[Sks-devel] [CONTRIB] sks.pod text for enabling IPv6

[Phil Pennock]

On 2009-03-29 at 07:55 +0000, Kim Minh Kaplan wrote:
> For hkp_address the default value is "0.0.0.0" meaning all of this
> host's IPv4 addresses.
> 
> For IPv6 the setting is different depending on you system.  Where
> IP6_V6ONLY is the default (it seems FreeBSD is among them) then *adding*
> "::" should be fine (i.e. "hkp_address: 0.0.0.0 ::").  Where it is not
> (Linux for example) then you have to *replace* the default with "::"
> (i.e. "hkp_address: ::").
> 
> Regarding recon_address some additional care is needed because other
> SKS peers use the IP address for authentication purposes.  As current
> SKS code does *not* support IPv4 mapped address you should *not* use
> "::" on systems where they are the default (Linux for example).

Does it make sense to test if the address is in ::ffff:0.0.0.0/96 and if
so to just strip off the leading ::ffff: so as to avoid this issue?

Something like this, just before EXAMPLES?

----------------------------8< cut here >8------------------------------
=head1 ENABLING IPv6

This is more complicated than it should be, thanks to some limitations
in the language support libraries of O'Caml.  Instead of just being able
to do The Right Thing, you need to both explicitly enable IPv6 and
perhaps to understand a little about how your system deals with IPv4 and
IPv6 connections to an IPv6 socket.

The easiest solution is to explicitly list your IP addresses in
C<sksconf>; whatever the hostname you peer under resolves to, those IP
addresses should be listed for both C<hkp_address> and C<recon_address>.
So if you have the hostname C<keyserver.example.org> which resolves to
C<192.0.2.0> and C<2001:DB8::1> then you would configure:

=over 4

=item Explicit IP addresses in C<sksconf>:

 hkp_address: 192.0.2.0 2001:DB8::1
 recon_address: 192.0.2.0 2001:DB8::1

=back

If you want to auto-discover IPv6 addresses in the same way as IPv4
addresses, then this will only work cleanly in SKS on platforms where
IPv6 sockets do not receive IPv4 connections using mapped addresses.  If
this means nothing to you, then you'll just have to manually configure
the addresses.  Sorry.  If it does mean something, then you should just
add C<in6addr_any> to the list, in addition to C<INADDR_ANY>, thus:

=over 4

=item Will not work on Linux:

 hkp_address: 0.0.0.0 ::
 recon_address: 0.0.0.0 ::

=back

----------------------------8< cut here >8------------------------------

-Phil

pgpjJUf4seAgQ.pgp
Description: PGP signature