Java and IPv6 on BSD - it does not work well
Kurt Miller
kurt at intricatesoftware.com
Fri Oct 17 02:42:12 UTC 2008
The networking support in the BSD port is based on the linux/solaris
code. When compiled with IPv6 support enabled the JDK uses only IPv6
sockets and relies on IPv4 to IPv6 address mapping. For security
reasons all BSD's have v4mapped addresses turned off by default. If
you want both IPv6 and IPv4 support in the jdk on FreeBSD you must
1) compile the JDK with IPv6 support, 2) change the
net.inet6.ip6.v6only sysctl to 0 using sysctl or via /etc/sysctl.conf,
and 3) Use only IPv6 addresses and special addresses as described in:
http://java.sun.com/j2se/1.5.0/docs/guide/net/ipv6_guide/index.html#special
Note however changing the net.inet6.ip6.v6only to 0 has security
implications. The late Dr. Jun-ichiro "itojun" Hagino wrote about
the issues in an an RFC draft:
http://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
I would not be surprised if there are bugs in the IPv6 code path
since it doesn't get tested much.
What really needs to happen is to port the Windows approach in
the JVM to BSD. On Windows two sockets are created per ServerSocket;
one for IPV6 and another for IPv4. This avoids the need to use
v4mapped addresses and change the net.inet6.ip6.v6only sysctl.
The windows code is sufficiently different that porting to BSD
is not trivial. That is why it hasn't been done yet.
On Tuesday 14 October 2008 12:41:04 pm Frank Behrens wrote:
> Some weeks ago I tried to setup a tomcat server with IPv4 and IPv6 on
> my FreeBSD server and observed some problems. This was the starting
> point to make a short research about the Java(tm) IPv6 implementation
> and something seems to be wrong.
>
> My conclusion:
> It is very difficult or impossible to use the current (1.6.0) Java
> implementation for server services if they should listen on IPv4 and
> IPv6 addresses. With many BSD's default settings it is not even
> possible to bind to a combined IPv4/IPv6 wildcard address.
>
> The current Sun Java implementation should be changed in a way, that
> the socket is created with the right address family after the bind
> address has been determined.
>
>
> You can read the complete test description and my observations on
> http://diario.behrens.de/2008/10/12/java_and_ipv6_on_bsd.html
>
> Do you agree or do you have other experiences?
> [Note: I read the list, no Cc: necessary]
>
> Regards,
> Frank
>
More information about the freebsd-java
mailing list