Re: IPv6 problems on Linux
Matthieu Herrb writes: I wrote (in a message from Sunday 27) Keith Packard wrote (in a message from Wednesday 23) While supporting multiple -nolisten arguments is good, I suggest that the current '-nolisten tcp' should include both inet4 and inet6 tcp options; most people use '-nolisten tcp' to avoid exposing an open port to the X server to the network. -nolisten inet4 don't listen for TCP/IPv4 connections -nolisten inet6 don't listen for TCP/IPv6 connections -nolisten tcp don't listen for any TCP connections I agree here, except that it looks like Sun and X.Org are using inet for IPv4, not inet4. I'm going to do this change. Here's a proposed patch. When a -nolisten argument is an alias, it will look for transport entries matching this alias (ie using the same methods) and set the NOLISTEN flag there. I plan to commit this in a few days, unless someone finds out that this is wrong. The patch looks good, but it bases alias on the use of identical funtions. That means an alias will allways disable all protocols that share functions. I don't know if this is always desirable. For instance we could not have the aliases tcp4 and tcp6 to alias inet and inet6. My idea was therefore to put the aliases and the functions they map to into a separate table. Egbert. ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
Penned by Dr Andrew C Aitchison on Thu, Jul 24, 2003 at 04:30:47PM +0100, we have: [..] | Aside: | Which operating systems are shipping with IPv6 enabled by default ? OpenBSD ships with IPv6 enabled by default. Anytime an interface is brought up, an inet6 link-local address is automatically assigned. Of course one would have to assign global addresses (via ifconfig/rtsol) to have routable traffic.. OpenBSD is a kame derived IPv6 stack which enforces separation of IPv4 and IPv6 (you have to bind to each protocol separately, and one does not block the other, nor bleed over to the other, nor is there a way to make this so). -- Todd Fries .. [EMAIL PROTECTED] Free Daemon Consulting, LLCLand: 405-748-4596 http://FreeDaemonConsulting.com Mobile: 405-203-6124 ..in support of free software solutions. Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A Key: http://todd.fries.net/pgp.txt (last updated 2003/03/13 07:14:10) ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
Todd T. Fries [EMAIL PROTECTED] writes: Penned by Dr Andrew C Aitchison on Thu, Jul 24, 2003 at 04:30:47PM +0100, we have: [..] | Aside: | Which operating systems are shipping with IPv6 enabled by default ? OpenBSD ships with IPv6 enabled by default. Anytime an interface is brought FreeBSD too. Tested on 4.8-STABLE. -- Alexander Pohoyda [EMAIL PROTECTED] ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
Keith Packard wrote (in a message from Wednesday 23) While supporting multiple -nolisten arguments is good, I suggest that the current '-nolisten tcp' should include both inet4 and inet6 tcp options; most people use '-nolisten tcp' to avoid exposing an open port to the X server to the network. -nolisten inet4 don't listen for TCP/IPv4 connections -nolisten inet6 don't listen for TCP/IPv6 connections -nolisten tcp don't listen for any TCP connections I agree here, except that it looks like Sun and X.Org are using inet for IPv4, not inet4. I'm going to do this change. Matthieu ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
I wrote (in a message from Sunday 27)
Keith Packard wrote (in a message from Wednesday 23)
While supporting multiple -nolisten arguments is good, I suggest that the
current '-nolisten tcp' should include both inet4 and inet6 tcp options;
most people use '-nolisten tcp' to avoid exposing an open port to the X
server to the network.
-nolisten inet4 don't listen for TCP/IPv4 connections
-nolisten inet6 don't listen for TCP/IPv6 connections
-nolisten tcp don't listen for any TCP connections
I agree here, except that it looks like Sun and X.Org are using inet
for IPv4, not inet4. I'm going to do this change.
Here's a proposed patch. When a -nolisten argument is an alias, it
will look for transport entries matching this alias (ie using the same
methods) and set the NOLISTEN flag there.
I plan to commit this in a few days, unless someone finds out that
this is wrong.
Matthieu
Index: xc/lib/xtrans/Xtrans.c
===
RCS file: /cvs/xf86/xc/lib/xtrans/Xtrans.c,v
retrieving revision 3.32
diff -u -r3.32 Xtrans.c
--- xc/lib/xtrans/Xtrans.c 24 Jul 2003 13:50:18 - 3.32
+++ xc/lib/xtrans/Xtrans.c 27 Jul 2003 17:26:30 -
@@ -131,6 +131,8 @@
#define ioctl ioctlsocket
#endif
+static int
+TRANS(AliasEq)(Xtransport *, Xtransport *);
/*
@@ -778,7 +780,8 @@
TRANS(NoListen) (char * protocol)
{
- Xtransport *trans;
+ Xtransport *trans, *t;
+ int i;
if ((trans = TRANS(SelectTransport)(protocol)) == NULL)
{
@@ -787,8 +790,23 @@
return -1;
}
-
- trans-flags |= TRANS_NOLISTEN;
+
+ /* If protocol is an alias, set the flag for all matching protocols */
+ if (trans-flags TRANS_ALIAS)
+ {
+ for (i = 0; i NUMTRANS; i++)
+ {
+ t = Xtransports[i].transport;
+ if (!strcmp(trans-TransName, t-TransName))
+ continue; /* skip self */
+ if (TRANS(AliasEq)(trans, t))
+ t-flags |= TRANS_NOLISTEN;
+ }
+ }
+ else
+ {
+ trans-flags |= TRANS_NOLISTEN;
+ }
return 0;
}
@@ -1386,4 +1404,62 @@
len = strlen(buf);
#endif /* NEED_UTSNAME */
return len;
+}
+
+static int
+TRANS(AliasEq)(Xtransport *t1, Xtransport *t2)
+{
+#ifdef TRANS_CLIENT
+ if (t1-OpenCOTSClient != t2-OpenCOTSClient)
+ return 0;
+#endif
+#ifdef TRANS_SERVER
+ if (t1-OpenCOTSServer != t2-OpenCOTSServer)
+ return 0;
+#endif
+#ifdef TRANS_CLIENT
+ if (t1-OpenCLTSClient != t2-OpenCLTSClient)
+ return 0;
+#endif
+#ifdef TRANS_SERVER
+ if (t1-OpenCLTSServer != t2-OpenCLTSServer)
+ return 0;
+#endif
+#ifdef TRANS_REOPEN
+ if (t1-ReopenCOTSServer != t2-ReopenCOTSServer)
+ return 0;
+ if (t1-ReopenCLTSServer != t2-ReopenCLTSServer)
+ return 0;
+#endif
+ if (t1-SetOption != t2-SetOption)
+ return 0;
+#ifdef TRANS_SERVER
+ if (t1-CreateListener != t2-CreateListener)
+ return 0;
+ if (t1-ResetListener != t2-ResetListener)
+ return 0;
+ if (t1-Accept != t2-Accept)
+ return 0;
+#endif
+#ifdef TRANS_CLIENT
+ if (t1-Connect != t2-Connect)
+ return 0;
+#endif
+ if (t1-BytesReadable != t2-BytesReadable)
+ return 0;
+ if (t1-Read != t2-Read)
+ return 0;
+ if (t1-Write != t2-Write)
+ return 0;
+ if (t1-Readv != t2-Readv)
+ return 0;
+ if (t1-Writev != t2-Writev)
+ return 0;
+ if (t1-Disconnect != t2-Disconnect)
+ return 0;
+ if (t1-Close != t2-Close)
+ return 0;
+ if (t1-CloseForCloning != t2-CloseForCloning)
+ return 0;
+ return 1;
}
___
Devel mailing list
[EMAIL PROTECTED]
http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
Marc Aurele La France writes: On Wed, 23 Jul 2003, Egbert Eich wrote: Marc Aurele La France writes: I don't like the peppering of this code with more OS #ifdef's. I think the approach espoused by Itojun, Todd, Matthieu and Andrew is better. So maybe you can tell what the big difference is? So maybe not. I've already stated I cannot test IPv6 function. As such, I'm here more as an overseer, and in that capacity I am of the opinion that this code need not be unnecessarily OS-#ifdef'ed. Take that as you see fit. OK, I've taken out the 'defined (linux)' stuff as I agree with you that it is ugly. I expect the code would work on all other platforms, although I cannot test it. The reason why I left the 'defined (linux)' in there was that platforms that don't have the broken Linux behavior suffer a minor penalty: server 1 started with: X -nolisten inet6 -nolisten unix -nolock :0 server 2 started with: X -nolisten unix :0 -nolock The second server doesn't catch that the first one is already using port 6000 for ipv4 as bind to the ipv4 port fails silently if bind to the ipv6 port was successful. This may be a rare condition, though. Egbert. ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
This 'nolisten' code was added on 1996/11/24 with revision 3.22.
