Re: [PATCHES] IPV4 addresses on IPV6 machines in pg_hba.conf
Andrew Dunstan wrote: Andreas, You should check that the CIDR mask is a valid integer. You would need to use strtol() rather than atoi() to do that. Perhaps this should be hoisted out of ip.c:SockAddr_cidr_mask() and put in hba.c. Right, I added this. Regards, Andreas Index: hba.c === RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/hba.c,v retrieving revision 1.112 diff -c -r1.112 hba.c *** hba.c 5 Sep 2003 03:57:13 - 1.112 --- hba.c 5 Sep 2003 09:04:33 - *** *** 673,708 if (cidr_slash) *cidr_slash = '/'; ! if (file_ip_addr-ai_family != port-raddr.addr.ss_family) { ! /* Wrong address family. */ freeaddrinfo_all(hints.ai_family, file_ip_addr); ! return; } ! /* Get the netmask */ ! if (cidr_slash) { ! if (SockAddr_cidr_mask(mask, cidr_slash + 1, ! file_ip_addr-ai_family) 0) ! goto hba_syntax; } else { ! /* Read the mask field. */ ! line = lnext(line); ! if (!line) ! goto hba_syntax; ! token = lfirst(line); ! ! ret = getaddrinfo_all(token, NULL, hints, file_ip_mask); ! if (ret || !file_ip_mask) ! goto hba_syntax; ! ! mask = (struct sockaddr_storage *) file_ip_mask-ai_addr; ! ! if (file_ip_addr-ai_family != mask-ss_family) ! goto hba_syntax; } /* Read the rest of the line. */ --- 673,774 if (cidr_slash) *cidr_slash = '/'; ! #ifdef HAVE_IPV6 ! ! if (file_ip_addr-ai_family == AF_INET port-raddr.addr.ss_family == AF_INET6) { ! /* port got a IPV6 address, but the current line is IPV4. ! * We'll make a IPV6 entry from this line, to check if by chance the connecting port ! * is a converted IPV4 address. */ ! ! char *v6addr=palloc(strlen(token)+8); ! char *v6mask; ! freeaddrinfo_all(hints.ai_family, file_ip_addr); ! ! if (cidr_slash) ! *cidr_slash = 0; ! sprintf(v6addr, :::%s, token); ! if (cidr_slash) ! *cidr_slash = '/'; ! ! ret = getaddrinfo_all(v6addr, NULL, hints, file_ip_addr); ! if (ret || !file_ip_addr) ! { ! ereport(LOG, ! (errcode(ERRCODE_CONFIG_FILE_ERROR), !errmsg(could not interpret converted IP address \%s\ in config file: %s, ! token, gai_strerror(ret; ! } ! if (cidr_slash) ! { ! int v4bits; ! char *endptr; ! ! v4bits=strtol(cidr_slash+1, endptr, 10); ! if (cidr_slash[1]==0 || *endptr!=0 || v4bits0 || v4bits32) ! goto hba_syntax; ! ! v6mask = palloc(20); ! sprintf(v6mask, %d, v4bits+96); ! if (SockAddr_cidr_mask(mask, v6mask, file_ip_addr-ai_family) 0) ! goto hba_syntax; ! } ! else ! { ! line = lnext(line); ! if (!line) ! goto hba_syntax; ! token = lfirst(line); ! v6mask = palloc(strlen(token)+32); ! sprintf(v6mask, ::::::%s, token); ! ! ret = getaddrinfo_all(v6mask, NULL, hints, file_ip_mask); ! if (ret || !file_ip_mask) ! goto hba_syntax; ! ! mask = (struct sockaddr_storage *) file_ip_mask-ai_addr; ! ! if (file_ip_addr-ai_family != mask-ss_family) ! goto hba_syntax; !
