From joostvb+debian-bugs-20130406@uvt.nl Sat Apr 06 04:36:12 2013 Received: (at submit) by bugs.debian.org; 6 Apr 2013 04:36:12 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2-bugs.debian.org_2005_01_02 (2011-06-06) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-9.9 required=4.0 tests=BAYES_00,FRT_SOMA,FRT_SOMA2, HAS_PACKAGE,MURPHY_DRUGS_REL8,RCVD_IN_DNSWL_LOW,T_RP_MATCHES_RCVD, X_DEBBUGS_CC autolearn=ham version=3.3.2-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 43; hammy, 149; neutral, 86; spammy, 2. spammytokens:0.993-1--net_, 0.987-1--zomo hammytokens:0.000-+--H*u:1.5.21, 0.000-+--H*UA:1.5.21, 0.000-+--H*u:2010-09-15, 0.000-+--H*UA:2010-09-15, 0.000-+--44.000000000 Return-path: Received: from poisson.uvt.nl ([137.56.247.187]) by buxtehude.debian.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.80) (envelope-from ) id 1UOKrL-000645-Pk for submit@bugs.debian.org; Sat, 06 Apr 2013 04:36:12 +0000 Received: from localhost (localhost [127.0.0.1]) by poisson.uvt.nl (Postfix) with ESMTP id 67AD6280049; Sat, 6 Apr 2013 06:36:02 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at uvt.nl Received: from poisson.uvt.nl ([127.0.0.1]) by localhost (poisson.uvt.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V9Uuoq7mJL2S; Sat, 6 Apr 2013 06:35:57 +0200 (CEST) Received: from lagrange.uvt.nl (lagrange.uvt.nl [137.56.247.171]) by poisson.uvt.nl (Postfix) with ESMTP id E7F052800AA; Sat, 6 Apr 2013 06:35:57 +0200 (CEST) Received: from dijkstra.uvt.nl (dijkstra.uvt.nl [137.56.163.97]) by lagrange.uvt.nl (Postfix) with ESMTP id DF62A400082; Sat, 6 Apr 2013 06:35:57 +0200 (CEST) Received: by dijkstra.uvt.nl (Postfix, from userid 1000) id D291C177978; Sat, 6 Apr 2013 06:35:57 +0200 (CEST) Date: Sat, 6 Apr 2013 06:35:57 +0200 From: Joost van =?utf-8?Q?Baal-Ili=C4=87?= To: submit@bugs.debian.org Subject: uruk: autodetect non-routable nets Message-ID: <20130406043557.GA8175@dijkstra.uvt.nl> References: <515EEA45.6000003@uvt.nl> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <515EEA45.6000003@uvt.nl> X-debbugs-cc: Casper Gielen X-URL: http://mdcc.cx/ X-Accept-Language: nl, en X-PGP-Key-ID: 0B86B067 User-Agent: Mutt/1.5.21 (2010-09-15) Delivered-To: submit@bugs.debian.org Status: O Content-Length: 2777 Lines: 90 Package: uruk Tags: patch, upstream Hoi, Thanks for your bugreport. I am submitting it to the Debian BTS, so it won't get lost. Please reply to @bugs.debian.org if you have any more remarks on this issue. O! On which uruk-version are you working? Groet! Joost Op Fri 5 Apr 2013 om 05:14:13 +0200 schreef Casper Gielen: > Hoi Joost, > hierbij een patch voor uruk. > Precies n keer getest (op zomo). > > ip-autodetectie werkt niet als je een interface hebt in een non-routable > netwerk. Het netmask moet eigenlijk worden aangepast. > 192.168.123.0/24 -> 192.168.0.0/16 > Onderstaande code zorgt daar voor. Na het weekend hoop ik het op een > tweede systeem te testen. > > > --- autodetect-ips 2013-04-05 17:10:44.000000000 +0200 > +++ autodetect-ips.old 2013-04-05 16:49:16.000000000 +0200 > @@ -30,25 +30,6 @@ > ############################################### > > # For each interface in interfaces, ip_ should be defined. > -# if an autodetected address is in a non-routable range, > -# then net__default should expand to contain the entire range. > -expandnet4() > -{ > - case "$1" in > - 192.168.*) echo "192.168.0.0/24" ;; > - 172.16.*) echo "172.16.0.0/12" ;; > - *) echo "$1" ;; > - esac > -} > - > -expandnet6() > -{ > - case "$1" in > - fc00:*) echo "fc00::/7" ;; > - fec0:*) echo "fec0::/10" ;; > - *) echo "$1" ;; > - esac > -} > > # First try Red Hat's init scripts > for f in /etc/sysconfig/network-scripts/ifcfg-* > @@ -60,12 +41,10 @@ > esac > eval "$( > . $f > - net=$(expandnet4 $IPADDR/$NETMASK) > - net6=$(expandnet6 $IPADDR/$NETMASK) > echo ip_${i}_default=$IPADDR > - echo net_${i}_default=$net > + echo net_${i}_default=$IPADDR/$NETMASK > echo ip6_${i}_default=${IPV6ADDR%/*} > - echo net6_${i}_default=$net6 > + echo net6_${i}_default=$IPV6ADDR > )" > done > > @@ -92,13 +71,11 @@ > esac > case $iface,$address,$netmask in ?*,?*,?