The cvs log only says:
revision 3.22
date: 1996/11/24 09:58:50; author: dawes; state: Exp; lines: +14 -1
updates
I would assume it was taken straight from a SI merge.
Alan Coopersmith writes:
Maybe I'm missing something, but I always thought the XFree86 nolisten
code was overly complicated, and this just seems to make it worse. When
we added -nolisten to Xsun, we got multiple listeners for free with a
simpler implementation, contained entirely in utils.c:
else if ( strcmp( argv[i], -nolisten) == 0)
{
if(++i argc) {
if (_XSERVTransNoListen(argv[i])) {
FatalError (Failed to disable listen for %s transport,
argv[i]);
}
} else
UseMsg();
}
I have made a patch similar to Matthieu's but this looks much simpler
:-}
Does anybody know why we use this complicated approach?
Egbert.
___
Devel mailing list
[EMAIL PROTECTED]
http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
Hmm, with the current approach a -nolisten to an alias has no effect anyway. A '-nolisten tcp' will have the same effect as a '-nolisten unix': None. The reason is that a flag is set for the protocol however when the protocols are initialized the aliases aren't checked. Also tcp is aliased to IPv6. I don't know why this was done but I would expect that it violates the principle of least surprise: When connecting with 'display tcp/1.2.3.4:0' a IPv6 socket is created and the IPv4 connection is done over the IPv6 socket. This may not work on systems without IPv6 support. Egbert. Keith Packard writes: Around 23 o'clock on Jul 23, Matthieu Herrb wrote: Here's a patch to allow multiple '-nolisten' options on the command line. To disable both IPv4 and IPv6 transports, one needs to say: X -nolisten tcp -nolisten inet6 While supporting multiple -nolisten arguments is good, I suggest that the current '-nolisten tcp' should include both inet4 and inet6 tcp options; most people use '-nolisten tcp' to avoid exposing an open port to the X server to the network. -nolisten inet4 don't listen for TCP/IPv4 connections -nolisten inet6 don't listen for TCP/IPv6 connections -nolisten tcp don't listen for any TCP connections -keith ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
Andrew C Aitchison writes: Egbert's latest patch compiles and runs, but it isn't addressing my problem. This is with Red Hat 8.0 Linux 2.4.20-19.8 gcc (GCC) 3.2 20020903 (Red Hat Linux 8.0 3.2-7) (I have the same problem with Red Hat 6.2). The system is *not* configured with IPv6, and socket(PF_INET6, SOCK_STREAM, 0) fails with -1 EAFNOSUPPORT (Address family not supported by protocol). This is not unexpected, but how are we supposed to carry on and try PF_INET ? Thus xbiff -display inet/localhost:10 works (I'm connecting over ssh), but xbiff -display localhost:10 fails reporting _X11TransSocketOpen: socket() failed for tcp _X11TransSocketOpenCOTSClient: Unable to open socket for tcp _X11TransOpen: transport open failed for tcp/localhost:10 Error: Can't open display: localhost:10 That's what I've explained in my previous message. Can we just declare that inet and inet6 both match tcp ? The way the code is currently written aliases like tcp alias to exactly one transport type. There is no fallback mechanism. The easiest way would be to alias tcp to inet instead of inet6. Or somebody designes a fallback mechansim. Egbert. ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
Egbert Eich wrote: This 'nolisten' code was added on 1996/11/24 with revision 3.22. The cvs log only says: revision 3.22 date: 1996/11/24 09:58:50; author: dawes; state: Exp; lines: +14 -1 updates I would assume it was taken straight from a SI merge. The SI doesn't have the -nolisten option. (Probably should, but never got it added. We took the code from XFree86 when integrating into Xsun, except for the previously noted change in the option handling.) -- -Alan Coopersmith- [EMAIL PROTECTED] Sun Microsystems, Inc. - Sun Software Group Quality / User Experience (QUE) - Globalization Platform Globalization Engineering: X11 Development ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
On Thu, 24 Jul 2003, Egbert Eich wrote: Can we just declare that inet and inet6 both match tcp ? The way the code is currently written aliases like tcp alias to exactly one transport type. There is no fallback mechanism. The easiest way would be to alias tcp to inet instead of inet6. Agreed. That will at least give us backwards compatibility. inet6 is new; people using it can cope with asking for it explicitly. Or somebody designes a fallback mechansim. When we release XFree86 4.4 or 5.0 we need machinename:display to work on any appropriate transport protocol (probably tcp/ as it is now) and tcp/machinename:display to work for inet/ and inet6/ -nolisten tcp should block inet and inet6. --- Aside: Which operating systems are shipping with IPv6 enabled by default ? -- Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge [EMAIL PROTECTED] http://www.dpmms.cam.ac.uk/~werdna ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
On Thu, Jul 24, 2003 at 04:30:47PM +0100, Dr Andrew C Aitchison wrote: Which operating systems are shipping with IPv6 enabled by default ? NetBSD has IPv6 enable by default, Solaris hasn't. Kind regards -- Matthias Scheler http://scheler.de/~matthias/ ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
Matthias Scheler wrote: On Thu, Jul 24, 2003 at 04:30:47PM +0100, Dr Andrew C Aitchison wrote: Which operating systems are shipping with IPv6 enabled by default ? NetBSD has IPv6 enable by default, Solaris hasn't. Solaris sort of does - on Solaris 8 and later, you can always use an AF_INET6 socket to connect to an IPv4 address. If you ifconfig an IPv6 interface you can use that as well. The original X.org IPv6 patches came directly from the IPv6 code in the Solaris 9 X distribution which uses AF_INET6 for all IPv4 or IPv6 connections. Unlike Linux the BSD's, you can't remove AF_INET6 support since we don't provide kernel source for recompiling your own. -- -Alan Coopersmith- [EMAIL PROTECTED] Sun Microsystems, Inc. - Sun Software Group Quality / User Experience (QUE) - Globalization Platform Globalization Engineering: X11 Development ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
On Wed, Jul 23, 2003 at 11:34:53PM -0400, Keith Packard wrote: Around 23 o'clock on Jul 23, Matthieu Herrb wrote: Here's a patch to allow multiple '-nolisten' options on the command line. To disable both IPv4 and IPv6 transports, one needs to say: X -nolisten tcp -nolisten inet6 While supporting multiple -nolisten arguments is good, I suggest that the current '-nolisten tcp' should include both inet4 and inet6 tcp options; most people use '-nolisten tcp' to avoid exposing an open port to the X server to the network. -nolisten inet4 don't listen for TCP/IPv4 connections -nolisten inet6 don't listen for TCP/IPv6 connections -nolisten tcp don't listen for any TCP connections Yes, the generic option should disable all TCP transport types. David -- David Dawes Founder/committer/developer The XFree86 Project www.XFree86.org/~dawes ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
