From nobody Thu Apr 2 00:08:15 2026 Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E702B35E936; Wed, 1 Apr 2026 07:45:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=90.155.92.199 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775029547; cv=none; b=NQ++2YkEVUvJxdfNb8+aDqCgpjoJumppJXjSj4Wzg0jIPjs4STQMz/4knnWFwcAnpp+f1spxlVZmdisID6BKOsghdFhyJh1c6MpuVZnXUzeCOrgcdWzfR+bkYm0Vgh2EOG1vAtctQWu6PaJRs2IhhL9utEX/dzuBeHV35WWcv0Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775029547; c=relaxed/simple; bh=kApfysLmil/v0Oj2JmnKLBK0dorCkw228crfG1s8AD0=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Xpes9io5/H/23AXuW3XYrkaIxb2kXso3Qv/alnLwHoAEtSUgbo8guJbFlAoQMYeV/fcc+vv3IwMdIMwr8rzMQYC54nzznCGJm85Zjy/9KwPZczQKWFvqNNGezIYE4yAkRnLIM7orkcH9CspWxkwwpOatgdUjyxrmS60zVneIe3Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=infradead.org; spf=none smtp.mailfrom=desiato.srs.infradead.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b=ICgU3kYI; arc=none smtp.client-ip=90.155.92.199 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=infradead.org Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=desiato.srs.infradead.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="ICgU3kYI" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:To:From:Reply-To: Cc:Content-Type:Content-ID:Content-Description; bh=TjlEaZufkIfdPkUMCDh5SD89kPYTqyaHCXw8Muwc4Dk=; b=ICgU3kYIYD7TcubUA2flzaCQ0/ Y1xq8IIwcHVpeuRBs2Sk5bzpKgsAJH4Ach8Tt1JHYt4wh0jYcY6e+SATwyK4RcZ/7221wQ27l1y2E O3cgTAk/OztH7NNk72E5Bf2RwSS34DSuaYUnyizucHQyG/+WmOWj1vdkACs6nq4qlMsZGSsEfWGNS hXSAVX0fEOkaA99zZ9kqYN6yxmdUYCJQkEtOxNFaQ7BJhkHkfggNP9lw9mMGOfHK6IUONyvssH4Q0 9gZpb8pHebi9BTlNi6Yopj0pLSCVCcKonmuA4rkAb/dLverJuSQ9UZS7Ic1Jul4M9LMCBmkEXo8vL C49g96Qw==; Received: from [2001:8b0:10b:1::425] (helo=i7.infradead.org) by desiato.infradead.org with esmtpsa (Exim 4.98.2 #2 (Red Hat Linux)) id 1w7qGN-0000000HLQS-0BKX; Wed, 01 Apr 2026 07:45:19 +0000 Received: from dwoodhou by i7.infradead.org with local (Exim 4.98.2 #2 (Red Hat Linux)) id 1w7qGM-00000007xeP-3Bbt; Wed, 01 Apr 2026 08:45:18 +0100 From: David Woodhouse To: Saeed Mahameed , Leon Romanovsky , Tariq Toukan , Mark Bloch , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Nikolay Aleksandrov , Ido Schimmel , Martin KaFai Lau , Daniel Borkmann , John Fastabend , Stanislav Fomichev , Alexei Starovoitov , Andrii Nakryiko , Eduard Zingerman , Song Liu , Yonghong Song , KP Singh , Hao Luo , Jiri Olsa , Kuniyuki Iwashima , Willem de Bruijn , David Ahern , Neal Cardwell , Johannes Berg , Pablo Neira Ayuso , Florian Westphal , Phil Sutter , Guillaume Nault , David Woodhouse , Kees Cook , Alexei Lazar , Gal Pressman , Paul Moore , netdev@vger.kernel.org, linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org, oss-drivers@corigine.com, bridge@lists.linux.dev, bpf@vger.kernel.org, linux-wireless@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, torvalds@linux-foundation.org, jon.maddog.hall@gmail.com Subject: [PATCH 6/6] net: Warn when processes listen on AF_INET sockets Date: Wed, 1 Apr 2026 08:44:20 +0100 Message-ID: <20260401074509.1897527-7-dwmw2@infradead.org> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260401074509.1897527-1-dwmw2@infradead.org> References: <20260401074509.1897527-1-dwmw2@infradead.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: David Woodhouse X-SRS-Rewrite: SMTP reverse-path rewritten from by desiato.infradead.org. See http://www.infradead.org/rpr.html Content-Type: text/plain; charset="utf-8" From: David Woodhouse There is no need to listen on AF_INET sockets; a modern application can listen on IPv6 (without IPV6_V6ONLY) and will accept connections from the 20th century via IPv4-mapped addresses (::ffff:x.x.x.x) on the IPv6 socket. Signed-off-by: David Woodhouse --- net/ipv4/af_inet.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index dc358faa1647..3838782a8437 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c @@ -240,6 +240,9 @@ int inet_listen(struct socket *sock, int backlog) struct sock *sk =3D sock->sk; int err =3D -EINVAL; =20 + pr_warn_once("process '%s' (pid %d) is listening on an AF_INET socket. Co= nsider using AF_INET6 with IPV6_V6ONLY=3D0 instead.\n", + current->comm, task_pid_nr(current)); + lock_sock(sk); =20 if (sock->state !=3D SS_UNCONNECTED || sock->type !=3D SOCK_STREAM) --=20 2.51.0