*) > case $type in inet) > - net=$(expandnet4 $address/$netmask) > echo ip_${iface}_default=$address > - echo net_${iface}_default=$net > + echo net_${iface}_default=$address/$netmask > ;; inet6) > - net6=$(expandnet6 $address/$netmask) > echo ip6_${iface}_default=$address > - echo net6_${iface}_default=$net6 > + echo net6_${iface}_default=$address/$netmask > esac > iface= > type= > From c.gielen@uvt.nl Mon Apr 08 14:57:50 2013 Received: (at 704807) by bugs.debian.org; 8 Apr 2013 14:57:50 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2-bugs.debian.org_2005_01_02 (2011-06-06) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-6.7 required=4.0 tests=BAYES_00,FOURLA, HAS_BUG_NUMBER,MURPHY_DRUGS_REL8,RCVD_IN_DNSWL_LOW,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 20; hammy, 151; neutral, 44; spammy, 0. spammytokens: hammytokens:0.000-+--H*UA:10.0.12, 0.000-+--H*u:10.0.12, 0.000-+--H*u:20130116, 0.000-+--H*UA:20130116, 0.000-+--H*u:Icedove Return-path: Received: from poincare.uvt.nl ([137.56.247.172]) by buxtehude.debian.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.80) (envelope-from ) id 1UPDW2-00083j-Cj for 704807@bugs.debian.org; Mon, 08 Apr 2013 14:57:50 +0000 Received: from localhost (localhost [127.0.0.1]) by poincare.uvt.nl (Postfix) with ESMTP id ED4A8280165 for <704807@bugs.debian.org>; Mon, 8 Apr 2013 16:57:40 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at uvt.nl Received: from poincare.uvt.nl ([127.0.0.1]) by localhost (poincare.uvt.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YAdgus3JjUjZ for <704807@bugs.debian.org>; Mon, 8 Apr 2013 16:57:40 +0200 (CEST) Received: from lagrange.uvt.nl (lagrange.uvt.nl [137.56.247.171]) by poincare.uvt.nl (Postfix) with ESMTP id B2854280113 for <704807@bugs.debian.org>; Mon, 8 Apr 2013 16:57:40 +0200 (CEST) Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: cgielen) by lagrange.uvt.nl (Postfix) with ESMTPSA id AE9C4400082 Message-ID: <5162DAE3.6010105@uvt.nl> Date: Mon, 08 Apr 2013 16:57:39 +0200 From: Casper Gielen Organization: Tilburg University: lis-unix User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130116 Icedove/10.0.12 MIME-Version: 1.0 To: 704807@bugs.debian.org Subject: Re: Bug#704807: uruk: autodetect non-routable nets References: <515EEA45.6000003@uvt.nl> <20130406043557.GA8175@dijkstra.uvt.nl> In-Reply-To: <20130406043557.GA8175@dijkstra.uvt.nl> X-Enigmail-Version: 1.4.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Status: O Content-Length: 578 Lines: 24 Op 06-04-13 06:35, Joost van Baal-Ilić schreef: > Package: uruk > Tags: patch, upstream > > Hoi, > > Thanks for your bugreport. I am submitting it to the Debian BTS, so > it won't get lost. Please reply to @bugs.debian.org if you have > any more remarks on this issue. > > O! On which uruk-version are you working? 20130226-1 -- Casper Gielen | LIS UNIX PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7 Universiteit van Tilburg | Postbus 90153, 5000 LE Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl From joostvb-debian-bugs-20130409-2@mdcc.cx Tue Apr 09 13:35:41 2013 Received: (at 704807) by bugs.debian.org; 9 Apr 2013 13:35:41 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2-bugs.debian.org_2005_01_02 (2011-06-06) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER, MURPHY_DRUGS_REL8 autolearn=ham version=3.3.2-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 19; hammy, 151; neutral, 67; spammy, 0. spammytokens: hammytokens:0.000-+--39pm, 0.000-+--39PM, 0.000-+--H*u:1.5.20, 0.000-+--H*UA:1.5.20, 0.000-+--H*u:2009-06-14 Return-path: Received: from beskar.soleus.nu ([94.142.246.89] helo=beskar.mdcc.cx) by buxtehude.debian.org with esmtp (Exim 4.80) (envelope-from ) id 1UPYi5-0002EQ-Fv for 704807@bugs.debian.org; Tue, 09 Apr 2013 13:35:41 +0000 Received: by beskar.mdcc.cx (Postfix, from userid 1000) id 6A9802C4FF; Tue, 9 Apr 2013 15:35:38 +0200 (CEST) Date: Tue, 9 Apr 2013 15:35:38 +0200 From: Joost van =?utf-8?Q?Baal-Ili=C4=87?