IPV6

Nicolas Pinault nicolasp at aaton.com
Mon Jul 9 07:43:32 UTC 2018 

Le 07/07/2018 à 14:19, Mads Kiilerich a écrit :
> On 07/06/2018 04:35 PM, Nicolas Pinault wrote:
>> Hi Mads,
>>
>> Le 23/03/2018 à 00:55, Mads Kiilerich a écrit :
>>> On 03/22/2018 02:58 PM, Nicolas Pinault wrote:
>>>> Hi,
>>>>
>>>> Is there a way to make kallithea serve on IPV6 only or, IPV4 and IPV6?
>>>
>>> I am not aware of anything that should be IPv4 specific. But I also 
>>> haven't tried IPv6.
>>>
>>> I guess it just works if using Apache and mod_wsgi.
>>>
>>> The waitress version we default to use for `gearbox serve` doesn't 
>>> support IPv6.
>>>
>>> A quick test on our default branch shows that it seems to work on 
>>> IPv6 if you edit setup.py to "waitress>=0.8.8,<2.0" to get something 
>>> like waitress 1.1 and edit your .ini to host = * .
>>>
>>> With reports of Waitress 1.1 (and review of their release note) we 
>>> can make that version the default.
>> I finally had some time to try your solution.
>> I didn't reinstalled all after modifying setup.py.
>>
>> I upgraded waitress directly with :
>> pip install --upgrade "waitress>=0.8.8,<2.0"
>>
>> I then modified METADATA and metadata.json files located in 
>> Kallithea-0.3.5.dist-info directory to set the ">=0.8.8,<2.0" pattern.
>>
>> Kallithea launches and remote client accesses it.
>> However, Kallithea crashes on first access.
>>   File "d:\kallithea\env\lib\site-packages\kallithea\lib\auth.py", 
>> line 1336, in
>>  check_ip_access
>>     if ipaddr.IPAddress(source_ip) in ipaddr.IPNetwork(ip):
>>   File "d:\kallithea\env\lib\site-packages\kallithea\lib\ipaddr.py", 
>> line 76, in
>>  IPAddress
>>     address)
>> ValueError: 'fe80::acaf:647b:6b31:70b8%13' does not appear to be an 
>> IPv4 or IPv6
>>  address
>>
>> I believe the scope at the end of the IP address is the culprit. But 
>> maybe I am wrong.
>
> Agree. I didn't know that was a thing that could appear here. I guess 
> we just should strip it? That would not be a security issue?
>
> Can you try something like
>
> --- a/kallithea/lib/auth.py
> +++ b/kallithea/lib/auth.py
> @@ -1008,6 +1008,7 @@ def check_ip_access(source_ip, allowed_i
>      :param allowed_ips: list of allowed ips together with mask
>      """
>      from kallithea.lib import ipaddr
> +    source_ip = source_ip.split('%', 1)[0]
>      log.debug('checking if ip:%s is subnet of %s', source_ip, 
> allowed_ips)
>      if isinstance(allowed_ips, (tuple, list, set)):
>          for ip in allowed_ips:
>
>> I have added the full trace back at the end of this message.
>>
>> As IPV6 is not officially supported, I have not created a bug request.
>
> It is also not not officially unsupported ;-) So please bring it on so 
> we can fix all issues.
Your patch fixed the issue. I am now able to pull/push to/from Kallithea.
Are there other tests I should try ?

Nicolas
>
> /Mads

More information about the kallithea-general mailing list