| Summary: | sys-apps/xinetd-2.3.14: specifying "flags = IPv4 IPv6" does not allow one service listen on IPv4 and IPv6 | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Maxime de Roucy <maxime.deroucy> |
| Component: | [OLD] Server | Assignee: | Gentoo's Team for Core System packages <base-system> |
| Status: | RESOLVED INVALID | ||
| Severity: | normal | CC: | jer |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | x86 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: |
emerge --info
/etc/xinetd.conf |
||
|
Description
Maxime de Roucy
2010-08-02 15:56:16 UTC
Created attachment 241101 [details]
emerge --info
(By default xinetd is set up not to listen to anything, i.e. to disable all available services until you've configured them.)
xinetd.conf(5):
flags Any combination of the following flags may be used:
Why do you think it is impossible to set that? Does it not run when you do set it?
for (In reply to comment #2) > (By default xinetd is set up not to listen to anything, i.e. to disable all > available services until you've configured them.) Yes, I tried to setup a sane-port service with : service sane-port { socket_type = stream server = /usr/sbin/saned protocol = tcp user = saned group = scanner wait = no disable = yes } then reload xinetd -> xinetd listen on ipv4 but not on ipv6 # netstat -lnptu | grep "xinetd*" tcp 0 0 0.0.0.0:6566 0.0.0.0:* LISTEN 3352/xinetd > xinetd.conf(5): > flags Any combination of the following flags may be used: I tried with "flags = IPv4 IPv6" xinetd[3352]: Service sane-port specified as both IPv4 and IPv6 - DISABLING xinetd[3352]: service sane-port deactivated And with "flags = IPv6" (just to try) ... there is no v4 anymore. # netstat -lnptu |grep "xinetd*" tcp6 0 0 :::6566 :::* LISTEN 3352/xinetd Created attachment 241129 [details]
/etc/xinetd.conf
(In reply to comment #3) > for (In reply to comment #2) > > (By default xinetd is set up not to listen to anything, i.e. to disable all > > available services until you've configured them.) > > Yes, I tried to setup a sane-port service with : > > service sane-port > { > socket_type = stream > server = /usr/sbin/saned > protocol = tcp > user = saned > group = scanner > wait = no > disable = yes > } > > then reload xinetd -> xinetd listen on ipv4 but not on ipv6 > # netstat -lnptu | grep "xinetd*" > tcp 0 0 0.0.0.0:6566 0.0.0.0:* LISTEN 3352/xinetd > > > xinetd.conf(5): > > flags Any combination of the following flags may be used: > > I tried with "flags = IPv4 IPv6" > > xinetd[3352]: Service sane-port specified as both IPv4 and IPv6 - DISABLING > xinetd[3352]: service sane-port deactivated > > And with "flags = IPv6" (just to try) ... there is no v4 anymore. > # netstat -lnptu |grep "xinetd*" > tcp6 0 0 :::6566 :::* LISTEN 3352/xinetd > xinetd.d is shipped will all services having disable=yes flag, which means they are disabled. You have copied this flag into your sane config, and, voila, it is disabled as well. Put 'disabled=no'
> You have copied this flag into your sane config, and, voila, it is disabled as
> well. Put 'disabled=no'
>
Sorry, mistyped, 'disable=no' without 'd'
> You have copied this flag into your sane config, and, voila, it is disabled as > well. Put 'disabled=no' Sorry I didn't check the service config I gave on this bug report. I fact on my server I have "disable=no" : (this is my real sane-port service config : ) service sane-port { socket_type = stream server = /usr/sbin/saned protocol = tcp user = saned group = scanner wait = no disable = no } I was reading bug 321473 (which give a sane-port config for xinetd) while filling this bug report and just copy its sane-port service example... instead of ssh my server to look my real file. My fault ... sorry. So the problem is still here... Just to clarify : xinetd works well on IPv4 (my sane-port config work on v4) (but no IPv6 listening). It works exactly the same with "flags = IPv4" (no IPv6 listening as well ... normal). It work on IPv6 with "flags = IPv6" but that's disable v4 listening. It doesn't work with "flags = IPv4 IPv6". So -> impossible to listen on IPv6 and IPv4 at the same time... I think that without IPv4 nor IPv6 flags xinetd should listen on both. PS : sorry for my bad english i imagine if you created two service entries, one set to IPv4 and one set to IPv6, things would work as you want i dont think the xinetd architecture allows for multiple ports/sockets per service entry. and this is probably a design decision rather than a "bug". you probably see the same behavior if you attempted to specify multiple socket types simultaneously to try and do TCP/IP and UDP/IP with one entry: socket_type = stream dgram i'd have to double check the source code, but my gut reaction is that there is no bug here ... Please do note that unless I'm mistaken *:tcp6 in netstat does not mean _ipv6 only_ but rather ipv6-and-mapped-ipv4. Indeed you have to explicitly request for ipv6-only sockets, so I wouldn't be surprised if that was the case. (In reply to comment #9) > i imagine if you created two service entries, one set to IPv4 and one set to > IPv6, things would work as you want > > i dont think the xinetd architecture allows for multiple ports/sockets per > service entry. and this is probably a design decision rather than a "bug". > > you probably see the same behavior if you attempted to specify multiple socket > types simultaneously to try and do TCP/IP and UDP/IP with one entry: > socket_type = stream dgram > > i'd have to double check the source code, but my gut reaction is that there is > no bug here ... > I tried with 2 config for sane-port at the same time ... doesn't work I browse the web to find an explanation : http://old.nabble.com/xinetd-and-IPv6-td9719864.html http://www.washington.edu/imap/documentation/IPv6.txt.html "The man page for xinetd says the IPv6 flag means xinetd will listen ONLY on IPv6. However the actual behaviour (for Fedora Linux) is to listen on both IPv4 and IPv6." say that it's possible to have a service listening v4 and v6 address ... but the method is quite strange... Instead of creating 2 socket it create one ipv6 socket that also handle v4 request... that's why I didn't see a v4 socket with netstat : tcp6 0 0 :::6566 :::* LISTEN 14692/xinetd So the solution is to set "flags = IPv6" , sysctl net.ipv6.bindv6only=0 and it should work on v4. I am not at home right now so I can't test but I will as soon as I can. In fact if it works : it will not be really a bug... it works... "flags = IPv4" -> equal to default ... listen IPv4 "flags = IPv6" -> listen on IPv4 and v6 through one tcp6 socket. So that's not a bug, that's the correct behavior of xinetd... (I think the documentation isn't very clear on that) Sorry for that... |
