Project

General

Profile

Actions

Bug #509

closed

rejects IPv4 connects with server.use-ipv6

Added by Anonymous about 18 years ago. Updated over 15 years ago.

Status:
Invalid
Priority:
Normal
Category:
core
Target version:
-
ASK QUESTIONS IN Forums:

Description

With server.use-ipv6="enable" lighty only accepts TCP connects on IPv6, but rejects (sends RST on receiving SYN) IPv4 connection requests.

With server.use-ipv6="disable" it is the other way around,
IPv4 works, but IPv6 is rejected (as expected).

I would expect/hope that enabling server.use-ipv6 would not disable IPv4. A bug or a feature?

This is with 1.4.9 and 1.4.10, tested on FreeBSD 5.4 intel as well as FreeBSD 6.0 amd. Both machines otherwise work normally on IPv4 as well as IPv6, and have multiple interfaces.

lighttpd logs do not show anything on rejected connection.
lsof utility shows the process is listening on all interfaces:

...
lighttpd 69186 www 3w VREG 4,23 436
4089 /var/log/lighttpd.error.log
lighttpd 69186 www 4u IPv6 0xc3c3c000 0t0
TCP *:http (LISTEN)
lighttpd 69186 www 5u KQUEUE 0xc29c6680
count=0, state=0x2

-- Mark.Martinec

Actions #1

Updated by Anonymous about 17 years ago

I got lighttpd running on both the ipv4 and ipv6 stack. A snippet from my conf file:

server.port = 8001

$SERVERsocket == "192.168.4.98:8001" {[BR]
}

server.use-ipv6 ="enable"

This server runs FreeBSD 5.5release on i386, lighttpd version 1.4.13.

-- robertj AT iphouse DOT com

Actions #2

Updated by darix about 17 years ago

thats a bsd specific "problem"

on linux it is default that a ipv6 socket accepts ipv4 connections too. For that purpose the ipv4 address is mapped into the ipv6 space (::ffff:127.0.0.1).

this is behavior is off by default on bsd.

so the simple fix would be:


server.use-ipv6 = "enable" 
server.port = 80
$SERVER["socket"] == "0.0.0.0:80" {
# listen on all ipv4 interfaces.
}

i cant test that atm. but i think this should work for you.

a more general solution will take me a bit more time.

Actions #3

Updated by Anonymous about 17 years ago

Look for: sysctl -A|grep bindv6

Set bindv6only=0 and IPv6 sockets will accept IPv4 connections as ::ffff:a.b.c.d.

-- astro

Actions #4

Updated by Anonymous almost 17 years ago

no bindv6only with freebsd 6.2, still no ipv6 + ipv4 possible with 1.4.15 :(

Actions #5

Updated by darix almost 17 years ago

not even with the socket statement as shown in the 2nd comment?

Actions #6

Updated by Anonymous about 16 years ago

At least for me, the socket statement works under OpenBSD.

Actions #7

Updated by Anonymous about 16 years ago

Replying to darix:
...

so the simple fix would be:

{{{
server.use-ipv6 = "enable"
server.port = 80
$SERVERsocket == "0.0.0.0:80" {
  1. listen on all ipv4 interfaces.
    }
    }}}

i cant test that atm. but i think this should work for you.

Just a note that this fix worked nicely for me on NetBSD 4.0. Thanks.

-- segfault

Actions #8

Updated by Anonymous about 16 years ago

You only need to set the sysctl net.inet6.ip6.v6only to 0 (works on all version of freebsd).

-- jym

Actions #9

Updated by stbuehler almost 16 years ago

  • Status changed from New to Fixed
  • Resolution set to invalid
Actions #10

Updated by Anonymous almost 16 years ago

  • Status changed from Fixed to Need Feedback
  • Resolution deleted (invalid)

v4mapped IPv4 addresses are deprecated (http://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02) and should not be used. Depending on bindv6only=0 is bad since 1 is the default on every OS except Linux, which will probably change as well some day. Telling people to change the system-wide sysctl is stupid, because it will break other correctly configured software.

The correct solution is to open multiple sockets, but if for some reason you do not want to do the right thing then at least lighttpd should be patched by adding something like this between socket(2) and bind(2) when server.use-ipv6 is enabled:

#if defined IPV6_V6ONLY {
int opt = 0;

if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof(opt)) < 0) {
// log the error and just continue
}
}
#endif

-- Marco d'Itri <md

Actions #11

Updated by admin almost 16 years ago

v4mapped IPv4 addresses are deprecated

It looks like they're only deprecated on the wire, so this isn't an issue.

Actions #12

Updated by Anonymous almost 16 years ago

Replying to Olaf van der Spek:

v4mapped IPv4 addresses are deprecated

It looks like they're only deprecated on the wire, so this isn't an issue.

You are confused: v4mapped addresses are not allowed on the wire and never have been, but their usage in the sockets API is deprecated (just look in the archives of the relevant working groups). bindv6only=0 used to be the default on the *BSD too, but they switched long ago.

Actions #13

Updated by admin almost 16 years ago

but their usage in the sockets API is deprecated

That's not mentioned in the linked RFC.
Note that I'm not saying it's not true.

Actions #14

Updated by stbuehler over 15 years ago

  • Status changed from Need Feedback to Fixed
  • Resolution set to invalid

If you need ipv4 and ipv6 sockets just open them... i will not change the current behavior.

Actions #15

Updated by stbuehler over 15 years ago

  • Status changed from Fixed to Invalid
Actions

Also available in: Atom