* netstat and dual stack sockets
@ 2015-06-15 20:54 Phil Sutter
2015-06-15 21:36 ` Hagen Paul Pfeifer
2015-06-19 12:15 ` [PATCH] net: inet_diag: export IPV6_V6ONLY sockopt Phil Sutter
0 siblings, 2 replies; 7+ messages in thread
From: Phil Sutter @ 2015-06-15 20:54 UTC (permalink / raw)
To: netdev
Hi,
A socket listening on any AF_INET6 address will receive IPv4 traffic as
well, as long as it does not set IPV6_V6ONLY (or sysctl
net.ipv6.bindv6only is set). Apache APR e.g. explicitly disables
IPV6_V6ONLY for listening sockets.
As I see it, a user has no way of detecting the listening socket in this
address family: it does not show in /proc/net/{tcp,udp} nor do
'netstat', 'ss' or 'lsof' print any additional information about those
sockets over pure IPv6 ones.
Is this correct? If so, are there any intentions to export the missing
information to userspace?
Phil
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: netstat and dual stack sockets
2015-06-15 20:54 netstat and dual stack sockets Phil Sutter
@ 2015-06-15 21:36 ` Hagen Paul Pfeifer
2015-06-16 1:25 ` Phil Sutter
2015-06-19 12:15 ` [PATCH] net: inet_diag: export IPV6_V6ONLY sockopt Phil Sutter
1 sibling, 1 reply; 7+ messages in thread
From: Hagen Paul Pfeifer @ 2015-06-15 21:36 UTC (permalink / raw)
To: netdev
On 15 June 2015 at 22:54, Phil Sutter <phil@nwl.cc> wrote:
> As I see it, a user has no way of detecting the listening socket in this
> address family: it does not show in /proc/net/{tcp,udp} nor do
> 'netstat', 'ss' or 'lsof' print any additional information about those
> sockets over pure IPv6 ones.
Probably a combination of IPV6_V6ONLY(1, 0) and IN6_IS_ADDR_V4MAPPED
fulfills all user requirements, ... so far. Your proposal is to hand
over sk->sk_ipv6only?
Hagen
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: netstat and dual stack sockets
2015-06-15 21:36 ` Hagen Paul Pfeifer
@ 2015-06-16 1:25 ` Phil Sutter
0 siblings, 0 replies; 7+ messages in thread
From: Phil Sutter @ 2015-06-16 1:25 UTC (permalink / raw)
To: Hagen Paul Pfeifer; +Cc: netdev
HGN!
On Mon, Jun 15, 2015 at 11:36:54PM +0200, Hagen Paul Pfeifer wrote:
> On 15 June 2015 at 22:54, Phil Sutter <phil@nwl.cc> wrote:
>
> > As I see it, a user has no way of detecting the listening socket in this
> > address family: it does not show in /proc/net/{tcp,udp} nor do
> > 'netstat', 'ss' or 'lsof' print any additional information about those
> > sockets over pure IPv6 ones.
>
> Probably a combination of IPV6_V6ONLY(1, 0) and IN6_IS_ADDR_V4MAPPED
> fulfills all user requirements, ... so far. Your proposal is to hand
> over sk->sk_ipv6only?
Not sure if I understand you correctly - of course it is possible to
programmatically determine whether a socket one has opened accepts
v4mapped addresses or a given address is v4mapped. My concern is about
the system administrator's point of view, using system tools to find out
on which IP addresses and ports a machine is accessible. Looking at e.g.
/proc/net/tcp6 does not reveal if a listening socket also accepts
v4mapped addresses, factually acting as AF_INET socket upon request.
Cheers, Phil
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH] net: inet_diag: export IPV6_V6ONLY sockopt
2015-06-15 20:54 netstat and dual stack sockets Phil Sutter
2015-06-15 21:36 ` Hagen Paul Pfeifer
@ 2015-06-19 12:15 ` Phil Sutter
2015-06-19 13:52 ` Eric Dumazet
1 sibling, 1 reply; 7+ messages in thread
From: Phil Sutter @ 2015-06-19 12:15 UTC (permalink / raw)
To: netdev; +Cc: David Miller
For AF_INET6 sockets, the value of struct ipv6_pinfo.ipv6only is
exported to userspace. It indicates whether an unbound socket listens on
IPv4 as well as IPv6. Since the socket is natively IPv6, it is not
listed by e.g. 'netstat -l -4'.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
This patch is accompanied by an appropriate one for iproute2 to enable
the additional information in 'ss -e'.