= To: Casper Gielen , 704807@bugs.debian.org Subject: Re: Bug#704807: uruk: autodetect non-routable nets Message-ID: <20130409133538.GH25275@beskar.mdcc.cx> References: <515EEA45.6000003@uvt.nl> <20130406043557.GA8175@dijkstra.uvt.nl> <5162DAE3.6010105@uvt.nl> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <5162DAE3.6010105@uvt.nl> User-Agent: Mutt/1.5.20 (2009-06-14) Status: O Content-Length: 1400 Lines: 51 Hoi, On Mon, Apr 08, 2013 at 04:57:39PM +0200, Casper Gielen wrote: > Op 06-04-13 06:35, Joost van Baal-Ilić schreef: > > Package: uruk > > Tags: patch, upstream > > > > Hoi, > > > > Thanks for your bugreport. I am submitting it to the Debian BTS, so > > it won't get lost. Please reply to @bugs.debian.org if you have > > any more remarks on this issue. > > > > O! On which uruk-version are you working? > > 20130226-1 That's current latest upstream, OK thanks. your patch contains: - case "$1" in - 192.168.*) echo "192.168.0.0/24" ;; - 172.16.*) echo "172.16.0.0/12" ;; - *) echo "$1" ;; - esac it misses some ranges: joostvb@janacopoulos:~/git/uruk/uruk% grep \^ip._noroute_ranges script/uruk ip4_noroute_ranges='127.0.0.1/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16' ip6_noroute_ranges='::1/128 ffff:0:0::/96 fc00::/7 fec0::/10 0200::/7 2001:0db8::/32' Furthermore, 172.16.0.0/12 is 172.16.0.0 - 172.31.255.255. Your code would wrongly place 172.32.0.1 in 172.16.0.0/12. Care to fix that? Hrm, there might be an easier way to work around the problem btw. We could e.g. state that autodetect-ips doesn't support that situation, and tell people to use another trick. The patch would update documentation only. I am not sure yet what's the best solution. Anyway, thanks for your work! Bye, Joost From c.gielen@uvt.nl Thu Apr 11 12:32:18 2013 Received: (at 704807) by bugs.debian.org; 11 Apr 2013 12:32:18 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2-bugs.debian.org_2005_01_02 (2011-06-06) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-2.8 required=4.0 tests=BAYES_00,FOURLA,FRT_SOMA, FRT_SOMA2,HAS_BUG_NUMBER,MIXEDBDN,MURPHY_DRUGS_REL8,RCVD_IN_DNSWL_LOW, T_RP_MATCHES_RCVD autolearn=no version=3.3.2-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 24; hammy, 151; neutral, 151; spammy, 0. spammytokens: hammytokens:0.000-+--H*u:10.0.12, 0.000-+--H*UA:10.0.12, 0.000-+--H*u:20130116, 0.000-+--H*UA:20130116, 0.000-+--12.000000000 Return-path: Received: from poincare.uvt.nl ([137.56.247.172]) by buxtehude.debian.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.80) (envelope-from ) id 1UQGfp-0004J7-BY for 704807@bugs.debian.org; Thu, 11 Apr 2013 12:32:18 +0000 Received: from localhost (localhost [127.0.0.1]) by poincare.uvt.nl (Postfix) with ESMTP id 50D44280125; Thu, 11 Apr 2013 14:32:07 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at uvt.nl Received: from poincare.uvt.nl ([127.0.0.1]) by localhost (poincare.uvt.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hP8I-FyNfC87; Thu, 11 Apr 2013 14:32:07 +0200 (CEST) Received: from lagrange.uvt.nl (lagrange.uvt.nl [137.56.247.171]) by poincare.uvt.nl (Postfix) with ESMTP id 0279828011C; Thu, 11 Apr 2013 14:32:07 +0200 (CEST) Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: cgielen) by lagrange.uvt.nl (Postfix) with ESMTPSA id F1F53400082 Message-ID: <5166AD46.6010606@uvt.nl> Date: Thu, 11 Apr 2013 14:32:06 +0200 From: Casper Gielen Organization: Tilburg University: lis-unix User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130116 Icedove/10.0.12 MIME-Version: 1.0 To: =?UTF-8?B?Sm9vc3QgdmFuIEJhYWwtSWxpxIc=?= CC: 704807@bugs.debian.org Subject: Re: Bug#704807: uruk: autodetect non-routable nets References: <515EEA45.6000003@uvt.nl> <20130406043557.GA8175@dijkstra.uvt.nl> <5162DAE3.6010105@uvt.nl> <20130409133538.GH25275@beskar.mdcc.cx> In-Reply-To: <20130409133538.GH25275@beskar.mdcc.cx> X-Enigmail-Version: 1.4.1 Content-Type: multipart/mixed; boundary="------------030504070104040809040300" Status: O Content-Length: 3007 Lines: 99 This is a multi-part message in MIME format. --------------030504070104040809040300 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Improvements over the last patch: - more networkranges recognized - proper regex for 172.16/16 - deal with combined ipv6addr/netmask on RHEL Tested on zeneco, zuniran, zomo & zonozu. -- Casper Gielen | LIS UNIX PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7 Universiteit van Tilburg | Postbus 90153, 5000 LE Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl --------------030504070104040809040300 Content-Type: text/x-patch; name="autodetect-nonroutable.