Server whitelist not working in DCC 1.2.11

Gary Mills mills@cc.UManitoba.CA
Wed Oct 15 19:59:45 UTC 2003

On Wed, Oct 15, 2003 at 01:42:27PM -0600, Vernon Schryver wrote:
> > From: Gary Mills <mills@cc.UManitoba.CA>
> > No, that still didn't fix the problem.  Eventually, I reverted to the
> > 1.1.44 version of DCC.  Once `dbclean' ran from cron, the problems
> > went away.  I'm wondering now if the original problem was with loading
> > of the `ok ip' entries from the server whitelist into the server
> > database.  Either that, or perhaps they were stored in some manner
> > that was not visible to the `dccm' client.
> I've convinced myself by reading code and running tests that:
>   - there is a bug in 1.2.* versions of dccd that breaks server
>       whitelists for all except Body, Fuz1, and Fuz2 checksums.

Thanks very much for finding that.

>   - that bug affects only reports and not queries from DCC clients.
>       For example `dccproc -QC` works and gets an "OK" for an IP
>       address in the server's whitelist, while `dccproc -C` fails.

Ah, that explains perfectly why `dccm' was rejecting mail, even
though `dccproc -QC' reported that the IP checksum was in the database.

>   - restarting dccd with "-Kip" and without running dbclean makes
>       the problem go away.
> I can't explain what you've observed except by guesses such as
> something about multiple DCC servers and not all running with -Kip.

Very likely.  It was well after my bedtime.  I needed to get back to
a working system for today.

> Note that the DCC procotol contains nothing identifying the DCC client
> including its version and whether it is dccproc, dccifd, dccd, or
> dccsight.  Dccd cannot tell what kind of client is asking.  I made
> that choice on general privacy grounds, but I've often wondered if it
> is a mistake. 

I'd say that that is a good design.

> How many /16 blocks of IP addresses do you need to whitelist? 
> The maximum size of the client DCC whitelist is about 80K entries.

I have 512 /24 blocks, which requires 131072 entries.  They rarely
change, so should be okay on the server side.  The client whitelist
has about 5000 entries.

-Gary Mills-    -Unix Support-    -U of M Academic Computing and Networking-

More information about the DCC mailing list

Contact by mail or use the form.