X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Tue, 16 Mar 2010 12:32:10 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: IPv6 help (Re: inetutils, r* commands)
Message-ID: <20100316113210.GW6505@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <4B9EEF35 DOT 9000701 AT cwilson DOT fastmail DOT fm>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4B9EEF35.9000701@cwilson.fastmail.fm>
User-Agent: Mutt/1.5.20 (2009-06-14)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Mar 15 22:38, Charles Wilson wrote:
> <tolstoy mode>
>    There are two questions, below...so skip to
>    those if you don't need the background.
> </tolstoy mode>

I'm not sure if I can be of much help here.  I have no experience with
V4inV6 addresses.  Many applications simply switch them off (IPV6_V6ONLY).

> (*) It seems that you now need to have an identd server running on the
> *client* box, or r* authentication takes 30 seconds or so.  We don't
> currrently have one of these ported; I'll try to do that at some point
> unless someone beats me to it.  I've been using the following (closed
> source, free-as-in-beer) version that seems to be well-regarded:
>    http://rndware.info/products/windows-ident-server.html

Or disable the ident code.

> Well, since ALL of the values returned by getaddrinfo were IPv4, all

Why?  Is your client machine not IPv6 enabled?  In that case, why don't
you get AF_INET entries?  Does the server only have a AF_INET6 listener?
Usually you would create two listeners, one AF_INET and one AF_INET6.
That's especially important on systems which don't support V4inV6, like
Windows XP and 2K3.  In theory, if I were you, I would not bother with
V4inV6.

> mymachine rlogind: PID 5960: doit: hostok=0
> mymachine rlogind: PID 5960: soaddr_eq_ip: (::ffff:127.0.0.1,192.168.199.1)
> mymachine rlogind: PID 5960: soaddr_eq_ip: (::ffff:127.0.0.1,192.168.154.1)
> mymachine rlogind: PID 5960: soaddr_eq_ip: (::ffff:127.0.0.1,192.168.1.3)
> mymachine rlogind: PID 5960: doit: hostok=0
> 
> 
> (hostok=0 means "no match/reject connection).
> 
> Notice that getaddrinfo returns three different networks.  Two of these
> are inactive (.199.1 and .154.1).  192.168.1.3 is mymachine's "real" IP
> addr.  But 127.0.0.1 is /not/ included in the list...so it can't be matched.
> 
> /etc/hosts has:
> 127.0.0.1       localhost
> ::1             localhost

If you want a V4inV6 match for localhost, you might have to add it to
/etc/hosts.

  ::ffff:127.0.0.1 localhost

Did you try that?

> *********************
> QUESTION #1.  Should cygwin's getaddrinfo return an entry for the
> loopback interface?
> *********************

I don't know.  I don't think so.  It doesn't sound right to fake a
V4inV6 loopback entry.

> Notice that only the "first" interface from the previous list --
> assuming getaddrinfo returned its results in the same order as before --
> is (in)validated.  So, probably a bug -- or incompatibility of
> assumptions between tcp_wrappers and cygwin1.dll. I'll have to dig into
> that, later. FWIW, hosts.allow has:
> 
>  ALL : localhost 127.0.0.1/32 [::1]/128 : allow
>  rlogind: 192.168.1.0/255.255.255.0
>  rshd: 192.168.1.0/255.255.255.0
>  rexecd: 192.168.1.0/255.255.255.0

I don't think that these entries cover V4inV6.  The localhost entry
only works for V4.  And for V6 you would have to enable ::1 anyway.

> So, what's the second question?
> 
> *********************
> QUESTION #2.  Is there a cleaner way to do the address matching than the
> version that I've modified below? I basically only changed the guts of
> soaddr_eq_ip(); the rest is factory equipment...
> *********************

I think so.  Take the last 32 bits of the V4inV6 address and do the
usual IPv4 address comparison.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple