[nemanjaboric]

> Luckily it's easy enough to support IPv6: just replace AF_INET by AF_INET6 and it will work with both IPv4 and IPv6! So don't you dare to ever use AF_INET anymore without a good excuse

(emphasis mine)

AFAIK, on many systems (think FreeBSD) this is not true:

https://www.unix.com/man-page/FreeBSD/4/inet6/

> By default, FreeBSD does not route IPv4 traffic to AF_INET6 sockets. The default behavior intentionally violates RFC2553 for security reasons. Listen to two sockets if you want to accept both IPv4 and IPv6 traffic. IPv4 traffic may be routed with certain per-socket/per-node configuration, however, it is not recommended to do so. Consult ip6(4) for details.

[ChrisSD]

I've consulted ip6(4) but I'm still unclear on exactly why they break with the rfc here. Do you know where they detail the security implications?

[segmondy]

     >However, RFC2553 does not define the ordering constraint between calls to
     bind(2), nor how IPv4 TCP/UDP port	numbers	and IPv6 TCP/UDP port numbers
     relate to each other (should they be integrated or	separated).  Imple-
     mented behavior is	very different from kernel to kernel.  Therefore, it
     is	unwise to rely too much	upon the behavior of AF_INET6 wildcard bind
     sockets.  It is recommended to listen to two sockets, one for AF_INET and
     another for AF_INET6, when	you would like to accept both IPv4 and IPv6
     traffic.

     >It should also be noted that malicious parties can	take advantage of the
     complexity	presented above, and are able to bypass	access control,	if the
     target node routes	IPv4 traffic to	AF_INET6 socket.  Users	are advised to
     take care handling	connections from IPv4 mapped address to	AF_INET6 sock-
     ets.