Recently in bugs Category

When a user posts a comment to a MovableType 4 blog, MT4 logs the user's IP address. However, the relevant column in MT's database is only big enough to store an IPv4 address. Here's the relevant code from lib/MT/Comment.pm:

PSU is using MovableType 4 for its blogging pilot, so I suppose I should submit a patch to fix this.

As an aside, it's disappointing that MovableType is storing the address as a string. I suppose this was done for portability reasons, but it means that MT can't take advantage of databases with intelligent IP address datatypes, like PostgreSQL. For almost a decade, PostgreSQL has had the inet and cidr datatypes, which are specifically designed for storing IP addresses. These datatypes have supported IPv6 since release 7.4 in late 2003.

I had to update a Python script early this morning. Being the anal-retentive perfectionist that I am, I took this an an excuse to an an informal audit of the Python networking library for IPv6-support. I was pleasantly surprised: Most of their networking library is v6-capable. Specifically, the libraries for sockets, http, smtp, xmlrpc, ftp, telnet, pop, and url parsing support IPv6. My findings are in the ITS Wiki.

A few libraries didn't fare so well. I filed bug 1655: imaplib is not IPv6-capable. I still need to file bugs on nntplib and SMTPServer.

I also filed another Mac OS X bug, 5653899 openssl s_client/s_server are not IPv6-capable.

Severity: RFE

The NFS implementation on OS X isn't IPv6-capable. This has been reported to Apple as bug 3502191.

Today, the IETF approved RFC 5095: Deprecation of Type 0 Routing Headers in IPv6. Every major OS has already disabled type 0 headers, but this makes the practice "official."

Severity: Minor

SubEthaEdit is a great text editor for OS X. I use it regularly. One of its most useful features is collaborative editing of a document. It can do this using Bonjour (née ZeroConf) networking to discover collaborators on the subnet. It can also work over a WAN. SubEthaEdit has supported IPv6 since 2004.

SubEthaEdit has its own URL syntax for identifying a document using the see URI scheme (which doesn't seem to be registered with IANA). Here is an example of a SubEthaEdit URL: see://bakunin.et-test.psu.edu/Untitled.txt?documentID=77E29585-B15C-40CF-83D5-6BD3479F5548

A user can generate one of these URLs by selecting the File -> Copy Document URL menu item and sending the link to a colleague. Herein lies today's IPv6 bug: On a dual-stacked host, SubEthaEdit embeds the host's IPv6 address in the URL. For example, here's a link from my desktop:

see://[2610:8:6800:1::408]/Untitled.txt?documentID=BE3C9836-C886-4DCD-8EB1-2AD1DC901E35

(notice the embedded IPv6 address, using RFC 2732 syntax).

My desktop, bakunin.et-test.psu.edu, is dual-stacked, and SubEthaEdit is listening on both IPv4 and IPv6. So it's a bug to only include the IPv6 address in the URL. Ideally, SubEthaEdit could check if all of the IPs on which it is listening resolve to the same hostname, and if so, use the hostname in the URL. But this likely would not be the case for addresses obtained via DHCP, and it most certainly is not the case for auto-configured IPv6 addresses. So, it's not an easy fix for the SubEthaEdit developers. Short of emitting multiple URLs (one for each address on the host), I'm not sure of how to fix it.

I've confirmed that static IPv6 addressing is broken in Leopard (at least via the GUI; it works fine from Terminal). I've filed this as bug 5643493 with Apple.

I think I've encountered a bug in Mac OS X 10.5's IPv6 configuration tools. If I try to configure a static IPv6 address in System Preferences, I don't actually get an IPv6 address. Here's my networking configuration:

When I run ifconfig(8), I don't have an inet6 entry:

$ ifconfig en0 | grep inet
inet 172.28.73.53 netmask 0xffffff80 broadcast 172.28.73.127

However, if I configure it from the command line, it works fine:

$ sudo ifconfig en0 inet6 2610:8:6800:1::40a/64
$ sudo route add -inet6 -prefixlen 64 default 2610:8:6800:1::1
add net default gateway 2610:8:6800:1::1
$ ifconfig en0 | grep inet
inet 172.28.73.53 netmask 0xffffff80 broadcast 172.28.73.127
inet6 fe80::216:cbff:feaa:879d%en0 prefixlen 64 scopeid 0x4
inet6 2610:8:6800:1::40a prefixlen 64

If I select autoconfiguration in System Prefs, I get an IPv6 address.

I'm going to check this on another machine on my home network before I file a bug with Apple. Has anyone else seen this?

I mentioned in an earlier entry that I've configured my workstation (OS X 10.4.11) only to use IPv6 for DNS queries. Today, I found something that this broke: Kerberized CIFS. So far, I've only noticed this on OS X 10.4. It does not happen on OS X 10.5. I haven't had time to test any other platforms.

A few months ago I gave a talk at the SOS Security Day on using Kerberos for various network services. One of the things I discussed was kerberized CIFS. I had verified that this worked on OS X using the u: drive. This was before my IPv6-only DNS change. Today, a colleague asked me to reverify my findings, since he was having issues. I was unable to obtain a service ticket in the u: drive's Kerberos realm. After some grepping through the Kerberos source, I've found the source of the problem.

Kerberos can discover configuration data for foreign realms using DNS SRV records. The u: drive is in its own Kerberos realm, so my client tried to look up the KDC hostnames using a SRV record query. The MIT Kerberos libraries included with OS X 10.4 can only use IPv4 to perform the query. To resolve the issue, you have to add an IPv4 DNS server to my resolver configuration, and I had to list it first (which means that most DNS traffic will only go over IPv4). Alternatively, you can explicitely configure your krb5.conf file with the u: drive's realm, which is what I did.

The issue appears to be fixed in newer versions of MIT Kerberos and in Leopard.