On Tue, 22 Jul 2003, Alan Coopersmith wrote: Egbert Eich wrote: When I switch the order of initialization around and skip the IPv4 protocol if IPv6 initialization was successful, everything works: I can connect thru IPv6 and IPv4. This was one of the patches suggested to the X.org IPv6 review which we declined to include in our patch set, but which got checked into the XFree86 CVS anyway. We were told that separately binding to both is the usual habit on OpenBSD, while simply binding to IPv6 and letting it handle both was the way we coded it to work, and had it working on both Solaris and Linux. The source code for exim, a mail transport agent which supports IPv6 on a significant number of platforms, contains the following comment (in src/daemon.c): /* Otherwise we set up things to listen on all interfaces. In an IPv4 world, this is just a single, empty address. On systems with IPv6, several different implementation approaches have been taken. This code is now supposed to work with all of them. The point of difference is whether an IPv6 socket that is listening on all interfaces will receive incoming IPv4 calls or not. . On Solaris, an IPv6 socket will accept IPv4 calls, and give them as mapped addresses. However, if an IPv4 socket is also listening on all interfaces, calls are directed to the appropriate socket. . On (some versions of) Linux, an IPv6 socket will accept IPv4 calls, and give them as mapped addresses, but an attempt also to listen on an IPv4 socket on all interfaces causes an error. . On OpenBSD, an IPv6 socket will not accept IPv4 calls. You have to set up two sockets if you want to accept both kinds of call. . FreeBSD is like OpenBSD, but it has the IPV6_V6ONLY socket option, which can be turned off, to make it behave like the versions of Linux described above. . I heard a report that the USAGI IPv6 stack for Linux has implemented IPV6_V6ONLY. So, what we do is as follows: (1) At this point we set up two addresses, one containing : to indicate an IPv6 wildcard address, and an empty one to indicate an IPv4 wildcard address. (2) Later, when we create the IPv6 socket, we set IPV6_V6ONLY if that option is defined. (3) We listen on the v6 socket first. If that fails, there is a serious error. (4) We listen on the v4 socket second. If that fails with the error EADDRINUSE, assume we are in the situation where just a single socket is permitted, and ignore the error. */ --- I'm suprised at how broken the X.Org IPv6 code has proven. -- Andrew C Aitchison ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
On Wed, Jul 23, 2003 at 07:38:11AM +0100, Andrew C Aitchison wrote: So, what we do is as follows: (1) At this point we set up two addresses, one containing : to indicate an IPv6 wildcard address, ... That should read ::. (2) Later, when we create the IPv6 socket, we set IPV6_V6ONLY if that option is defined. That's not really necessary because ... (4) We listen on the v4 socket second. If that fails with the error EADDRINUSE, assume we are in the situation where just a single socket is permitted, and ignore the error. */ ... of this. Kind regards -- Matthias Scheler http://scheler.de/~matthias/ ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
Matthias Scheler writes: On Tue, Jul 22, 2003 at 09:14:08PM +0200, Egbert Eich wrote: As I tried to explain binding to an IPv6 socket implicitely binds to an IPv4 socket. That's a bug. According to what I've heared it is intended and therefore considered a feature. I'm not going to argue about this, I just observed this behavior. Egbert. ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
Fabio Massimo Di Nitto writes:
On Tue, 22 Jul 2003, Matthias Scheler wrote:
On Tue, Jul 22, 2003 at 08:03:35PM +0200, Egbert Eich wrote:
The current CVS code produces the error:
_XSERVTransSocketINETCreateListener: ...SocketCreateListener() failed
_XSERVTransMakeAllCOTSServerListeners: server already running
Fatal server error:
Cannot establish any listening sockets - Make sure an X server isn't already
running
bind() returns an EADDRINUSE error when binding to the second IP
protocol (in CVS it is IPv6).
When I switch the order of initialization around and skip the IPv4
protocol if IPv6 initialization was successful, everything works:
I can connect thru IPv6 and IPv4.
This sounds like a bug in Linux's socket implementation.
Not really. Linux has been always working like this. the USAGI patch for
linux kernel implements a runtime configurable option to separate ipv6 and
ipv4 bindings.
Something like:
int off = 0;
[...]
if (setsockopt(listen_socket, IPPROTO_IPV6, IPV6_V6ONLY, off,
sizeof (off)) 0) {
?
This of course would help, however it wouldn't address the problem on
the existing systems.
Egbert.
___
Devel mailing list
[EMAIL PROTECTED]
http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
Matthias Scheler writes: I wasn't suggesting to use it on Linux. My suggestion was to revert to using a single socket on all platforms and use the above code to enable accepting IPv4 connections on *BSD. Yes, I understand. I was just looking for a decend way of making things work on Linux. Egbert. ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Forwarded from Jun-ichiro itojun Hagino: Re: IPv6 problems on Linux
---BeginMessage--- (todd and matthieu, if this does not go through please forward it) I wasn't suggesting to use it on Linux. My suggestion was to revert to using a single socket on all platforms and use the above code to enable accepting IPv4 connections on *BSD. there is security risk in using single socket, as outlined in draft-cmetz-v6ops-v4mapped-api-harmful-00.txt draft-itojun-v6ops-v4mapped-harmful-01.txt therefore, there are platforms which does not have IPV6_V6ONLY sysctl, and there are platforms which does not work at all with single socket (IPv4 packet does not get routed to IPv6). therefore, i suggest - on all platforms try to open 2 sockets, AF_INET6 then AF_INET - ignore error from socket(2) and bind(2) on both cases - raise error only if both attempt fails by doing this, - userland code works with IPv4-only kernel, IPv6-only kernel or IPv4/v6 dual stack kernel (independence from kernel configuration) - with linux IPv4/v6 dual stack case, it will use single AF_INET6 socket (with security risk described above) - other platforms should work with two sockets itojun ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel ---End Message---
Re: IPv6 problems on Linux
On Wed, 23 Jul 2003, Egbert Eich wrote:
Fabio Massimo Di Nitto writes:
On Tue, 22 Jul 2003, Matthias Scheler wrote:
On Tue, Jul 22, 2003 at 08:03:35PM +0200, Egbert Eich wrote:
The current CVS code produces the error:
_XSERVTransSocketINETCreateListener: ...SocketCreateListener() failed
_XSERVTransMakeAllCOTSServerListeners: server already running
Fatal server error:
Cannot establish any listening sockets - Make sure an X server isn't already
running
bind() returns an EADDRINUSE error when binding to the second IP
protocol (in CVS it is IPv6).
When I switch the order of initialization around and skip the IPv4
protocol if IPv6 initialization was successful, everything works:
I can connect thru IPv6 and IPv4.
This sounds like a bug in Linux's socket implementation.
Not really. Linux has been always working like this. the USAGI patch for
linux kernel implements a runtime configurable option to separate ipv6 and
ipv4 bindings.
Something like:
int off = 0;
[...]
if (setsockopt(listen_socket, IPPROTO_IPV6, IPV6_V6ONLY, off,
sizeof (off)) 0) {
?
This of course would help, however it wouldn't address the problem on
the existing systems.
I didn't check/produce any code but the easiest way to implement in linux
is something like (if the user does not specify --nolisten):
bind to ipv6
if it works ok
otherwise fail silently
bind to ipv4
if it works ok
otherwise fail with error message.
specifing --nolisten the fail conditions might change their behaviour.
This is basically what i did when i first tried the ipv6 kame patch for X.
Fabio
--
Our mission: make IPv6 the default IP protocol
We are on a mission from God - Elwood Blues
http://www.itojun.org/paper/itojun-nanog-200210-ipv6isp/mgp4.html
___
Devel mailing list
[EMAIL PROTECTED]
http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
I've made the patch below which takes care of the problem for me.
I have tried several different versions, I didn't really like any
of them.
This code is one of the rare pieces of code that is rather well
structured and relatively free of any ugly hacks. This fix makes
it a lot uglier, what I particularly don't like is that it now
depends on the order in which the listeners for the different
protocols are created.
I've tried several different solutions including the use if
getaddrinfo(), everything made this code more ugly.
Any better solutions are welcome. If there are none, I'll commit this
code.
Egbert.
