View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005759 | unreal | ircd | public | 2020-09-26 23:28 | 2020-09-27 17:42 |
| Reporter | KnuX | Assigned To | syzop | ||
| Priority | normal | Severity | minor | Reproducibility | random |
| Status | closed | Resolution | not fixable | ||
| OS | Ubuntu | OS Version | 2004 | ||
| Product Version | 5.0.4 | ||||
| Summary | 0005759: ircd doesn't tell to a webirc client that he is banned if its IP is Z-lined | ||||
| Description | I'm running a Chat client through a webirc gateway. I can see that if the IP of the client is Z-lined, the server will close the socket before sending the 465, NOTICE and ERROR raws. If I comment the "WEBIRC" command in my gateway's code and ban my gateway's IP, I can see the 465 message. The last sent message is ":... NOTICE * :*** Found your hostname (cached)" There is no issue with glines, only with zlines (IP or mask). | ||||
| Steps To Reproduce | 1. Configure a webirc block and connect a webirc client on the server 2. See it's remote IP and zline it =>. The client will be zlined and see the message 3. Reconnect the client => No message before the socket close | ||||
| 3rd party modules | |||||
|
|
This is (unfortunately) intended behavior as (G)Zlines will disconnect the attempted connect as soon as possible. This is also why when someone is (G)Zlined and using SSL/TLS they will get an SSL/TLS handshake failed error (or similiar) instead of the actual error message/ban reason. Glines kick in "later" than (G)Zlines and thus will show the 465 to the client as intended. Hope this clears some things up and tl;dr it is by design, albeit suboptimal to convey the actual error/ban reason. Regards, Koragg |
|
|
That is true for SSL/TLS, Koragg. I don't know if the WEBIRC connection that KnuX is talking about was TLS or non-TLS. There is also an issue that it still exists for non-TLS connections too, seemingly due to a "too" rapid write+close, it also seems to depend on the latency (how far you are from the irc server). I have been unable to fix that, tried many things. Anyway, as for this direct report, I cannot reproduce it with latest git: As an OPER I added a ZLINE: ZLINE *@5.5.5.5 :we don't like fives And then the test with plaintext: (echo "WEBIRC blah \"cgiirc\" some.nice.host 5.5.5.5"; cat)|nc -v 127.0.0.1 5667 And the test with TLS: (echo "WEBIRC blah \"cgiirc\" some.nice.host 5.5.5.5"; cat)|openssl s_client -connect 127.0.0.1:5900 In both cases I see: :maintest.test.net NOTICE * :*** Looking up your hostname... :maintest.test.net NOTICE * :*** Found your hostname (cached) :maintest.test.net NOTICE * :*** Checking ident... :maintest.test.net NOTICE * :*** No ident response; username prefixed with ~ :maintest.test.net 465 * :Je bent niet welkom op dit netwerk. Z-Lined: we don't like fives. E-mail [email protected] voor meer informatie (IP: 5.5.5.5). :maintest.test.net NOTICE * :Je bent niet welkom op dit netwerk. Z-Lined: we don't like fives. E-mail [email protected] voor meer informatie (IP: 5.5.5.5). ERROR :Closing Link: [5.5.5.5] (Banned (Z-Lined): we don't like fives) I tried the same with and without identd-check, makes no difference. Anything I missed? Like I said, there is a known issue where sometimes in ZLINES/GZLINES the error is not correctly sent, due to too rapid closing of the socket, maybe it's just that. The general advice is to use ZLINE/GZLINE only when really needed, like for drone attacks. Use KLINE/GLINE for the rest. |
|
|
I confirm that sometimes I can see the 465, but it's very very rare, without TLS. My gateway runs on the same server as the ircd (localhost...) so the socket is likely quickly closed. Actually, we use zlines since Anope makes akills of IP as Zline ^^' |
|
|
Ok yes then this is a known issue that we currently have no solution for. I already track it in some other bug.. although i forgot the id (might be private) :) Closing this one, sorry there won't be a quick solution :( |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2020-09-26 23:28 | KnuX | New Issue | |
| 2020-09-27 00:11 | Koragg | Note Added: 0021757 | |
| 2020-09-27 09:46 | syzop | Note Added: 0021758 | |
| 2020-09-27 09:47 | syzop | Assigned To | => syzop |
| 2020-09-27 09:47 | syzop | Status | new => feedback |
| 2020-09-27 15:48 | KnuX | Note Added: 0021760 | |
| 2020-09-27 17:42 | syzop | Status | feedback => closed |
| 2020-09-27 17:42 | syzop | Resolution | open => not fixable |
| 2020-09-27 17:42 | syzop | Note Added: 0021763 |
