Re: ident auth postgres 7.4 fedora core 3

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Ian Pilcher <i(dot)pilcher(at)comcast(dot)net>
Cc: pgsql-jdbc(at)postgresql(dot)org
Subject: Re: ident auth postgres 7.4 fedora core 3
Date: 2005-03-07 17:37:30
Message-ID: 3027.1110217050@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-jdbc

Ian Pilcher <i(dot)pilcher(at)comcast(dot)net> writes:
> Since 1.4.2 (I believe), Java uses IPv6 by default. When a connection
> is made to an IPv4 address, it actually makes an IPv6 connection to an
> "IPv4-mapped address". So when you request a connection to 127.0.0.1,
> you actually get a connection to ::ffff:127.0.0.1. PostgreSQL doesn't
> know this, however; it asks the ident daemon, "who's connecting from
> 127.0.0.1?" The daemon answers "nobody".

I traced through this on my own Fedora Core 3 box (kernel
2.6.10-1.766_FC3), and found that when I do
psql -l -h ::ffff:127.0.0.1
the remote address given to Postgres by accept() is actually 127.0.0.1
not ::ffff:127.0.0.1. So the kernel itself is doing the conversion at
some level. On the psql side, the addresses are in fact shown as
::ffff:127.0.0.1, so the dirty work is being done in the kernel, it's
not that glibc downconverted the address to IPv4 in psql userland before
making the connection request. In fact, "lsof" shows the connection as
being IPv6 on the psql side and IPv4 on the postmaster side!

Arguably this is a bug, or at least a bad idea, but there's probably not
going to be much interest in changing the kernel behavior in the near
future. They'll say it would break many more things than it fixes
because of the many non-IPv6-aware programs out there. And I suppose
they'd be right.

If you can't get any results from telling authd to map the addresses,
you might try connecting to "::1" instead of "::ffff:127.0.0.1".

regards, tom lane

In response to

Browse pgsql-jdbc by date

  From Date Subject
Next Message Ian Pilcher 2005-03-07 17:43:02 Re: ident auth postgres 7.4 fedora core 3
Previous Message Tom Lane 2005-03-07 16:49:38 Re: ident auth postgres 7.4 fedora core 3