Bug #509
closedrejects IPv4 connects with server.use-ipv6
Description
With server.use-ipv6="enable" lighty only accepts TCP connects on IPv6, but rejects (sends RST on receiving SYN) IPv4 connection requests.
With server.use-ipv6="disable" it is the other way around,
IPv4 works, but IPv6 is rejected (as expected).
I would expect/hope that enabling server.use-ipv6 would not disable IPv4. A bug or a feature?
This is with 1.4.9 and 1.4.10, tested on FreeBSD 5.4 intel as well as FreeBSD 6.0
amd. Both machines otherwise work normally on IPv4 as well as IPv6, and have multiple interfaces.
lighttpd logs do not show anything on rejected connection.
lsof utility shows the process is listening on all interfaces:
...
lighttpd 69186 www 3w VREG 4,23 436
4089 /var/log/lighttpd.error.log
lighttpd 69186 www 4u IPv6 0xc3c3c000 0t0
TCP *:http (LISTEN)
lighttpd 69186 www 5u KQUEUE 0xc29c6680
count=0, state=0x2
-- Mark.Martinec
Updated by Anonymous almost 18 years ago
Updated by darix almost 18 years ago
thats a bsd specific "problem"
on linux it is default that a ipv6 socket accepts ipv4 connections too. For that purpose the ipv4 address is mapped into the ipv6 space (::ffff:127.0.0.1).
this is behavior is off by default on bsd.
so the simple fix would be:
server.use-ipv6 = "enable" server.port = 80 $SERVER["socket"] == "0.0.0.0:80" { # listen on all ipv4 interfaces. }
i cant test that atm. but i think this should work for you.
a more general solution will take me a bit more time.
Updated by Anonymous over 17 years ago
Look for: sysctl -A|grep bindv6
Set bindv6only=0 and IPv6 sockets will accept IPv4 connections as ::ffff:a.b.c.d.
-- astro
Updated by Anonymous over 17 years ago
no bindv6only with freebsd 6.2, still no ipv6 + ipv4 possible with 1.4.15 :(
Updated by darix over 17 years ago
not even with the socket statement as shown in the 2nd comment?
Updated by Anonymous almost 17 years ago
At least for me, the socket statement works under OpenBSD.
Updated by Anonymous almost 17 years ago
Replying to darix:
...
so the simple fix would be:
{{{
server.use-ipv6 = "enable"
server.port = 80
$SERVERsocket == "0.0.0.0:80" {
- listen on all ipv4 interfaces.
}
}}}i cant test that atm. but i think this should work for you.
Just a note that this fix worked nicely for me on NetBSD 4.0. Thanks.
-- segfault
Updated by Anonymous almost 17 years ago
You only need to set the sysctl net.inet6.ip6.v6only to 0 (works on all version of freebsd).
-- jym
Updated by stbuehler over 16 years ago
- Status changed from New to Fixed
- Resolution set to invalid
Updated by Anonymous over 16 years ago
- Status changed from Fixed to Need Feedback
- Resolution deleted (
invalid)
v4mapped IPv4 addresses are deprecated (http://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02) and should not be used. Depending on bindv6only=0 is bad since 1 is the default on every OS except Linux, which will probably change as well some day. Telling people to change the system-wide sysctl is stupid, because it will break other correctly configured software.
The correct solution is to open multiple sockets, but if for some reason you do not want to do the right thing then at least lighttpd should be patched by adding something like this between socket(2) and bind(2) when server.use-ipv6 is enabled:
#if defined IPV6_V6ONLY
{
int opt = 0;
if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof(opt)) < 0) {
// log the error and just continue
}
}
#endif
-- Marco d'Itri <md
Updated by admin over 16 years ago
v4mapped IPv4 addresses are deprecated
It looks like they're only deprecated on the wire, so this isn't an issue.
Updated by Anonymous over 16 years ago
Replying to Olaf van der Spek:
v4mapped IPv4 addresses are deprecated
It looks like they're only deprecated on the wire, so this isn't an issue.
You are confused: v4mapped addresses are not allowed on the wire and never have been, but their usage in the sockets API is deprecated (just look in the archives of the relevant working groups). bindv6only=0 used to be the default on the *BSD too, but they switched long ago.
Updated by admin over 16 years ago
but their usage in the sockets API is deprecated
That's not mentioned in the linked RFC.
Note that I'm not saying it's not true.
Updated by stbuehler over 16 years ago
- Status changed from Need Feedback to Fixed
- Resolution set to invalid
If you need ipv4 and ipv6 sockets just open them... i will not change the current behavior.
Also available in: Atom