| Subject: | [v0.21] Wrongly finds ip when both ipv6 and ipv4 are used |
| Date: | Mon, 28 Dec 2015 17:24:53 +0300 |
| To: | bug-Net-CIDR-Lite [...] rt.cpan.org |
| From: | Fedor Dikarev <fe [...] nginx.com> |
Hi!
I've made script which analyses auth.log files, compares ip addresses
based on known whitelist and inform in case login from unknown ip
address is found.
You could find this script in attachment.
And I found that for some combinations on ipv4 and ipv6 nets
Net::CIDR::Lite wrongly finds ip address in my whitelist.
Example:
=== wh-debug.json ==
Show quoted text
> # Due to some bug in Perl Net::CIDR::Lite IPv6 addresses must be before IPv4 addresses
> { "global": "2606:7100:1:69::/64" }
>
> { "global": [ "37.190.0.0/18" ] }
=== debug.log ==
Show quoted text> /var/log/auth.log.0.bz2:2015-12-27T11:08:02.196704+00:00 server sshd[92250]: Accepted publickey for user from 37.145.5.60 port 56219 ssh2: RSA b5:e2:85:9c:7b:ca:02:e2:68:8a:09:08:99:04:d2:9c
=== check log file ===
Show quoted text> perl susp_logins.pl -f wh-debug.json -a debug.log
> GOOD GLOBAL: user from 37.145.5.60.
which is wrong cause 37.145.5.60 doesn't belong to 37.190.0.0/18.
And if I remove ipv6 addresses from whitelist, everything goes fine:
=== wh-debug.json ===
Show quoted text> { "global": [ "37.190.0.0/18" ] }
=== check log file ===
Show quoted text> perl susp_logins.pl -f wh-debug.json -a debug.log
> SUSP: user from 37.145.5.60.
Strange for me but everything works when I split /18 on two /19:
=== wh-debug.json ===
Show quoted text> # Due to some bug in Perl Net::CIDR::Lite IPv6 addresses must be before IPv4 addresses
> { "global": "2606:7100:1:69::/64" }
>
> { "global": [ "37.190.0.0/19", "37.190.32.0/19" ] }
> # { "global": [ "37.190.0.0/18" ] }
=== check log file ===
Show quoted text> perl susp_logins.pl -f wh-debug.json -a debug.log
> SUSP: user from 37.145.5.60.
Versions used:
Show quoted text> perl -MNet::CIDR::Lite -e 'CORE::say $Net::CIDR::Lite::VERSION'
> 0.21
Show quoted text> perl -V
> Summary of my perl5 (revision 5 version 22 subversion 1) configuration:
>
> Platform:
> osname=darwin, osvers=15.2.0, archname=darwin-thread-multi-2level
> uname='darwin fe-laptop-mb.local 15.2.0 darwin kernel version 15.2.0: fri nov 13 19:56:56 pst 2015; root:xnu-3248.20.55~2release_x86_64 x86_64 '
> config_args='-des -Dprefix=/opt/local -Dscriptdir=/opt/local/bin -Dcppflags=-I/opt/local/include -Dccflags=-pipe -Os -Dldflags=-L/opt/local/lib -Wl,-headerpad_max_install_names -Dvendorprefix=/opt/local -Dusemultiplicity=y -Dusethreads -Duseshrplib -Dcc=/usr/bin/clang -Dld=env MACOSX_DEPLOYMENT_TARGET=10.11 /usr/bin/clang -Dman1ext=1pm -Dman3ext=3pm -Dman1dir=/opt/local/share/man/man1p -Dman3dir=/opt/local/share/man/man3p -Dsitebin=/opt/local/libexec/perl5.22/sitebin -Dsiteman1dir=/opt/local/share/perl5.22/siteman/man1 -Dsiteman3dir=/opt/local/share/perl5.22/siteman/man3 -Dvendorbin=/opt/local/libexec/perl5.22 -Dvendorman1dir=/opt/local/share/perl5.22/man/man1 -Dvendorman3dir=/opt/local/share/perl5.22/man/man3 -Dpager=/usr/bin/less -sR -Dperlpath=/opt/local/bin/perl5.22 -Dstartperl=#!/opt/local/bin/perl5.22'
> hint=recommended, useposix=true, d_sigaction=define
> useithreads=define, usemultiplicity=define
> use64bitint=define, use64bitall=define, uselongdouble=undef
> usemymalloc=n, bincompat5005=undef
> Compiler:
> cc='/usr/bin/clang', ccflags ='-pipe -Os -fno-common -DPERL_DARWIN -I/opt/local/include -fno-strict-aliasing -fstack-protector-strong -I/opt/local/include',
> optimize='-O3',
> cppflags='-I/opt/local/include -pipe -Os -fno-common -DPERL_DARWIN -I/opt/local/include -fno-strict-aliasing -fstack-protector-strong -I/opt/local/include'
> ccversion='', gccversion='4.2.1 Compatible Apple LLVM 7.0.2 (clang-700.1.81)', gccosandvers=''
> intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678, doublekind=3
> d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16, longdblkind=3
> ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
> alignbytes=8, prototype=define
> Linker and Libraries:
> ld='env MACOSX_DEPLOYMENT_TARGET=10.11 /usr/bin/clang', ldflags ='-L/opt/local/lib -Wl,-headerpad_max_install_names -fstack-protector-strong'
> libpth=/opt/local/lib /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../lib/clang/7.0.2/lib /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib /usr/lib
> libs=-lpthread -lgdbm -ldbm -ldl -lm -lutil -lc
> perllibs=-lpthread -ldl -lm -lutil -lc
> libc=, so=dylib, useshrplib=true, libperl=libperl.dylib
> gnulibc_version=''
> Dynamic Linking:
> dlsrc=dl_dlopen.xs, dlext=bundle, d_dlsymun=undef, ccdlflags=' '
> cccdlflags=' ', lddlflags='-L/opt/local/lib -Wl,-headerpad_max_install_names -bundle -undefined dynamic_lookup -fstack-protector-strong'
>
>
> Characteristics of this binary (from libperl):
> Compile-time options: HAS_TIMES MULTIPLICITY PERLIO_LAYERS
> PERL_DONT_CREATE_GVSV
> PERL_HASH_FUNC_ONE_AT_A_TIME_HARD
> PERL_IMPLICIT_CONTEXT PERL_MALLOC_WRAP
> PERL_NEW_COPY_ON_WRITE PERL_PRESERVE_IVUV
> USE_64_BIT_ALL USE_64_BIT_INT USE_ITHREADS
> USE_LARGE_FILES USE_LOCALE USE_LOCALE_COLLATE
> USE_LOCALE_CTYPE USE_LOCALE_NUMERIC USE_LOCALE_TIME
> USE_PERLIO USE_PERL_ATOF USE_REENTRANT_API
> Built under darwin
> Compiled at Dec 23 2015 15:06:40
> @INC:
> /opt/local/lib/perl5/site_perl/5.22/darwin-thread-multi-2level
> /opt/local/lib/perl5/site_perl/5.22
> /opt/local/lib/perl5/vendor_perl/5.22/darwin-thread-multi-2level
> /opt/local/lib/perl5/vendor_perl/5.22
> /opt/local/lib/perl5/5.22/darwin-thread-multi-2level
> /opt/local/lib/perl5/5.22
> .
--
Fedor Dikarev
Message body is not shown because sender requested not to inline it.