Handling IPv4 using IPv6

From Exterior Memory
Jump to: navigation, search

Handling IPv4 by an IPv6-only Application

I was surprised to find out that my Apache web server was not listening to IPv4 addresses on my server, but at the same time still serving requests to its IPv4 address.

Telltales

# netstat -l -f inet ; netstat -l -f inet6
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN     
tcp        0      0 145.99.1.69:53          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:40150           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN     
tcp6       0      0 :::80                   :::*                    LISTEN     
tcp6       0      0 :::53                   :::*                    LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 :::443                  :::*                    LISTEN     

# lsof -n | grep apache | grep LISTEN
COMMAND     PID       USER   FD      TYPE     NAME
apache2    7443   www-data    4u     IPv6     TCP *:www (LISTEN)
apache2    7443   www-data    6u     IPv6     TCP *:https (LISTEN)
apache2    7445   www-data    4u     IPv6     TCP *:www (LISTEN)
apache2    7445   www-data    6u     IPv6     TCP *:https (LISTEN)
apache2    7446   www-data    4u     IPv6     TCP *:www (LISTEN)
apache2    7446   www-data    6u     IPv6     TCP *:https (LISTEN)
# tcpdump
10:47:13.410355 IP client.example.org.57798 > www.example.nl.www: S 2868586753:2868586753(0) win 65535 <mss 1452,nop,wscale 3,nop,nop,timestamp 505229578 0,sackOK,eol>
10:47:13.410498 IP www.example.nl.www > client.example.org.57798: S 2583941767:2583941767(0) ack 2868586754 win 5792 <mss 1460,sackOK,timestamp 4202865811 505229578,nop,wscale 5>
10:47:13.427075 IP client.example.org.57798 > www.example.nl.www: . ack 1 win 65535 <nop,nop,timestamp 505229578 4202865811>
10:47:13.428135 IP client.example.org.57798 > www.example.nl.www: P 1:725(724) ack 1 win 65535 <nop,nop,timestamp 505229578 4202865811>
10:47:13.428226 IP www.example.nl.www > client.example.org.57798: . ack 725 win 227 <nop,nop,timestamp 4202865816 505229578>
10:47:13.431067 IP www.example.nl.www > client.example.org.57798: P 1:351(350) ack 725 win 227 <nop,nop,timestamp 4202865816 505229578>
10:47:13.450924 IP client.example.org.57798 > www.example.nl.www: . ack 351 win 65535 <nop,nop,timestamp 505229578 4202865816>
10:47:28.435177 IP www.example.nl.www > client.example.org.57798: F 351:351(0) ack 725 win 227 <nop,nop,timestamp 4202869568 505229578>
10:47:28.452306 IP client.example.org.57798 > www.example.nl.www: . ack 352 win 65535 <nop,nop,timestamp 505229728 4202869568>

Explanation

The reason is explained at Apache Binding: Special IPv6 Considerations:

Handling IPv4 connections with an IPv6 socket uses IPv4-mapped IPv6 addresses, which are allowed by default on most platforms but are disallowed by default on FreeBSD, NetBSD, and OpenBSD [...]

This feature can be changed in Apache at compile time using the --enable-v4-mapped or --disable-v4-mapped configure option.

IPv4-Mapped Addresses

IPv4-mapped addresses are described in RFC4038:

Most implementations of dual stack allow IPv6-only applications to interoperate with both IPv4 and IPv6 nodes. IPv4 packets going to IPv6 applications on a dual-stack node reach their destination because their addresses are mapped by using IPv4-mapped IPv6 addresses: the IPv6 address ::FFFF:x.y.z.w represents the IPv4 address x.y.z.w.

     +----------------------------------------------+
     | +------------------------------------------+ |
     | |                                          | |
     | |        IPv6-only applications            | |
     | |                                          | |
     | +------------------------------------------+ |
     |                      |                       |
     | +------------------------------------------+ |
     | |                                          | |
     | |   TCP / UDP / others (SCTP, DCCP, etc.)  | |
     | |                                          | |
     | +------------------------------------------+ |
     |    IPv4-mapped    |        |    IPv6         |
     |  IPv6 addresses   |        |   addresses     |
     | +--------------------+ +-------------------+ |
     | |        IPv4        | |      IPv6         | |
     | +--------------------+ +-------------------+ |
     |   IPv4       |                 |             |
     |   addresses  |                 |             |
     +--------------|-----------------|-------------+
                    |                 |
               IPv4 packets      IPv6 packets