Support for IPv6 and IPv4 (without IPv4 mapped addresses)

On FreeBSD IPv4 Mapped addresses are turned of by default by virtue of the net.inet6.ip6.v6only kernelflag. This is done because of reasons described in http://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful.

When using a IPv6 enabled java virtual machine (i.e. not the default diablo-jdk15 but jdk15 or jdk16 from the ports with IPv6 specifically configured) openfire will after binding to the wildcard address, only accept connections for the IPv6 addresses. This is because of the kernel configuration above.

The obvious workaround is to disable the restriction, but that opens ones system for the problems mentioned in the paper above. I want to try and not make that concession and still run one openfire instance on the two address families.

From trial and error, and casual reading of the source it seems that the openfire,xml only allows one instance of configuration parameter.

If that interface is an IPv4 address then openfire seems to create a tcp4 address family socket. If that is an IPv6 address it creates an tcp6 address family socket. (sockstat or netstat reports this). That almost suggests that if the configuration allows for explicitly configuring multiple interfaces to bind to the underlying java engine will choose the appropriate address family to bind to.

Some of the troubleshooting is blogged about here: http://www.trend-watcher.org/post/1/115

Anybody here tried to address this?

1 Like

I’ve started a discussion regarding IPv6 and JDK 1.7 for Windows, but there are builds for other UNIX platforms as well, so you may want to check it out.

Followup discussion: http://www.igniterealtime.org/community/thread/36598

JDK 1.7: https://jdk7.dev.java.net/