SelfPrivacy
/
selfprivacy-rest-api
7
2
Fork 1
Code Issues 15 Pull Requests 4 Projects Releases 1 Wiki Activity

fix(dns): Ignore link-local IPv6 address #99

Merged
inex merged 3 commits from inex/fix-linklocal-ipv6 into master 2024-03-01 14:13:15 +02:00
Conversation 2 Commits 3 Files Changed 14
inex commented 2024-03-01 02:22:52 +02:00
Owner

Fixes a bug that caused some servers being inaccessible via IPv6 (because we deployed link-local addresses to the DNS provider...)

https://en.wikipedia.org/wiki/Link-local_address

Fixes a bug that caused some servers being inaccessible via IPv6 (because we deployed link-local addresses to the DNS provider...) https://en.wikipedia.org/wiki/Link-local_address
inex added the
Bug
Priority
High
Severity
High
 labels 2024-03-01 02:22:52 +02:00
inex added 1 commit 2024-03-01 02:22:53 +02:00
continuous-integration/drone/push Build is failing Details
a4327fa669 fix(dns): Ignore link-local IPv6 address
inex requested review from houkime 2024-03-01 02:22:59 +02:00
alexoundos commented 2024-03-01 06:09:30 +02:00
Collaborator

@inex, does this fix currently work on DIgitalOcean deployments only? As we know NixOS machines on Hetzner currently lack public IPv6 on network interface.

@inex, does this fix currently work on DIgitalOcean deployments only? As we know NixOS machines on Hetzner currently lack public IPv6 on network interface.
inex commented 2024-03-01 08:14:20 +02:00
Poster
Owner

@inex, does this fix currently work on DIgitalOcean deployments only? As we know NixOS machines on Hetzner currently lack public IPv6 on network interface.

With this fix. on Hetzner, the server won't advertise the AAAA records at all, if the proper IPv6 not found.

> @inex, does this fix currently work on DIgitalOcean deployments only? As we know NixOS machines on Hetzner currently lack public IPv6 on network interface. With this fix. on Hetzner, the server won't advertise the AAAA records at all, if the proper IPv6 not found.
houkime requested changes 2024-03-01 13:17:45 +02:00
selfprivacy_api/services/mailserver/__init__.py Outdated
@ -45,2 +44,4 @@
return None
@staticmethod
def get_subdomain() -> str | None:
houkime commented 2024-03-01 12:42:05 +02:00
Collaborator

use Optional here

use Optional here
inex marked this conversation as resolved
selfprivacy_api/utils/network.py Outdated
@ -25,2 +25,3 @@
)
ip6 = re.search(r"inet6 (\S+)\/\d+", ip6)
# We ignore link-local addresses
ip6 = re.search(r"inet6 (?!fe80:\S+)(\S+)\/\d+", ip6)
houkime commented 2024-03-01 13:14:06 +02:00
Collaborator

This is a convoluted regex that is hard to read and thus errorprone.
You may want to separate it in 2 filtering steps for it to be more understandable.
So you first get ALL ipv addresses, and then you get the global one.

I think the best would be to introduce is_local(ipv6: str) function
It may be a bit more code but it will be very clear what it does and how, and it can be reused somewhere else, too.
Maybe even better is to use python's builtin ipaddress library for address validation and classification.

This is a convoluted regex that is hard to read and thus errorprone. You may want to separate it in 2 filtering steps for it to be more understandable. So you first get ALL ipv addresses, and then you get the global one. I think the best would be to introduce is_local(ipv6: str) function It may be a bit more code but it will be very clear what it does and how, and it can be reused somewhere else, too. Maybe even better is to use python's builtin ipaddress library for address validation and classification.
inex marked this conversation as resolved
tests/test_services.py Outdated
@ -170,3 +170,3 @@
# more detailed testing of this is in test_graphql/test_system.py
def test_mailserver_with_dkim_returns_some_dns(dkim_file):
records = MailServer().get_dns_records()
records = MailServer().get_dns_records("203.0.113.3", "2001:db8::1")
houkime commented 2024-03-01 12:49:48 +02:00
Collaborator

Make a comment/variable name that mark these addresses as not important. (I got a bit confused here and tried to understand where they came from before consulting the function again)

Make a comment/variable name that mark these addresses as not important. (I got a bit confused here and tried to understand where they came from before consulting the function again)
inex marked this conversation as resolved
inex added 1 commit 2024-03-01 13:58:37 +02:00
continuous-integration/drone/push Build is failing Details
bbec9d9d33 refactor: use ipaddress library for ip validation
inex requested review from houkime 2024-03-01 13:59:46 +02:00
houkime requested changes 2024-03-01 14:05:07 +02:00
selfprivacy_api/utils/network.py Outdated
@ -24,3 +25,3 @@
"utf-8"
)
ip6 = re.search(r"inet6 (\S+)\/\d+", ip6)
ip6 = re.findall(r"inet6 (\S+)\/\d+", ip6)
houkime commented 2024-03-01 14:04:50 +02:00
Collaborator

rename to ip6_addresses or something else plural

rename to ip6_addresses or something else plural
inex marked this conversation as resolved
inex added 1 commit 2024-03-01 14:06:38 +02:00
continuous-integration/drone/push Build is failing Details
5616dbe77a style: rename ip6 addresses variable
inex merged commit e16f4499f8 into master 2024-03-01 14:13:15 +02:00
inex deleted branch inex/fix-linklocal-ipv6 2024-03-01 14:13:16 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
houkime
Labels
Clear labels   
Bug
   
Contributions welcome
   
Did not do
   
Duplicate
   
Feature
  
Module
Backups
   
Module
GraphQL
  
Priority
High
   
Priority
Low
   
Priority
Medium
  
Refactor
  
Severity
High
   
Severity
Low
   
Severity
Medium
No Label
Bug
Contributions welcome
Did not do
Duplicate
Feature
Module
Backups
Module
GraphQL
Priority
High
Priority
Low
Priority
Medium
Refactor
Severity
High
Severity
Low
Severity
Medium
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: SelfPrivacy/selfprivacy-rest-api#99
There is no content yet.
Delete Branch "inex/fix-linklocal-ipv6"

Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?