Re: [PATCH] nbd-server: handle auth for v6-mapped IPv4 addresses

To: Graham Cobb <g.nbd@cobb.uk.net>
Cc: nbd@other.debian.org
Subject: Re: [PATCH] nbd-server: handle auth for v6-mapped IPv4 addresses
From: Wouter Verhelst <w@uter.be>
Date: Wed, 24 Feb 2021 17:14:18 +0200
Message-id: <YDZtShHMjHw1itK/@pc181009.grep.be>
In-reply-to: <[🔎] f6c5a911-b4d1-d47c-7731-1b4dc00246e8@cobb.uk.net>
References: <[🔎] 20210209000545.E95381ED558@black.home.cobb.me.uk> <[🔎] f6c5a911-b4d1-d47c-7731-1b4dc00246e8@cobb.uk.net>

Hi Graham,

Sorry, I didn't have time to review this earlier due to other
commitments (I'm a member of the FOSDEM orga team).

On Wed, Feb 17, 2021 at 11:03:43AM +0000, Graham Cobb wrote:
> On 08/02/2021 23:42, Graham R. Cobb wrote:
> > This patch adds support for using IPv4 addresses in the nbd-server auth file
> > even if the socket provides v6-mapped addresses. It extends the comparison
> > code in address_matches to handle the two cases where the auth file and the
> > socket use different address families.
> > 
> > This fixes issue #35 in the github repository.
> > 
> > Signed-off-by: Graham R. Cobb <g.nbd@cobb.uk.net>
> 
> No comments or reviewed-by so far. I am not sure of the protocol for
> this mailing list, but this is a gentle ping :-)
> 
> > ---
> >  nbdsrv.c | 30 ++++++++++++++++++++++++------
> >  1 file changed, 24 insertions(+), 6 deletions(-)
> > 
> > diff --git a/nbdsrv.c b/nbdsrv.c
> > index 168d425..01ba1b2 100644
> > --- a/nbdsrv.c
> > +++ b/nbdsrv.c
> > @@ -35,6 +35,9 @@ bool address_matches(const char* mask, const struct sockaddr* addr, GError** err
> >  	char privmask[strlen(mask)+1];
> >  	int masklen;
> >  	int addrlen = addr->sa_family == AF_INET ? 4 : 16;
> > +#define IPV4_MAP_PREFIX 12
> > +	uint8_t ipv4_mapped[IPV4_MAP_PREFIX+4] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
> > +		255, 255, 0, 0, 0, 0};
> >  
> >  	strcpy(privmask, mask);
> >  
> > @@ -61,12 +64,9 @@ bool address_matches(const char* mask, const struct sockaddr* addr, GError** err
> >  		uint8_t* byte_t;
> >  		uint8_t mask = 0;
> >  		int len_left = masklen;
> > -		if(res->ai_family != addr->sa_family) {
> > -			msg(LOG_DEBUG, "client address does not match %d/%d: address family mismatch (IPv4 vs IPv6?)",
> > -			    (int)res->ai_family, (int)addr->sa_family);
> > -			goto next;
> > -		}
> > -		switch(addr->sa_family) {
> > +		if(res->ai_family == addr->sa_family) {
> > +			/* Both addresses are the same address family so do a simple comparison */
> > +			switch(addr->sa_family) {
> >  			case AF_INET:
> >  				byte_s = (const uint8_t*)(&(((struct sockaddr_in*)addr)->sin_addr));
> >  				byte_t = (uint8_t*)(&(((struct sockaddr_in*)(res->ai_addr))->sin_addr));
> > @@ -75,6 +75,24 @@ bool address_matches(const char* mask, const struct sockaddr* addr, GError** err
> >  				byte_s = (const uint8_t*)(&(((struct sockaddr_in6*)addr)->sin6_addr));
> >  				byte_t = (uint8_t*)(&(((struct sockaddr_in6*)(res->ai_addr))->sin6_addr));
> >  				break;
> > +			}

You confused me a bit here because you drop the "switch" line above, but
then change indentation rules ;-)

But okay, it makes sense, now that I look at it closer.

Applied, thanks.

-- 
To the thief who stole my anti-depressants: I hope you're happy

  -- seen somewhere on the Internet on a photo of a billboard

Reply to:

References:
- [PATCH] nbd-server: handle auth for v6-mapped IPv4 addresses
  - From: "Graham R. Cobb" <g.nbd@cobb.uk.net>
- Re: [PATCH] nbd-server: handle auth for v6-mapped IPv4 addresses
  - From: Graham Cobb <g.nbd@cobb.uk.net>

Prev by Date: Re: [PATCH] nbd: handle device refs for DESTROY_ON_DISCONNECT properly
Previous by thread: Re: [PATCH] nbd-server: handle auth for v6-mapped IPv4 addresses
Next by thread: Re: [PATCH] nbd: Convert to DEFINE_SHOW_ATTRIBUTE
Index(es):
- Date
- Thread