IPV6

Mads Kiilerich mads at kiilerich.com
Sat Jul 7 12:19:29 UTC 2018


On 07/06/2018 04:35 PM, Nicolas Pinault wrote:
> Hi Mads,
>
> Le 23/03/2018 à 00:55, Mads Kiilerich a écrit :
>> On 03/22/2018 02:58 PM, Nicolas Pinault wrote:
>>> Hi,
>>>
>>> Is there a way to make kallithea serve on IPV6 only or, IPV4 and IPV6?
>>
>> I am not aware of anything that should be IPv4 specific. But I also 
>> haven't tried IPv6.
>>
>> I guess it just works if using Apache and mod_wsgi.
>>
>> The waitress version we default to use for `gearbox serve` doesn't 
>> support IPv6.
>>
>> A quick test on our default branch shows that it seems to work on 
>> IPv6 if you edit setup.py to "waitress>=0.8.8,<2.0" to get something 
>> like waitress 1.1 and edit your .ini to host = * .
>>
>> With reports of Waitress 1.1 (and review of their release note) we 
>> can make that version the default.
> I finally had some time to try your solution.
> I didn't reinstalled all after modifying setup.py.
>
> I upgraded waitress directly with :
> pip install --upgrade "waitress>=0.8.8,<2.0"
>
> I then modified METADATA and metadata.json files located in 
> Kallithea-0.3.5.dist-info directory to set the ">=0.8.8,<2.0" pattern.
>
> Kallithea launches and remote client accesses it.
> However, Kallithea crashes on first access.
>   File "d:\kallithea\env\lib\site-packages\kallithea\lib\auth.py", 
> line 1336, in
>  check_ip_access
>     if ipaddr.IPAddress(source_ip) in ipaddr.IPNetwork(ip):
>   File "d:\kallithea\env\lib\site-packages\kallithea\lib\ipaddr.py", 
> line 76, in
>  IPAddress
>     address)
> ValueError: 'fe80::acaf:647b:6b31:70b8%13' does not appear to be an 
> IPv4 or IPv6
>  address
>
> I believe the scope at the end of the IP address is the culprit. But 
> maybe I am wrong.

Agree. I didn't know that was a thing that could appear here. I guess we 
just should strip it? That would not be a security issue?

Can you try something like

--- a/kallithea/lib/auth.py
+++ b/kallithea/lib/auth.py
@@ -1008,6 +1008,7 @@ def check_ip_access(source_ip, allowed_i
      :param allowed_ips: list of allowed ips together with mask
      """
      from kallithea.lib import ipaddr
+    source_ip = source_ip.split('%', 1)[0]
      log.debug('checking if ip:%s is subnet of %s', source_ip, allowed_ips)
      if isinstance(allowed_ips, (tuple, list, set)):
          for ip in allowed_ips:

> I have added the full trace back at the end of this message.
>
> As IPV6 is not officially supported, I have not created a bug request.

It is also not not officially unsupported ;-) So please bring it on so 
we can fix all issues.

/Mads


More information about the kallithea-general mailing list