Bug 1247728 - Fix limitation in iproute/ss regarding dual-stack sockets
Fix limitation in iproute/ss regarding dual-stack sockets
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: iproute (Show other bugs)
Unspecified Unspecified
medium Severity medium
: rc
: ---
Assigned To: Phil Sutter
BaseOS QE Security Team
: 1244824 (view as bug list)
Depends On: 1247726
  Show dependency treegraph
Reported: 2015-07-28 13:05 EDT by Phil Sutter
Modified: 2015-10-23 17:44 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1247315
Last Closed: 2015-10-23 17:44:12 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Phil Sutter 2015-07-28 13:05:03 EDT
+++ This bug was initially created as a clone of Bug #1247315 +++

When listing listening sockets using 'ss -nlpe', there is no indication about whether an AF_INET6 socket is dual-stack capable, i.e. allows access from IPv4 as well. The following upstream patch solves this issue:

commit f32dc7467fee0b9e55c3fc6e2895d62e881dec55
Author: Phil Sutter <phil@nwl.cc>
Date:   Wed Jun 24 13:07:20 2015 +0200

    ss: print value of IPV6_V6ONLY socket option if set
    If available and set, print 'v6only:1' for AF_INET6 sockets upon request
    of extended information. For IPv6 sockets bound to in6addr_any, this is
    the only way to determine if they will also accept IPv4 requests or not.
    Signed-off-by: Phil Sutter <phil@nwl.cc>
Comment 1 Phil Sutter 2015-07-28 13:19:46 EDT
*** Bug 1244824 has been marked as a duplicate of this bug. ***
Comment 2 Phil Sutter 2015-07-28 13:32:17 EDT
Been told rhel-6.7 won't work, so targeting this at rhel-6.8.
Comment 3 Rashid Khan 2015-10-23 17:44:12 EDT
Phil, as per your comments in the 6.8 spreadsheet
Too risky for 6.x 

If you disagree, please feel free to re-open

Note You need to log in before you can comment on or make changes to this bug.