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="autodetect-nonroutable.diff" --- autodetect-ips.old 2013-04-05 16:49:16.000000000 +0200 +++ autodetect-ips 2013-04-11 14:30:12.000000000 +0200 @@ -31,6 +31,31 @@ # For each interface in interfaces, ip_ should be defined. +# If an autodetected address is in a non-routable range, +# then net__default should expand to contain the entire range. +expandnet4() +{ + case "$1" in + 10.*) echo "10.0.0/8" ;; + 192.168.*) echo "192.168.0.0/24" ;; + 172.1[6-9].*|172.2?.*|172.3[0-1].*) echo "172.16.0.0/12" ;; + *) echo "$1" ;; + esac +} + +expandnet6() +{ + # Matching IPv6 with regexes is really hard. + # The code below assumes that the usual conventions for writing IPv6-adresses are followed. + case "$1" in + fc00:*) echo "fc00::/7" ;; + fec0:*) echo "fec0::/10" ;; + ::ffff:*:*) echo "::ffff:0:0/96" ;; + 2001:0db8::*) echo "2001:0db8::/32" ;; + *) echo "$1" ;; + esac +} + # First try Red Hat's init scripts for f in /etc/sysconfig/network-scripts/ifcfg-* do @@ -41,10 +66,12 @@ esac eval "$( . $f + net4=$(expandnet4 $IPADDR/$NETMASK) + net6=$(expandnet6 $IPV6ADDR) # netmask is deel van IPV6ADDR echo ip_${i}_default=$IPADDR - echo net_${i}_default=$IPADDR/$NETMASK + echo net_${i}_default=$net4 echo ip6_${i}_default=${IPV6ADDR%/*} - echo net6_${i}_default=$IPV6ADDR + echo net6_${i}_default=$net6 )" done @@ -71,11 +98,13 @@ esac case $iface,$address,$netmask in ?*,?*,?*) case $type in inet) + net=$(expandnet4 $address/$netmask) echo ip_${iface}_default=$address - echo net_${iface}_default=$address/$netmask + echo net_${iface}_default=$net ;; inet6) + net=$(expandnet6 $address/$netmask) echo ip6_${iface}_default=$address - echo net6_${iface}_default=$address/$netmask + echo net6_${iface}_default=$net esac iface= type= --------------030504070104040809040300-- From joostvb-debian-bugs-20130820-2@uvt.nl Tue Aug 20 09:21:52 2013 Received: (at submit) by bugs.debian.org; 20 Aug 2013 09:21:52 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2-bugs.debian.org_2005_01_02 (2011-06-06) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-13.7 required=4.0 tests=BAYES_00,DIGITS_LETTERS, FOURLA,HAS_PACKAGE,PGPSIGNATURE,RCVD_IN_DNSWL_LOW,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 48; hammy, 149; neutral, 116; spammy, 2. spammytokens:0.993-1--mailtje, 0.993-1--minuut hammytokens:0.000-+--H*u:1.5.21, 0.000-+--H*UA:1.5.21, 0.000-+--H*u:2010-09-15, 0.000-+--H*UA:2010-09-15, 0.000-+--0c03 Return-path: Received: from poincare.uvt.nl ([137.56.247.172]) by buxtehude.debian.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1VBi8O-0001dP-5f for submit@bugs.debian.org; Tue, 20 Aug 2013 09:21:52 +0000 Received: from localhost (localhost [127.0.0.1]) by poincare.uvt.nl (Postfix) with ESMTP id 24729100238; Tue, 20 Aug 2013 11:21:39 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at uvt.nl Received: from poincare.uvt.nl ([127.0.0.1]) by localhost (poincare.uvt.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rg1hQtjEEWwt; Tue, 20 Aug 2013 11:21:38 +0200 (CEST) Received: from laplace.uvt.nl (laplace.uvt.nl [137.56.247.186]) by poincare.uvt.nl (Postfix) with ESMTP id CEF2E100237; Tue, 20 Aug 2013 11:21:38 +0200 (CEST) Received: from dijkstra.uvt.nl (dijkstra.uvt.nl [137.56.163.97]) by laplace.uvt.nl (Postfix) with ESMTP id CC62B4000E9; Tue, 20 Aug 2013 11:21:38 +0200 (CEST) Received: by dijkstra.uvt.nl (Postfix, from userid 1000) id C2862D7; Tue, 20 Aug 2013 11:21:38 +0200 (CEST) Date: Tue, 20 Aug 2013 11:21:38 +0200 From: Joost van =?utf-8?Q?Baal-Ili=C4=87?