From 4ea2d2ddbe247d529e9d51a362704d67c56f4e48 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Tue, 17 Feb 2015 12:49:18 -0500 Subject: Remove code to match IPv4 pg_hba.conf entries to IPv4-in-IPv6 addresses. In investigating yesterday's crash report from Hugo Osvaldo Barrera, I only looked back as far as commit f3aec2c7f51904e7 where the breakage occurred (which is why I thought the IPv4-in-IPv6 business was undocumented). But actually the logic dates back to commit 3c9bb8886df7d56a and was simply broken by erroneous refactoring in the later commit. A bit of archives excavation shows that we added the whole business in response to a report that some 2003-era Linux kernels would report IPv4 connections as having IPv4-in-IPv6 addresses. The fact that we've had no complaints since 9.0 seems to be sufficient confirmation that no modern kernels do that, so let's just rip it all out rather than trying to fix it. Do this in the back branches too, thus essentially deciding that our effective behavior since 9.0 is correct. If there are any platforms on which the kernel reports IPv4-in-IPv6 addresses as such, yesterday's fix would have made for a subtle and potentially security-sensitive change in the effective meaning of IPv4 pg_hba.conf entries, which does not seem like a good thing to do in minor releases. So let's let the post-9.0 behavior stand, and change the documentation to match it. In passing, I failed to resist the temptation to wordsmith the description of pg_hba.conf IPv4 and IPv6 address entries a bit. A lot of this text hasn't been touched since we were IPv4-only. --- src/backend/libpq/ip.c | 73 -------------------------------------------------- 1 file changed, 73 deletions(-) (limited to 'src/backend/libpq/ip.c') diff --git a/src/backend/libpq/ip.c b/src/backend/libpq/ip.c index eb249e9df56..9c3e85bbf7f 100644 --- a/src/backend/libpq/ip.c +++ b/src/backend/libpq/ip.c @@ -407,79 +407,6 @@ pg_sockaddr_cidr_mask(struct sockaddr_storage * mask, char *numbits, int family) } -#ifdef HAVE_IPV6 - -/* - * pg_promote_v4_to_v6_addr --- convert an AF_INET addr to AF_INET6, using - * the standard convention for IPv4 addresses mapped into IPv6 world - * - * The passed addr is modified in place; be sure it is large enough to - * hold the result! Note that we only worry about setting the fields - * that pg_range_sockaddr will look at. - */ -void -pg_promote_v4_to_v6_addr(struct sockaddr_storage * addr) -{ - struct sockaddr_in addr4; - struct sockaddr_in6 addr6; - uint32 ip4addr; - - memcpy(&addr4, addr, sizeof(addr4)); - ip4addr = ntohl(addr4.sin_addr.s_addr); - - memset(&addr6, 0, sizeof(addr6)); - - addr6.sin6_family = AF_INET6; - - addr6.sin6_addr.s6_addr[10] = 0xff; - addr6.sin6_addr.s6_addr[11] = 0xff; - addr6.sin6_addr.s6_addr[12] = (ip4addr >> 24) & 0xFF; - addr6.sin6_addr.s6_addr[13] = (ip4addr >> 16) & 0xFF; - addr6.sin6_addr.s6_addr[14] = (ip4addr >> 8) & 0xFF; - addr6.sin6_addr.s6_addr[15] = (ip4addr) & 0xFF; - - memcpy(addr, &addr6, sizeof(addr6)); -} - -/* - * pg_promote_v4_to_v6_mask --- convert an AF_INET netmask to AF_INET6, using - * the standard convention for IPv4 addresses mapped into IPv6 world - * - * This must be different from pg_promote_v4_to_v6_addr because we want to - * set the high-order bits to 1's not 0's. - * - * The passed addr is modified in place; be sure it is large enough to - * hold the result! Note that we only worry about setting the fields - * that pg_range_sockaddr will look at. - */ -void -pg_promote_v4_to_v6_mask(struct sockaddr_storage * addr) -{ - struct sockaddr_in addr4; - struct sockaddr_in6 addr6; - uint32 ip4addr; - int i; - - memcpy(&addr4, addr, sizeof(addr4)); - ip4addr = ntohl(addr4.sin_addr.s_addr); - - memset(&addr6, 0, sizeof(addr6)); - - addr6.sin6_family = AF_INET6; - - for (i = 0; i < 12; i++) - addr6.sin6_addr.s6_addr[i] = 0xff; - - addr6.sin6_addr.s6_addr[12] = (ip4addr >> 24) & 0xFF; - addr6.sin6_addr.s6_addr[13] = (ip4addr >> 16) & 0xFF; - addr6.sin6_addr.s6_addr[14] = (ip4addr >> 8) & 0xFF; - addr6.sin6_addr.s6_addr[15] = (ip4addr) & 0xFF; - - memcpy(addr, &addr6, sizeof(addr6)); -} -#endif /* HAVE_IPV6 */ - - /* * Run the callback function for the addr/mask, after making sure the * mask is sane for the addr. -- cgit v1.2.3