ed25Andreas GustafssonIPV6 Sockets Accept IPV4, Specific IPV4 Addresses Bindings Fail
9023c42352944fd58ae14d961b60c46cd246ed25Andreas Gustafsson---------------------------------------------------------------
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffThe only OS which seems to do this is linux. If an ipv6 socket is
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffbound to the ipv6 wildcard socket, and a specific ipv4 socket is
9023c42352944fd58ae14d961b60c46cd246ed25Andreas Gustafssonlater bound (say, to 1.2.3.4 port 53) the ipv4 binding will fail.
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffWhat this means to bind9 is that the application will log warnings
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffabout being unable to bind to a socket because the address is already
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffin use. Since the ipv6 socket will accept ipv4 packets and map them,
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffhowever, the ipv4 addresses continue to function.
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffThe effect is that the config file listen-on directive will not be
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffrespected on these systems.
9023c42352944fd58ae14d961b60c46cd246ed25Andreas GustafssonIPV6 Sockets Accept IPV4, Specific IPV4 Address Bindings Succeed
9023c42352944fd58ae14d961b60c46cd246ed25Andreas Gustafsson----------------------------------------------------------------
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffIn this case, the system allows opening an ipv6 wildcard address
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffsocket and then binding to a more specific ipv4 address later. An
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffexample of this type of system is Digital Unix with ipv6 patches
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffWhat this means to bind9 is that the application will respect
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Grafflisten-on in regards to ipv4 sockets, but it will use mapped ipv6
9023c42352944fd58ae14d961b60c46cd246ed25Andreas Gustafssonaddresses for any that do not match the listen-on list. This, in
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffeffect, makes listen-on useless for these machines as well.
9023c42352944fd58ae14d961b60c46cd246ed25Andreas GustafssonIPV6 Sockets Do Not Accept IPV4
9023c42352944fd58ae14d961b60c46cd246ed25Andreas Gustafsson-------------------------------
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffOn these systems, opening an IPV6 socket does not implicitly open any
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffipv4 sockets. An example of these systems are NetBSD-current with the
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Grafflatest KAME patch, and other systems which use the latest KAME patches
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffas their ipv6 implementation.
9023c42352944fd58ae14d961b60c46cd246ed25Andreas GustafssonOn these systems, listen-on is fully functional, as the ipv6 socket
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffonly accepts ipv6 packets, and the ipv4 sockets will handle the ipv4
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graff2373: IP Version 6 Addressing Architecture
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graff2553: Basic Socket Interface Extensions for IPv6
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffdraft-ietf-ipngwg-rfc2292bis-01: Advanced Sockets API for IPv6 (draft)
499b34cea04a46823d003d4c0520c8b03e8513cbBrian Wellington$Id: ipv6,v 1.5 2001/01/09 21:50:27 bwelling Exp $