Checking refusal of a network connection

Peter J. Holzer hjp-python at hjp.at
Tue Jun 4 11:26:16 EDT 2019 

On 2019-06-03 14:54:29 +0200, Markus Elfring wrote:
> > How would this conversion take place?  Localhost is 127.0.0.1.
> > Localhost6 is ::1.  They are different
> 
> My configuration file “/etc/hosts” provides the following information
> as usual.
> 
> “…
> ::1             localhost ipv6-localhost ipv6-loopback
> …”

The name doesn't matter on the TCP/IP level it is only used to get the
correct IP address(es). 

The line above looks like something from Debian or Ubuntu. If so, you'll
have another line

    127.0.0.1       localhost localhost.localdomain

above,

So if you pass the name "localhost" to socket.connect, it will check
/etc/hosts (and possibly DNS and other data sources) and get back a list
of IP addresses, ['127.0.0.1', '::1'] in this case (the order may be
different). It will then try to connect to each of these IP addresses
in turn. 

But if you pass it an IP address (like '::1'), it will connect only to
the IP address you gave it. It won't try to find out if there is a name
associated with that address and whether this name is also associated
with other addresses and try to connect to those.

And the address ::1 is clearly distinct from the address 127.0.0.1, even
if the name "localhost" refers to both and both are bound to the same
interface. 

This is not unusual. If you do a DNS lookup on yahoo.com. you will see
that that name refers to 6 IPv4 and 6 IPv6 addresses - 12 different
addresses for the same name. OTOH I frequently run several webservers on
the same host and when I can, I give them different IP addresses, too. I
think the maximum I've had was over 50 IP addresses on the same
(physical) interface. Naturally when you connect to 192.0.2.23 you don't
want to get connected to the webserver listening on 192.0.2.42 just
because that's the same interface.


> > and you cannot route between the two.
> 
> I got other expectations for the corresponding software behaviour.

You might have to adjust your expectations.


> > What I can see is that your server binds to localhost6 and your client
> > is trying to connect to localhost.
> 
> I am curious to clarify the circumstances further if such a combination
> can also work finally.

Users generally use names, not IP addresses. When you connect to Google,
you use the URL https://google.com, not https://172.217.23.238 or
https://[2a00:1450:4014:80d::200e]. The server listens on both
addresses, the client will try both addresses if IPv6 is available, or
only the IPv4 address if IPv6 isn't available.

(Not sure if this answers your question since I'm not sure what your
question is)


> If my software test client would pass the IPv6 address family for a
> connection, both processes would use the same network protocol
> version.

Yes.

        hp

-- 
   _  | Peter J. Holzer    | we build much bigger, better disasters now
|_|_) |                    | because we have much more sophisticated
| |   | hjp at hjp.at         | management tools.
__/   | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-list/attachments/20190604/70a1e8ff/attachment.sig>

More information about the Python-list mailing list