# 
# 
# patch "cmd_netsync.cc"
#  from [dee07d1641d2272e86b5094bda944a204bdf2e31]
#    to [0e5e4dd6b2219b4708c95c85b0689ffb55a74184]
# 
# patch "netsync.cc"
#  from [d0e9992852169ef633492929c0c709a81c2d2375]
#    to [50c834eb5e406fc6d9f69782c5109f2043642b0e]
# 
# patch "options_list.hh"
#  from [c7b31ec65e0a2190312019011bf57eb8dfb1adf7]
#    to [861b5fc7a146a5618c60b5bbbb588e22517d6e73]
# 
============================================================
--- cmd_netsync.cc	dee07d1641d2272e86b5094bda944a204bdf2e31
+++ cmd_netsync.cc	0e5e4dd6b2219b4708c95c85b0689ffb55a74184
@@ -198,7 +198,7 @@ CMD_NO_WORKSPACE(serve, N_("network"), N
 
   pid_file pid(app.opts.pidfile);
 
-  if (!app.opts.no_transport_auth)
+  if (!app.opts.use_transport_auth)
     {
       rsa_keypair_id key;
       get_user_key(key, app);
@@ -210,7 +210,7 @@ CMD_NO_WORKSPACE(serve, N_("network"), N
     }
   else
     {
-      E(app.opts.bind.stdio,
+      E(app.opts.bind_stdio,
 	F("The --no-transport-auth option is only permitted in combination with --stdio"));
     }
 
@@ -219,7 +219,7 @@ CMD_NO_WORKSPACE(serve, N_("network"), N
   utf8 dummy_addr, include_pattern, exclude_pattern;
   process_netsync_args(name, args, dummy_addr, include_pattern, exclude_pattern, 
                        false, true, false, app);
-  run_netsync_protocol(server_voice, source_and_sink_role, app.opts.bind.address,
+  run_netsync_protocol(server_voice, source_and_sink_role, app.opts.bind_address,
                        include_pattern, exclude_pattern, app);
 }
 
============================================================
--- netsync.cc	d0e9992852169ef633492929c0c709a81c2d2375
+++ netsync.cc	50c834eb5e406fc6d9f69782c5109f2043642b0e
@@ -481,8 +481,8 @@ session::session(protocol_role role,
   remote_peer_key_hash(""),
   remote_peer_key_name(""),
   session_key(constants::netsync_key_initializer),
-  read_hmac(constants::netsync_key_initializer, !app.opts.no_transport_auth),
-  write_hmac(constants::netsync_key_initializer, !app.opts.no_transport_auth),
+  read_hmac(constants::netsync_key_initializer, app.opts.use_transport_auth),
+  write_hmac(constants::netsync_key_initializer, app.opts.use_transport_auth),
   authenticated(false),
   last_io_time(::time(NULL)),
   byte_in_ticker(NULL),
@@ -706,7 +706,7 @@ session::set_session_key(rsa_oaep_sha_da
 void
 session::set_session_key(rsa_oaep_sha_data const & hmac_key_encrypted)
 {
-  if (!app.opts.no_transport_auth)
+  if (app.opts.use_transport_auth)
     {
       keypair our_kp;
       load_key_pair(app, app.opts.signing_key, our_kp);
@@ -1060,7 +1060,7 @@ session::queue_hello_cmd(rsa_keypair_id 
                          id const & nonce)
 {
   rsa_pub_key pub;
-  if (!app.opts.no_transport_auth)
+  if (app.opts.use_transport_auth)
     decode_base64(pub_encoded, pub);
   cmd.write_hello_cmd(key_name, pub, nonce);
   write_netcmd_and_try_flush(cmd);
@@ -1075,7 +1075,7 @@ session::queue_anonymous_cmd(protocol_ro
 {
   netcmd cmd;
   rsa_oaep_sha_data hmac_key_encrypted;
-  if (!app.opts.no_transport_auth)
+  if (app.opts.use_transport_auth)
     encrypt_rsa(app.lua, remote_peer_key_name, server_key_encoded,
                 nonce2(), hmac_key_encrypted);
   cmd.write_anonymous_cmd(role, include_pattern, exclude_pattern,
@@ -1096,7 +1096,7 @@ session::queue_auth_cmd(protocol_role ro
 {
   netcmd cmd;
   rsa_oaep_sha_data hmac_key_encrypted;
-  I(!app.opts.no_transport_auth);
+  I(app.opts.use_transport_auth);
   encrypt_rsa(app.lua, remote_peer_key_name, server_key_encoded,
               nonce2(), hmac_key_encrypted);
   cmd.write_auth_cmd(role, include_pattern, exclude_pattern, client,
@@ -1220,7 +1220,7 @@ session::process_hello_cmd(rsa_keypair_i
 
   base64<rsa_pub_key> their_key_encoded;
 
-  if (!app.opts.no_transport_auth)
+  if (app.opts.use_transport_auth)
     {
       hexenc<id> their_key_hash;
       encode_base64(their_key, their_key_encoded);
@@ -1288,7 +1288,7 @@ session::process_hello_cmd(rsa_keypair_i
 
   setup_client_tickers();
 
-  if (!app.opts.no_transport_auth &&
+  if (app.opts.use_transport_auth &&
       app.opts.signing_key() != "")
     {
       // get our key pair
@@ -1344,7 +1344,7 @@ session::process_anonymous_cmd(protocol_
   // If running in no-transport-auth mode, we operate anonymously and
   // permit adoption of any role.
 
