IPV6
Nicolas Pinault
nicolasp at aaton.com
Mon Jul 9 07:43:32 UTC 2018
Le 07/07/2018 à 14:19, Mads Kiilerich a écrit :
> On 07/06/2018 04:35 PM, Nicolas Pinault wrote:
>> Hi Mads,
>>
>> Le 23/03/2018 à 00:55, Mads Kiilerich a écrit :
>>> On 03/22/2018 02:58 PM, Nicolas Pinault wrote:
>>>> Hi,
>>>>
>>>> Is there a way to make kallithea serve on IPV6 only or, IPV4 and IPV6?
>>>
>>> I am not aware of anything that should be IPv4 specific. But I also
>>> haven't tried IPv6.
>>>
>>> I guess it just works if using Apache and mod_wsgi.
>>>
>>> The waitress version we default to use for `gearbox serve` doesn't
>>> support IPv6.
>>>
>>> A quick test on our default branch shows that it seems to work on
>>> IPv6 if you edit setup.py to "waitress>=0.8.8,<2.0" to get something
>>> like waitress 1.1 and edit your .ini to host = * .
>>>
>>> With reports of Waitress 1.1 (and review of their release note) we
>>> can make that version the default.
>> I finally had some time to try your solution.
>> I didn't reinstalled all after modifying setup.py.
>>
>> I upgraded waitress directly with :
>> pip install --upgrade "waitress>=0.8.8,<2.0"
>>
>> I then modified METADATA and metadata.json files located in
>> Kallithea-0.3.5.dist-info directory to set the ">=0.8.8,<2.0" pattern.
>>
>> Kallithea launches and remote client accesses it.
>> However, Kallithea crashes on first access.
>> File "d:\kallithea\env\lib\site-packages\kallithea\lib\auth.py",
>> line 1336, in
>> check_ip_access
>> if ipaddr.IPAddress(source_ip) in ipaddr.IPNetwork(ip):
>> File "d:\kallithea\env\lib\site-packages\kallithea\lib\ipaddr.py",
>> line 76, in
>> IPAddress
>> address)
>> ValueError: 'fe80::acaf:647b:6b31:70b8%13' does not appear to be an
>> IPv4 or IPv6
>> address
>>
>> I believe the scope at the end of the IP address is the culprit. But
>> maybe I am wrong.
>
> Agree. I didn't know that was a thing that could appear here. I guess
> we just should strip it? That would not be a security issue?
>
> Can you try something like
>
> --- a/kallithea/lib/auth.py
> +++ b/kallithea/lib/auth.py
> @@ -1008,6 +1008,7 @@ def check_ip_access(source_ip, allowed_i
> :param allowed_ips: list of allowed ips together with mask
> """
> from kallithea.lib import ipaddr
> + source_ip = source_ip.split('%', 1)[0]
> log.debug('checking if ip:%s is subnet of %s', source_ip,
> allowed_ips)
> if isinstance(allowed_ips, (tuple, list, set)):
> for ip in allowed_ips:
>
>> I have added the full trace back at the end of this message.
>>
>> As IPV6 is not officially supported, I have not created a bug request.
>
> It is also not not officially unsupported ;-) So please bring it on so
> we can fix all issues.
Your patch fixed the issue. I am now able to pull/push to/from Kallithea.
Are there other tests I should try ?
Nicolas
>
> /Mads
More information about the kallithea-general
mailing list