Index: Xtrans.c
===
RCS file: /home/x-cvs/xc/lib/xtrans/Xtrans.c,v
retrieving revision 3.31
diff -u -w -r3.31 Xtrans.c
--- Xtrans.c20 Jul 2003 16:12:15 - 3.31
+++ Xtrans.c23 Jul 2003 13:35:40 -
@@ -90,10 +90,10 @@
#endif /* STREAMSCONN */
#if defined(TCPCONN)
{ TRANS(SocketTCPFuncs), TRANS_SOCKET_TCP_INDEX },
-{ TRANS(SocketINETFuncs), TRANS_SOCKET_INET_INDEX },
#if defined(IPv6) defined(AF_INET6)
{ TRANS(SocketINET6Funcs),TRANS_SOCKET_INET6_INDEX },
#endif /* IPv6 */
+{ TRANS(SocketINETFuncs), TRANS_SOCKET_INET_INDEX },
#endif /* TCPCONN */
#if defined(DNETCONN)
{ TRANS(DNETFuncs), TRANS_DNET_INDEX },
@@ -768,10 +768,10 @@
#ifdef TRANS_SERVER
int
-TRANS(CreateListener) (XtransConnInfo ciptr, char *port)
+TRANS(CreateListener) (XtransConnInfo ciptr, char *port, unsigned int flags)
{
-return ciptr-transptr-CreateListener (ciptr, port);
+return ciptr-transptr-CreateListener (ciptr, port, flags);
}
int
@@ -1037,6 +1037,9 @@
char buffer[256]; /* ??? What size ?? */
XtransConnInfo ciptr, temp_ciptrs[NUMTRANS];
intstatus, i, j;
+#if defined (linux) defined(IPv6) defined(AF_INET6)
+Bool ipv6_succ = FALSE;
+#endif
PRMSG (2,MakeAllCOTSServerListeners(%s,%p)\n,
port ? port : NULL, ciptrs_ret, 0);
@@ -1046,6 +1049,7 @@
for (i = 0; i NUMTRANS; i++)
{
Xtransport *trans = Xtransports[i].transport;
+ unsigned int flags = 0;
if (trans-flagsTRANS_ALIAS || trans-flagsTRANS_NOLISTEN)
continue;
@@ -1065,8 +1069,13 @@
trans-TransName, 0, 0);
continue;
}
+#if defined (linux) defined(IPv6) defined(AF_INET6)
+ if ((Xtransports[i].transport_id == TRANS_SOCKET_INET_INDEX
+ ipv6_succ))
+ flags |= ADDR_IN_USE_ALLOWED;
+#endif
- if ((status = TRANS(CreateListener (ciptr, port))) 0)
+ if ((status = TRANS(CreateListener (ciptr, port, flags))) 0)
{
if (status == TRANS_ADDR_IN_USE)
{
@@ -1098,6 +1107,11 @@
}
}
+#if defined (linux) defined(IPv6) defined(AF_INET6)
+ if (Xtransports[i].transport_id == TRANS_SOCKET_INET6_INDEX)
+ ipv6_succ = TRUE;
+#endif
+
PRMSG (5,
MakeAllCOTSServerListeners: opened listener for %s, %d\n,
trans-TransName, ciptr-fd, 0);
@@ -1165,7 +1179,7 @@
continue;
}
- if ((status = TRANS(CreateListener (ciptr, port))) 0)
+ if ((status = TRANS(CreateListener (ciptr, port, 0))) 0)
{
if (status == TRANS_ADDR_IN_USE)
{
Index: Xtrans.h
===
RCS file: /home/x-cvs/xc/lib/xtrans/Xtrans.h,v
retrieving revision 3.21
diff -u -w -r3.21 Xtrans.h
--- Xtrans.h20 Jul 2003 16:12:15 - 3.21
+++ Xtrans.h23 Jul 2003 13:35:41 -
@@ -339,7 +339,8 @@
int TRANS(CreateListener)(
XtransConnInfo,/* ciptr */
-char * /* port */
+char *,/* port */
+unsigned int /* flags */
);
int TRANS(NoListen) (
Index: Xtransint.h
===
RCS file: /home/x-cvs/xc/lib/xtrans/Xtransint.h,v
retrieving revision 3.35
diff -u -w -r3.35 Xtransint.h
--- Xtransint.h 26 Nov 2002 01:12:30 - 3.35
+++ Xtransint.h 23 Jul 2003 13:35:41 -
@@ -26,7 +26,7 @@
from The Open Group.
*/
-/* $XFree86: xc/lib/xtrans/Xtransint.h,v 3.35 2002/11/26 01:12:30 dawes Exp $ */
+/* $XFree86: xc/lib/xtrans/Xtransint.h,v 3.34 2002/11/20 23:00:36 dawes Exp $ */
/* Copyright 1993, 1994 NCR Corporation - Dayton, Ohio, USA
*
@@ -283,10 +283,13 @@
);
#ifdef TRANS_SERVER
+/* Flags */
+# define ADDR_IN_USE_ALLOWED 1
int(*CreateListener)(
XtransConnInfo, /* connection */
- char * /* port */
+ char *, /* port */
+ unsigned int/* flags */
);
int(*ResetListener)(
Index: Xtranssock.c
===
RCS file:
Re: IPv6 problems on Linux
On Wed, 23 Jul 2003, Egbert Eich wrote: I've made the patch below which takes care of the problem for me. make[3]: Entering directory `/home/XFree86/4.2/std/xc/lib/ICE' rm -f transport.o gcc -m32 -c -O2 -fno-strength-reduce -fno-strict-aliasing -ansi -pedantic -Wall -Wpointer-arith -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wredundant-decls -Wnested-externs -Wundef -I../.. -I../../exports/include -Dlinux -D__i386__ -D_POSIX_C_SOURCE=199309L -D_POSIX_SOURCE -D_XOPEN_SOURCE -D_BSD_SOURCE -D_SVID_SOURCE -D_GNU_SOURCE -DFUNCPROTO=15 -DNARROWPROTO -I../../lib/xtrans -DUNIXCONN -DTCPCONN -DHAS_STICKY_DIR_BIT -DHAS_FCHOWN -DIPv6 -DICE_t -DTRANS_CLIENT -DTRANS_SERVER-fPIC transport.c In file included from transport.c:85: ../../lib/xtrans/Xtrans.c: In function `_IceTransMakeAllCOTSServerListeners': ../../lib/xtrans/Xtrans.c:1041: `Bool' undeclared (first use in this function) ../../lib/xtrans/Xtrans.c:1041: (Each undeclared identifier is reported only once ../../lib/xtrans/Xtrans.c:1041: for each function it appears in.) ../../lib/xtrans/Xtrans.c:1041: parse error before ipv6_succ ../../lib/xtrans/Xtrans.c:1074: `ipv6_succ' undeclared (first use in this function) ../../lib/xtrans/Xtrans.c:1112: `TRUE' undeclared (first use in this function) make[3]: *** [transport.o] Error 1 Should that be BOOL, TRUE (and FALSE) as defined I don't know where (or Bool, True and False as defiend in ICElib.h) ? -- Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge [EMAIL PROTECTED] http://www.dpmms.cam.ac.uk/~werdna ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
Fabio Massimo Di Nitto writes: I didn't check/produce any code but the easiest way to implement in linux is something like (if the user does not specify --nolisten): bind to ipv6 if it works ok otherwise fail silently bind to ipv4 if it works ok otherwise fail with error message. specifing --nolisten the fail conditions might change their behaviour. This is basically what i did when i first tried the ipv6 kame patch for X. The Xserverallows one or more protocols to fail unless the -nopn option is given. You are pretty much suggesting to make this option the default with allowing ipv6 to fail silently. That's possible. I'd like to hear more opinions on that. Egbert. ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
Oops, I haven't rebuilt the server. Maybe this should be changed to int, 0 and 1. Egbert. Dr Andrew C Aitchison writes: On Wed, 23 Jul 2003, Egbert Eich wrote: I've made the patch below which takes care of the problem for me. make[3]: Entering directory `/home/XFree86/4.2/std/xc/lib/ICE' rm -f transport.o gcc -m32 -c -O2 -fno-strength-reduce -fno-strict-aliasing -ansi -pedantic -Wall -Wpointer-arith -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wredundant-decls -Wnested-externs -Wundef -I../.. -I../../exports/include -Dlinux -D__i386__ -D_POSIX_C_SOURCE=199309L -D_POSIX_SOURCE -D_XOPEN_SOURCE -D_BSD_SOURCE -D_SVID_SOURCE -D_GNU_SOURCE -DFUNCPROTO=15 -DNARROWPROTO -I../../lib/xtrans -DUNIXCONN -DTCPCONN -DHAS_STICKY_DIR_BIT -DHAS_FCHOWN -DIPv6 -DICE_t -DTRANS_CLIENT -DTRANS_SERVER-fPIC transport.c In file included from transport.c:85: ../../lib/xtrans/Xtrans.c: In function `_IceTransMakeAllCOTSServerListeners': ../../lib/xtrans/Xtrans.c:1041: `Bool' undeclared (first use in this function) ../../lib/xtrans/Xtrans.c:1041: (Each undeclared identifier is reported only once ../../lib/xtrans/Xtrans.c:1041: for each function it appears in.) ../../lib/xtrans/Xtrans.c:1041: parse error before ipv6_succ ../../lib/xtrans/Xtrans.c:1074: `ipv6_succ' undeclared (first use in this function) ../../lib/xtrans/Xtrans.c:1112: `TRUE' undeclared (first use in this function) make[3]: *** [transport.o] Error 1 Should that be BOOL, TRUE (and FALSE) as defined I don't know where (or Bool, True and False as defiend in ICElib.h) ? -- Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge [EMAIL PROTECTED]http://www.dpmms.cam.ac.uk/~werdna ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
Marc Aurele La France writes:
I don't like the peppering of this code with more OS #ifdef's. I think
the approach espoused by Itojun, Todd, Matthieu and Andrew is better.
