On Mon, Feb 13, 2012 at 10:15:05PM +0000, Mark Hindley wrote:
> On Mon, Feb 13, 2012 at 12:19:21AM +0100, Leopold BAILLY wrote:
> > Package: apt-cacher
> > Version: 1.7.2
> > Severity: normal
> >
> > Dear Maintainer,
> >
> > for example, allowed_hosts = 192.168.1.0/24 does not work because ipv6 host
> > address does not match this ipv4 formatted rule :
> > Sun Feb 12 23:53:15 2012|debug [16668]: Test client
> > 0:0:0:0:0:FFFF:C0A8:101/128 against allowed: 192.168.1.0/24
> > Sun Feb 12 23:53:15 2012|debug [16668]: Alert: client ::ffff:192.168.1.1
> > disallowed by access control
> > Sun Feb 12 23:53:15 2012|debug [16668]: Response: 403 Access to cache
> > prohibited
> >
> > But I don't use ipv6 on my network.
>
> Although you only use IPv4, I think you have an IPv6 enabled kernel which is
> why the client address is shown as an IPv4 mapped IPv6 address.
I have done a patch to transparently support IPv6 mapped IPv4 addresses.
I would be grateful if you could apply this patch and let me know how it
works for you.
Many thanks
Mark
diff --git a/apt-cacher b/apt-cacher
index fc8cb73..81985cf 100755
--- a/apt-cacher
+++ b/apt-cacher
@@ -47,6 +47,7 @@ use Sys::Hostname;
use Filesys::Df;
use Time::HiRes qw(sleep);
use NetAddr::IP;
+use NetAddr::IP::Util;
use List::Util;
use Getopt::Long qw(:config no_ignore_case bundling);
@@ -354,12 +356,21 @@ sub client_permitted {
return;
}
- if ($client->within(NetAddr::IP->new('127.1')) || # IPv4
- $client->within(NetAddr::IP->new6('::7f00:1')) || # IPv4 compatible
IPv6
- $client->within(NetAddr::IP->new6('::ffff:7f00:1')) || # IPv4
mapped to IPv6
- $client->within(NetAddr::IP->new6('::1'))) { # IPv6
- debug_message('client is localhost');
- return 1
+ my $map_ipv4_mask = NetAddr::IP::inet_any2n('::ffff:0:');
+ my $map_ipv4 = $client->{isv6} && ($client->aton & $map_ipv4_mask) eq
$map_ipv4_mask;
+ if ($map_ipv4) {
+ debug_message('client is IPv4 mapped IPv6 address: mapping IPv4
configuration items to IPv6');
+ }
+
+ foreach (qw(127.0.0.1/8 ::1)) { # localhost: IPv4 and IPv6
+ my $check = NetAddr::IP->new($_);
+ $check =
NetAddr::IP->new(NetAddr::IP::Util::ipv6_n2d(NetAddr::IP::inet_any2n($check->addr)
| $map_ipv4_mask), $check->mask)
+ if !$check->{isv6} && $map_ipv4;
+ debug_message("Test client $client against localhost: $check");
+ if ($client->within($check)) {
+ debug_message('Client is localhost');
+ return 1;
+ }
}
# Now check if the client address falls within the permitted ranges.
@@ -369,7 +380,9 @@ sub client_permitted {
if ((($cfg->{allowed_hosts} eq '*') ||
List::Util::first {
if (my $check = eval{NetAddr::IP->new($_)}) {
- debug_message("Test client $client against allowed: $_");
+ $check =
NetAddr::IP->new(NetAddr::IP::Util::ipv6_n2d(NetAddr::IP::inet_any2n($check->addr)
| $map_ipv4_mask), $check->mask)
+ if !$check->{isv6} && $map_ipv4;
+ debug_message("Test client $client against allowed:
$check");
$client->within($check);
}
else {
@@ -380,7 +393,9 @@ sub client_permitted {
) &&
!grep {
if (my $check = eval{NetAddr::IP->new($_)}) {
- debug_message("Test client $client against denied: $_");
+ $check =
NetAddr::IP->new(NetAddr::IP::Util::ipv6_n2d(NetAddr::IP::inet_any2n($check->addr)
| $map_ipv4_mask), $check->mask)
+ if !$check->{isv6} && $map_ipv4;
+ debug_message("Test client $client against denied: $check");
$client->within($check);
}
else {
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
