Bug #509

rejects IPv4 connects with server.use-ipv6

Added by Anonymous about 8 years ago. Updated over 5 years ago.

Status:InvalidStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:core
Target version:-
Missing in 1.5.x:

Description

With server.use-ipv6="enable" lighty only accepts TCP connects on IPv6, but rejects (sends RST on receiving SYN) IPv4 connection requests.

With server.use-ipv6="disable" it is the other way around,
IPv4 works, but IPv6 is rejected (as expected).

I would expect/hope that enabling server.use-ipv6 would not disable IPv4. A bug or a feature?

This is with 1.4.9 and 1.4.10, tested on FreeBSD 5.4 intel as well as FreeBSD 6.0 amd. Both machines otherwise work normally on IPv4 as well as IPv6, and have multiple interfaces.

lighttpd logs do not show anything on rejected connection.
lsof utility shows the process is listening on all interfaces:

...
lighttpd 69186 www 3w VREG 4,23 436
4089 /var/log/lighttpd.error.log
lighttpd 69186 www 4u IPv6 0xc3c3c000 0t0
TCP *:http (LISTEN)
lighttpd 69186 www 5u KQUEUE 0xc29c6680
count=0, state=0x2

-- Mark.Martinec

History

#1 Updated by Anonymous about 7 years ago

I got lighttpd running on both the ipv4 and ipv6 stack. A snippet from my conf file:

server.port = 8001

$SERVERsocket == "192.168.4.98:8001" {[BR]
}

server.use-ipv6 ="enable"

This server runs FreeBSD 5.5release on i386, lighttpd version 1.4.13.

-- robertj AT iphouse DOT com

#2 Updated by darix about 7 years ago

thats a bsd specific "problem"

on linux it is default that a ipv6 socket accepts ipv4 connections too. For that purpose the ipv4 address is mapped into the ipv6 space (::ffff:127.0.0.1).

this is behavior is off by default on bsd.

so the simple fix would be:


server.use-ipv6 = "enable" 
server.port = 80
$SERVER["socket"] == "0.0.0.0:80" {
# listen on all ipv4 interfaces.
}

i cant test that atm. but i think this should work for you.

a more general solution will take me a bit more time.

#3 Updated by Anonymous about 7 years ago

Look for: sysctl -A|grep bindv6

Set bindv6only=0 and IPv6 sockets will accept IPv4 connections as ::ffff:a.b.c.d.

-- astro

#4 Updated by Anonymous almost 7 years ago

no bindv6only with freebsd 6.2, still no ipv6 + ipv4 possible with 1.4.15 :(

#5 Updated by darix almost 7 years ago

not even with the socket statement as shown in the 2nd comment?

#6 Updated by Anonymous over 6 years ago

At least for me, the socket statement works under OpenBSD.

#7 Updated by Anonymous about 6 years ago

Replying to darix:
...

so the simple fix would be:

{{{
server.use-ipv6 = "enable"
server.port = 80
$SERVERsocket == "0.0.0.0:80" {
  1. listen on all ipv4 interfaces.
    }
    }}}

i cant test that atm. but i think this should work for you.

Just a note that this fix worked nicely for me on NetBSD 4.0. Thanks.

-- segfault

#8 Updated by Anonymous about 6 years ago

You only need to set the sysctl net.inet6.ip6.v6only to 0 (works on all version of freebsd).

-- jym

#9 Updated by stbuehler almost 6 years ago

  • Status changed from New to Fixed
  • Resolution set to invalid

#10 Updated by Anonymous almost 6 years ago

  • Status changed from Fixed to Need Feedback
  • Resolution deleted (invalid)

v4mapped IPv4 addresses are deprecated (http://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02) and should not be used. Depending on bindv6only=0 is bad since 1 is the default on every OS except Linux, which will probably change as well some day. Telling people to change the system-wide sysctl is stupid, because it will break other correctly configured software.

The correct solution is to open multiple sockets, but if for some reason you do not want to do the right thing then at least lighttpd should be patched by adding something like this between socket(2) and bind(2) when server.use-ipv6 is enabled:

#if defined IPV6_V6ONLY {
int opt = 0;

if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof(opt)) < 0) {
// log the error and just continue
}
}
#endif

-- Marco d'Itri <md

#11 Updated by admin almost 6 years ago

v4mapped IPv4 addresses are deprecated

It looks like they're only deprecated on the wire, so this isn't an issue.

#12 Updated by Anonymous almost 6 years ago

Replying to Olaf van der Spek:

v4mapped IPv4 addresses are deprecated

It looks like they're only deprecated on the wire, so this isn't an issue.

You are confused: v4mapped addresses are not allowed on the wire and never have been, but their usage in the sockets API is deprecated (just look in the archives of the relevant working groups). bindv6only=0 used to be the default on the *BSD too, but they switched long ago.

#13 Updated by admin almost 6 years ago

but their usage in the sockets API is deprecated

That's not mentioned in the linked RFC.
Note that I'm not saying it's not true.

#14 Updated by stbuehler over 5 years ago

  • Status changed from Need Feedback to Fixed
  • Resolution set to invalid

If you need ipv4 and ipv6 sockets just open them... i will not change the current behavior.

#15 Updated by stbuehler over 5 years ago

  • Status changed from Fixed to Invalid

Also available in: Atom