[Nut-upsdev] Re: [nut-commits] svn commit r714 - in trunk: . server

Arjen de Korte nut+devel at de-korte.org
Tue Jan 9 22:19:46 CET 2007 

Henning Brauer wrote:

>>> but keep in mind that there are systems that (purposefully) do not
>>> support v4 mapped addresses.
>> That shouldn't be too much of a problem, would it?
> This is only a problem if you open exactly one listening socket with 
> AF_INET6 and expect to handle both v4 and v6 connections there, seeing 
> v4 traffic mapped.

Now I finally realized (took a while) why this is a problem. We
currently support listening on only one TCP socket, the upsd driver is
not geared up for more than that. If you want/need to separate all IPv4
traffic on an AF_INET socket and all IPv6 traffic on an AF_INET6, you
need at least two. Which means that in mixed configurations, in the
present state of the server, you'd need mapped IPv4 (for which I take
your word, is not always possible/desireable).

> see above - as long as you don't expect to see AF_INET traffic on 
> AF_INET6 sockets, all is good.

Yup. I guess I'll have some coding to do, to make this happen.

> you might want to either drop v4-mapped traffic on AF_INET6 sockets 
> entirely (and use AF_INET sockets exlucisvely for v4 traffic, that is 
> what I'd recommend), or at least check v4 access controls on AF_INET6 
> traffic for v4-mapped addresses.

The latter is what we seem to do know and in the short run, this is
probably all we can offer for people in mixed environments.

>> Looking at the code, the latter would probably mean that no connections
>> are allowed at all, so no harm is done.
> as said, I'd play safe and silently drop all v4mapped stuff on the 
> AF_INET6 socket.

As long as this code is still in the trunk (not released), I think we
can/should keep it in. In the mean time, I will take up the task of
making upsd aware of multiple TCP sockets (by adding LISTEN addresses in
upsd). I agree that in the end, it is a much nicer solution to handle
IPv4 and IPv6 separately. This has the added benefit, that if you have
multiple interfaces on a machine running upsd, you're free to choose on
which interfaces it is listening. Offers additional protection on top of
the existing ACCESS/REJECT mechanism we already have.

Best regards, Arjen

More information about the Nut-upsdev mailing list