So maybe you can tell what the big difference is?
It tries to preserve more of the old behavoir with
respect to the -nolisten and -pn/-nopn option.
You can of course remove the 'defined (Linux)' as this
patch should work for all systems as it allows
bind() for ipv4 to fail silently.
I've attached a corrected version below.
Egbert.
Index: Xtrans.c
===
RCS file: /home/x-cvs/xc/lib/xtrans/Xtrans.c,v
retrieving revision 3.31
diff -u -w -r3.31 Xtrans.c
--- Xtrans.c20 Jul 2003 16:12:15 - 3.31
+++ Xtrans.c23 Jul 2003 13:35:40 -
@@ -90,10 +90,10 @@
#endif /* STREAMSCONN */
#if defined(TCPCONN)
{ TRANS(SocketTCPFuncs), TRANS_SOCKET_TCP_INDEX },
-{ TRANS(SocketINETFuncs), TRANS_SOCKET_INET_INDEX },
#if defined(IPv6) defined(AF_INET6)
{ TRANS(SocketINET6Funcs),TRANS_SOCKET_INET6_INDEX },
#endif /* IPv6 */
+{ TRANS(SocketINETFuncs), TRANS_SOCKET_INET_INDEX },
#endif /* TCPCONN */
#if defined(DNETCONN)
{ TRANS(DNETFuncs), TRANS_DNET_INDEX },
@@ -768,10 +768,10 @@
#ifdef TRANS_SERVER
int
-TRANS(CreateListener) (XtransConnInfo ciptr, char *port)
+TRANS(CreateListener) (XtransConnInfo ciptr, char *port, unsigned int flags)
{
-return ciptr-transptr-CreateListener (ciptr, port);
+return ciptr-transptr-CreateListener (ciptr, port, flags);
}
int
@@ -1037,6 +1037,9 @@
char buffer[256]; /* ??? What size ?? */
XtransConnInfo ciptr, temp_ciptrs[NUMTRANS];
intstatus, i, j;
+#if defined (linux) defined(IPv6) defined(AF_INET6)
+Bool ipv6_succ = FALSE;
+#endif
PRMSG (2,MakeAllCOTSServerListeners(%s,%p)\n,
port ? port : NULL, ciptrs_ret, 0);
@@ -1046,6 +1049,7 @@
for (i = 0; i NUMTRANS; i++)
{
Xtransport *trans = Xtransports[i].transport;
+ unsigned int flags = 0;
if (trans-flagsTRANS_ALIAS || trans-flagsTRANS_NOLISTEN)
continue;
@@ -1065,8 +1069,13 @@
trans-TransName, 0, 0);
continue;
}
+#if defined (linux) defined(IPv6) defined(AF_INET6)
+ if ((Xtransports[i].transport_id == TRANS_SOCKET_INET_INDEX
+ ipv6_succ))
+ flags |= ADDR_IN_USE_ALLOWED;
+#endif
- if ((status = TRANS(CreateListener (ciptr, port))) 0)
+ if ((status = TRANS(CreateListener (ciptr, port, flags))) 0)
{
if (status == TRANS_ADDR_IN_USE)
{
@@ -1098,6 +1107,11 @@
}
}
+#if defined (linux) defined(IPv6) defined(AF_INET6)
+ if (Xtransports[i].transport_id == TRANS_SOCKET_INET6_INDEX)
+ ipv6_succ = TRUE;
+#endif
+
PRMSG (5,
MakeAllCOTSServerListeners: opened listener for %s, %d\n,
trans-TransName, ciptr-fd, 0);
@@ -1165,7 +1179,7 @@
continue;
}
- if ((status = TRANS(CreateListener (ciptr, port))) 0)
+ if ((status = TRANS(CreateListener (ciptr, port, 0))) 0)
{
if (status == TRANS_ADDR_IN_USE)
{
Index: Xtrans.h
===
RCS file: /home/x-cvs/xc/lib/xtrans/Xtrans.h,v
retrieving revision 3.21
diff -u -w -r3.21 Xtrans.h
--- Xtrans.h20 Jul 2003 16:12:15 - 3.21
+++ Xtrans.h23 Jul 2003 13:35:41 -
@@ -339,7 +339,8 @@
int TRANS(CreateListener)(
XtransConnInfo,/* ciptr */
-char * /* port */
+char *,/* port */
+unsigned int /* flags */
);
int TRANS(NoListen) (
Index: Xtransint.h
===
RCS file: /home/x-cvs/xc/lib/xtrans/Xtransint.h,v
retrieving revision 3.35
diff -u -w -r3.35 Xtransint.h
--- Xtransint.h 26 Nov 2002 01:12:30 - 3.35
+++ Xtransint.h 23 Jul 2003 13:35:41 -
@@ -26,7 +26,7 @@
from The Open Group.
*/
-/* $XFree86: xc/lib/xtrans/Xtransint.h,v 3.35 2002/11/26 01:12:30 dawes Exp $ */
+/* $XFree86: xc/lib/xtrans/Xtransint.h,v 3.34 2002/11/20 23:00:36 dawes Exp $ */
/* Copyright 1993, 1994 NCR Corporation - Dayton, Ohio, USA
*
@@ -283,10 +283,13 @@
);
#ifdef TRANS_SERVER
+/* Flags */
+# define ADDR_IN_USE_ALLOWED 1
int(*CreateListener)(
XtransConnInfo, /* connection */
- char * /* port */
+ char *, /* port */
+ unsigned int/* flags */
);
int(*ResetListener)(
Index: Xtranssock.c
===
RCS file: /home/x-cvs/xc/lib/xtrans/Xtranssock.c,v
retrieving revision 3.59
diff -u -w -r3.59 Xtranssock.c
--- Xtranssock.c18 Jul 2003
Re: IPv6 problems on Linux
I've accidently sent the wrong file before. Sorry.
Egbert.
