Bug#943317: marked as done (dhis-server doesn't set source port when replying to clients)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Mon, 11 Dec 2023 18:54:46 +0000
with message-id <[🔎] E1rClQU-0002Nx-41@fasolo.debian.org>
and subject line Bug#1055839: Removed package(s) from unstable
has caused the Debian Bug report #943317,
regarding dhis-server doesn't set source port when replying to clients
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
943317: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943317
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: dhis-server doesn't set source port when replying to clients
• From: Santiago García Mantiñán <manty@debian.org>
• Date: Wed, 23 Oct 2019 10:57:41 +0200
• Message-id: <157182106173.4058.12056749647567004093.reportbug@duo.dinformatica.aytolacoruna.es>

Package: dhis-server
Version: 5.3-2.1+b2
Severity: wishlist
Tags: patch

Dear Maintainer,

When I last tried to implement a dhis-server on our network at work we had
trouble getting the traffic through the firewalls.

It turned out that at least with our dhis setup (nothing special to be
honest) the server was returning the packets from a port that was not the
port that the client had sent the packet to, so the traffic was asymmetric
and the firewall, which was open only to reach the server and then
established and related traffic, didn't let the reply pass.

In order to fix this we went to the code and applied this patch which solves
the problem.

Index: dhis-server-5.3/network.c
===================================================================
--- dhis-server-5.3.orig/network.c	2015-01-15 13:27:27.000000000 +0000
+++ dhis-server-5.3/network.c	2015-01-20 12:31:14.830863637 +0000
@@ -239,12 +239,16 @@
 int net_init(int port) {
 
         struct sockaddr_in sa;
-
+        int optval;
 
         /* Create UDP socket */
         udp_sock=socket(AF_INET,SOCK_DGRAM,0);
         if(udp_sock<0) return(1);
 
+        /* Set the UDP socket to REUSEADDR */
+        optval = 1;
+        if (setsockopt(udp_sock, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof optval)) return(1);
+
         /* Bind the UDP socket */
         sa.sin_family=AF_INET;
         sa.sin_port=htons(port);
@@ -327,7 +331,7 @@
  */
 int net_write_message(msg_t *p,int toaddr,int toport) {
 
- 	struct sockaddr_in sa;
+ 	struct sockaddr_in sa,ss;
         int s;
 	int len;
 	int r;
@@ -348,6 +352,15 @@
         sa.sin_port=htons(toport);
         sa.sin_addr.s_addr=toaddr;
 
+        /* set source port */
+	ss.sin_family=AF_INET;
+	ss.sin_addr.s_addr=htonl(INADDR_ANY);
+	ss.sin_port=htons(rport);
+	r = 1;
+	if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &r, sizeof r)) return (0);
+	if (bind(s,(struct sockaddr *)&ss,sizeof(ss))) return(0);
+	DSYSLOG(1,(LOG_DEBUG,"net_write_message(): source port set to %d\n", rport));
+
 	/* Get message size */
 	len=msg_size_by_opcode(p->hdr.opcode);
 


-- System Information:
Debian Release: 10.1
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'oldstable'), (101, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=gl_ES.UTF-8, LC_CTYPE=gl_ES.UTF-8 (charmap=UTF-8), LANGUAGE=gl_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dhis-server depends on:
ii  libc6     2.28-10
ii  libgmp10  2:6.1.2+dfsg-4

Versions of packages dhis-server recommends:
ii  dhis-dns-engine              5.3-2+b1
ii  dhis-tools-dns               5.0-8+b1

Versions of packages dhis-server suggests:
pn  dhis-mx-sendmail-engine  <none>

-- no debconf information

--- End Message ---

--- Begin Message ---

• To: 236209-done@bugs.debian.org,736601-done@bugs.debian.org,943317-done@bugs.debian.org,1039170-done@bugs.debian.org,963913-done@bugs.debian.org,
• Cc: dhis-server@packages.debian.org
• Subject: Bug#1055839: Removed package(s) from unstable
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Mon, 11 Dec 2023 18:54:46 +0000
• Message-id: <[🔎] E1rClQU-0002Nx-41@fasolo.debian.org>

Version: 5.3-3+rm

Dear submitter,

as the package dhis-server has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1055839

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Thorsten Alteholz (the ftpmaster behind the curtain)

--- End Message ---