[RADIATOR] ipv6::: bind results in no match on IPv4 client
Alexander Hartmaier
alexander.hartmaier at t-systems.at
Mon Jul 1 03:30:42 CDT 2013
On 2013-06-28 16:38, Heikki Vatiainen wrote:
> On 06/28/2013 03:17 PM, Mueller, Jason C wrote:
>
>> I am still using ipv6:::, since I have not yet convinced system administrators to change the bindv6only attribute to 1.
>>
>> The example above (which a couple of others also suggested) works for a single address (i.e., ipv6:::ffff:128.255.90.90). However, it does not look like you support CIDR notation for IPv6, which you do support for IPv4. I need the support of CIDR notation to avoid putting in many hundreds of client entries.
> That's correct. The current CIDR notation is for IPv4 only.
>
> I took an initial look about setting IPV6_V6ONLY for the listen socket
> so that the option could be set or unset no matter what the system
> default is. This would require a setsockopt() call, but it seems that
> the availability IPV6_V6ONLY is not guaranteed with older Perls.
>
> For example, I needed to use this in ServerRADIUS.pm:
> setsockopt($s, Socket::IPPROTO_IPV6, 26, 1);
>
> on Perl 5.14.2 and Ubuntu 12.04. This works, but I'd rather use a name
> than bare 26 for IPV6_V6ONLY. Though I did not investigate this more at
> this point.
Socket is a dual-life module, it ships with Perl but is developed
separately and published on CPAN.
You could require a newer Socket version regardless of the used Perl
version as long as this Socket version is backcompat with the Perl version.
>
>> Any help is appreciated.
> Turning off the system default would be the easiest. Adding a setsockopt
> locally could fix it quickly too, but would mean there's the local
> maintenance overhead with it.
>
> CIDR support for IPv6 would require much more work. Adding the
> possibility for setsockopt in Radiator should be doable after some
> consideration how to handle it with the systems that do not support it
> or do not provide the option name.
When you enable IPv6 for a service updating OS and Software is often
required. Having minimum requirements for IPv6 the docs would help
planning and prevent hidden obstacles like this.
Please look into adding an option to set the IPv6 socket to IPv6 only so
that the IPv4 part of the config and backends doesn't have to be touched.
Thanks!
>
> Thanks,
> Heikki
>
>
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
More information about the radiator
mailing list