Index: Xtrans.c
===
RCS file: /home/x-cvs/xc/lib/xtrans/Xtrans.c,v
retrieving revision 3.31
diff -u -r3.31 Xtrans.c
--- Xtrans.c20 Jul 2003 16:12:15 - 3.31
+++ Xtrans.c23 Jul 2003 18:17:17 -
@@ -90,10 +90,10 @@
#endif /* STREAMSCONN */
#if defined(TCPCONN)
{ TRANS(SocketTCPFuncs), TRANS_SOCKET_TCP_INDEX },
-{ TRANS(SocketINETFuncs), TRANS_SOCKET_INET_INDEX },
#if defined(IPv6) defined(AF_INET6)
{ TRANS(SocketINET6Funcs),TRANS_SOCKET_INET6_INDEX },
#endif /* IPv6 */
+{ TRANS(SocketINETFuncs), TRANS_SOCKET_INET_INDEX },
#endif /* TCPCONN */
#if defined(DNETCONN)
{ TRANS(DNETFuncs), TRANS_DNET_INDEX },
@@ -768,10 +768,10 @@
#ifdef TRANS_SERVER
int
-TRANS(CreateListener) (XtransConnInfo ciptr, char *port)
+TRANS(CreateListener) (XtransConnInfo ciptr, char *port, unsigned int flags)
{
-return ciptr-transptr-CreateListener (ciptr, port);
+return ciptr-transptr-CreateListener (ciptr, port, flags);
}
int
@@ -1037,6 +1037,9 @@
char buffer[256]; /* ??? What size ?? */
XtransConnInfo ciptr, temp_ciptrs[NUMTRANS];
intstatus, i, j;
+#if defined(IPv6) defined(AF_INET6)
+intipv6_succ = 0;
+#endif
PRMSG (2,MakeAllCOTSServerListeners(%s,%p)\n,
port ? port : NULL, ciptrs_ret, 0);
@@ -1046,6 +1049,7 @@
for (i = 0; i NUMTRANS; i++)
{
Xtransport *trans = Xtransports[i].transport;
+ unsigned int flags = 0;
if (trans-flagsTRANS_ALIAS || trans-flagsTRANS_NOLISTEN)
continue;
@@ -1065,8 +1069,13 @@
trans-TransName, 0, 0);
continue;
}
+#if defined(IPv6) defined(AF_INET6)
+ if ((Xtransports[i].transport_id == TRANS_SOCKET_INET_INDEX
+ ipv6_succ))
+ flags |= ADDR_IN_USE_ALLOWED;
+#endif
- if ((status = TRANS(CreateListener (ciptr, port))) 0)
+ if ((status = TRANS(CreateListener (ciptr, port, flags))) 0)
{
if (status == TRANS_ADDR_IN_USE)
{
@@ -1098,6 +1107,11 @@
}
}
+#if defined(IPv6) defined(AF_INET6)
+ if (Xtransports[i].transport_id == TRANS_SOCKET_INET6_INDEX)
+ ipv6_succ = 1;
+#endif
+
PRMSG (5,
MakeAllCOTSServerListeners: opened listener for %s, %d\n,
trans-TransName, ciptr-fd, 0);
@@ -1165,7 +1179,7 @@
continue;
}
- if ((status = TRANS(CreateListener (ciptr, port))) 0)
+ if ((status = TRANS(CreateListener (ciptr, port, 0))) 0)
{
if (status == TRANS_ADDR_IN_USE)
{
Index: Xtrans.h
===
RCS file: /home/x-cvs/xc/lib/xtrans/Xtrans.h,v
retrieving revision 3.21
diff -u -r3.21 Xtrans.h
--- Xtrans.h20 Jul 2003 16:12:15 - 3.21
+++ Xtrans.h23 Jul 2003 18:17:18 -
@@ -339,7 +339,8 @@
int TRANS(CreateListener)(
XtransConnInfo,/* ciptr */
-char * /* port */
+char *,/* port */
+unsigned int /* flags */
);
int TRANS(NoListen) (
Index: Xtransint.h
===
RCS file: /home/x-cvs/xc/lib/xtrans/Xtransint.h,v
retrieving revision 3.35
diff -u -r3.35 Xtransint.h
--- Xtransint.h 26 Nov 2002 01:12:30 - 3.35
+++ Xtransint.h 23 Jul 2003 18:17:18 -
@@ -26,7 +26,7 @@
from The Open Group.
*/
-/* $XFree86: xc/lib/xtrans/Xtransint.h,v 3.35 2002/11/26 01:12:30 dawes Exp $ */
+/* $XFree86: xc/lib/xtrans/Xtransint.h,v 3.34 2002/11/20 23:00:36 dawes Exp $ */
/* Copyright 1993, 1994 NCR Corporation - Dayton, Ohio, USA
*
@@ -283,10 +283,13 @@
);
#ifdef TRANS_SERVER
+/* Flags */
+# define ADDR_IN_USE_ALLOWED 1
int(*CreateListener)(
XtransConnInfo, /* connection */
- char * /* port */
+ char *, /* port */
+ unsigned int/* flags */
);
int(*ResetListener)(
Index: Xtranssock.c
===
RCS file: /home/x-cvs/xc/lib/xtrans/Xtranssock.c,v
retrieving revision 3.59
diff -u -r3.59 Xtranssock.c
--- Xtranssock.c18 Jul 2003 15:39:48 - 3.59
+++ Xtranssock.c23 Jul 2003 18:17:18 -
@@ -783,7 +783,8 @@
static int
TRANS(SocketCreateListener) (XtransConnInfo ciptr,
-struct sockaddr *sockname, int socknamelen)
+struct sockaddr *sockname,
+int socknamelen, unsigned int flags)
{
intnamelen = socknamelen;
@@ -803,7 +804,10 @@
while (bind (fd, (struct sockaddr *) sockname, namelen) 0)
{
- if (errno ==
Re: IPv6 problems on Linux
On Wed, 23 Jul 2003, Egbert Eich wrote: Marc Aurele La France writes: I don't like the peppering of this code with more OS #ifdef's. I think the approach espoused by Itojun, Todd, Matthieu and Andrew is better. So maybe you can tell what the big difference is? So maybe not. I've already stated I cannot test IPv6 function. As such, I'm here more as an overseer, and in that capacity I am of the opinion that this code need not be unnecessarily OS-#ifdef'ed. Take that as you see fit. Marc. +--+---+ | Marc Aurele La France | work: 1-780-492-9310 | | Computing and Network Services | fax:1-780-492-1729 | | 352 General Services Building | email: [EMAIL PROTECTED] | | University of Alberta +---+ | Edmonton, Alberta | | | T6G 2H1 | Standard disclaimers apply| | CANADA | | +--+---+ XFree86 Core Team member. ATI driver and X server internals. ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
Here's a patch to allow multiple '-nolisten' options on the command
line. To disable both IPv4 and IPv6 transports, one needs to say:
X -nolisten tcp -nolisten inet6
I'll add a documentation patch too later.
