Hi, Having spent half the night upgrading the last (and most crucial) of my CRUX boxes I just couldn't get the new inetd to work, it simply refused connections. After some trouble shooting I realized that if you have ipv6 enabled (this is the only box having it, don't ask) inetd binds its sockets in IPV6_V6ONLY mode. This was not what I expected, and certainly not what I wanted. The solution for me was to configure with --disable-ipv6. Which brings me to my question: is this behavior something people in general want, or would it be more pertinent to disable ipv6 by default? -- Hälsningar/Best regards, Tom ________________________________________________________________________ Tom Rindborg Phone: +46-8-599 984 40 Stockholm, Sweden MailTo:Tom.Rindborg@fatburen.org "If you have to hate, hate gently."
Hi Tom Rindborg wrote:
The solution for me was to configure with --disable-ipv6.
You could use tcp4/udp4 as the protocol in inetd.conf instead of tcp/udp to make it bind to IPv4 addresses. Seems like inetd used to rely on IPv4 mapped addresses, and someone read the paper on their security concerns, but didn't quite get the fix right. In general, -1 from me to --disable-ipv6 anywwhere. - Antti
On Tue, 20 Jan 2009, Antti Nykänen wrote:
You could use tcp4/udp4 as the protocol in inetd.conf instead of tcp/udp to make it bind to IPv4 addresses.
Thanks, I was looking for a "simpler" solution like this one without finding anything, that's why I went the --disable-ipv6 way. Delving a little deeper I realize that this info can actually be found in the .info file in the source archive, oh well... I have actually switched to this solution and it works :-)
Seems like inetd used to rely on IPv4 mapped addresses, and someone read the paper on their security concerns, but didn't quite get the fix right.
Yes, I agree. Looking at the .info file again it states: "If IPv6 support is enabled the sockets will accept both IPv4 and IPv6 connections if that is supported by the OS." which obviously is not true, I should probably file a bug report upstream.
In general, -1 from me to --disable-ipv6 anywwhere.
Fair enough. -- Hälsningar/Best regards, Tom ________________________________________________________________________ Tom Rindborg Phone: +46-8-599 984 40 Stockholm, Sweden MailTo:Tom.Rindborg@fatburen.org "If you have to hate, hate gently."
On Wed, Jan 21, 2009 at 01:38:57PM +0100, Tom Rindborg wrote:
On Tue, 20 Jan 2009, Antti Nykänen wrote:
You could use tcp4/udp4 as the protocol in inetd.conf instead of tcp/udp to make it bind to IPv4 addresses.
Thanks, I was looking for a "simpler" solution like this one without finding anything, that's why I went the --disable-ipv6 way. Delving a little deeper I realize that this info can actually be found in the .info file in the source archive, oh well...
I have actually switched to this solution and it works :-)
Seems like inetd used to rely on IPv4 mapped addresses, and someone read the paper on their security concerns, but didn't quite get the fix right.
Yes, I agree. Looking at the .info file again it states:
"If IPv6 support is enabled the sockets will accept both IPv4 and IPv6 connections if that is supported by the OS."
which obviously is not true, I should probably file a bug report upstream.
Seems that the issue already has been reported: http://article.gmane.org/gmane.comp.gnu.inetutils.bugs/2111 Greetings Juergen -- Juergen Daubert | mailto:jue@jue.li Korb, Germany | http://jue.li/crux
participants (3)
-
Antti Nykänen -
Juergen Daubert -
Tom Rindborg