Bug #77569 for Net-Server: If given a value of "localhost", Net::Server only listens on IPv4, even if the host is IPv6 only

Thu May 31 16:32:39 2012 quanah.gibsonmount [...] gmail.com - Ticket created

Subject:

If given a value of "localhost", Net::Server only listens on IPv4, even if the host is IPv6 only

In testing the new release of Net::Server on an ipv6 only system, I found that if I pass in a value of "localhost" as the host to use, it opens a port on IPv4 localhost instead of IPv6: zimbra@zqa-395-ipv6:~$ cat /etc/hosts ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters fc00:10:137:245::140 zqa-395-ipv6.eng.vmware.com zqa-395-ipv6 fc00:10:137:245::143 zqa-398-ipv6.eng.vmware.com zqa-398-ipv6 root@zqa-395-ipv6:/tmp/q/Net-Server-2.001# netstat -a | grep 10031 tcp 0 0 localhost:10031 *:* LISTEN However, if I change the bind address to "::1", and run netstat -a, I see: root@zqa-395-ipv6:/opt/zimbra/conf# netstat -a | grep 10031 tcp6 0 0 localhost:10031 [::]:* LISTEN

Thu May 31 17:49:20 2012 paul [...] seamons.com - Correspondence added

If you read the documentation you'll find that this is the default behavior and is a change from unauthorized developmental 0.99.6.1 version. It is easy to use the IPv6 features by either specifying ::1 as the address, or by passing ipv => '*' as an argument (to get both IPv4 if available and IPv6 if available), or passing ipv => 6 as an argument (to only get IPv6, or by passing the port as "localhost/IPv*/34" (assuming your port is 34). The default ipv value of 4 may change at some future day to "*", but for now the default is 4.

Thu May 31 17:49:21 2012 The RT System itself - Status changed from 'new' to 'open'

Thu May 31 17:49:21 2012 paul [...] seamons.com - Status changed from 'open' to 'resolved'

Thu May 31 18:12:02 2012 quanah.gibsonmount [...] gmail.com - Correspondence added

On Thu May 31 17:49:20 2012, RHANDOM wrote: Show quoted text

> If you read the documentation you'll find that this is the default > behavior and is a change from unauthorized developmental 0.99.6.1 version. > > It is easy to use the IPv6 features by either specifying ::1 as the > address, or by passing ipv => '*' as an argument (to get both IPv4 if > available and IPv6 if available), or passing ipv => 6 as an argument (to > only get IPv6, or by passing the port as "localhost/IPv*/34" (assuming > your port is 34). > > The default ipv value of 4 may change at some future day to "*", but for > now the default is 4.

This seems like really broken behavior. If I specify "localhost" it should listen to all "localhost" usable interfaces. The main issue here is that I'm using other software that uses Net::Server rather than Net::Server directly. They don't have an option for passing "ipv" in, and it seems to me that if I specify "localhost", then it should listen to "localhost". If I pass in "127.0.0.1" or "::1", I expect it to only listen to those. --Quanah

Thu May 31 18:12:02 2012 The RT System itself - Status changed from 'resolved' to 'open'

Thu May 31 21:22:19 2012 paul [...] seamons.com - Correspondence added

I've gone back and forth about which way to go. There are two items that fall under this particularly. The first is named hosts. I can fully see wanting to use the appropriate named entries on all interfaces. The second item is the "*" host or the :: and 0.0.0.0 addressess. Again, the question comes in, should the default for "*" be to do all interfaces. I could really go both ways, but up until now I've sided on security and lower resources. Loading IPv6 libraries adds half a MB to the server - but maybe that doesn't really matter. The security is the other side though. Services might suddenly start binding to interfaces they weren't realizing were open. I am sort of wondering what software you are using that you can specify your host but not pass any other information. Can you even pass in a port. If you could you could easily pass in host => "localhost", port => "5009/IPv*" . I'm guessing you might not even be able to do that if whatever software you are using is limited. I've posted this as a question on Perlmonks to see what sort of feelings there are (http://perlmonks.org/?node_id=973650) On Thu May 31 18:12:02 2012, MISHIKAL wrote: Show quoted text

> On Thu May 31 17:49:20 2012, RHANDOM wrote:

> > If you read the documentation you'll find that this is the default > > behavior and is a change from unauthorized developmental 0.99.6.1

version. Show quoted text

> > > > It is easy to use the IPv6 features by either specifying ::1 as the > > address, or by passing ipv => '*' as an argument (to get both IPv4 if > > available and IPv6 if available), or passing ipv => 6 as an argument (to > > only get IPv6, or by passing the port as "localhost/IPv*/34" (assuming > > your port is 34). > > > > The default ipv value of 4 may change at some future day to "*", but for > > now the default is 4.

> > This seems like really broken behavior. If I specify "localhost" it > should listen to all "localhost" usable interfaces. > > The main issue here is that I'm using other software that uses > Net::Server rather than Net::Server directly. They don't have an option > for passing "ipv" in, and it seems to me that if I specify "localhost", > then it should listen to "localhost". > > If I pass in "127.0.0.1" or "::1", I expect it to only listen to those. > > --Quanah

Wed Jun 06 16:22:26 2012 paul [...] seamons.com - Correspondence added

Based on the feedback from Perlmonks, I have not moved the default to *. However, I have added more options to make it easier for you to use and will hopefully still take care of your case. I have now made it possible to pass the ipv as part of the host, as part of the proto, and via an $ENV{'IPV'} command. So now for your particular case, if your software is only allowing you to submit host, you can just type "localhost/IPv*". Or, if you are loading a module you do a BEGIN { $ENV{'IPV'} = '*' } at before loading their module. I recognize that for your cases this is still suboptimal, and I do agree that for your use cases, having the default not be '*' could appear broken. As an aside as it only applies to this one instance and not to the general case, I'm wondering if your localhost configuration is standard, or just something you added. On my local box localhost is only IPv4 while localhost6 is IPv6 - I am using an Ubuntu variant. Again though - if I were to only specify host => 'localhost6', without promoting to ipv =>'*' it would fail. Though now I could just call host => 'localhost6/IPv6'.

Wed Jun 06 16:36:09 2012 quanah.gibsonmount [...] gmail.com - Correspondence added

On Wed Jun 06 16:22:26 2012, RHANDOM wrote: Show quoted text

> Based on the feedback from Perlmonks, I have not moved the default to *.

Since I build Net::Server myself, and all my code uses my version, I've just patched it to use "*" as the default. I still think that defaulting everything to ipv4 is the wrong way to go, particular given http://www.worldipv6launch.org/. ;) I've never quite understood the security argument. If someone has a server configured as ipv4/ipv6 ready, I would hope they expect any port they open on ipv4 to also be open on ipv6 unless they specifically disallow that. In any case, I would hope that moving to "*" as the default will be targeted for a future release, with warnings of the change in behavior starting to go out now. --Quanah

Thu Jun 07 11:35:10 2012 intrigeri [...] boum.org - Correspondence added

On Wed Jun 06 16:36:09 2012, MISHIKAL wrote: Show quoted text

> On Wed Jun 06 16:22:26 2012, RHANDOM wrote:

> > Based on the feedback from Perlmonks, I have not moved the default to *.

We are discussing, in the Debian Perl team, what kind of default we want to ship to our users: https://lists.debian.org/debian-perl/2012/06/msg00024.html

Thu Jun 07 12:48:24 2012 DKG [...] cpan.org - Correspondence added

fwiw, defaulting ipv => '*' makes more sense to me. Consider the following: 0 dkg@pip:~/tmp$ grep ip6-localhost /etc/hosts ::1 localhost ip6-localhost ip6-loopback 0 dkg@pip:~/tmp$ perl -e 'use base qw(Net::Server); main->run(host => "ip6-localhost", port => 20208)' 2012/06/07-13:23:33 main (type Net::Server) starting! pid(14373) Binding to TCP port 20208 on host ip6-localhost with IPv4 Group Not Defined. Defaulting to EGID '1000 4 20 24 25 27 29 44 46 107 109 110 115 126 1000' User Not Defined. Defaulting to EUID '1000' C-c C-c2012/06/07-13:24:09 Server closing! 0 dkg@pip:~/tmp$ (while it was open, i checked and it was indeed using ipv4: 0 dkg@pip:~$ lsof -p 14373 -n | grep IP perl 14373 dkg 3u IPv4 1515822 0t0 TCP 127.0.0.1:20208 (LISTEN) 0 dkg@pip:~$ So, despite requesting a name that is explicitly bound directly to an IPv6 address, Net::Server only returned an IPv4 address. Using ipv => '*' produces the intuitive/expected behavior: Resolved [ip6-localhost]:20208 to [::1]:20208, IPv6 Binding to TCP port 20208 on host ::1 with IPv6 I confess i don't understand the "compatibility" argument. If someone running an IPv4-only listener on a host with IPv6, they can keep the same behavior by explicitly indicating (via the host parameter) which IP address they want to listen on. They'd need to do that anyway, if they wanted to avoid binding to any unexpected/novel IPv4 addresses, though. So the only case i can see is for someone who wants to run a Net::Server instance that listens on *all* IPv4 interfaces, but does not want to listen on any IPv6 interfaces. I don't know anyone who has that use cas, and i can't see it outweighing more common situations like a hostname that is bound to both IPv6 and IPv4, where defaulting to ipv => "*" makes sense. * seems like the sensible default.

