sendmail vs ipv6 broken after upgrade to 9.1
Hiroki Sato
hrs at FreeBSD.org
Wed Jan 9 16:56:04 UTC 2013
Ben Morrow <ben at morrow.me.uk> wrote
in <20130109154435.GA81164 at anubis.morrow.me.uk>:
be> So getipnodebyname is behaving correctly here: the host has both IPv4
be> and IPv6 addresses, and Sendmail is requesting both native and v4-mapped
be> addresses be returned in all cases. The v4-mapped addresses are then
be> sorted to the top of the list.
be>
be> On FreeBSD, where net.inet6.ip6.v6only is on by default, I believe this
be> is incorrect, and Sendmail should be passing 0 for the flags argument,
be> unless it's going to check or clear the IPV6_V6ONLY socket option. There
be> is no point binding a socket to a v4-mapped address if the kernel isn't
be> going to deliver IPv4 connections to it. Sendmail should also be binding
be> to all the addresses returned, if it isn't already, rather than just the
be> first: this would make the problem go away, since both v4-mapped and
be> native IPv6 sockets would be bound, and the v4-mapped ones would simply
be> never get any connections.
I reread the RFC 2553 and realize your explanation is correct.
gshapiro's explanation was a behavior in the case of (AF_INET6,
AI_DEFAULT), not (AF_INET6, AI_DEFAULT|AI_ALL).
I think sendmail should work regardless of net.inet6.ip6.v6only. Is
just dropping AI_ALL enough for that? When AAAA RR is found, no
v4-mapped address will return in that case. Is this correct?
be> Fixing this by setting ipv6_prefer is not necessarily a good idea; this
be> will cause IPv6 addresses to be preferred across the whole system, and
be> unless your IPv6 connectivity is at least as good as your IPv4, that
be> probably isn't what you want.
Yes, I agree that ipv6_prefer is not a correct way to solve this
specific issue.
be> > Just curious, but is there any specific reason not to return an error
be> > when Family=inet6 and no AAAA RR?
be>
be> In this case, Sendmail explicitly requested that v4-mapped addresses be
be> returned in all cases...
-- Hiroki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20130110/15db3d4f/attachment.sig>
More information about the freebsd-stable
mailing list