[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sks-devel] [CONTRIB] sks.pod text for enabling IPv6
From: |
Phil Pennock |
Subject: |
[Sks-devel] [CONTRIB] sks.pod text for enabling IPv6 |
Date: |
Sun, 29 Mar 2009 17:09:48 -0700 |
On 2009-03-29 at 07:55 +0000, Kim Minh Kaplan wrote:
> For hkp_address the default value is "0.0.0.0" meaning all of this
> host's IPv4 addresses.
>
> For IPv6 the setting is different depending on you system. Where
> IP6_V6ONLY is the default (it seems FreeBSD is among them) then *adding*
> "::" should be fine (i.e. "hkp_address: 0.0.0.0 ::"). Where it is not
> (Linux for example) then you have to *replace* the default with "::"
> (i.e. "hkp_address: ::").
>
> Regarding recon_address some additional care is needed because other
> SKS peers use the IP address for authentication purposes. As current
> SKS code does *not* support IPv4 mapped address you should *not* use
> "::" on systems where they are the default (Linux for example).
Does it make sense to test if the address is in ::ffff:0.0.0.0/96 and if
so to just strip off the leading ::ffff: so as to avoid this issue?
Something like this, just before EXAMPLES?
----------------------------8< cut here >8------------------------------
=head1 ENABLING IPv6
This is more complicated than it should be, thanks to some limitations
in the language support libraries of O'Caml. Instead of just being able
to do The Right Thing, you need to both explicitly enable IPv6 and
perhaps to understand a little about how your system deals with IPv4 and
IPv6 connections to an IPv6 socket.
The easiest solution is to explicitly list your IP addresses in
C<sksconf>; whatever the hostname you peer under resolves to, those IP
addresses should be listed for both C<hkp_address> and C<recon_address>.
So if you have the hostname C<keyserver.example.org> which resolves to
C<192.0.2.0> and C<2001:DB8::1> then you would configure:
=over 4
=item Explicit IP addresses in C<sksconf>:
hkp_address: 192.0.2.0 2001:DB8::1
recon_address: 192.0.2.0 2001:DB8::1
=back
If you want to auto-discover IPv6 addresses in the same way as IPv4
addresses, then this will only work cleanly in SKS on platforms where
IPv6 sockets do not receive IPv4 connections using mapped addresses. If
this means nothing to you, then you'll just have to manually configure
the addresses. Sorry. If it does mean something, then you should just
add C<in6addr_any> to the list, in addition to C<INADDR_ANY>, thus:
=over 4
=item Will not work on Linux:
hkp_address: 0.0.0.0 ::
recon_address: 0.0.0.0 ::
=back
----------------------------8< cut here >8------------------------------
-Phil
pgpjJUf4seAgQ.pgp
Description: PGP signature
- [PATCH 1] Fix non tail recursion in sksdump (was: [Sks-devel] [PATCH] Bundle IPv6, DNS fixes, sks dump fix), (continued)
- [PATCH 1] Fix non tail recursion in sksdump (was: [Sks-devel] [PATCH] Bundle IPv6, DNS fixes, sks dump fix), Kim Minh Kaplan, 2009/03/25
- [PATCH 2] Recon server check that the HTTP request succeeded before using the response (was: [Sks-devel] [PATCH] Bundle IPv6, DNS fixes, sks dump fix), Kim Minh Kaplan, 2009/03/25
- [PATCH 3] Use Unix.domain_of_sockaddr instead of hardcoded PF_INET or PF_UNIX (was: [Sks-devel] [PATCH] Bundle IPv6, DNS fixes, sks dump fix), Kim Minh Kaplan, 2009/03/25
- [PATCH 4] Servers can listen on multiple addresses simultaneously (was: [Sks-devel] [PATCH] Bundle IPv6, DNS fixes, sks dump fix), Kim Minh Kaplan, 2009/03/25
- [PATCH 5] Use all available addresses of partners (was: [Sks-devel] [PATCH] Bundle IPv6, DNS fixes, sks dump fix), Kim Minh Kaplan, 2009/03/25
- [PATCH 4] Servers can listen on multiple addresses simultaneously (was: [Sks-devel] [PATCH] Bundle IPv6, DNS fixes, sks dump fix), Kim Minh Kaplan, 2009/03/26
- [PATCH 6] Fix DNS staleness (was: [Sks-devel] [PATCH] Bundle IPv6, DNS fixes, sks dump fix), Kim Minh Kaplan, 2009/03/28
- Re: [Sks-devel] [PATCH] Bundle IPv6, DNS fixes, sks dump fix, Phil Pennock, 2009/03/25
- Re: [Sks-devel] [PATCH] Bundle IPv6, DNS fixes, sks dump fix, Phil Pennock, 2009/03/25
- Re: [Sks-devel] [PATCH] Bundle IPv6, DNS fixes, sks dump fix, Kim Minh Kaplan, 2009/03/29
- [Sks-devel] [CONTRIB] sks.pod text for enabling IPv6,
Phil Pennock <=
- Re: [Sks-devel] [CONTRIB] sks.pod text for enabling IPv6, Kim Minh Kaplan, 2009/03/30
- Re: [Sks-devel] [CONTRIB] sks.pod text for enabling IPv6, Phil Pennock, 2009/03/30
- Re: [Sks-devel] [CONTRIB] sks.pod text for enabling IPv6, Yaron Minsky, 2009/03/30
- Re: [Sks-devel] [CONTRIB] sks.pod text for enabling IPv6, Phil Pennock, 2009/03/31
- Re: [Sks-devel] [CONTRIB] sks.pod text for enabling IPv6, Yaron Minsky, 2009/03/31
- Re: [Sks-devel] [CONTRIB] sks.pod text for enabling IPv6, Kim Minh Kaplan, 2009/03/31
- Re: [Sks-devel] [CONTRIB] sks.pod text for enabling IPv6, Phil Pennock, 2009/03/31