Re: [PATCH 6/6] net: Warn when processes listen on AF_INET sockets

Next message: Dan Carpenter: "Re: [PATCH v2] media: atomisp: gc2235: fix UAF and memory leak"
Previous message: Yan Zhao: "Re: [PATCH 07/17] KVM: x86/tdp_mmu: Centralize updates to present external PTEs"
In reply to: David Woodhouse: "[PATCH 6/6] net: Warn when processes listen on AF_INET sockets"
Next in thread: David Woodhouse: "Re: [PATCH 6/6] net: Warn when processes listen on AF_INET sockets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Dumazet

Date: Wed Apr 01 2026 - 05:16:05 EST

On Wed, Apr 1, 2026 at 12:45 AM David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote:
>
> From: David Woodhouse <dwmw@xxxxxxxxxxxx>
>
> There is no need to listen on AF_INET sockets; a modern application can
> listen on IPv6 (without IPV6_V6ONLY) and will accept connections from
> the 20th century via IPv4-mapped addresses (::ffff:x.x.x.x) on the IPv6
> socket.
>
> Signed-off-by: David Woodhouse <dwmw@xxxxxxxxxxxx>
> ---
> net/ipv4/af_inet.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
> index dc358faa1647..3838782a8437 100644
> --- a/net/ipv4/af_inet.c
> +++ b/net/ipv4/af_inet.c
> @@ -240,6 +240,9 @@ int inet_listen(struct socket *sock, int backlog)
> struct sock *sk = sock->sk;
> int err = -EINVAL;
>
> + pr_warn_once("process '%s' (pid %d) is listening on an AF_INET socket. Consider using AF_INET6 with IPV6_V6ONLY=0 instead.\n",
> + current->comm, task_pid_nr(current));
> +

Some kernels are built without CONFIG_IPV6, so this warning would be
quite misleading.