[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] IPv6 only works, both do not
|
From: |
Phil Pennock |
|
Subject: |
Re: [Sks-devel] IPv6 only works, both do not |
|
Date: |
Tue, 1 Dec 2009 14:54:45 -0800 |
On 2009-12-01 at 09:21 -0300, Arturo 'Buanzo' Busleiman wrote:
> Hi!
>
> If I use, for instance:
>
> recon_address: 0.0.0.0 ::
> hkp_address: 0.0.0.0 ::
>
> (or 85.13.200.90 2a01:c0:2:1::2)
>
> Then sks dies.
Anything in the logs? db.log and recon.log in your basedir (which, if
not overriden, is the directory which SKS is started from).
Are you sure that SKS dies if you explicitly list one IPv4 and one IPv6
address and nothing else? This is the configuration I'm using, but not
on Linux:
recon_address: 94.142.241.93 2a02:898:31:0:48:4558:73:6b73
hkp_address: 94.142.241.93 2a02:898:31:0:48:4558:73:6b73
> Any ideas? This is linux 2.6.31
My suspicion is that your platform enables v4-mapped IPv6 sockets by
default, so when you listen on :: you are implicitly also accepting IPv4
connections.
There's no sane portable way for O'Caml programs to disable this (or
wasn't when I last checked). By contrast, if only one socket is used,
it will break on platforms where IPv6 sockets do not accept IPv4
connections by default.
Try just using "::" and then connecting to the server over IPv4. If it
works, one socket handles both. What addresses do you see for
connections then? ::ffff:ip.v4.addr.ess ? Do these match ACLs or do
things break?
I suspect that the logs have a socket bind error, address in use?
The general use case for explicit binding is to select *just* the IP
addresses you want to listen on and send from. So if you have 3 IPv6
addresses, you listen on just the sks address and your outgoing recon
connections come from that same IP, so will get past the membership
tests of your peers.
-Phil
pgpcml49uAUSk.pgp
Description: PGP signature