What is the difference between [::] and * in binding sockets to IPv6 addresses?

3

0

I'm trying to investigate listening IPv6 sockets on an Ubuntu Server. I don't understand the difference between [::] and *.

Two questions on my mind:

  1. Ary there any difference?
  2. If not, why they appear in multiple representations?
$ ss --listening --tcp --ipv6

State       Recv-Q      Send-Q    Local Addr:Port    Peer Addr:Port                 
LISTEN      0           128            *:http             *:*
LISTEN      0           128            *:8083             *:*
LISTEN      0           128         [::]:ssh           [::]:*
LISTEN      0           128            *:19998            *:*
LISTEN      0           128            *:19999            *:*

Mustapha Hadid

Posted 2019-09-03T07:29:23.643

Reputation: 451

Are you sure you executed ss with the --ipv6 parameter? I think * and :: mean the same (bind on all IP addresses) but the first is for ipv4 and the second ipv6 – HoD – 2019-09-10T11:04:36.367

what about this? https://serverfault.com/questions/444554/what-does-mean-as-an-ip-address-bracket-colon-colon-bracket

– BladeMight – 2019-09-10T11:20:31.207

it actually truncates all zero'es and shows only :: instead, so it must be localhost or so... – BladeMight – 2019-09-10T11:21:49.410

Answers

3

* and [::] indicate whether the IPV6_V6ONLY flag was set to false or true during socket creation, respectively.

Example:

$ socat UDP6-LISTEN:1234,ipv6only=0 - &
$ socat UDP6-LISTEN:4321,ipv6only=1 - &
$ ss -l -6 -e
Netid             State              Recv-Q             Send-Q                         Local Address:Port                          Peer Address:Port                                                                
udp               UNCONN             0                  0                                          *:1234                                     *:*                uid:1000 ino:3003972 sk:1 v6only:0 <->             
udp               UNCONN             0                  0                                       [::]:4321                                  [::]:*                uid:1000 ino:3004007 sk:2 v6only:1 <->

However, this representation is ss specific behavior. netstat and older versions of ss represent both cases as [::]. The relevant passage of ss's source can be found here.

The flag's purpose is described within the ipv6 manpage:

IPV6_V6ONLY (since Linux 2.4.21 and 2.6)

If this flag is set to true (nonzero), then the socket is restricted to sending and receiving IPv6 packets only. In this case, an IPv4 and an IPv6 application can bind to a single port at the same time.

If this flag is set to false (zero), then the socket can be used to send and receive packets to and from an IPv6 address or an IPv4-mapped IPv6 address.

The argument is a pointer to a boolean value in an integer.

The default value for this flag is defined by the contents of the file /proc/sys/net/ipv6/bindv6only. The default value for that file is 0 (false).

dirdi

Posted 2019-09-03T07:29:23.643

Reputation: 1 860

1I tried your example and both ports are showing as " :::1234 " and " :::4321 ". Perhaps this is ss version specific? I've got iproute2-ss151103 – HoD – 2019-09-10T11:35:24.817

@HoD Yes, indeed it seems to be at least ss specific. I added your remark to my answer. – dirdi – 2019-09-10T11:39:49.410

Asked: 2019-09-03T07:29:23.643

Viewed: 158 times

Active: 2019-09-10T11:55:41.420