Some stuff on dual-bound IPv6 sockets on Linux
One place where IPv4 mapped addresses show up a lot is the logs of Linux daemons that are running on machines with IPv6 enabled. These days, it's reasonably popular for daemons to listen (only) on an IPv6 socket for both IPv4 and IPv6 connections. The kernel makes this work, using IPv4 mapped addresses for the IPv4 connections, and then you get to find out which daemons choke anyways.
Not everyone likes the behavior where listening on a wildcard IPv6 socket will get you both IPv6 and IPv4 connections; see here for a rundown of some of the problems with this. Naturally, there are objections to any change in the status quo.
Personally, I agree with the people arguing against dual-bound sockets
who want to set the
net.ipv6.bindv6only sysctl to 1 by default. The
idea of programs only having to deal with IPv6 is a nice one, but in
practice that ship sailed at least a decade ago, and it's too late
now. We have a huge collection of configurations and practices with IPv4
addresses; changing them to use the IPv6 form of those addresses is a
pointless pain in the rear at best.
(At worst, things don't work as well as they did with real IPv4 addresses. Compare tcpwrappers' support for IPv6 addresses against its support for IPv4 addresses, for example, and consider the work involved in moving an IPv4 tcpwrappers configuration to use IPv4 mapped addresses.)
In practice it's much simpler to keep running IPv4 setups as is and to
treat IPv6 as a completely separate world. But in order to make this
work you need to be able to listen on a wildcard IPv4 socket and a
separate wildcard IPv6 socket at the same time, and to do this you need
to turn on
(This has the effect of disabling IPv4 mapped addresses entirely; attempts to use them are rejected by the kernel.)
Having now looked into this issue (my attention was drawn to it by
James's comment on this entry),
I've now set
bindv6only on my machines. It's not proven particularly
annoying, as I'm starting from a situation where I have basically
nothing binding to IPv6 listening sockets anyways so the setting doesn't
actually affect anything.
(Now I do have to start selectively enabling daemons on IPv6, but I probably want to do that anyways in case I need to adjust their configurations. My experience so far is that this is going to be an adventure.)