Bug 8060 - "hosts allow" in rsyncd.conf doesn't handle IPv6 subnets smaller than /64.
Summary: "hosts allow" in rsyncd.conf doesn't handle IPv6 subnets smaller than /64.
Alias: None
Product: rsync
Classification: Unclassified
Component: core (show other bugs)
Version: 3.0.8
Hardware: All Linux
: P5 normal (vote)
Target Milestone: ---
Assignee: Wayne Davison
QA Contact: Rsync QA Contact
Depends on:
Reported: 2011-04-05 10:04 UTC by Joshua Kinard
Modified: 2011-04-05 11:57 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Joshua Kinard 2011-04-05 10:04:17 UTC
So if I read the IPv6 specs right, I can chop a chosen /64 subnet block up however which way I choose.  This will involve subnets smaller than /64, like /96 or /120.

So given a IPv6 addressing scheme like fd77:beef::ac10:0/120 (for simplicity sake, I am ignoring all precepts of ULA and that globally unique mess) specified in my rsyncd.conf file, then a server in that subnet and a client cannot talk.

I.e., if an rsyncd server with IPv6 address fd77:beef::ac10:cb6f and an rsync client with IPv6 address of fd77:beef::ac10:cb9e try to talk, the server will reject with the following error:

>>> Starting rsync with rsync://[fd77:beef::ac10:cb6f]/gentoo-portage...
>>> Checking server timestamp ...
@ERROR: access denied to gentoo-portage from unknown (fd77:beef::ac10:cb9e)
rsync error: error starting client-server protocol (code 5) at main.c(1506) [Receiver=3.0.7]
>>> Retrying...
!!! Exhausted addresses for [fd77:beef::ac10:cb6f]

However, if I edit my "hosts allow" line in /etc/rsyncd.conf to be just a /64 (hosts allow = fd77:beef::ac10:0/64, ::1), it works fine:

>>> Starting rsync with rsync://[fd77:beef::ac10:cb6f]/gentoo-portage...
>>> Checking server timestamp ...
receiving incremental file list

Number of files: 1
Number of files transferred: 1
Total file size: 32 bytes
Total transferred file size: 32 bytes
Literal data: 32 bytes
Matched data: 0 bytes
File list size: 27
File list generation time: 0.001 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 98
Total bytes received: 134

It looks like Samba and rsync share some bits of code.  The flaw seems to be in rsync's access.c file, and I already tested Samba out and it works fine with small IPv6 subnets between a Windows box and my main Linux box.  Might it be possible to just copy that version, with appropriate edits, over into rsync's code?  Note: I haven't tried this myself yet.
Comment 1 Joshua Kinard 2011-04-05 11:57:02 UTC
Neeeeevermind.  I was adding wrong.  Mistaking a /120 for a /96.  Of course fd77:beef::ac10:0/120 doesn't match fd77:beef::ac10:cbxx, because the /120 would fix the first two bits of the last hextet to "0", not "cb".

Apparently, part of the foolery was with Samba falling back silently to IPv4, as my IPv6 specification in that config is also bad.  Amazing what Wireshark will teach you.