samba-bugs at samba.org
2011-Apr-05 10:04 UTC
[Bug 8060] New: "hosts allow" in rsyncd.conf doesn't handle IPv6 subnets smaller than /64.
https://bugzilla.samba.org/show_bug.cgi?id=8060
Summary: "hosts allow" in rsyncd.conf doesn't handle
IPv6
subnets smaller than /64.
Product: rsync
Version: 3.0.8
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P5
Component: core
AssignedTo: wayned at samba.org
ReportedBy: kumba at gentoo.org
QAContact: rsync-qa at samba.org
So if I read the IPv6 specs right, I can chop a chosen /64 subnet block up
however which way I choose. This will involve subnets smaller than /64, like
/96 or /120.
So given a IPv6 addressing scheme like fd77:beef::ac10:0/120 (for simplicity
sake, I am ignoring all precepts of ULA and that globally unique mess)
specified in my rsyncd.conf file, then a server in that subnet and a client
cannot talk.
I.e., if an rsyncd server with IPv6 address fd77:beef::ac10:cb6f and an rsync
client with IPv6 address of fd77:beef::ac10:cb9e try to talk, the server will
reject with the following error:
>>> Starting rsync with
rsync://[fd77:beef::ac10:cb6f]/gentoo-portage...
>>> Checking server timestamp ...
@ERROR: access denied to gentoo-portage from unknown (fd77:beef::ac10:cb9e)
rsync error: error starting client-server protocol (code 5) at main.c(1506)
[Receiver=3.0.7]>>> Retrying...
!!! Exhausted addresses for [fd77:beef::ac10:cb6f]
However, if I edit my "hosts allow" line in /etc/rsyncd.conf to be
just a /64
(hosts allow = fd77:beef::ac10:0/64, ::1), it works fine:
>>> Starting rsync with
rsync://[fd77:beef::ac10:cb6f]/gentoo-portage...
>>> Checking server timestamp ...
receiving incremental file list
timestamp.chk
Number of files: 1
Number of files transferred: 1
Total file size: 32 bytes
Total transferred file size: 32 bytes
Literal data: 32 bytes
Matched data: 0 bytes
File list size: 27
File list generation time: 0.001 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 98
Total bytes received: 134
[snip]
It looks like Samba and rsync share some bits of code. The flaw seems to be in
rsync's access.c file, and I already tested Samba out and it works fine with
small IPv6 subnets between a Windows box and my main Linux box. Might it be
possible to just copy that version, with appropriate edits, over into
rsync's
code? Note: I haven't tried this myself yet.
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
samba-bugs at samba.org
2011-Apr-05 11:57 UTC
[Bug 8060] "hosts allow" in rsyncd.conf doesn't handle IPv6 subnets smaller than /64.
https://bugzilla.samba.org/show_bug.cgi?id=8060
Joshua Kinard <kumba at gentoo.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #1 from Joshua Kinard <kumba at gentoo.org> 2011-04-05
11:57:02 UTC ---
Neeeeevermind. I was adding wrong. Mistaking a /120 for a /96. Of course
fd77:beef::ac10:0/120 doesn't match fd77:beef::ac10:cbxx, because the /120
would fix the first two bits of the last hextet to "0", not
"cb".
Apparently, part of the foolery was with Samba falling back silently to IPv4,
as my IPv6 specification in that config is also bad. Amazing what Wireshark
will teach you.
Ignore.
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.