= To: submit@bugs.debian.org Subject: uruk: incorrectly blocks and logs tcp RSET packets Message-ID: <20130820092138.GE646@dijkstra.uvt.nl> References: <20130820085337.GH32833@homsar.uvt.nl> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="G6nVm6DDWH/FONJq" Content-Disposition: inline In-Reply-To: <20130820085337.GH32833@homsar.uvt.nl> X-URL: http://mdcc.cx/ X-Accept-Language: nl, en X-PGP-Key-ID: 0B86B067 User-Agent: Mutt/1.5.21 (2010-09-15) Delivered-To: submit@bugs.debian.org Status: O Content-Length: 3185 Lines: 91 --G6nVm6DDWH/FONJq Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Package: uruk Version: 20130426-1 Tag: upstream Hi, Op Tue 20 Aug 2013 om 10:53:37 +0200 schreef Wessel Dankers: >=20 > Ik dacht dat dit gefixt was, maar ik zie nog steeds: >=20 > Aug 20 10:52:43 poisson postfix/smtp[28282]: B84AA367: to=3D, relay=3Daspmx.l.google.com[2a00:1450:400c:c03::1b]:25, delay=3D0.33,= delays=3D0.02/0/0.08/0.23, dsn=3D2.0.0, status=3Dsent (250 2.0.0 OK 137698= 8763 ib3si224878wjb.48 - gsmtp) > Aug 20 10:52:43 poisson kernel: [435770.792996] ip6tables: IN=3Deth0 OUT= =3D MAC=3D00:50:56:9a:1b:fc:00:0e:39:ff:ec:00:86:dd SRC=3D2a00:1450:400c:0c= 03:0000:0000:0000:001b DST=3D2001:0610:1410:0000:ef20:61d1:5f73:2857 LEN=3D= 60 TC=3D0 HOPLIMIT=3D57 FLOWLBL=3D0 PROTO=3DTCP SPT=3D25 DPT=3D42368 WINDOW= =3D0 RES=3D0x00 RST URGP=3D0=20 >=20 > Die iptables-regel verschijnt na elk verstuurd mailtje. =D1=81=D1=80=D0=B5 14 10:18 < thijs> overigens, ik krijg nog steeds veel va= n dit soort output in syslog:=20 Aug 14 06:03:34 tnli005 kernel: [2554333.457013] ipta= bles: IN=3Deth0=20 OUT=3D MAC=3D00:50:56:b3:45:d4:00:0e:39:ff:ec:00:08:0= 0 SRC=3D137.56.247.155=20 DST=3D137.56.243.55 LEN=3D40 TOS=3D0x00 PREC=3D0x00 T= TL=3D63 ID=3D0 DF PROTO=3DTCP=20 SPT=3D58041 DPT=3D443 WINDOW=3D0 RES=3D0x00 RST URGP= =3D0 =D1=81=D1=80=D0=B5 14 10:18 < thijs> 1 per minuut =D1=81=D1=80=D0=B5 14 10:19 < Fruit> mja dat is die iptables bug =D1=81=D1=80=D0=B5 14 10:19 < thijs> was daar niet een workaround voor aang= ebracht? =D1=81=D1=80=D0=B5 14 10:21 < joostvb> zou gefixed moeten zijn in "uruk ver= sion 20120914 - The Sankt Goar=20 Release =D1=81=D1=80=D0=B5 14 10:21 < joostvb> " =D1=81=D1=80=D0=B5 14 10:24 < thijs> ii uruk 20130426-1 =D1=81=D1=80=D0=B5 14 10:25 < joostvb> misschien http://bugs.debian.org/687= 621 heropenen dan =D1=81=D1=80=D0=B5 14 10:27 < Fruit> hmm dit is een RST-pakketje =D1=81=D1=80=D0=B5 14 10:27 < Fruit> geen FIN|ACK uruk now has: $iptables -A INPUT --protocol tcp --tcp-flags SYN,ACK,FIN,RST FIN,ACK -j A= CCEPT $ip6tables -A INPUT --protocol tcp --tcp-flags SYN,ACK,FIN,RST FIN,ACK -j = ACCEPT would adding $iptables -A INPUT --protocol tcp --tcp-flags SYN,ACK,FIN,RST RST -j ACCEPT $ip6tables -A INPUT --protocol tcp --tcp-flags SYN,ACK,FIN,RST RST -j ACCE= PT fix it? Is this yet another bug in iptables? Bye, Joost --G6nVm6DDWH/FONJq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQEcBAEBAgAGBQJSEzUiAAoJEDNRenKl5rDIfF8H/2gi4KDvde3gs6DxTmebjrMN AS9Zu04Uox8qftoYKQkyk5ds9LURVohNhf017jq7bI2056i1JQiL6Db7K1yuCSWa Asi4PdneGHOHpJ5kSqMuJ8n0yLzsX6haCyNgj5gtGv0E1/Ne2iVzWDL9UlKVBUm1 yWB9vf5SAmyM4BYw/h4/M2NRm+dhRwgw+JTJisVXPkZaaaIYDAYdfh1XB44PNON6 pTB3azFiJ0kyUDk3ssk51sPnjTN73EvKC9wA4tcZIsRGGj8KbDfqQXh2zqAgVBL0 CIQByfzGyuaZ6jFpqrT7kFboJ2fyU7XEzEfoAKaJvwgT30ZgpUCxK+JNmVbl+UQ= =7lpp -----END PGP SIGNATURE----- --G6nVm6DDWH/FONJq-- From joostvb-debian-bugs-20130820-2@uvt.nl Tue Aug 20 10:03:25 2013 Received: (at 720306) by bugs.debian.org; 20 Aug 2013 10:03:25 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2-bugs.debian.org_2005_01_02 (2011-06-06) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-5.9 required=4.0 tests=BAYES_00,DIGITS_LETTERS, FOURLA,HAS_BUG_NUMBER autolearn=ham version=3.3.2-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 15; hammy, 151; neutral, 182; spammy, 0. spammytokens: hammytokens:0.000-+--H*u:1.5.21, 0.000-+--H*UA:1.5.21, 0.000-+--H*u:2010-09-15, 0.000-+--H*UA:2010-09-15, 0.000-+--0c03 Return-path: Received: from beskar.soleus.nu ([94.142.246.89] helo=beskar.mdcc.cx) by buxtehude.debian.org with esmtp (Exim 4.80) (envelope-from ) id 1VBimb-0005th-9f for 720306@bugs.debian.org; Tue, 20 Aug 2013 10:03:25 +0000 Received: by beskar.mdcc.cx (Postfix, from userid 1000) id D9B2D25B6E; Tue, 20 Aug 2013 12:03:20 +0200 (CEST) Date: Tue, 20 Aug 2013 12:03:20 +0200 From: Joost van =?utf-8?Q?Baal-Ili=C4=87?