Re: [PATCH 6/6] net: Warn when processes listen on AF_INET sockets

Next message: Damon Ding: "[PATCH v12 14/17] drm/exynos: exynos_dp: Apply analogix_dp_finish_probe()"
Previous message: Ron Economos: "Re: [PATCH 6.18 000/309] 6.18.21-rc1 review"
In reply to: Eric Dumazet: "Re: [PATCH 6/6] net: Warn when processes listen on AF_INET sockets"
Next in thread: Stephen Hemminger: "Re: [PATCH 6/6] net: Warn when processes listen on AF_INET sockets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Woodhouse

Date: Wed Apr 01 2026 - 05:36:49 EST

On Wed, 2026-04-01 at 02:11 -0700, Eric Dumazet wrote:
> On Wed, Apr 1, 2026 at 12:45 AM David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote:
> >
> > From: David Woodhouse <dwmw@xxxxxxxxxxxx>
> >
> > There is no need to listen on AF_INET sockets; a modern application can
> > listen on IPv6 (without IPV6_V6ONLY) and will accept connections from
> > the 20th century via IPv4-mapped addresses (::ffff:x.x.x.x) on the IPv6
> > socket.
> >
> > Signed-off-by: David Woodhouse <dwmw@xxxxxxxxxxxx>
> > ---
> > net/ipv4/af_inet.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
> > index dc358faa1647..3838782a8437 100644
> > --- a/net/ipv4/af_inet.c
> > +++ b/net/ipv4/af_inet.c
> > @@ -240,6 +240,9 @@ int inet_listen(struct socket *sock, int backlog)
> >         struct sock *sk = sock->sk;
> >         int err = -EINVAL;
> >
> > +       pr_warn_once("process '%s' (pid %d) is listening on an AF_INET socket. Consider using AF_INET6 with IPV6_V6ONLY=0 instead.\n",
> > +                    current->comm, task_pid_nr(current));
> > +
>
> Some kernels are built without CONFIG_IPV6, so this warning would be
> quite misleading.

Maybe on this date next year, we could make it not possible to build
the kernel *without* IPv6... ?

Attachment: smime.p7s
Description: S/MIME cryptographic signature