Server whitelist not working in DCC 1.2.11

Vernon Schryver vjs@calcite.rhyolite.com
Wed Oct 15 19:42:27 UTC 2003


> From: Gary Mills <mills@cc.UManitoba.CA>

> ...
> No, that still didn't fix the problem.  Eventually, I reverted to the
> 1.1.44 version of DCC.  Once `dbclean' ran from cron, the problems
> went away.  I'm wondering now if the original problem was with loading
> of the `ok ip' entries from the server whitelist into the server
> database.  Either that, or perhaps they were stored in some manner
> that was not visible to the `dccm' client.

I've convinced myself by reading code and running tests that:

  - there is a bug in 1.2.* versions of dccd that breaks server
      whitelists for all except Body, Fuz1, and Fuz2 checksums.

  - that bug affects only reports and not queries from DCC clients.
      For example `dccproc -QC` works and gets an "OK" for an IP
      address in the server's whitelist, while `dccproc -C` fails.

  - restarting dccd with "-Kip" and without running dbclean makes
      the problem go away.

I can't explain what you've observed except by guesses such as
something about multiple DCC servers and not all running with -Kip.


Note that the DCC procotol contains nothing identifying the DCC client
including its version and whether it is dccproc, dccifd, dccd, or
dccsight.  Dccd cannot tell what kind of client is asking.  I made
that choice on general privacy grounds, but I've often wondered if it
is a mistake. 

Dccproc, dccifd, dccd, and dccsight use the same client library, which
makes them look rather similar to dccd in practical terms.
Each of the DCC client programs can be considered a wrapper that takes
a mail message from somewhere, runs it through routines in the DCC
client library to make checksums, and then passes those checksums to
the library to talk to a DCC server.  However, the code in dccd that
treats the DCC_OP_REPORT operationis distinct from the code that
handles DCC_OP_QUERY. 

The bug is a optimization I added to the DCC_OP_REPORT code to reduce
the number of database operations required to add the report and
produce the answer.  Version 1.1.45 added the report as a new record
and then looked up all of the totals for the answer.  That's wasteful
because adding the new record involves looking up the checksums and
totaling their target counts.  So I changed the code to just copy from
the new record to make the answer.  That was a dumb mistake, because
without -K, non-body checksums are not put into the new record.


How many /16 blocks of IP addresses do you need to whitelist? 
The maximum size of the client DCC whitelist is about 80K entries.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.