= To: 720306@bugs.debian.org Subject: Re: Bug#720306: uruk: incorrectly blocks and logs tcp RSET packets Message-ID: <20130820100320.GP5207@beskar.mdcc.cx> References: <20130820085337.GH32833@homsar.uvt.nl> <20130820092138.GE646@dijkstra.uvt.nl> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20130820092138.GE646@dijkstra.uvt.nl> User-Agent: Mutt/1.5.21 (2010-09-15) Status: O Content-Length: 2671 Lines: 55 On Tue, Aug 20, 2013 at 11:21:38AM +0200, Joost van Baal-Ilić wrote: > Package: uruk > Version: 20130426-1 > Tag: upstream > > Hi, > > Op Tue 20 Aug 2013 om 10:53:37 +0200 schreef Wessel Dankers: > > > > Ik dacht dat dit gefixt was, maar ik zie nog steeds: > > > > Aug 20 10:52:43 poisson postfix/smtp[28282]: B84AA367: to=, relay=aspmx.l.google.com[2a00:1450:400c:c03::1b]:25, delay=0.33, delays=0.02/0/0.08/0.23, dsn=2.0.0, status=sent (250 2.0.0 OK 1376988763 ib3si224878wjb.48 - gsmtp) > > Aug 20 10:52:43 poisson kernel: [435770.792996] ip6tables: IN=eth0 OUT= MAC=00:50:56:9a:1b:fc:00:0e:39:ff:ec:00:86:dd SRC=2a00:1450:400c:0c03:0000:0000:0000:001b DST=2001:0610:1410:0000:ef20:61d1:5f73:2857 LEN=60 TC=0 HOPLIMIT=57 FLOWLBL=0 PROTO=TCP SPT=25 DPT=42368 WINDOW=0 RES=0x00 RST URGP=0 > > > > Die iptables-regel verschijnt na elk verstuurd mailtje. > > сре 14 10:18 < thijs> overigens, ik krijg nog steeds veel van dit soort output in syslog: > Aug 14 06:03:34 tnli005 kernel: [2554333.457013] iptables: IN=eth0 > OUT= MAC=00:50:56:b3:45:d4:00:0e:39:ff:ec:00:08:00 SRC=137.56.247.155 > DST=137.56.243.55 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP > SPT=58041 DPT=443 WINDOW=0 RES=0x00 RST URGP=0 > сре 14 10:18 < thijs> 1 per minuut > сре 14 10:19 < Fruit> mja dat is die iptables bug > сре 14 10:19 < thijs> was daar niet een workaround voor aangebracht? > сре 14 10:21 < joostvb> zou gefixed moeten zijn in "uruk version 20120914 - The Sankt Goar > Release > сре 14 10:21 < joostvb> " > сре 14 10:24 < thijs> ii uruk 20130426-1 > сре 14 10:25 < joostvb> misschien http://bugs.debian.org/687621 heropenen dan > сре 14 10:27 < Fruit> hmm dit is een RST-pakketje > сре 14 10:27 < Fruit> geen FIN|ACK > > uruk now has: > > $iptables -A INPUT --protocol tcp --tcp-flags SYN,ACK,FIN,RST FIN,ACK -j ACCEPT > $ip6tables -A INPUT --protocol tcp --tcp-flags SYN,ACK,FIN,RST FIN,ACK -j ACCEPT > > would adding > > $iptables -A INPUT --protocol tcp --tcp-flags SYN,ACK,FIN,RST RST -j ACCEPT > $ip6tables -A INPUT --protocol tcp --tcp-flags SYN,ACK,FIN,RST RST -j ACCEPT > > fix it? Is this yet another bug in iptables? the story behind this: we are client and initialize outgoing tcp session. return traffic gets allowed since matching state. incoming rset packet gets received, apparently kernel doesn't recognize it as belonging to a tcp-session being shut down, and can't match the state. would tweaking one of net.ipv4.netfilter.ip_conntrack_tcp* sysctl flags be better? From thijs@debian.org Thu Apr 18 14:54:45 2013 Received: (at submit) by bugs.debian.org; 18 Apr 2013 14:54:45 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2-bugs.debian.org_2005_01_02 (2011-06-06) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-13.8 required=4.0 tests=BAYES_00,FROMDEVELOPER, HAS_PACKAGE,RCVD_IN_DNSWL_LOW,XMAILER_REPORTBUG autolearn=ham version=3.3.2-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 14; hammy, 84; neutral, 34; spammy, 0. spammytokens: hammytokens:0.000-+--H*M:reportbug, 0.000-+--H*MI:reportbug, 0.000-+--H*x:reportbug, 0.000-+--H*UA:reportbug, 0.000-+--Severity Return-path: Received: from poincare.uvt.nl ([137.56.247.172]) by buxtehude.debian.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.80) (envelope-from ) id 1USqEX-0001za-C8 for submit@bugs.debian.org; Thu, 18 Apr 2013 14:54:45 +0000 Received: from localhost (localhost [127.0.0.1]) by poincare.uvt.nl (Postfix) with ESMTP id B14AF28007C; Thu, 18 Apr 2013 16:54:36 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at uvt.nl Received: from poincare.uvt.nl ([127.0.0.1]) by localhost (poincare.uvt.