Debian Bug report logs - #481010
ircd-ircu: Incorrectly masks IPv6 addresses causing connection refusal

version graph

Package: ircd-ircu; Maintainer for ircd-ircu is Martin Loschwitz <madkiss@debian.org>; Source for ircd-ircu is src:ircd-ircu.

Reported by: Andrew McMillan <debian@mcmillan.net.nz>

Date: Tue, 13 May 2008 05:51:01 UTC

Severity: normal

Tags: ipv6, jessie, patch, sid, squeeze, wheezy

Found in version ircd-ircu/2.10.12.10.dfsg1-1

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Martin Loschwitz <madkiss@debian.org>:
Bug#481010; Package ircd-ircu. Full text and rfc822 format available.

Acknowledgement sent to Andrew McMillan <debian@mcmillan.net.nz>:
New Bug report received and forwarded. Copy sent to Martin Loschwitz <madkiss@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Andrew McMillan <debian@mcmillan.net.nz>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ircd-ircu: Incorrectly masks IPv6 addresses causing connection refusal
Date: Tue, 13 May 2008 17:49:06 +1200
[Message part 1 (text/plain, inline)]
Package: ircd-ircu
Version: 2.10.12.10.dfsg1-1
Severity: normal
Tags: patch

We had a switch outage in the office today, causing many people to be
disconnected from IRC.  When they attempted to reconnect, many clients
failed to connect, receiving the message:

 ERROR :Your host is trying to (re)connect too fast -- throttled

I tracked the problem down to line 123 of IPcheck.c where the code makes
an unwarranted assumption that IPv6 addresses should be masked to /64
and IPv4 addresses (after conversion to 6to4 format) should be masked to
/48.

Neither assumption is correct.  Our entire LAN is a /64, and this is not
unusual (at all), and indeed IPv6 address autoconfiguration is exactly
designed for multiple devices to coexist without collisions inside a
/64 subnet.

Furthermore, the assumption is not warranted for IPv4 addresses which
are canonicalised into 6to4 IPv6 addresses and then masked to /48. It is
*expected* that people will configure private networks behind 6to4
gateways, frequently using a /64 network with address autoconfiguration,
resulting in the same kind of issue with masking, and the daemon makes
no attempt to distinguish between an IPv4 address which *it* has
canonicalised, and one which is within the 6to4 address of a realio,
trulio, IPv6 gateway.

The attached patch fixes the problem by setting the mask to /128 when
performing this test at connection time.  It is possible that this
assumption occurs in other places as well, but this is the one causing
us pain right now :-)

Regards,
					Andrew McMillan.


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (990, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.25.1-hippy (SMP w/2 CPU cores)
Locale: LANG=en_NZ.UTF8, LC_CTYPE=POSIX (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages ircd-ircu depends on:
ii  libc6                         2.7-10     GNU C Library: Shared libraries

ircd-ircu recommends no packages.

-- no debconf information
[ircd-ipv6-masking-bug.patch (text/x-c, attachment)]

Added tag(s) ipv6. Request was from Simon Paillard <simon.paillard@resel.enst-bretagne.fr> to control@bugs.debian.org. (Sat, 16 Jan 2010 19:48:26 GMT) Full text and rfc822 format available.

Severity set to 'serious' from 'normal' Request was from Clint Adams <schizo@debian.org> to control@bugs.debian.org. (Tue, 23 Mar 2010 01:03:09 GMT) Full text and rfc822 format available.

Added tag(s) sid and squeeze. Request was from Gerfried Fuchs <rhonda@debian.at> to control@bugs.debian.org. (Tue, 23 Mar 2010 07:51:32 GMT) Full text and rfc822 format available.

Severity set to 'normal' from 'serious' Request was from Gerfried Fuchs <rhonda@deb.at> to control@bugs.debian.org. (Tue, 23 Mar 2010 08:30:12 GMT) Full text and rfc822 format available.

Added tag(s) wheezy. Request was from Kurt Roeckx <kurt@roeckx.be> to control@bugs.debian.org. (Wed, 16 Feb 2011 19:03:16 GMT) Full text and rfc822 format available.

Added tag(s) jessie. Request was from Julien Cristau <jcristau@debian.org> to control@bugs.debian.org. (Thu, 18 Apr 2013 17:35:47 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 25 09:56:20 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.