Thanks Steve, I've updated the policies to do wildcard matching on the zone index of the IPv6 address, if present.
- Chris On Thu, Feb 18, 2010 at 4:15 AM, Steve Bayliss <[email protected]> wrote: > Hi Chris > > The %0 specifies the zone index, not sure why exactly it would need > specifying though, and possibly this should be a wildcard match. > > A few references: > > http://en.wikipedia.org/wiki/IPv6_address#Link-local_addresses_and_zone_indi > ces > http://tools.ietf.org/html/rfc4007#section-6 > http://tools.ietf.org/html/rfc3484#section-2.1 > > Steve > >> -----Original Message----- >> From: Chris Wilper [mailto:[email protected]] >> Sent: 18 February 2010 08:47 >> To: FC Developers List >> Subject: [Fedora-commons-developers] IPv6 loopback variants >> and defaultpolicies >> >> >> For 3.3, a couple of the (deny-*-if-not-localhost) default policies >> were updated to work in IPv6 environments by adding ::1 as an >> acceptable client address (FCREPO-581). >> >> I was recently testing something unrelated, and found when I tried to >> do certain operations using my browser, authorization failed. Further >> digging revealed that in these cases, my client ip address, as >> reported by Servlet.getRemoteAddr(), was 0:0:0:0:0:0:0:1%0, which >> didn't match the acceptable IP addresses in the default policies. >> >> The first part makes sense to me...it's the long form of the IPv6 >> loopback address, and allowing for that variant makes perfect sense. >> What I'm puzzled about is the trailing '%0'. >> >> For the time being, I've added both 0:0:0:0:0:0:0:1 and >> 0:0:0:0:0:0:0:1%0 to the default policies, since it seems obvious that >> neither would be reported as the address of a non-local host. But the >> '%0' is a mystery to me...any ideas? >> >> See http://fedora-commons.org/jira/browse/FCREPO-640 >> >> Thanks, >> Chris >> >> -------------------------------------------------------------- >> ---------------- >> Download Intel® Parallel Studio Eval >> Try the new software tools for yourself. Speed compiling, find bugs >> proactively, and fine-tune applications for parallel performance. >> See why Intel Parallel Studio got high marks during beta. >> http://p.sf.net/sfu/intel-sw-dev >> _______________________________________________ >> Fedora-commons-developers mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/fedora-commons-developers >> > > ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Fedora-commons-developers mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-developers
