Follow-up Comment #29, bug #15559 (project freeciv): Clearly the server should run without emitting error messages regardless of whether it finds itself on a "v6only" behaving system. Specifying setsockopt(V6ONLY), or whatever it's called, with the current code might be sufficient, if it's portable (haven't checked).
Another approach which satisfies this requirement is to do what I believe OpenSSH does, which is to try to listen on all available IP address families (specifying "V6ONLY" for lack of ambiguity), and fail if it can't bind _all_ of them. This is done to avoid an attack (CVE-2008-1483 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483>) where a local attacker listened on IPv4 only, the SSH server listened on IPv6 and quietly failed on IPv4, the user misdirected traffic at the IPv4 listener, and the attacker captured traffic. (I haven't thought if there are any interesting similar attacks against Freeciv.) Unfortunately I haven't got round to working out how OpenSSH does this, and in particular how it works out whether it's on a system that doesn't support IPv6 at all, although I really should for another project. _______________________________________________________ Reply to this item at: <http://gna.org/bugs/?15559> _______________________________________________ Message sent via/by Gna! http://gna.org/ _______________________________________________ Freeciv-dev mailing list [email protected] https://mail.gna.org/listinfo/freeciv-dev
