Debian Bug report logs - #574837
listen_ipv6 should set IPV6_V6ONLY socket option

Package: vsftpd; Maintainer for vsftpd is Keng-Yu Lin <kengyu@debian.org>; Source for vsftpd is src:vsftpd (PTS, buildd, popcon).

Reported by: David Madore <david+bugs@madore.org>

Date: Sun, 21 Mar 2010 15:51:06 UTC

Severity: normal

Tags: ipv6, patch, pending

Found in version vsftpd/2.3.0~pre1-1

Fixed in version 3.0.2-6

Done: Daniel Baumann <daniel.baumann@progress-technologies.net>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Daniel Baumann <daniel@lists.debian-maintainers.org>:
Bug#574837; Package vsftpd. (Sun, 21 Mar 2010 15:51:09 GMT) (full text, mbox, link).

Acknowledgement sent to David Madore <david+bugs@madore.org>:
New Bug report received and forwarded. Copy sent to Daniel Baumann <daniel@lists.debian-maintainers.org>. (Sun, 21 Mar 2010 15:51:09 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: vsftpd
Version: 2.3.0~pre1-1

There seems to be a trend in Debian and/or Linux to activate the
sysctl net.ipv6.bindv6only=1 by default, meaning that binding on the
IPv6 unspecified address (::) will not also bind IPv4 (contrarily to
the former Linux tradition).  This means that running vsftpd with
listen_ipv6=YES will ONLY listen on IPv6, not IPv4, whereas formerly
it listened to both.  (I discovered this by noticing that my ftp
server had stopped responding to IPv4 and was only reachable through
IPv6.)

Possible solutions:

* Advise sysadmins installing vsftpd to set net.ipv6.bindv6only=0.
  This does not seem desirable, however, as it goes against the
  current trend.

* Advise sysadmins to run two different copies of vsftpd, one for IPv4
  only and one for IPv6 only.  This is inconvient with the startup
  scripts provided by Debian, however.

* Advise sysadmins to run vsftpd from inetd or xinetd.  This also goes
  against current trends, however, since all flavors of inetd seem to
  be dying out.

* Use setsockopt(..., IPPROTO_IPV6, IPV6_V6ONLY, ...) to set
  IPV6_V6ONLY to 0 on the vsftpd socket when listening on IPv6, so as
  to request binding on IPv4 only.  Or, even better, make this an
  option.  This would be my preferred solution.

* Allow vsftpd to run with both listen and listen_ipv6.

-- 
     David A. Madore
   ( http://www.madore.org/~david/ )

Added tag(s) ipv6. Request was from Marco d'Itri <md@linux.it> to control@bugs.debian.org. (Fri, 06 Aug 2010 03:00:02 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Baumann <daniel.baumann@progress-technologies.net>:
Bug#574837; Package vsftpd. (Thu, 24 Jan 2013 10:18:03 GMT) (full text, mbox, link).

Acknowledgement sent to Jan Wagner <waja@cyconet.org>:
Extra info received and forwarded to list. Copy sent to Daniel Baumann <daniel.baumann@progress-technologies.net>. (Thu, 24 Jan 2013 10:18:03 GMT) (full text, mbox, link).

Message #12 received at 574837@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

tags 574837 + patch
thanks

Hi there,

Am 21.03.2010 16:49, schrieb David Madore:
> * Allow vsftpd to run with both listen and listen_ipv6.

is there any chance to get that fixed. Using the following works on IPv4
and IPv6:

listen=NO
listen_ipv6=YES

So there is just a fix for the documentation needed. I'll attached the
patch from fedora.

Many thanks, Jan.
-- 
Never write mail to <waja@spamfalle.info>, you have been warned!
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT d-- s+: a C+++ UL++++ P+ L+++ E--- W+++ N+++ o++ K++ w--- O M V- PS
PE Y++
PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h---- r+++ y++++
------END GEEK CODE BLOCK------

[vsftpd-2.3.4-listen_ipv6.patch (text/x-patch, attachment)]

[signature.asc (application/pgp-signature, attachment)]

Added tag(s) patch. Request was from Jan Wagner <waja@cyconet.org> to control@bugs.debian.org. (Thu, 24 Jan 2013 10:18:09 GMT) (full text, mbox, link).

Acknowledgement sent to daniel.baumann@progress-technologies.net:
Extra info received and forwarded to list. Copy sent to Daniel Baumann <daniel.baumann@progress-technologies.net>. (Thu, 24 Jan 2013 10:21:03 GMT) (full text, mbox, link).

Message #19 received at 574837@bugs.debian.org (full text, mbox, reply):

On 01/24/2013 11:15 AM, Jan Wagner wrote:
> is there any chance to get that fixed.

if you send a patch, which you did (thanks), surely ;)

-- 
Address:        Daniel Baumann, Donnerbuehlweg 3, CH-3012 Bern
Email:          daniel.baumann@progress-technologies.net
Internet:       http://people.progress-technologies.net/~daniel.baumann/

Acknowledgement sent to Thorsten Glaser <tg@mirbsd.de>:
Extra info received and forwarded to list. Copy sent to Daniel Baumann <daniel.baumann@progress-technologies.net>. (Thu, 24 Jan 2013 16:30:06 GMT) (full text, mbox, link).

Message #24 received at 574837@bugs.debian.org (full text, mbox, reply):

Hi,

on “doble stack” systems, listening on [::] will only receive
IP connections, not Legacy IP connections, so you *must* be
able to listen on both.

Examples for “doble stack” operation are the KAME BSD IPv6
stack, and Linux with the net.ipv6.bindv6only sysctl set to
1, which is intended to be the default eventually.

Ideally, a “just works” configuration would bind to [::],
then try to bind to 0.0.0.0 too (on a second socket()),
and just not fail if that fails, when asked to bind to “all”.

bye,
//mirabilos
-- 
«MyISAM tables -will- get corrupted eventually. This is a fact of life. »
“mysql is about as much database as ms access” – “MSSQL at least descends
from a database” “it's a rebranded SyBase” “MySQL however was born from a
flatfile and went downhill from there” – “at least jetDB doesn’t claim to
be a database”	(#nosec)    ‣‣‣ Please let MySQL and MariaDB finally die!

Changed Bug title to 'listen_ipv6 should set IPV6_V6ONLY socket option' from 'vsftpd: listen_ipv6 should set IPV6_V6ONLY socket option to its desired value' Request was from Daniel Baumann <daniel.baumann@progress-technologies.net> to control@bugs.debian.org. (Tue, 04 Jun 2013 21:42:24 GMT) (full text, mbox, link).

Added tag(s) pending. Request was from Daniel Baumann <daniel.baumann@progress-technologies.net> to control@bugs.debian.org. (Wed, 05 Jun 2013 18:30:10 GMT) (full text, mbox, link).

Marked as fixed in versions 3.0.2-6. Request was from Daniel Baumann <daniel.baumann@progress-technologies.net> to control@bugs.debian.org. (Wed, 05 Jun 2013 19:42:08 GMT) (full text, mbox, link).

Marked Bug as done Request was from Daniel Baumann <daniel.baumann@progress-technologies.net> to control@bugs.debian.org. (Wed, 05 Jun 2013 19:42:09 GMT) (full text, mbox, link).

Notification sent to David Madore <david+bugs@madore.org>:
Bug acknowledged by developer. (Wed, 05 Jun 2013 19:42:10 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 09 May 2014 07:30:27 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Oct 9 07:34:44 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Debian Bug report logs - #574837 listen_ipv6 should set IPV6_V6ONLY socket option

Debian Bug report logs - #574837
listen_ipv6 should set IPV6_V6ONLY socket option