-  if (!app.opts.no_transport_auth)
+  if (app.opts.use_transport_auth)
     {
       if (their_role != sink_role)
         {
@@ -1371,7 +1371,7 @@ session::process_anonymous_cmd(protocol_
           {
             error((F("not serving branch '%s'") % *i).str());
           }
-        else if (!app.opts.no_transport_auth &&
+        else if (app.opts.use_transport_auth &&
                  !app.lua.hook_get_netsync_read_permitted(*i))
           {
             error((F("anonymous access to branch '%s' denied by server") % *i).str());
@@ -1380,7 +1380,7 @@ session::process_anonymous_cmd(protocol_
           ok_branches.insert(utf8(*i));
     }
 
-  if (!app.opts.no_transport_auth)
+  if (app.opts.use_transport_auth)
     {
       P(F("allowed anonymous read permission for '%s' excluding '%s'")
         % their_include_pattern % their_exclude_pattern);
@@ -2160,7 +2160,7 @@ session::begin_service()
 session::begin_service()
 {
   keypair kp;
-  if (!app.opts.no_transport_auth)
+  if (app.opts.use_transport_auth)
     app.keys.get_key_pair(app.opts.signing_key, kp);
   queue_hello_cmd(app.opts.signing_key, kp.pub, mk_nonce());
 }
@@ -2270,7 +2270,7 @@ build_stream_to_server(app_state & app,
       I(argv.size() > 0);
       string cmd = argv[0];
       argv.erase(argv.begin());
-      app.opts.no_transport_auth = !app.lua.hook_use_transport_auth(u);
+      app.opts.use_transport_auth = app.lua.hook_use_transport_auth(u);
       return shared_ptr<Netxx::StreamBase>
         (new Netxx::PipeStream(cmd, argv));
 
@@ -2667,8 +2667,8 @@ serve_connections(protocol_role role,
     timeout(static_cast<long>(timeout_seconds)),
     instant(0,1);
 
-  if (!app.opts.bind.port().empty())
-    default_port = std::atoi(app.opts.bind.port().c_str());
+  if (!app.opts.bind_port().empty())
+    default_port = std::atoi(app.opts.bind_port().c_str());
 #ifdef USE_IPV6
   bool use_ipv6=true;
 #else
@@ -2686,8 +2686,8 @@ serve_connections(protocol_role role,
 
           Netxx::Address addr(use_ipv6);
 
-          if (!app.opts.bind.address().empty())
-            addr.add_address(app.opts.bind.address().c_str(), default_port);
+          if (!app.opts.bind_address().empty())
+            addr.add_address(app.opts.bind_address().c_str(), default_port);
           else
             addr.add_all_addresses (default_port);
 
@@ -3136,7 +3136,7 @@ run_netsync_protocol(protocol_voice voic
     {
       if (voice == server_voice)
         {
-          if (app.opts.bind.stdio)
+          if (app.opts.bind_stdio)
             {
               shared_ptr<Netxx::PipeStream> str(new Netxx::PipeStream(0,1));
               shared_ptr<session> sess(new session(role, server_voice,
============================================================
--- options_list.hh	c7b31ec65e0a2190312019011bf57eb8dfb1adf7
+++ options_list.hh	861b5fc7a146a5618c60b5bbbb588e22517d6e73
@@ -33,25 +33,61 @@ OPT(automate_stdio_size, "automate-stdio
 }
 #endif
 
-OPT(bind, "bind", bind_opt, ,
-     gettext_noop("address:port to listen on (default :4691)"))
+OPTSET(bind_opts)
+OPTVAR(bind, utf8, bind_address, )
+OPTVAR(bind, utf8, bind_port, )
+OPTVAR(bind, bool, bind_stdio, false)
+OPTVAR(bind, bool, use_transport_auth, true)
+
+OPTION(bind_opts, bind, true, "bind",
+       gettext_noop("address:port to listen on (default :4691)"))
 #ifdef option_bodies
 {
-  bind.set(arg);
+  string addr_part, port_part;
+  size_t l_colon = arg.find(':');
+  size_t r_colon = arg.rfind(':');
+
+  // not an ipv6 address, as that would have at least two colons
+  if (l_colon == r_colon)
+    {
+      addr_part = (r_colon == string::npos ? arg : arg.substr(0, r_colon));
+      port_part = (r_colon == string::npos ? "" :  arg.substr(r_colon+1, arg.size() - r_colon));
+    }
+  else
+    {
+      // IPv6 addresses have a port specified in the style: [2001:388:0:13::]:80
+      size_t squareb = arg.rfind(']');
+      if ((arg.find('[') == 0) && (squareb != string::npos))
+        {
+          if (squareb < r_colon)
+            port_part = (r_colon == string::npos ? "" :  arg.substr(r_colon+1, arg.size() - r_colon));
+          else
+            port_part = "";
+          addr_part = (squareb == string::npos ? arg.substr(1, arg.size()) : arg.substr(1, squareb-1));
+        }
+      else
+        {
+          addr_part = arg;
+          port_part = "";
+        }
+    }
+  bind_stdio = false;
+  bind_address = utf8(addr_part);
+  bind_port = utf8(port_part);
 }
 #endif
-OPT(no_transport_auth, "no-transport-auth", bool, false,
-     gettext_noop("disable transport authentication"))
+OPTION(bind_opts, no_transport_auth, false, "no-transport-auth",
+       gettext_noop("disable transport authentication"))
 #ifdef option_bodies
 {
-  no_transport_auth = true;
+  use_transport_auth = false;
 }
 #endif
-OPT(bind_stdio, "stdio", bool, false, gettext_noop("serve netsync on stdio"))
+OPTION(bind_opts, bind_stdio, false, "stdio",
+       gettext_noop("serve netsync on stdio"))
 #ifdef option_bodies
 {
-  // Yes, this sets a field in the structure belonging to the "bind" option.
-  bind.stdio = true;
+  bind_stdio = true;
 }
 #endif