Thu Jun 07 12:50:33 2012 Paul Seamons - Correspondence added

Subject:	Re: [rt.cpan.org #77569] If given a value of "localhost", Net::Server only listens on IPv4, even if the host is IPv6 only
Date:	Thu, 07 Jun 2012 10:50:17 -0600
To:	bug-Net-Server [...] rt.cpan.org
From:	Paul Seamons <paul [...] seamons.com>

It will be going that way in 2.005. 2.004 will come out today or tomorrow and will have default warnings. Paul On 06/07/2012 10:48 AM, Daniel Kahn Gillmor via RT wrote: Show quoted text

> Queue: Net-Server > Ticket<URL: https://rt.cpan.org/Ticket/Display.html?id=77569> > > fwiw, defaulting ipv => '*' makes more sense to me. > > Consider the following: > > > 0 dkg@pip:~/tmp$ grep ip6-localhost /etc/hosts > ::1 localhost ip6-localhost ip6-loopback > 0 dkg@pip:~/tmp$ perl -e 'use base qw(Net::Server); main->run(host => > "ip6-localhost", port => 20208)' > 2012/06/07-13:23:33 main (type Net::Server) starting! pid(14373) > Binding to TCP port 20208 on host ip6-localhost with IPv4 > Group Not Defined. Defaulting to EGID '1000 4 20 24 25 27 29 44 46 107 > 109 110 115 126 1000' > User Not Defined. Defaulting to EUID '1000' > C-c C-c2012/06/07-13:24:09 Server closing! > 0 dkg@pip:~/tmp$ > > > (while it was open, i checked and it was indeed using ipv4: > > 0 dkg@pip:~$ lsof -p 14373 -n | grep IP > perl 14373 dkg 3u IPv4 1515822 0t0 TCP 127.0.0.1:20208 > (LISTEN) > 0 dkg@pip:~$ > > So, despite requesting a name that is explicitly bound directly to an > IPv6 address, Net::Server only returned an IPv4 address. > > Using ipv => '*' produces the intuitive/expected behavior: > > Resolved [ip6-localhost]:20208 to [::1]:20208, IPv6 > Binding to TCP port 20208 on host ::1 with IPv6 > > > I confess i don't understand the "compatibility" argument. If someone > running an IPv4-only listener on a host with IPv6, they can keep the > same behavior by explicitly indicating (via the host parameter) which IP > address they want to listen on. They'd need to do that anyway, if they > wanted to avoid binding to any unexpected/novel IPv4 addresses, though. > > So the only case i can see is for someone who wants to run a Net::Server > instance that listens on *all* IPv4 interfaces, but does not want to > listen on any IPv6 interfaces. I don't know anyone who has that use > cas, and i can't see it outweighing more common situations like a > hostname that is bound to both IPv6 and IPv4, where defaulting to ipv => > "*" makes sense. > > * seems like the sensible default. >

Thu Jun 07 22:13:26 2012 intrigeri [...] boum.org - Correspondence added

On Thu Jun 07 12:50:33 2012, paul@seamons.com wrote: Show quoted text

> It will be going that way in 2.005.

Nice to hear. Any ETA for 2.005? (Given the Debian Wheezy freeze is approaching, we're wondering whether we should just wait for 2.005, or package and upload 2.004 right now, patched to use "*" by default.)

Fri Jun 08 09:25:22 2012 paul [...] seamons.com - Correspondence added

Within a day or two here. I'm dealing with the problem at the moment that BSD and linux have different values for sysctl -n net.ipv6.bindv6only and the BSD guys want me to turn it off while that would break all of linuxland. On Thu Jun 07 22:13:26 2012, intrigeri@boum.org wrote: Show quoted text

> On Thu Jun 07 12:50:33 2012, paul@seamons.com wrote:

> > It will be going that way in 2.005.

> > Nice to hear. > > Any ETA for 2.005? > > (Given the Debian Wheezy freeze is approaching, we're wondering whether > we should just wait for 2.005, or package and upload 2.004 right now, > patched to use "*" by default.)

Fri Jun 08 13:25:39 2012 paul [...] seamons.com - Correspondence added

Infrastructure improvements are in place as of the 2.004 release which I just uploaded. There are also now deprecation warnings as well as fixes for anybody already using ipv => '*'. Version 2.005 will likely be released on Monday or Tuesday. I'm not sure if that is soon enough to get into wheezy - but hopefully. On Fri Jun 08 09:25:22 2012, RHANDOM wrote: Show quoted text

> Within a day or two here. I'm dealing with the problem at the moment > that BSD and linux have different values for sysctl -n > net.ipv6.bindv6only and the BSD guys want me to turn it off while that > would break all of linuxland. > > On Thu Jun 07 22:13:26 2012, intrigeri@boum.org wrote:

> > On Thu Jun 07 12:50:33 2012, paul@seamons.com wrote:

> > > It will be going that way in 2.005.

> > > > Nice to hear. > > > > Any ETA for 2.005? > > > > (Given the Debian Wheezy freeze is approaching, we're wondering whether > > we should just wait for 2.005, or package and upload 2.004 right now, > > patched to use "*" by default.)

> >

Tue Jun 12 15:41:32 2012 paul [...] seamons.com - Correspondence added

Version 2.005 was just uploaded with the default changed and all tests updated to handle it either way.

Tue Jun 12 15:41:33 2012 paul [...] seamons.com - Status changed from 'open' to 'resolved'