[prev in list] [next in list] [prev in thread] [next in thread] 

List:       proftpd-devel
Subject:    [Proftpd-devel] IPv6 stuff
From:       Steve G <linux_4ever () yahoo ! com>
Date:       2003-02-15 0:23:30
[Download RAW message or body]

Hello TJ,

Somehow, I missed the whole discussion about IPv6. I'm not
getting e-mails and I tried to resubscribe but it said I'm
already subscribed. Who knows...

In any event, I have a lot of experience after converting
xinetd & tcp_wrappers over. What I found was that a
protocol independant version doesn't add bloat. The
functions getaddrinfo & getnameinfo replace about 7-8 IPv4
functions. You no longer need: inet_aton, inet_addr,
inet_ntoa, gethostbyname, gethostbyaddr, and a few others.

What you will need is a compatible libary that provides a
fake version of getaddrinfo & getnameinfo. This is what
xinetd does and Rob said he borrowed that code from
OpenSSH. The compatible version of these two swing in only
for old systems. Most current operating systems support
IPv6 (solaris 2.6 and lower don't). All 2.4 kernel versions
of linux have the proper IPv6 support. Just add the
autoconf macros to check for those 2 functions and swing in
the fake functions if not found.

As for the address notation, there seems to be two camps.
The straight IPv6 address notation from the RFC's and the
address surrounded by square brackets. Having coded both,
the square bracket notation is a PITA. Just go with the
straight notation or the bit mask as appropriate.

The other question that is somewhat problematic is what to
do with IPv6-mapped-IPv4 addresses. It turns out that under
IPv6, 127.0.0.1 may not be local to your machine. Its
routable. There was an paper "IPv4 mapped addresses
consider harmful" posted on bugtraq a couple of months ago.
This should be looked at as a backgrounder before deciding
what to do with IPv4 mapped addresses. There are macros
that let you determine where the address came from, too.

Then there's the issue of tcp_wrappers. tcp_wrappers comes
in 2 flavor, IPv4 & Ipv6. My copy of socket_wrappers does
both protocols in the same code. You will probably want to
update mod_wrap to match socket_wrappers closer than
tcp_wrappers.

The way to get protocol independence is to make a union of
the address structures so that you can swing between the
different protocols in an independant fashion. You can look
in the defs.h file of xinetd to see this union or the
tcpd.h file of socket_wrappers. If you don't use the union,
you may wind up doing some real tricky coding which adds
bloat and increases the chances for bugs.

Hopefully you have found the above info informative. Xinetd
was one of the first daemons that I know of that doesn't
need both an xinetd & xinetd6 daemon. Red Hat still ships
both because of tcp_wrappers, not because of xinetd. If you
use socket_wrappers to compile xinetd, you only need 1
daemon because it can do both. I hope that proftpd will be
the same since there are no real technical reasons why one
daemon can't do both protocols simultaneously.

If you want any help, let me know, I have a good IPv6 setup
for testing.

-Steve Grubb

__________________________________________________
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com


-------------------------------------------------------
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
ProFTPD Developers List
<proftpd-devel@proftpd.org>
https://lists.sourceforge.net/lists/listinfo/proftp-devel
[prev in list] [next in list] [prev in thread] [next in thread]