Index: xc/programs/Xserver/include/os.h
===
RCS file: /cvs/xf86/xc/programs/Xserver/include/os.h,v
retrieving revision 3.45
diff -u -r3.45 os.h
--- xc/programs/Xserver/include/os.h4 Jul 2003 16:24:29 - 3.45
+++ xc/programs/Xserver/include/os.h23 Jul 2003 20:34:47 -
@@ -480,5 +480,12 @@
extern void AbortDDX(void);
extern void ddxGiveUp(void);
extern int TimeSinceLastInputEvent(void);
+
+typedef struct NoListenList {
+ char *name;
+ struct NoListenList *next;
+} *NoListenListPtr;
+
+extern NoListenListPtr noListenList;
#endif /* OS_H */
Index: xc/programs/Xserver/os/connection.c
===
RCS file: /cvs/xf86/xc/programs/Xserver/os/connection.c,v
retrieving revision 3.61
diff -u -r3.61 connection.c
--- xc/programs/Xserver/os/connection.c 16 Jul 2003 01:39:00 - 3.61
+++ xc/programs/Xserver/os/connection.c 23 Jul 2003 20:34:47 -
@@ -186,7 +186,7 @@
Bool RunFromSmartParent; /* send SIGUSR1 to parent process */
Bool PartialNetwork; /* continue even if unable to bind all addrs */
-char *protNoListen; /* don't listen on this protocol */
+NoListenListPtr noListenList; /* don't listen on these protocols */
static Pid_t ParentProcess;
#ifdef __UNIXOS2__
Pid_t GetPPID(Pid_t pid);
@@ -309,6 +309,7 @@
inti;
intpartial;
char port[20];
+NoListenListPtr p;
FD_ZERO(AllSockets);
FD_ZERO(AllClients);
@@ -323,13 +324,13 @@
FD_ZERO (WellKnownConnections);
-sprintf (port, %d, atoi (display));
+snprintf (port, sizeof(port), %d, atoi (display));
-if (protNoListen)
-if (_XSERVTransNoListen(protNoListen))
-{
- FatalError (Failed to disable listen for %s, protNoListen);
- }
+for (p = noListenList; p != NULL; p = p-next) {
+ if (_XSERVTransNoListen(p-name)) {
+ FatalError(Failed to disable listen for %s, p-name);
+ }
+}
if ((_XSERVTransMakeAllCOTSServerListeners (port, partial,
ListenTransCount, ListenTransConns) = 0)
Index: xc/programs/Xserver/os/utils.c
===
RCS file: /cvs/xf86/xc/programs/Xserver/os/utils.c,v
retrieving revision 3.89
diff -u -r3.89 utils.c
--- xc/programs/Xserver/os/utils.c 9 Jul 2003 15:27:35 - 3.89
+++ xc/programs/Xserver/os/utils.c 23 Jul 2003 20:34:47 -
@@ -602,6 +602,7 @@
{
int i, skip;
+noListenList = NULL;
defaultKeyboardControl.autoRepeat = TRUE;
#ifdef PART_NET
@@ -816,8 +823,13 @@
#endif
else if ( strcmp( argv[i], -nolisten) == 0)
{
-if(++i argc)
- protNoListen = argv[i];
+ if(++i argc) {
+ NoListenListPtr p =
+ (NoListenListPtr)xalloc(sizeof(struct NoListenList));
+ p-name = argv[i];
+ p-next = noListenList;
+ noListenList = p;
+ }
else
UseMsg();
}
Matthieu
___
Devel mailing list
[EMAIL PROTECTED]
http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
Maybe I'm missing something, but I always thought the XFree86 nolisten
code was overly complicated, and this just seems to make it worse. When
we added -nolisten to Xsun, we got multiple listeners for free with a
simpler implementation, contained entirely in utils.c:
else if ( strcmp( argv[i], -nolisten) == 0)
{
if(++i argc) {
if (_XSERVTransNoListen(argv[i])) {
FatalError (Failed to disable listen for %s transport,
argv[i]);
}
} else
UseMsg();
}
--
-Alan Coopersmith- [EMAIL PROTECTED]
Sun Microsystems, Inc. - Sun Software Group
Quality / User Experience (QUE) - Globalization
Platform Globalization Engineering: X11 Development
Matthieu Herrb wrote:
Here's a patch to allow multiple '-nolisten' options on the command
line. To disable both IPv4 and IPv6 transports, one needs to say:
X -nolisten tcp -nolisten inet6
I'll add a documentation patch too later.
Index: xc/programs/Xserver/include/os.h
===
RCS file: /cvs/xf86/xc/programs/Xserver/include/os.h,v
retrieving revision 3.45
diff -u -r3.45 os.h
--- xc/programs/Xserver/include/os.h 4 Jul 2003 16:24:29 - 3.45
+++ xc/programs/Xserver/include/os.h 23 Jul 2003 20:34:47 -
@@ -480,5 +480,12 @@
extern void AbortDDX(void);
extern void ddxGiveUp(void);
extern int TimeSinceLastInputEvent(void);
+
+typedef struct NoListenList {
+ char *name;
+ struct NoListenList *next;
+} *NoListenListPtr;
+
+extern NoListenListPtr noListenList;
#endif /* OS_H */
Index: xc/programs/Xserver/os/connection.c
===
RCS file: /cvs/xf86/xc/programs/Xserver/os/connection.c,v
retrieving revision 3.61
diff -u -r3.61 connection.c
--- xc/programs/Xserver/os/connection.c 16 Jul 2003 01:39:00 - 3.61
+++ xc/programs/Xserver/os/connection.c 23 Jul 2003 20:34:47 -
@@ -186,7 +186,7 @@
Bool RunFromSmartParent; /* send SIGUSR1 to parent process */
Bool PartialNetwork; /* continue even if unable to bind all addrs */
-char *protNoListen; /* don't listen on this protocol */
+NoListenListPtr noListenList; /* don't listen on these protocols */
static Pid_t ParentProcess;
#ifdef __UNIXOS2__
Pid_t GetPPID(Pid_t pid);
@@ -309,6 +309,7 @@
int i;
int partial;
char port[20];
+NoListenListPtr p;
FD_ZERO(AllSockets);
FD_ZERO(AllClients);
@@ -323,13 +324,13 @@
FD_ZERO (WellKnownConnections);
-sprintf (port, %d, atoi (display));
+snprintf (port, sizeof(port), %d, atoi (display));
-if (protNoListen)
-if (_XSERVTransNoListen(protNoListen))
-{
- FatalError (Failed to disable listen for %s, protNoListen);
- }
+for (p = noListenList; p != NULL; p = p-next) {
+ if (_XSERVTransNoListen(p-name)) {
+ FatalError(Failed to disable listen for %s, p-name);
+ }
+}
if ((_XSERVTransMakeAllCOTSServerListeners (port, partial,
ListenTransCount, ListenTransConns) = 0)
Index: xc/programs/Xserver/os/utils.c
===
RCS file: /cvs/xf86/xc/programs/Xserver/os/utils.c,v
retrieving revision 3.89
diff -u -r3.89 utils.c
--- xc/programs/Xserver/os/utils.c 9 Jul 2003 15:27:35 - 3.89
+++ xc/programs/Xserver/os/utils.c 23 Jul 2003 20:34:47 -
@@ -602,6 +602,7 @@
{
int i, skip;
+noListenList = NULL;
defaultKeyboardControl.autoRepeat = TRUE;
#ifdef PART_NET
@@ -816,8 +823,13 @@
#endif
else if ( strcmp( argv[i], -nolisten) == 0)
{
-if(++i argc)
- protNoListen = argv[i];
+ if(++i argc) {
+ NoListenListPtr p =
+ (NoListenListPtr)xalloc(sizeof(struct NoListenList));
+ p-name = argv[i];
+ p-next = noListenList;
+ noListenList = p;
+ }
else
UseMsg();
}
Matthieu
___
Devel mailing list
[EMAIL PROTECTED]
http://XFree86.Org/mailman/listinfo/devel
___
Devel mailing list
[EMAIL PROTECTED]
http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
From: Matthias Scheler [EMAIL PROTECTED] On Wed, Jul 23, 2003 at 01:48:08PM +0200, Egbert Eich wrote: I wasn't suggesting to use it on Linux. My suggestion was to revert to using a single socket on all platforms and use the above code to enable accepting IPv4 connections on *BSD. Yes, I understand. I was just looking for a decend way of making things work on Linux. Using a single socket should work on Linux according to your observations. And it definitely works on Solaris. So adding some conditional code which uses setsockopt() with IPV6_V6ONLY on platforms which have IPV6_V6ONLY defined should work arround the platform. The danger is that on systems where V4-mapped addresses are disabled an attacker might just manage to bind to either the V6 socket, or the V4 socket and possibly execute a MitM attack. But we would get complaints from the IPv6 folks which consider accepting IPv4 connections on IPv6 listeners a problem. See here: http://www.ietf.org/internet-drafts/draft-itojun-v6ops-v4mapped-harmful-01.txt So we probably need to implement heuristics similar to the one described by Andrew Aitchison. The issues that the draft brings up are irrelevant to XFree86. They are strictly OS/firewall issues. If those problems can occur on a system, the system is already swiss cheese; and nothing XFree86 can do will alleviate things. The draft was sent to BugTraq, and everyone who responded brought the exact same issue up: http://www.securityfocus.com/archive/1/289420/2002-08-20/2002-08-26/2 http://www.securityfocus.com/archive/1/289409/2002-08-20/2002-08-26/2 http://www.securityfocus.com/archive/1/289375/2002-08-20/2002-08-26/2 http://www.securityfocus.com/archive/1/289364/2002-08-20/2002-08-26/2 If you want to see both sides and the rest of the thread: http://www.securityfocus.com/archive/1/288622/2002-08-20/2002-08-26/1 -- (\___(\___(\__ --= 8-) EHM =-- __/)___/)___/) \ (| [EMAIL PROTECTED] PGP 8881EF59 |) / \_ \ | _ -O #include stddisclaimer.h O- _ | / _/ \___\_|_/82 04 A1 3C C7 B1 37 2A*E3 6E 84 DA 97 4C 40 E6\_|_/___/ ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
