[stunnel-users] A couple of patches against 4.06
roam at ringlet.net
Thu Dec 30 15:10:15 CET 2004
On Thu, Dec 30, 2004 at 02:03:38PM +0100, Michal Trojnara wrote:
> Peter Pentchev wrote:
> >That's funny. Which IPv6 implementation is that - USAGI?
> getnameinfo is defined in glibc library:
> "The getaddrinfo and getnameinfo functions and supporting code were written
> by Craig Metz; see the file LICENSES for details on their licensing."
Ahh. Now all we need is a reason why there is no manpage mentioning
getnameinfo() and getaddrinfo() in Debian testing :) That's why I
thought it was part of some add-on kit, not plain vanilla glibc.
> >What do you think about the following version of the patch, which
> >adds a configure check for the KAME version of getnameinfo()?
> I don't think getnameinfo() error is very probable with
> NI_NUMERICHOST|NI_NUMERICSERV. 8-)
Actually, it is - for some reason I get an EAI_MEMORY error with the
FreeBSD getnameinfo() implementation, when I define a service like this:
accept = f00f:4004:f00f:4004::f00f:1813
connect = 192.168.0.17:1813
I will look into this soon, but in the meantime, at least the FreeBSD
port of stunnel will retain the s_gai_strerror() handling of
[about five minutes later]
*Oof*. Come to think of it, the reason is kinda obvious: s_ntop() only
passes a 20-character host buffer to getnameinfo(), and a numeric IPv6
address may certainly grow a bit larger than that :) Shouldn't IPLEN in
common.h be bumped up to at least 50? Maybe even a bit more - IPv6
addresses may be local to an interface - 'fe80::111:222%tun0' - so the
total length should be 39 for the numeric address + 1 for the '%' +
length of the interface name (which seems to be 15 for most BSD's and
Linuxen) + 1 for the separator + 5 for the port name + 1 for the
terminating null character = about 62. How about it?
> I guess we don't really need to report an error text other than
> "getnameinfo failed".
Maybe, if we agree on increasing IPLEN :)
I'm attaching two patches:
stunnel-simple-iplen.patch - bumps IPLEN to 62 and makes s_ntop()
use the correct size limit for host and the getnameinfo() invocation;
stunnel-kame-iplen.patch - same, but with the added autoconf detection
of KAME getnameinfo() and use of s_gai_strerror() if necessary (and it
might be necessary, at least on most BSD's, which have the KAME stack)
Of course, the EAI_NODATA chunk of the original patch is still necessary.
And now, hopefully I won't bother you anymore until the holidays are over :)
Peter Pentchev roam at ringlet.net roam at cnsys.bg roam at FreeBSD.org
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
This sentence contradicts itself - or rather - well, no, actually it doesn't!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
More information about the stunnel-users