ipv6 revision dafcb997e390efa4423883dafd100c975c4095d6
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnCopyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnCopyright (C) 2000, 2001 Internet Software Consortium.
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnSee COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbn
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnCurrently, there are multiple interesting problems with ipv6
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnimplementations on various platforms. These problems range from not
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnbeing able to use ipv6 with bind9 (or in particular the ISC socket
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnlibrary, contained in libisc) to listen-on lists not being respected,
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnto strange warnings but seemingly correct behavior of named.
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbn
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnCOMPILE-TIME ISSUES
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbn-------------------
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbn
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnThe socket library requires a certain level of support from the
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnoperating system. In particular, it must follow the advanced ipv6
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnsocket API to be usable. The systems which do not follow this will
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbncurrently not get any warnings or errors, but ipv6 will simply not
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnfunction on them.
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbn
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnThese systems currently include, but are not limited to:
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbn
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbn AIX 3.4 (with ipv6 patches)
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbn
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbn
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnRUN-TIME ISSUES
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbn---------------
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbn
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnIn the original drafts of the ipv6 RFC documents, binding an ipv6
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnsocket to the ipv6 wildcard address would also cause the socket to
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnaccept ipv4 connections and datagrams. When an ipv4 packet is
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnreceived on these systems, it is mapped into an ipv6 address. For
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnexample, 1.2.3.4 would be mapped into ffff::1.2.3.4. The intent of
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnthis mapping was to make transition from an ipv4-only application into
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnipv6 easier, by only requiring one socket to be open on a given port.
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbn
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnLater, it was discovered that this was generally a bad idea. For one,
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnmany firewalls will block connection to 1.2.3.4, but will let through
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnffff::1.2.3.4. This, of course, is bad. Also, access control lists
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnwritten to accept only ipv4 addresses were suddenly ignored unless
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnthey were rewritten to handle the ipv6 mapped addresses as well.
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbn
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnIn bind9, we always bind to the ipv6 wildcard port for both TCP and
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnUDP, and specific addresses for ipv4 sockets. This causes some
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbninteresting behavior depending on the system implementation of ipv6.
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbn
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbn
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnIPV6 Sockets Accept IPV4, Specific IPV4 Addresses Bindings Fail
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbn---------------------------------------------------------------
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbn
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbnThe only OS which seems to do this is linux. If an ipv6 socket is
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbnbound to the ipv6 wildcard socket, and a specific ipv4 socket is
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbnlater bound (say, to 1.2.3.4 port 53) the ipv4 binding will fail.
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbn
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnWhat this means to bind9 is that the application will log warnings
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnabout being unable to bind to a socket because the address is already
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnin use. Since the ipv6 socket will accept ipv4 packets and map them,
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnhowever, the ipv4 addresses continue to function.
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbn
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbnThe effect is that the config file listen-on directive will not be
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnrespected on these systems.
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbn
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbn
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbnIPV6 Sockets Accept IPV4, Specific IPV4 Address Bindings Succeed
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbn----------------------------------------------------------------
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbn
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbnIn this case, the system allows opening an ipv6 wildcard address
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnsocket and then binding to a more specific ipv4 address later. An
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnexample of this type of system is Digital Unix with ipv6 patches
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnapplied.
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbn
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnWhat this means to bind9 is that the application will respect
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnlisten-on in regards to ipv4 sockets, but it will use mapped ipv6
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbnaddresses for any that do not match the listen-on list. This, in
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbneffect, makes listen-on useless for these machines as well.
02c4d6938a2dabd07ed0dd6c6e40eee913ca4476shankar_mbn
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbn
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbnIPV6 Sockets Do Not Accept IPV4
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbn-------------------------------
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbn
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbnOn these systems, opening an IPV6 socket does not implicitly open any
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbnipv4 sockets. An example of these systems are NetBSD-current with the
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbnlatest KAME patch, and other systems which use the latest KAME patches
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbnas their ipv6 implementation.
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbn
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbnOn these systems, listen-on is fully functional, as the ipv6 socket
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbnonly accepts ipv6 packets, and the ipv4 sockets will handle the ipv4
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbnpackets.
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbn
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbn
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbnRELEVANT RFCs
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbn-------------
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbn
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbn2373: IP Version 6 Addressing Architecture
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbn
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbn2553: Basic Socket Interface Extensions for IPv6
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbn
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbndraft-ietf-ipngwg-rfc2292bis-01: Advanced Sockets API for IPv6 (draft)
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbn
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbn
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbn$Id: ipv6,v 1.6 2004/03/05 05:04:53 marka Exp $
9def8137e705ec92bc3a2881a8457795c860fdb1shankar_mbn