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LtvT+yH8yL1C; Thu, 18 Apr 2013 16:54:36 +0200 (CEST) Received: from lagrange.uvt.nl (lagrange.uvt.nl [137.56.247.171]) by poincare.uvt.nl (Postfix) with ESMTP id 53125280100; Thu, 18 Apr 2013 16:54:36 +0200 (CEST) Received: from incagijs.uvt.nl (incagijs.uvt.nl [137.56.126.19]) by lagrange.uvt.nl (Postfix) with ESMTP id 4ED26400082; Thu, 18 Apr 2013 16:54:36 +0200 (CEST) Received: by incagijs.uvt.nl (Postfix, from userid 1000) id 3DD56100F76F; Thu, 18 Apr 2013 16:54:36 +0200 (CEST) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Thijs Kinkhorst To: Debian Bug Tracking System Subject: Provide "uruk diff" showing diff between running and config Message-ID: <20130418145436.16323.52196.reportbug@incagijs.uvt.nl> X-Mailer: reportbug 6.4.4 Date: Thu, 18 Apr 2013 16:54:36 +0200 Delivered-To: submit@bugs.debian.org Status: O Content-Length: 425 Lines: 18 Package: uruk Version: 20121005-1 Severity: wishlist Hoi Joost, Please provide an "uruk diff". When uruk config has been changed, this will output the difference between the currently installed firewall rules and the result of the config that would be installed when force-reload is used. This can be used to check whether any applied changes indeed have the desired effect, and just the desired effect. Cheers, Thijs From lamby@debian.org Tue Feb 03 16:41:46 2015 Received: (at submit) by bugs.debian.org; 3 Feb 2015 16:41:46 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2-bugs.debian.org_2005_01_02 (2011-06-06) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-5.7 required=4.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,FOURLA,FROMDEVELOPER,MURPHY_DRUGS_REL8,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.2-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 26; hammy, 150; neutral, 57; spammy, 1. spammytokens:0.953-+--our hammytokens:0.000-+--xdebbugscc, 0.000-+--x-debbugs-cc, 0.000-+--Usertags, 0.000-+--wikidebianorg, 0.000-+--UD:wiki.debian.org Return-path: Received: from out1-smtp.messagingengine.com ([66.111.4.25]) by buxtehude.debian.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1YIgXp-0005Lo-Vi for submit@bugs.debian.org; Tue, 03 Feb 2015 16:41:46 +0000 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 0BAD520F23 for ; Tue, 3 Feb 2015 11:41:45 -0500 (EST) Received: from web5 ([10.202.2.215]) by compute1.internal (MEProxy); Tue, 03 Feb 2015 11:41:45 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:x-sasl-enc:from:to :mime-version:content-transfer-encoding:content-type:subject :date; s=smtpout; bh=fqLqGJhMuJ+L9jHxHr3Aazze0W4=; b=AJQZfHt57CP TA1ZIB+dBxJlSoyBPq34cg1boB+dB0Tm0CPKCB3NE8TX06HhSOCk6ZKpsaysTDoK KeKF3uZUsIyQZQZUot9Lp0QXxeUEzz4BfY96nmTnvXVyR7Ruq//qe8Z0PGdGKfei DpP2dZ65xUVKpGJrJHDQM4iMIIuIfedA= Received: by web5.nyi.internal (Postfix, from userid 99) id D9902B6303F; Tue, 3 Feb 2015 11:41:44 -0500 (EST) Message-Id: <1422981704.3338908.222565717.377680BE@webmail.messagingengine.com> X-Sasl-Enc: /r5SS7CyaBCZ/Qg9TkLMNSBcVlGqsjOOGReuQfPxM3kq 1422981704 From: Chris Lamb To: submit@bugs.debian.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_142298170433389080"; charset="utf-8" X-Mailer: MessagingEngine.com Webmail Interface - ajax-b6284d51 Subject: uruk: please make the build reproducible Date: Tue, 03 Feb 2015 16:41:44 +0000 Delivered-To: submit@bugs.debian.org Status: O Content-Length: 2194 Lines: 63 This is a multi-part message in MIME format. --_----------=_142298170433389080 Content-Transfer-Encoding: 7bit Content-Type: text/plain Source: uruk Version: 20140627-1 Severity: wishlist Tags: patch User: reproducible-builds@lists.alioth.debian.org Usertags: timestamps X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org Hi, While working on the "reproducible builds" effort [1], we have noticed that uruk could not be built reproducibly. The attached patch removes timestamps from the build system. Once applied, uruk can be built reproducibly in our current experimental framework. [1]: https://wiki.debian.org/ReproducibleBuilds Regards, -- ,''`. : :' : Chris Lamb `. `'` lamby@debian.org / chris-lamb.co.uk `- --_----------=_142298170433389080 Content-Disposition: attachment; filename="patch.uruk.diff.txt" Content-Id: <1422981698.3338911.ba487bb20a8139d54bf4f4396297261bb6b1b155.40BB87D1@content.messagingengine.com> Content-Transfer-Encoding: base64 Content-Type: text/plain; name="patch.uruk.diff.txt" ZGlmZiAtdXJOYWQgdXJ1ay5vcmlnL3VydWstMjAxNDA2MjcvZGViaWFuL3J1 