Package: dhis-server
Version: 5.3-2.1+b2
Severity: wishlist
Tags: patch
Dear Maintainer,
When I last tried to implement a dhis-server on our network at work we had
trouble getting the traffic through the firewalls.
It turned out that at least with our dhis setup (nothing special to be
honest) the server was returning the packets from a port that was not the
port that the client had sent the packet to, so the traffic was asymmetric
and the firewall, which was open only to reach the server and then
established and related traffic, didn't let the reply pass.
In order to fix this we went to the code and applied this patch which solves
the problem.
Index: dhis-server-5.3/network.c
===================================================================
--- dhis-server-5.3.orig/network.c 2015-01-15 13:27:27.000000000 +0000
+++ dhis-server-5.3/network.c 2015-01-20 12:31:14.830863637 +0000
@@ -239,12 +239,16 @@
int net_init(int port) {
struct sockaddr_in sa;
-
+ int optval;
/* Create UDP socket */
udp_sock=socket(AF_INET,SOCK_DGRAM,0);
if(udp_sock<0) return(1);
+ /* Set the UDP socket to REUSEADDR */
+ optval = 1;
+ if (setsockopt(udp_sock, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof
optval)) return(1);
+
/* Bind the UDP socket */
sa.sin_family=AF_INET;
sa.sin_port=htons(port);
@@ -327,7 +331,7 @@
*/
int net_write_message(msg_t *p,int toaddr,int toport) {
- struct sockaddr_in sa;
+ struct sockaddr_in sa,ss;
int s;
int len;
int r;
@@ -348,6 +352,15 @@
sa.sin_port=htons(toport);
sa.sin_addr.s_addr=toaddr;
+ /* set source port */
+ ss.sin_family=AF_INET;
+ ss.sin_addr.s_addr=htonl(INADDR_ANY);
+ ss.sin_port=htons(rport);
+ r = 1;
+ if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &r, sizeof r)) return (0);
+ if (bind(s,(struct sockaddr *)&ss,sizeof(ss))) return(0);
+ DSYSLOG(1,(LOG_DEBUG,"net_write_message(): source port set to %d\n",
rport));
+
/* Get message size */
len=msg_size_by_opcode(p->hdr.opcode);
-- System Information:
Debian Release: 10.1
APT prefers stable
APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'oldoldstable'),
(500, 'unstable'), (500, 'oldstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-6-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=gl_ES.UTF-8, LC_CTYPE=gl_ES.UTF-8 (charmap=UTF-8),
LANGUAGE=gl_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages dhis-server depends on:
ii libc6 2.28-10
ii libgmp10 2:6.1.2+dfsg-4
Versions of packages dhis-server recommends:
ii dhis-dns-engine 5.3-2+b1
ii dhis-tools-dns 5.0-8+b1
Versions of packages dhis-server suggests:
pn dhis-mx-sendmail-engine <none>
-- no debconf information