---
include/uapi/linux/inet_diag.h | 3 ++-
net/ipv4/inet_diag.c | 4 ++++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/include/uapi/linux/inet_diag.h b/include/uapi/linux/inet_diag.h
index c7093c7..9ca4834 100644
--- a/include/uapi/linux/inet_diag.h
+++ b/include/uapi/linux/inet_diag.h
@@ -111,9 +111,10 @@ enum {
INET_DIAG_SKMEMINFO,
INET_DIAG_SHUTDOWN,
INET_DIAG_DCTCPINFO,
+ INET_DIAG_SKV6ONLY,
};
-#define INET_DIAG_MAX INET_DIAG_DCTCPINFO
+#define INET_DIAG_MAX INET_DIAG_SKV6ONLY
/* INET_DIAG_MEM */
diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
index 4d32262..4bf6d03 100644
--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
@@ -151,6 +151,10 @@ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk,
if (nla_put_u8(skb, INET_DIAG_TCLASS,
inet6_sk(sk)->tclass) < 0)
goto errout;
+
+ if (nla_put_u8(skb, INET_DIAG_SKV6ONLY,
+ inet6_sk(sk)->ipv6only) < 0)
+ goto errout;
}
#endif
--
2.1.2
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] net: inet_diag: export IPV6_V6ONLY sockopt
2015-06-19 12:15 ` [PATCH] net: inet_diag: export IPV6_V6ONLY sockopt Phil Sutter
@ 2015-06-19 13:52 ` Eric Dumazet
2015-06-21 1:47 ` Phil Sutter
0 siblings, 1 reply; 7+ messages in thread
From: Eric Dumazet @ 2015-06-19 13:52 UTC (permalink / raw)
To: Phil Sutter; +Cc: netdev, David Miller
On Fri, 2015-06-19 at 14:15 +0200, Phil Sutter wrote:
> For AF_INET6 sockets, the value of struct ipv6_pinfo.ipv6only is
> exported to userspace. It indicates whether an unbound socket listens on
> IPv4 as well as IPv6.
What is an 'unbound socket' ??? This makes no sense to me here.
> Since the socket is natively IPv6, it is not
> listed by e.g. 'netstat -l -4'.
netstat does not use this interface. iproute2/ss does.
>
> Signed-off-by: Phil Sutter <phil@nwl.cc>
> ---
> This patch is accompanied by an appropriate one for iproute2 to enable
> the additional information in 'ss -e'.
> ---
> include/uapi/linux/inet_diag.h | 3 ++-
> net/ipv4/inet_diag.c | 4 ++++
> 2 files changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/include/uapi/linux/inet_diag.h b/include/uapi/linux/inet_diag.h
> index c7093c7..9ca4834 100644
> --- a/include/uapi/linux/inet_diag.h
> +++ b/include/uapi/linux/inet_diag.h
> @@ -111,9 +111,10 @@ enum {
> INET_DIAG_SKMEMINFO,
> INET_DIAG_SHUTDOWN,
> INET_DIAG_DCTCPINFO,
> + INET_DIAG_SKV6ONLY,
> };
>
> -#define INET_DIAG_MAX INET_DIAG_DCTCPINFO
> +#define INET_DIAG_MAX INET_DIAG_SKV6ONLY
>
> /* INET_DIAG_MEM */
>
> diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
> index 4d32262..4bf6d03 100644
> --- a/net/ipv4/inet_diag.c
> +++ b/net/ipv4/inet_diag.c
> @@ -151,6 +151,10 @@ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk,
> if (nla_put_u8(skb, INET_DIAG_TCLASS,
> inet6_sk(sk)->tclass) < 0)
> goto errout;
> +
> + if (nla_put_u8(skb, INET_DIAG_SKV6ONLY,
> + inet6_sk(sk)->ipv6only) < 0)
> + goto errout;
> }
> #endif
>
1) This certainly should not compile on current linux trees.
Always submit such patches on net-next.
2) It is not clear why we would add this attribute if it is 0.
This looks a waste of data.
