Shulou(Shulou.com)06/02 Report--

Why netstat only shows tcp6 listening port for some services? I believe many inexperienced people don't know what to do about it. Therefore, this article summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

Recently, I occasionally found a strange phenomenon. When netstat checks the listening service port, it only shows the monitoring of tcp6, but the service is clearly accessible through the ipv4 address of tcp4, so why does it not show tcp4 monitoring?

Take port 22 monitored by sshd as an example:

# netstat-tlnp | grep: 22tcp 0 0 0.0 0 22tcp 22 0 0 0 LISTEN 1444/sshdtcp6 0 0:: 22:: * LISTEN 1444/sshd

As you can see, the netstat display indicates that sshd listens for both the address on ipv4 and the address on ipv6.

And look at the httpd process:

# netstat-tlnp | grep: 80tcp6 0 0: 80:: * LISTEN 19837/httpd

It is found that it only shows listening on the address of the ipv6, but the address through the ipv4 is clearly accessible.

Let's take a look at how to explain this phenomenon.

First, shut down ipv6 and restart httpd:

# sysctl net.ipv6.conf.all.disable_ipv6=1# systemctl restart httpd

Now, take a look at the address where httpd is listening:

# netstat-tlnp | grep: 80tcp 0 0 0.0 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0 of the LISTEN 33697/httpd.

As you can see, only the ipv4 address has been heard.

So why is it that when ipv6 is turned on, netstat only shows tcp6 snooping instead of tcp and tcp6 snooping like sshd?

Let's download the source code of httpd and have a look. In the open_listeners () function of the code server/listen.c, there are comments:

/ * If we have the unspecified IPv4 address (0.0.0.0) and * the unspecified IPv6 address (::) is next, we need to * swap the order of these in the list. We always try to * bind to IPv6 first, then IPv4, since an IPv6 socket * might be able to receive IPv4 packets if V6ONLY is not * enabled, but never the other way around. *. Omit. * /

As mentioned above, ipv6 can actually handle ipv4 requests when V6ONLY is not turned on, and vice versa; so when does V6ONLY open?

Continuing with the follow code to the make_sock () function, you can find the following code:

# if APR_HAVE_IPV6#ifdef AP_ENABLE_V4_MAPPED int v6only_setting = 0 * * else int v6only_setting = 1 * dif

In this function, you can see that if the listening address is ipv6, then the socket option IPV6_V6ONLY will be set. Now, the key is to see how AP_ENABLE_V4_MAPPED is defined.

In the configure (note that if you get it directly through the code number, you may not have this file, but only the configure.ac/in file), you can find:

# Check whether-- enable-v4-mapped was given.if test "${enable_v4_mapped+set}" = set; then: enableval=$enable_v4_mapped; v4mapped=$enablevalelse case $host in * freebsd5* | * netbsd* | * openbsd*) v4mapped=no;; *) v4mapped=yes;; esac if ap_mpm_is_enabled winnt Then v4mapped=no fifiif test $v4mapped = "yes"-a $ac_cv_define_APR_HAVE_IPV6 = "yes"; then$as_echo "# define AP_ENABLE_V4_MAPPED 1" > > confdefs.h

Therefore, in Linux, by default, AP_ENABLE_V4_MAPPED is 1, then httpd will listen to ipv6 directly, because the socket of ipv6 can handle ipv4 requests; in addition, the bind () system call will transparently handle the situation where ipv6 is not open to the process in user space, and ipv4 will be heard at this time.

If we use the-- disable-v4-mapped parameter to disable ipv4 mapped when compiling httpd, by default, httpd will listen on ipv4 and ipv6, instead of just ipv6, as shown below:

# netstat-tlnp | grep: 80tcp 0 0 0.0 0 80tcp 80 0 0 0 LISTEN 40576/httpdtcp6 0 0:: 80:: * LISTEN 40576/httpd

However, if Listen is set to listen only for ipv6 addresses in / etc/httpd/conf/httpd.conf, as follows:

Listen: 80

Then, you will see that netstat shows only the snooping of tcp6:

# systemctl restart httpd# netstat-tlnp | grep: 80tcp6 0 0: 80:: * LISTEN 40980/httpd

Also, you will find that you can no longer access httpd through the ipv4 address.

# telnet 192.168.1.100 80Trying 192.168.1.100...telnet: Unable to connect to remote host: Connection refused

So, netstat is just a realistic display of listening ports, but it's important to note that ipv6 actually supports ipv4 on Linux.

After reading the above, do you understand why netstat only shows the tcp6 listening port for some services? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.