bGVzIHVydWsvdXJ1ay0yMDE0MDYyNy9kZWJpYW4vcnVsZXMKLS0tIHVydWsu b3JpZy91cnVrLTIwMTQwNjI3L2RlYmlhbi9ydWxlcwkyMDE1LTAyLTAzIDE2 OjM5OjU5Ljg3MjE3MjU0MSArMDAwMAorKysgdXJ1ay91cnVrLTIwMTQwNjI3 L2RlYmlhbi9ydWxlcwkyMDE1LTAyLTAzIDE2OjQwOjI2Ljk2NTM1NDg5MiAr MDAwMApAQCAtNzAsOCArNzAsOCBAQAogCWNwIC1hIGRlYmlhbi9SRUFETUUg JChkb2NkaXIpL1JFQURNRS5EZWJpYW4KIAljcCAtYSBkZWJpYW4vVE9ETyAk KGRvY2RpcikvVE9ETy5EZWJpYW4KIAljcCAtYSBDaGFuZ2VMb2cgJChkb2Nk aXIpL2NoYW5nZWxvZwotCWNkICQoZG9jZGlyKSAmJiBnemlwIC05IGNoYW5n ZWxvZyBjaGFuZ2Vsb2cuRGViaWFuIENoYW5nZUxvZy4yMDAzIE5FV1MuRGVi aWFuCi0JZ3ppcCAtcjkgZGViaWFuLyQocGFja2FnZSkvdXNyL3NoYXJlL21h bgorCWNkICQoZG9jZGlyKSAmJiBnemlwIC05biBjaGFuZ2Vsb2cgY2hhbmdl bG9nLkRlYmlhbiBDaGFuZ2VMb2cuMjAwMyBORVdTLkRlYmlhbgorCWd6aXAg LXI5biBkZWJpYW4vJChwYWNrYWdlKS91c3Ivc2hhcmUvbWFuCiAJbWtkaXIg ZGViaWFuLyQocGFja2FnZSkvREVCSUFOCiAjICAgICAgICMgZ2VuZXJhdGUg bWQ1c3Vtcy4gIHBhdGhuYW1lcyBzaG91bGQgbm90IGhhdmUgbGVhZGluZyAv LgogIyAgICAgICAjIGNvbmZmaWxlcyBzaG91bGQgYmUgZXhjbHVkZWQuICBm b3Igbm93LCBhc3N1bWUgY29uZmZpbGVzIGFyZSBwcmVjaXNlbHkK --_----------=_142298170433389080-- From joostvb-debian-bugs-20150103-4@mdcc.cx Tue Feb 03 17:06:38 2015 Received: (at 776968) by bugs.debian.org; 3 Feb 2015 17:06:38 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2-bugs.debian.org_2005_01_02 (2011-06-06) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-6.4 required=4.0 tests=BAYES_00,FOURLA, HAS_BUG_NUMBER,MDO_CABLE_TV3,MURPHY_DRUGS_REL8 autolearn=ham version=3.3.2-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 10; hammy, 151; neutral, 85; spammy, 0. spammytokens: hammytokens:0.000-+--xdebbugscc, 0.000-+--x-debbugs-cc, 0.000-+--Usertags, 0.000-+--H*u:1.5.21, 0.000-+--H*UA:1.5.21 Return-path: Received: from beskar.soleus.nu ([94.142.246.89] helo=beskar.mdcc.cx) by buxtehude.debian.org with esmtp (Exim 4.80) (envelope-from ) id 1YIgvt-00089u-VX for 776968@bugs.debian.org; Tue, 03 Feb 2015 17:06:38 +0000 Received: by beskar.mdcc.cx (Postfix, from userid 1000) id 4839C22244; Tue, 3 Feb 2015 18:06:35 +0100 (CET) Date: Tue, 3 Feb 2015 18:06:35 +0100 From: Joost van =?utf-8?Q?Baal-Ili=C4=87?= To: Chris Lamb , 776968@bugs.debian.org Subject: Re: Bug#776968: uruk: please make the build reproducible Message-ID: <20150203170635.GX20277@beskar.mdcc.cx> References: <1422981704.3338908.222565717.377680BE@webmail.messagingengine.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1422981704.3338908.222565717.377680BE@webmail.messagingengine.com> User-Agent: Mutt/1.5.21 (2010-09-15) Status: O Content-Length: 1727 Lines: 57 Hi Chris, Thanks, will get to it. Will be fixed in next upload. (In the mean time, feel free to NMU; I like reproducable builds.) Bye, Joost On Tue, Feb 03, 2015 at 04:41:44PM +0000, Chris Lamb wrote: > Source: uruk > Version: 20140627-1 > Severity: wishlist > Tags: patch > User: reproducible-builds@lists.alioth.debian.org > Usertags: timestamps > X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org > > Hi, > > While working on the "reproducible builds" effort [1], we have noticed > that uruk could not be built reproducibly. > > The attached patch removes timestamps from the build system. Once > applied, uruk can be built reproducibly in our current experimental > framework. > > [1]: https://wiki.debian.org/ReproducibleBuilds > > > Regards, > > -- > ,''`. > : :' : Chris Lamb > `. `'` lamby@debian.org / chris-lamb.co.uk > `- > diff -urNad uruk.orig/uruk-20140627/debian/rules uruk/uruk-20140627/debian/rules > --- uruk.orig/uruk-20140627/debian/rules 2015-02-03 16:39:59.872172541 +0000 > +++ uruk/uruk-20140627/debian/rules 2015-02-03 16:40:26.965354892 +0000 > @@ -70,8 +70,8 @@ > cp -a debian/README $(docdir)/README.Debian > cp -a debian/TODO $(docdir)/TODO.Debian > cp -a ChangeLog $(docdir)/changelog > - cd $(docdir) && gzip -9 changelog changelog.Debian ChangeLog.2003 NEWS.Debian > - gzip -r9 debian/$(package)/usr/share/man > + cd $(docdir) && gzip -9n changelog changelog.Debian ChangeLog.2003 NEWS.Debian > + gzip -r9n debian/$(package)/usr/share/man > mkdir debian/$(package)/DEBIAN > # # generate md5sums. pathnames should not have leading /. > # # conffiles should be excluded. for now, assume conffiles are precisely