So I would rather use :
diff --git a/include/uapi/linux/inet_diag.h b/include/uapi/linux/inet_diag.h
index b629fc53b1090e73047b263a9231e34ebf64b2af..46d72e45f8701526abb06f4a8187262dbc635784 100644
--- a/include/uapi/linux/inet_diag.h
+++ b/include/uapi/linux/inet_diag.h
@@ -112,6 +112,7 @@ enum {
INET_DIAG_SHUTDOWN,
INET_DIAG_DCTCPINFO,
INET_DIAG_PROTOCOL, /* response attribute only */
+ INET_DIAG_SKV6ONLY,
};
#define INET_DIAG_MAX INET_DIAG_PROTOCOL
diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
index 21985d8d41e709908021769be36380f7a5dfac23..381a26e932691075a73ae63569fd3a4366ce277f 100644
--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
@@ -151,6 +151,9 @@ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk,
if (nla_put_u8(skb, INET_DIAG_TCLASS,
inet6_sk(sk)->tclass) < 0)
goto errout;
+ if (ipv6_only_sock(sk) &&
+ nla_put_u8(skb, INET_DIAG_SKV6ONLY, 1))
+ goto errout;
}
#endif
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] net: inet_diag: export IPV6_V6ONLY sockopt
2015-06-19 13:52 ` Eric Dumazet
@ 2015-06-21 1:47 ` Phil Sutter
2015-06-21 8:52 ` Eric Dumazet
0 siblings, 1 reply; 7+ messages in thread
From: Phil Sutter @ 2015-06-21 1:47 UTC (permalink / raw)
To: Eric Dumazet; +Cc: netdev, David Miller
On Fri, Jun 19, 2015 at 06:52:00AM -0700, Eric Dumazet wrote:
> On Fri, 2015-06-19 at 14:15 +0200, Phil Sutter wrote:
> > For AF_INET6 sockets, the value of struct ipv6_pinfo.ipv6only is
> > exported to userspace. It indicates whether an unbound socket listens on
> > IPv4 as well as IPv6.
>
> What is an 'unbound socket' ??? This makes no sense to me here.
Indeed, this is just plain wrong. Actually meant "not bound to a
specific IPv6 address".
> > Since the socket is natively IPv6, it is not
> > listed by e.g. 'netstat -l -4'.
>
> netstat does not use this interface. iproute2/ss does.
Just used this as a simple example illustrating the problem, but doing
the same with 'ss' is truly a better choice.
[...]
> 1) This certainly should not compile on current linux trees.
> Always submit such patches on net-next.
It cleanly applies to net.git.
> 2) It is not clear why we would add this attribute if it is 0.
> This looks a waste of data.
>
> So I would rather use :
ACK. Thanks for reviewing, v2 follows after I've tested it.
Cheers, Phil
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] net: inet_diag: export IPV6_V6ONLY sockopt
2015-06-21 1:47 ` Phil Sutter
@ 2015-06-21 8:52 ` Eric Dumazet
0 siblings, 0 replies; 7+ messages in thread
From: Eric Dumazet @ 2015-06-21 8:52 UTC (permalink / raw)
To: Phil Sutter; +Cc: netdev, David Miller
On Sun, 2015-06-21 at 03:47 +0200, Phil Sutter wrote:
>
> > 1) This certainly should not compile on current linux trees.
> > Always submit such patches on net-next.
>
> It cleanly applies to net.git.
A very old one, because there is no ipv6only field anymore after
commit 9fe516ba3fb29b6f6a752ffd93342fdee500ec01 ("inet: move ipv6only in
sock_common") back in linux 3.17
inet6_sk(sk)->ipv6only can not possibly compile today, I am pretty sure
of this.
# git grep -n ipv6only -- include
include/linux/ipv6.h:285:#define __ipv6_only_sock(sk) (sk->sk_ipv6only)
include/linux/ipv6.h:297:static inline int inet_v6_ipv6only(const struct sock *sk)
include/linux/ipv6.h:299: /* ipv6only field is at same position for timewait and other sockets */
include/linux/ipv6.h:324:#define tcp_twsk_ipv6only(__sk) 0
include/linux/ipv6.h:325:#define inet_v6_ipv6only(__sk) 0
include/net/inet_timewait_sock.h:58:#define tw_ipv6only __tw_common.skc_ipv6only
include/net/sock.h:186: unsigned char skc_ipv6only:1;
include/net/sock.h:325:#define sk_ipv6only __sk_common.skc_ipv6only
So always make sure your tree is not one year old before submitting a patch.
Thanks.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2015-06-21 8:53 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-06-15 20:54 netstat and dual stack sockets Phil Sutter
2015-06-15 21:36 ` Hagen Paul Pfeifer
2015-06-16 1:25 ` Phil Sutter
2015-06-19 12:15 ` [PATCH] net: inet_diag: export IPV6_V6ONLY sockopt Phil Sutter
2015-06-19 13:52 ` Eric Dumazet
2015-06-21 1:47 ` Phil Sutter
2015-06-21 8:52 ` Eric Dumazet
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.