From: Matthew Oswalt <moswalt@cloudflare.com> To: netdev@vger.kernel.org Cc: kernel-team@cloudflare.com Subject: Historical reason for differences in v4/v6 Any-IP for nonlocal binds Date: Tue, 22 Feb 2022 17:08:30 -0500 [thread overview] Message-ID: <CAKrN56vUv_WDHu8AK_J5mxEHq3tWpmMQ5zmN2NwPxfRtObZHnQ@mail.gmail.com> (raw) Hello all, I'm working with binding TCP sockets to nonlocal addresses (not configured on an interface). I noticed that both IPv4 and IPv6 sockets will succeed using options like IP_FREEBIND, but unlike IPv6, sockets using IPv4 can also succeed if a matching Any-IP route is present, without configuring any options or sysctl settings. I noticed an old email in this mailing list that also describes this behavior: https://lore.kernel.org/netdev/CAMdqG7Wci6HD19rc9u4RK-_Wdh3pqQvQ7b3J5O=2SJs9NeyTJA@mail.gmail.com/ I'm running a somewhat recent kernel (5.10) and my testing shows identical results using TCP as well, so I believe this is still true. For IPv4 sockets, either the presence of a matching Any-IP route, **or** setting IP_FREEBIND (etc), results in a successful bind() to a nonlocal address. However, with IPv6, it doesn't appear to matter whether or not an Any-IP route is present. For these to succeed, an option like IP_FREEBIND **must** be set (or ipv6.sysctl.ip_nonlocal_bind, or IP_TRANSPARENT I believe would also work). After looking through "net/af_inet6.c" a bit, it seems obvious that this is intended behavior. I believe I'm able to follow that bit of the kernel code and understand how the decision is made. However, is there any historical reason for this discrepancy? Why does the IPv4 implementation perform a FIB lookup and allow a bind to proceed if an Any-IP route is found, but the IPv6 implementation doesn't? I'm really just curious if there is a specific reason why this aspect of the IPv4 implementation wasn't brought over to the IPv6 implementation, or if it was just left out in favor of the more explicit approach via options like IP_FREEBIND, or any other reason I could be missing. Thanks, Matt Oswalt
reply other threads:[~2022-02-22 22:08 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=CAKrN56vUv_WDHu8AK_J5mxEHq3tWpmMQ5zmN2NwPxfRtObZHnQ@mail.gmail.com \ --to=moswalt@cloudflare.com \ --cc=kernel-team@cloudflare.com \ --cc=netdev@vger.kernel.org \ --subject='Re: Historical reason for differences in v4/v6 Any-IP for nonlocal binds' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).