[PATCH 6/6] net: Warn when processes listen on AF_INET sockets

Next message: Krzysztof Kozlowski: "Re: [PATCH 1/4] dt-bindings: timer: Add the Renesas RZ/N1 timer"
Previous message: Krzysztof Kozlowski: "Re: [PATCH 1/2] dt-bindings: reset: imx8mq: Add _N suffix to IMX8MQ_RESET_MIPI_CSI*_RESET"
In reply to: David Woodhouse: "[PATCH 1/6] net: Simplify tautological CONFIG_INET/CONFIG_IPV6 guards"
Next in thread: Eric Dumazet: "Re: [PATCH 6/6] net: Warn when processes listen on AF_INET sockets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Woodhouse

Date: Wed Apr 01 2026 - 03:57:18 EST

From: David Woodhouse <dwmw@xxxxxxxxxxxx>

There is no need to listen on AF_INET sockets; a modern application can
listen on IPv6 (without IPV6_V6ONLY) and will accept connections from
the 20th century via IPv4-mapped addresses (::ffff:x.x.x.x) on the IPv6
socket.

Signed-off-by: David Woodhouse <dwmw@xxxxxxxxxxxx>
---
net/ipv4/af_inet.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index dc358faa1647..3838782a8437 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -240,6 +240,9 @@ int inet_listen(struct socket *sock, int backlog)
struct sock *sk = sock->sk;
int err = -EINVAL;

+ pr_warn_once("process '%s' (pid %d) is listening on an AF_INET socket. Consider using AF_INET6 with IPV6_V6ONLY=0 instead.\n",
+ current->comm, task_pid_nr(current));
+
lock_sock(sk);

if (sock->state != SS_UNCONNECTED || sock->type != SOCK_STREAM)
--
2.51.0