Menu
From Beej's Guide to Network programming
You can force it to use IPv4 or IPv6 in the ai_family field, or leave it as AF_UNSPEC to use whatever. This is cool because your code can be IP version-agnostic.
As the title says - what would be the disadvantages (or risks, if any) of always using AF_UNSPEC, instead of specifying IPv4 or IPv6?
Or it's only for one reason - if the version is specified, this will guarantee that this and only this version is supported?
A little background - I think about adding support for IPv6 in client-server (C++) applications and both versions should be supported. So I wondered if it's fine to use AF_UNSPEC or it's better to "recognize" the address from the string and use AF_INET6 or AF_INET, depending on the address.
627
One of the risks of using AF_UNSPEC is that you expose the client to larger responses from a malicious DNS server which may be attempting to use CVE-2015-7547 to cause a stack buffer overflow, and cause malicious code to be executed by the client. In fact one proposed workaround for the known defect in getaddrinfo is to prevent use of AF_UNSPEC as detailed here in the bug report. The overflow defect for DNS responses greater than 2K affects glibc from 2.9, and is fixed in 2.23. This affects most currently installed Linux distributions.
72
You have to differentiate between client and server applications.
On the client, it is easy: just call getaddrinfo() and try each of the answers in sequence until you get a connection.
On the server, things are a little bit harder:
Even on servers, getaddrinfo() can be used. There you use the flag AI_PASSIVE in the hints. Then you get results. On these all you'll have to listen, perhaps enabling the IPV6_V6ONLY flag.
accept() should either be done non-blocking or with select() or poll() (not sure if the latter is possible).
20
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
