Date: Sat, 30 Nov 2013 12:30:26 -0500 From: Rich Felker <dalias@...ifal.cx> To: musl@...ts.openwall.com Subject: Re: IPv4 and IPv6 addresses in resolv.conf On Sat, Nov 30, 2013 at 05:23:22PM +0000, Justin Cormack wrote: > On Sat, Nov 30, 2013 at 5:01 PM, Rich Felker <dalias@...ifal.cx> wrote: > > On Sat, Nov 30, 2013 at 09:16:54AM +0000, Justin Cormack wrote: > >> On 30 Nov 2013 03:59, "Rich Felker" <dalias@...ifal.cx> wrote: > >> > > >> > On Fri, Nov 29, 2013 at 10:51:16PM -0500, Rich Felker wrote: > >> > > On Fri, Nov 29, 2013 at 10:45:26PM -0500, Strake wrote: > >> > > > On 29/11/2013, Rich Felker <dalias@...ifal.cx> wrote: > >> > > > > But that would mean complete unconditional DNS failure on systems > >> > > > > lacking IPv6. > >> > > > > >> > > > We could do so iff system has IPv6. Switching on whether system has > >> > > > IPv6 rather than whether resolv.conf has any IPv6 nameservers means > >> > > > * no check whether resolv.conf includes v6 server > >> > > > * that adding a v6 server to resolv.conf can not break DNS even on > >> > > > systems lacking v6 > >> > > > which seems saner. > >> > > > >> > > OK, so how do we detect if the system "has IPv6"? I don't think it's > >> > > >> > BTW, short of an answer to this question, I think the approach I > >> > already suggested is rather safe. I can't imagine how an IPv6 > >> > nameserver address would end up in resolv.conf on a system completely > >> > lacking IPv6 support at the kernel level. > >> > >> I can imagine how it got there eg if you have a standard config or you > >> compile a new kernel and omit ipv6... > > > > Indeed, this is conceivable. However, if the system is intended to be > > used on an IPv6 network and you compile without IPv6 in the kernel, > > lots of things will break and you probably just need to fix the > > kernel. Still I'd like to avoid more breakage here than necessary. > > > > Can you (or anyone) fill me in on how things fail on a system built > > without IPv6 support or with broken IPv6 configuration? I assume the > > original socket() call will fail (with what errno?) if IPv6 support is > > not even compiled into the kernel, but are there other cases where > > socket() might succeed but then sending to a v4-mapped address would > > fail (where sending to the same v4 address with a v4 socket would > > work)? > > It is EAFNOSUPPORT if no kernel support at all. > > Actually I don't think there can be any cases where sending to the > v4-mapped address (ie ::ffff:184.108.40.206) can fail where an ipv4 socket > will succeed because those are basically ipv4 sockets with just ipv6 > notation, those addresses can't be routed by the ipv6 stack. So it One thing I'm confused about is the addresses on the actual packets. If we've already called bind for address :: and gotten assigned port N, does this also reserve port N on 0.0.0.0, which will be needed when sending from (and receiving back) IPv4 packets? Also, is there some kernel option we might need to worry about that prevents :: from receiving packets sent to IPv4 addresses, or does that only apply to TCP, not UDP? Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.