[Nut-upsdev] Re: [nut-commits] svn commit r714 - in trunk: .
server
Henning Brauer
hb-nut at bsws.de
Mon Jan 8 16:48:49 CET 2007
* Arjen de Korte <arjen at de-korte.org> [2007-01-08 15:45]:
> > but keep in mind that there are systems that (purposefully) do not
> > support v4 mapped addresses.
> That shouldn't be too much of a problem, would it?
This is only a problem if you open exactly one listening socket with
AF_INET6 and expect to handle both v4 and v6 connections there, seeing
v4 traffic mapped.
> I may not fully
> understand the problem here, but if you only use either IPv4 or IPv6
> addresses, the code for IPv4 mapped addresses will not be used anyway.
see above - as long as you don't expect to see AF_INET traffic on
AF_INET6 sockets, all is good.
> Or
> do you mean that we should check for the case that IPv4 access controls
> are specified on an IPv6 only system that is not supporting IPv4 mapping?
the access controls problem is one of the fundamental issues with the
v4 mapped adresses indeed :)
but that is not really nut's problem.
you might want to either drop v4-mapped traffic on AF_INET6 sockets
entirely (and use AF_INET sockets exlucisvely for v4 traffic, that is
what I'd recommend), or at least check v4 access controls on AF_INET6
traffic for v4-mapped addresses.
> Looking at the code, the latter would probably mean that no connections
> are allowed at all, so no harm is done.
as said, I'd play safe and silently drop all v4mapped stuff on the
AF_INET6 socket.
--
Henning Brauer, hb at bsws.de, henning at openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
More information about the Nut-upsdev
mailing list