Re: [PATCHES] IPV4 addresses on IPV6 machines in pg_hba.conf
Tom Lane wrote: I thought this was still really messy, so I modified it to use a separate promote v4 address to v6 subroutine. I've applied the attached patch (plus docs). It's not very well tested since I don't have an IPv6 setup here; please check that it does what you want. It SEGVs. Reason is that the memcpy of the promote_v4_to_v6_XXX functions assumes that the sockaddr_storage is large enough to hold an IPV6 address, which appears to be not true. Since the struct isn't created by a plain malloc() and returned by free(), but assembled by getaddrinfo() according to the family's requirement, I don't see a way how to fix this. IMHO the struct needs to be created officially by getaddrinfo(), which will lead more or less the the same solution I posted previously. Regards, Andreas ---(end of broadcast)--- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [PATCHES] IPV4 addresses on IPV6 machines in pg_hba.conf
Tom Lane said: Andreas Pflug [EMAIL PROTECTED] writes: are you sure it's not just for beauty's sake? What I didn't like about your last patch was the close coupling of the CIDR/netmask processing to the v4-to-v6 conversion; as Andrew pointed out, you were hacking into hba.c functionality that overlapped with SockAddr_cidr_mask. Doing the conversion after we've collected the netmask seems a lot cleaner to me. Also, this way keeps a fairly decent separation of interests between hba.c (parsing the hba.conf syntax) and ip.c (messing with address representations). While talking about beauty: that setting of *cidr_slash to '/' and 0 doesn't look too esthetic... It is ugly (and I didn't write it ;-)). But if we palloc'd a modified version of the token we'd have to remember to pfree it, so it nets out to about the same amount of code either way I think. If you wanna try to clean it up more, be my guest ... I wrote it :-) The reason is that alone of the tokens in this file address/mask is a composite. I agree it is a bit ugly. In fact, this whole function is ugly and getting uglier and needs recasting. I intend to have a go at that, since I am partly responsible, but not in the present cycle. Nobody objected when the original patch from Kurt (including my bit) was submitted, though, so it's a bit late to complain now about aesthetics. cheers andrew ---(end of broadcast)--- TIP 2: you can get off all lists at once with the unregister command (send unregister YourEmailAddressHere to [EMAIL PROTECTED])
Re: [PATCHES] IPV4 addresses on IPV6 machines in pg_hba.conf
Tom Lane wrote: Andreas Pflug [EMAIL PROTECTED] writes: are you sure it's not just for beauty's sake? What I didn't like about your last patch was the close coupling of the CIDR/netmask processing to the v4-to-v6 conversion; as Andrew pointed out, you were hacking into hba.c functionality that overlapped with SockAddr_cidr_mask. Doing the conversion after we've collected the netmask seems a lot cleaner to me. Also, this way keeps a fairly decent separation of interests between hba.c (parsing the hba.conf syntax) and ip.c (messing with address representations). While talking about beauty: that setting of *cidr_slash to '/' and 0 doesn't look too esthetic... It is ugly (and I didn't write it ;-)). But if we palloc'd a modified version of the token we'd have to remember to pfree it, so it nets out to about the same amount of code either way I think. If you wanna try to clean it up more, be my guest ... Would you like me to conditionally add the IPv6 line to pg_hba.conf from initdb now? -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 7: don't forget to increase your free space map settings
Re: [PATCHES] IPV4 addresses on IPV6 machines in pg_hba.conf
Bruce Momjian [EMAIL PROTECTED] writes: Would you like me to conditionally add the IPv6 line to pg_hba.conf from initdb now? I was going to tackle that tomorrow, but if you wanna do it, go for it. regards, tom lane ---(end of broadcast)--- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
Re: [PATCHES] IPV4 addresses on IPV6 machines in pg_hba.conf
On Wed, Sep 03, 2003 at 07:19:16PM +0200, Andreas Pflug wrote: This was discussed in [HACKERS] TCP/IP with 7.4 beta2 broken? I created a patch to hba.c which uses IPV4 entries as IPV6 entries if running on a IPV6 system (which is detected from a port coming in as AF_INET6). You're assuming all systems have an AF_INET6 constant, which is not the case. Please make use of HAVE_IPV6. Can't directly see anything else wrong with it. Kurt ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org