Around 23 o'clock on Jul 23, Matthieu Herrb wrote: Here's a patch to allow multiple '-nolisten' options on the command line. To disable both IPv4 and IPv6 transports, one needs to say: X -nolisten tcp -nolisten inet6 While supporting multiple -nolisten arguments is good, I suggest that the current '-nolisten tcp' should include both inet4 and inet6 tcp options; most people use '-nolisten tcp' to avoid exposing an open port to the X server to the network. -nolisten inet4 don't listen for TCP/IPv4 connections -nolisten inet6 don't listen for TCP/IPv6 connections -nolisten tcp don't listen for any TCP connections -keith ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
I'd like to say this was a head scratcher for me. I like Keith's thouhts on this. -- Todd Fries .. [EMAIL PROTECTED] Free Daemon Consulting, LLCLand: 405-748-4596 http://FreeDaemonConsulting.com Mobile: 405-203-6124 ..in support of free software solutions. Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A Key: http://todd.fries.net/pgp.txt (last updated 2003/03/13 07:14:10) Penned by Keith Packard on Wed, Jul 23, 2003 at 11:34:53PM -0400, we have: | Around 23 o'clock on Jul 23, Matthieu Herrb wrote: | | Here's a patch to allow multiple '-nolisten' options on the command | line. To disable both IPv4 and IPv6 transports, one needs to say: | |X -nolisten tcp -nolisten inet6 | | While supporting multiple -nolisten arguments is good, I suggest that the | current '-nolisten tcp' should include both inet4 and inet6 tcp options; | most people use '-nolisten tcp' to avoid exposing an open port to the X | server to the network. | | -nolisten inet4 don't listen for TCP/IPv4 connections | -nolisten inet6 don't listen for TCP/IPv6 connections | -nolisten tcp don't listen for any TCP connections | | -keith | | | ___ | Devel mailing list | [EMAIL PROTECTED] | http://XFree86.Org/mailman/listinfo/devel ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
IPv6 problems on Linux
When creating an IPv6 socket on Linux an IPv4 socket seems to be created also. The current CVS code produces the error: _XSERVTransSocketINETCreateListener: ...SocketCreateListener() failed _XSERVTransMakeAllCOTSServerListeners: server already running Fatal server error: Cannot establish any listening sockets - Make sure an X server isn't already running bind() returns an EADDRINUSE error when binding to the second IP protocol (in CVS it is IPv6). When I switch the order of initialization around and skip the IPv4 protocol if IPv6 initialization was successful, everything works: I can connect thru IPv6 and IPv4. I'm surprised that noone else sees this problem. Egbert. ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
Matthias Scheler writes: This sounds like a bug in Linux's socket implementation. It should allow an IPv4 and an IPv6 socket to bind to the same port number. This is a common programming pratice for *BSD or Solaris. As I tried to explain binding to an IPv6 socket implicitely binds to an IPv4 socket. That's why binding an IPv4 socket and then an IPv6 socket to the same port fails. Egbert. ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
Matthias Scheler writes:
It is necessary in at least NetBSD and OpenBSD because the kernel won't
let you accept IPv4 connection on an IPv6 socket by default. As FreeBSD's
IPv6 is AFAK also KAME based I would expect that it shows the same behaviour.
... while simply binding to IPv6 and letting it handle both was the
way we coded it to work, and had it working on both Solaris and Linux.
You can use that scheme in *BSD, too, if you use setsockopt() like this:
int off = 0;
[...]
if (setsockopt(listen_socket, IPPROTO_IPV6, IPV6_V6ONLY, off,
sizeof (off)) 0) {
/* error handling */
[...]
}
[...]
I was looking for the IPV6_V6ONLY on Linux, but these options don't
seem to exist there.
Egbert.
___
Devel mailing list
[EMAIL PROTECTED]
http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
Egbert Eich wrote: Alan Coopersmith writes: This was one of the patches suggested to the X.org IPv6 review which we declined to include in our patch set, but which got checked into the XFree86 CVS anyway. We were told that separately binding to both is the usual habit on OpenBSD, while simply binding to IPv6 and letting it handle both was the way we coded it to work, and had it working on both Solaris and Linux. Hm, it doesn't work here. I don't know what the deal is. When binding the same port to IPv4 and then IPv6 the second bind fails as it tries to bind the IPv4 socket, too, which is already bound. I think you misunderstood me - what we had working and supply in the X.org patches is a single bind to IPv6. The second bind was added by the patch we chose not to include in the X.org patch set. -- -Alan Coopersmith- [EMAIL PROTECTED] Sun Microsystems, Inc. - Sun Software Group Quality / User Experience (QUE) - Globalization Platform Globalization Engineering: X11 Development ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
On Tue, Jul 22, 2003 at 09:14:08PM +0200, Egbert Eich wrote: As I tried to explain binding to an IPv6 socket implicitely binds to an IPv4 socket. That's a bug. Kind regards -- Matthias Scheler http://scheler.de/~matthias/ ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
On Tue, Jul 22, 2003 at 09:23:31PM +0200, Egbert Eich wrote:
You can use that scheme in *BSD, too, if you use setsockopt() like this:
int off = 0;
[...]
if (setsockopt(listen_socket, IPPROTO_IPV6, IPV6_V6ONLY, off,
sizeof (off)) 0) {
/* error handling */
[...]
}
[...]
I was looking for the IPV6_V6ONLY on Linux, but these options don't
seem to exist there.
I wasn't suggesting to use it on Linux. My suggestion was to revert to
using a single socket on all platforms and use the above code to enable
accepting IPv4 connections on *BSD.
Kind regards
--
Matthias Scheler http://scheler.de/~matthias/
___
Devel mailing list
[EMAIL PROTECTED]
http://XFree86.Org/mailman/listinfo/devel
Re: IPv6 problems on Linux
On Tue, 22 Jul 2003, Matthias Scheler wrote: On Tue, Jul 22, 2003 at 08:03:35PM +0200, Egbert Eich wrote: The current CVS code produces the error: _XSERVTransSocketINETCreateListener: ...SocketCreateListener() failed _XSERVTransMakeAllCOTSServerListeners: server already running Fatal server error: Cannot establish any listening sockets - Make sure an X server isn't already running bind() returns an EADDRINUSE error when binding to the second IP protocol (in CVS it is IPv6). When I switch the order of initialization around and skip the IPv4 protocol if IPv6 initialization was successful, everything works: I can connect thru IPv6 and IPv4. This sounds like a bug in Linux's socket implementation. Not really. Linux has been always working like this. the USAGI patch for linux kernel implements a runtime configurable option to separate ipv6 and ipv4 bindings. Fabio -- Our mission: make IPv6 the default IP protocol We are on a mission from God - Elwood Blues http://www.itojun.org/paper/itojun-nanog-200210-ipv6isp/mgp4.html ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
