From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
Cc: | Nigel Kukard <nkukard(at)lbsd(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: IPv6 patch |
Date: | 2003-01-06 21:40:36 |
Message-ID: | 200301062140.h06Leb014849@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Peter Eisentraut wrote:
> Bruce Momjian writes:
>
> > Patch applied. I added a small mention of IPv6 addresses to the
> > pg_hba.conf documentation. Not sure where else to mention it.
>
> Can this patch please be cleaned up so the code doesn't contain an #ifdef
> on every other line?
I posted the patch a week ago, and mentioned this exact problem. Any
suggestions? I realized I could break out the parts into IPv4/6
sections, but then I would have duplicate code paths that were identical
except for the IPv4/6 calls. Is that the way to go? The major ugliness
is in pqcomm.c and fe-connect.c. Add the unix domain socket and SSL
defines, and it is a mess. However, the danger of breaking out the code
into separate routines is that then we have to keep them consistent if
we make any changes.
> I would also like to discuss how IPv6 is handled during the server start
> and in pg_hba.conf. It seems that we should treat the address families
> Unix, IPv4, and IPv6 consistenly, which would mean two things:
>
> (1) pg_hba.conf entries pertaining to the address family are allowed and
> present in the default file, no matter whether the address family is used
> by the server.
>
> (2) A socket type is explicitly enabled for the server to use, and if
> creation fails, server startup fails. It seems that the current code
> falls back to IPv4 if IPv6 fails.
The issue is that right now, there isn't any special IPv6 enabling,
except for lines in pg_hba.conf. I think it is fine to add some
enabling, but we then have an additional user interface issue. One idea
I had was to change tcpip_socket from true/false to true/false/4/6 so
you can specify if you want none(false)/4/6/both(true). The original
patch author wants this functionality too, so there clearly is a need
for this. This doesn't play nice with the -i flag, however.
Also, I need help specifying to listen on _just_ IPv4 or IPv6. The way it
is coded, you open IPv6 and IPv4 comes along with it. We could add some
test that checks _after_ the connection is made and reject IPv4/6, but
it would be better to listen _just_ on the IP version specified. I am
not sure how to do that, and the #ipv6 IRC channel wasn't clear either.
I tried Google but didn't get a clear answer there either.
Also, keep in mine my BSD/OS has libraries to support IPv6, but IPv6
isn't enabled in the kernel, so there is a case where HAVE_IPV6 is true,
but when run, opening an IPV6 server fails and I fall back to IPv4 ---
just throwing that out as a data point. What would be our default as
shipped?
I do think we need some user interface control over IPv6 and IPv4. I
just coded it to get it working, and compilable on most platforms, and
then we can iron out these issues.
If we have an IPv6 enablement, it would allow us to keep the pg_hba.conf
IPv6 line, and just ignore it, or throw a warning in the logs, though if
it is by default in pg_hba.conf, a warning seems strange.
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2003-01-06 21:43:38 | Re: IPv6 patch |
Previous Message | Greg Copeland | 2003-01-06 21:39:49 | Re: IPv6 patch |