From squid-dev Wed Feb 05 05:28:09 2003 From: Chris Wedgwood Date: Wed, 05 Feb 2003 05:28:09 +0000 To: squid-dev Subject: Re: squid-2.5 ipv6 --- dead code or WIP? Message-Id: <20030205052809.GA3767 () f00f ! org> X-MARC-Message: https://marc.info/?l=squid-dev&m=107956875811562 On Wed, Feb 05, 2003 at 02:03:20PM +1100, Robert Collins wrote: > Yep. first off, the IN_ADDR abstraction.... A local class to > encapsulate that abstraction, and any other related ones, may be > useful, and thus less ugly. IN_ADDR is part-way there already. What is really needed is something like hostaddr_t (better name anyone?) and a plethora of function to deal with this... such a patch it itself would be enourmous I should think though (we also need to audit all uses of INADDR_ANY & INADDR_BROADCAST as these are magical values for many things such as disabling functions or 'same as incoming address'). Ick. There are also various users of s_addr, etc. that I really don't understand, for example in the delay pools code we have: host = ntohl(ch.src_addr.s_addr) & 0xff; host = ntohl(ch.src_addr.s_addr) & 0xffff; and similar. I really have no idea what the intention there is, I'm guessing it's some kind of implicit classful-netmask logic or something? > Regarding acls and configuration: We need to allow the current > configuration unchanged w.r.t. ip address syntax. Sure, I quite agree. > IPv6 deliberatly doesn't conflict with ipv4 notation, so handling > both should be straight forward. For acl's, I'd be inclined to > start off with an ip6 specific src_6 and dst_6 approach, and examine > merging them (i.e. what does it take to compare 127.0.0.1 with > 127:::::1 or whatever it is? No, this isn't a problem. The current code deals with this mostly. The crux of the issue is that where various addresses in a network are unique in IPv4 land, there may not be in IPv6 land. Some quick ramblings off the top of my head... * IPv4 encapsulated IPv6 addresses of the form ::ffff:a.b.c.d mean existing IPv4 ACLs will fail as-is * IPv6 localhost is ::1 --- but we can also see inbound connections as ::ffff:127.0.0.1 ? * Hosts (other-hosts, cache clients for example) in the same subnet could appear as ipv6-address of other-host ipv4-mapped-ipv4 address of other-host site-local address of other-host Maybe ACLs should be abstracted so the concept of "localhost" is "all address that match localhost" and the concept of a network is "all reasonable representations of this network"? This would also means something like acl foo src some.host would work when some.host has multiple AAAA and/or A records to match *any* of them? > Anyhoo, if you are interested, sign up on sourceforge as a > developer, and email me /the list your user name. My time is very limited and my original post was basically a "hey, this doesn't work by default but it's not hard to get it sorta-working, what future plans are there to fix and merge this stuff" sort thing. I'd really like to have suggestions on how to deal with these issues first and some idea of who else is prepared to work with these potentially nasty issues. --cw