I just had some issues with ssh and trying to get it to bind to all ipv6
and ipv4 addresses to it via :: and 0.0.0.0. The problem was that it'd
only let one succeed. If 0.0.0.0:22 was successful then :: port 22 could
not happen and neither could my ipv6 addy port 22 as it would get the
'address already in use' error from bind(). The reverse was also true.
If it bound to :: port 22 then 0.0.0.0:22 would fail.
On the other hand if I got it to bind to each address individually then
both ipv4 (2 addresses) and ipv6 (1 address) binds would succeed.
Maybe I'm just looking at it wrong but shouldn't ipv4 and ipv6 interfere
with each other?
I'm using kernel 2.6.11-ac2 with OpenSSH_3.8.1p1 Debian-8.sarge.4,
OpenSSL 0.9.7e 25 Oct 2004 and glibc 2.3.2 (debian version
2.3.2.ds1-20).
--
"It goes against the grain of modern education to teach children to
program. What fun is there in making plans, acquiring discipline in
organising thoughts, devoting attention to detail and learning to be
self-critical?" -- Alan Perlis
CaT wrote:
> I just had some issues with ssh and trying to get it to bind to all ipv6
> and ipv4 addresses to it via :: and 0.0.0.0. The problem was that it'd
> only let one succeed. If 0.0.0.0:22 was successful then :: port 22 could
> not happen and neither could my ipv6 addy port 22 as it would get the
> 'address already in use' error from bind(). The reverse was also true.
> If it bound to :: port 22 then 0.0.0.0:22 would fail.
>
> On the other hand if I got it to bind to each address individually then
> both ipv4 (2 addresses) and ipv6 (1 address) binds would succeed.
>
> Maybe I'm just looking at it wrong but shouldn't ipv4 and ipv6 interfere
> with each other?
>
> I'm using kernel 2.6.11-ac2 with OpenSSH_3.8.1p1 Debian-8.sarge.4,
> OpenSSL 0.9.7e 25 Oct 2004 and glibc 2.3.2 (debian version
> 2.3.2.ds1-20).
>
A solution is to set the IPV6_V6ONLY sockopt on the IPv6 socket (or just
use IPv6 sockets and their ability to accept IPv4 connections in a
corner of the IPv6 address space).
It seems unlikely that a released ssh would have that problem, but I
haven't checked.
Cheers,
Simon.
In article <[email protected]> (at Fri, 11 Mar 2005 23:16:55 +1100), CaT <[email protected]> says:
> If it bound to :: port 22 then 0.0.0.0:22 would fail.
>
> On the other hand if I got it to bind to each address individually then
> both ipv4 (2 addresses) and ipv6 (1 address) binds would succeed.
>
> Maybe I'm just looking at it wrong but shouldn't ipv4 and ipv6 interfere
> with each other?
It is 100% intended, even it is not similar to BSD variants do.
IPv4 and IPv6 share address/port space.
:: and 0.0.0.0 is special "any" address, thus they confict.
::ffff:a.b.c.d and a.b.c.d also conflict.
--yoshfuji
On Fri, Mar 11, 2005 at 08:58:15AM -0600, YOSHIFUJI Hideaki / ?$B5HF#1QL@ wrote:
> > If it bound to :: port 22 then 0.0.0.0:22 would fail.
> >
> > On the other hand if I got it to bind to each address individually then
> > both ipv4 (2 addresses) and ipv6 (1 address) binds would succeed.
> >
> > Maybe I'm just looking at it wrong but shouldn't ipv4 and ipv6 interfere
> > with each other?
>
> It is 100% intended, even it is not similar to BSD variants do.
>
> IPv4 and IPv6 share address/port space.
> :: and 0.0.0.0 is special "any" address, thus they confict.
> ::ffff:a.b.c.d and a.b.c.d also conflict.
Argh! Ofcourse. That makes sense. In the IPv6 ip space, IPv4 was made a
subset so anything that decides to bind 0.0.0.0:22 (for eg) would
prevent another bind to :: much like binding to 10.1.1.1:22 would
prevent a 0.0.0.0:22 bind. Having changed ListenAddress to :: it works
as it should and I get responses in the IPv4 ip space.
Joy. Thanks for the clue. I've so rarely come across the ::ffff: ip
space that I completely forgot about it.
--
"It goes against the grain of modern education to teach children to
program. What fun is there in making plans, acquiring discipline in
organising thoughts, devoting attention to detail and learning to be
self-critical?" -- Alan Perlis