Ticket #509 (reopened defect)

Opened 2 years ago

Last modified 4 days ago

rejects IPv4 connects with server.use-ipv6

Reported by: Mark.Martinec@ijs.si Assigned to: jan
Priority: normal Milestone:
Component: core Version: 1.4.9
Severity: normal Keywords: IPv6
Cc: md@linux.it Blocking:
Need Feedback: 0

Description

With server.use-ipv6="enable" lighty only accepts TCP connects on IPv6, but rejects (sends RST on receiving SYN) IPv4 connection requests.

With server.use-ipv6="disable" it is the other way around, IPv4 works, but IPv6 is rejected (as expected).

I would expect/hope that enabling server.use-ipv6 would not disable IPv4. A bug or a feature?

This is with 1.4.9 and 1.4.10, tested on FreeBSD 5.4 @ intel as well as FreeBSD 6.0 @ amd. Both machines otherwise work normally on IPv4 as well as IPv6, and have multiple interfaces.

lighttpd logs do not show anything on rejected connection. lsof utility shows the process is listening on all interfaces:

...

lighttpd 69186 www 3w VREG 4,23 436

4089 /var/log/lighttpd.error.log

lighttpd 69186 www 4u IPv6 0xc3c3c000 0t0

TCP *:http (LISTEN)

lighttpd 69186 www 5u KQUEUE 0xc29c6680

count=0, state=0x2

Attachments

Change History

03/09/2007 02:24:15 PM changed by robertj AT iphouse DOT com

I got lighttpd running on both the ipv4 and ipv6 stack. A snippet from my conf file:

server.port = 8001
$SERVERsocket? == "192.168.4.98:8001" {
}
server.use-ipv6 ="enable"

This server runs FreeBSD 5.5release on i386, lighttpd version 1.4.13.

(follow-up: ↓ 9 ) 03/09/2007 08:19:54 PM changed by darix

  • blocking changed.

thats a bsd specific "problem"

on linux it is default that a ipv6 socket accepts ipv4 connections too. For that purpose the ipv4 address is mapped into the ipv6 space (::ffff:127.0.0.1).

this is behavior is off by default on bsd.

so the simple fix would be: 

server.use-ipv6 = "enable"
server.port = 80
$SERVER["socket"] == "0.0.0.0:80" {
# listen on all ipv4 interfaces.
}

i cant test that atm. but i think this should work for you.

a more general solution will take me a bit more time.

03/27/2007 01:28:20 PM changed by astro@spaceboyz.net

Look for: sysctl -A|grep bindv6

Set bindv6only=0 and IPv6 sockets will accept IPv4 connections as ::ffff:a.b.c.d.

06/17/2007 01:46:19 PM changed by anonymous

no bindv6only with freebsd 6.2, still no ipv6 + ipv4 possible with 1.4.15 :(

06/17/2007 09:55:10 PM changed by darix

  • pending changed.

not even with the socket statement as shown in the 2nd comment?

01/20/2008 11:38:01 AM changed by anonymous

At least for me, the socket statement works under OpenBSD.

(in reply to: ↑ 3 ) 03/03/2008 03:15:25 AM changed by segfault

Replying to darix: ...

so the simple fix would be: {{{ server.use-ipv6 = "enable" server.port = 80 $SERVERsocket? == "0.0.0.0:80" { # listen on all ipv4 interfaces. } }}} i cant test that atm. but i think this should work for you.

Just a note that this fix worked nicely for me on NetBSD 4.0. Thanks.

03/10/2008 11:03:20 AM changed by jym

You only need to set the sysctl net.inet6.ip6.v6only to 0 (works on all version of freebsd).

04/24/2008 07:30:48 PM changed by stbuehler

  • status changed from new to closed.
  • resolution set to invalid.

05/12/2008 12:08:28 AM changed by Marco d'Itri <md@linux.it>

  • cc set to md@linux.it.
  • status changed from closed to reopened.
  • resolution deleted.

v4mapped IPv4 addresses are deprecated (http://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02) and should not be used. Depending on bindv6only=0 is bad since 1 is the default on every OS except Linux, which will probably change as well some day. Telling people to change the system-wide sysctl is stupid, because it will break other correctly configured software.

The correct solution is to open multiple sockets, but if for some reason you do not want to do the right thing then at least lighttpd should be patched by adding something like this between socket(2) and bind(2) when server.use-ipv6 is enabled:

#if defined IPV6_V6ONLY {

int opt = 0;

if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof(opt)) < 0) {

// log the error and just continue

}

} #endif

(follow-up: ↓ 14 ) 05/12/2008 02:35:30 PM changed by Olaf van der Spek

v4mapped IPv4 addresses are deprecated

It looks like they're only deprecated on the wire, so this isn't an issue.

(in reply to: ↑ 13 ) 05/12/2008 02:39:22 PM changed by anonymous

Replying to Olaf van der Spek:

v4mapped IPv4 addresses are deprecated

It looks like they're only deprecated on the wire, so this isn't an issue.

You are confused: v4mapped addresses are not allowed on the wire and never have been, but their usage in the sockets API is deprecated (just look in the archives of the relevant working groups). bindv6only=0 used to be the default on the *BSD too, but they switched long ago.

05/12/2008 02:42:32 PM changed by Olaf van der Spek

but their usage in the sockets API is deprecated

That's not mentioned in the linked RFC. Note that I'm not saying it's not true.

Add/Change #509 (rejects IPv4 connects with server.use-ipv6)




Change Properties