ipv6 revision 2834197ede0bfaec5b57cb1666e0c21f76408570
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark AndrewsCopyright (C) 2000 Internet Software Consortium.
dcfda24abf565c442d058cbf81b2180d847a1b3eAutomatic UpdaterSee COPYRIGHT in the source root or http://www.isc.org/copyright for terms.
6a42ab64276ff832a47e009be1208f7c7d4da22dAutomatic UpdaterCurrently, there are multiple interesting problems with ipv6
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updaterimplementations on various platforms. These problems range from not
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrewsbeing able to use ipv6 with bind9 (or in particular the ISC socket
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrewslibrary, contained in libisc) to listen-on lists not being respected,
6a42ab64276ff832a47e009be1208f7c7d4da22dAutomatic Updaterto strange warnings but seemingly correct behavior of named.
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark AndrewsCOMPILE-TIME ISSUES
6a42ab64276ff832a47e009be1208f7c7d4da22dAutomatic Updater-------------------
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark AndrewsThe socket library requires a certain level of support from the
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrewsoperating system. In particular, it must follow the advanced ipv6
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrewssocket API to be usable. The systems which do not follow this will
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrewscurrently not get any warnings or errors, but ipv6 will simply not
e839bf134fb138920d4833cf05cb8b8906787a8dAutomatic Updaterfunction on them.
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark AndrewsThese systems currently include, but are not limited to:
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews AIX 3.4 (with ipv6 patches)
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark AndrewsRUN-TIME ISSUES
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews---------------
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark AndrewsIn the original drafts of the ipv6 RFC documents, binding an ipv6
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrewssocket to the ipv6 wildcard address would also cause the socket to
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrewsaccept ipv4 connections and datagrams. When an ipv4 packet is
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrewsreceived on these systems, it is mapped into an ipv6 address. For
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrewsexample, 1.2.3.4 would be mapped into ffff::1.2.3.4. The intent of
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrewsthis mapping was to make transition from an ipv4-only application into
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrewsipv6 easier, by only requiring one socket to be open on a given port.
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark AndrewsLater, it was discovered that this was generally a bad idea. For one,
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrewsmany firewalls will block connection to 1.2.3.4, but will let through
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrewsffff::1.2.3.4. This, of course, is bad. Also, access control lists
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrewswritten to accept only ipv4 addresses were suddenly ignored unless
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrewsthey were rewritten to handle the ipv6 mapped addresses as well.
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark AndrewsIn bind9, we always bind to the ipv6 wildcard port for both TCP and
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark AndrewsUDP, and specific addresses for ipv4 sockets. This causes some
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrewsinteresting behavior depending on the system implementation of ipv6.
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark AndrewsIPV6 Sockets Accept IPV4, Specific IPV4 Addresses Bindings Fail
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews---------------------------------------------------------------
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark AndrewsThe only OS which seems to do this is linux. If an ipv6 socket is
e839bf134fb138920d4833cf05cb8b8906787a8dAutomatic Updaterbound to the ipv6 wildcard socket, and a specific ipv4 socket is
e839bf134fb138920d4833cf05cb8b8906787a8dAutomatic Updaterlater bound (say, to 1.2.3.4 port 53) the ipv4 binding will fail.
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark AndrewsWhat this means to bind9 is that the application will log warnings
e839bf134fb138920d4833cf05cb8b8906787a8dAutomatic Updaterabout being unable to bind to a socket because the address is already
922312472e2e05ebc64993d465999c5351b83036Automatic Updaterin use. Since the ipv6 socket will accept ipv4 packets and map them,
b27ce68bae92006e2ad7a9b75602c6385e529c3bAutomatic Updaterhowever, the ipv4 addresses continue to function.
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark AndrewsThe effect is that the config file listen-on directive will not be
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrewsrespected on these systems.
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark AndrewsIPV6 Sockets Accept IPV4, Specific IPV4 Address Bindings Succeed
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews----------------------------------------------------------------
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark AndrewsIn this case, the system allows opening an ipv6 wildcard address
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrewssocket and then binding to a more specific ipv4 address later. An
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrewsexample of this type of system is Digital Unix with ipv6 patches
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark AndrewsWhat this means to bind9 is that the application will respect
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrewslisten-on in regards to ipv4 sockets, but it will use mapped ipv6
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrewsaddresses for any that do not match the listen-on list. This, in
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrewseffect, makes listen-on useless for these machines as well.
0e9e255d1643375056aa9ed7fe2a279713ffae78Automatic UpdaterIPV6 Sockets Do Not Accept IPV4
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews-------------------------------
e839bf134fb138920d4833cf05cb8b8906787a8dAutomatic UpdaterOn these systems, opening an IPV6 socket does not implicitly open any
e839bf134fb138920d4833cf05cb8b8906787a8dAutomatic Updateripv4 sockets. An example of these systems are NetBSD-current with the
e839bf134fb138920d4833cf05cb8b8906787a8dAutomatic Updaterlatest KAME patch, and other systems which use the latest KAME patches
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updateras their ipv6 implementation.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic UpdaterOn these systems, listen-on is fully functional, as the ipv6 socket
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updateronly accepts ipv6 packets, and the ipv4 sockets will handle the ipv4
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater2373: IP Version 6 Addressing Architecture
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater2553: Basic Socket Interface Extensions for IPv6
795a316ec568b2470aab18b9481443966047652eAutomatic Updaterdraft-ietf-ipngwg-rfc2292bis-01: Advanced Sockets API for IPv6 (draft)
795a316ec568b2470aab18b9481443966047652eAutomatic Updater$Id: ipv6,v 1.3 2000/06/22 00:14:38 tale Exp $