[RADIATOR] IPv6 enhancements in current patches: IPV6_V6ONLY and IPv6 CIDR clients

Hartmaier Alexander alexander.hartmaier at t-systems.at
Wed Feb 5 12:07:42 CST 2014


On 2013-11-30 22:40, Heikki Vatiainen wrote:
> On 11/29/2013 04:04 PM, Hartmaier Alexander wrote:
>
>> I've just read the IPv6 section in the 4.12.1 reference manual after
>> installing 4.12.1 on a new RHEL6 box which has IPv6 support disabled via
>> 'alias ipv6 off' and 'options ipv6 disable=1' in /etc/modprobe.d/local.conf.
>>
>> On startup Radiator logs: 'INFO: This system is IPv6 capable. IPv6
>> capability provided by: core' although the Socket6 module isn't
>> installed because its tests fail because IPv6 support is disabled in the
>> Linux kernel.
> That's interesting. Does Socket6 compilation really check if IPv6 is
> disabled in the system?
>
> The Radiator log message is about the IPv6 capability of the Perl that
> was used to invoke radiusd. Now that you mentioned, it might be better
> to say that the system has IPv6 capable Perl and the Perl IPv6
> capability required by Radiator is provided by Perl core (or Socket6 or
> none).
>
> In your case, even if you can not use BindAddress ::, radiusd can still
> process attributes with IPv6 addresses and prefixes without problems
> since the Perl core libraries have support for e.g., getaddrinfo().
>
>> But the manual says 'Note: Currently IPv6 support requires Socket6.pm
>> Perl module.'. Which one is correct, the manual or the log message?
> The manual is correct for Radiator 4.12.1 as it was released. Binding to
> IPv6 addresses, address packing and other functions and decoding and
> encoding of IPv6 addresses and prefix in attributes requires Socket6.pm
> with 4.12.1.
In a recent p5p mailing list discussion Paul Evans confirmed that
Socket6 isn't needed these days as the core Socket has all functions
required:
https://rt.perl.org/Public/Bug/Display.html?id=75740#txn-1278801

Please rework Radiator's code to use a new-enough Socket.pm instead of
the deprecated Socket6.pm, thanks!
If everything goes well IO::Socket::IP will be in core Perl 5 Version
20, which will be released in March, as a replacement for
IO::Socket::INET to provide IPv4 and IPv6 support.
So if you're using ::INET today please replace it with ::IP and test it.
You can also use Acme::Override::INET to override all ::INET with ::IP
calls.

>
> The patches in 4.12.1 check Perl's IPv6 capability and try to prefer the
> built in core modules. If the core does not support all the required
> functionality, then presence of Socket6.pm is checked. If there is no
> Socket6.pm either then IPv6 addresses and prefixes can not be encoded
> and decoded in human readable format and are processed as binary data
> which works for proxying.
That already sounds like it's using Socket instead of Socket6. I
recommend to remove Socket6 at all and require a newer Socket.pm instead.
>
>> The Perl version is 5.16.3 compiled on the box using perlbrew.
> Perl 5.16.3 is recent enough, I think 5.14.0 has everything required, so
> radiusd finds the core modules in 5.16.3 can be used. Also, since you
> get the log message about IPv6 capability, it means you have Radiator
> 4.12.1 + patches.
>
>> The very first sentence doesn't mention TACACS+, does it support IPv6
>> too or not?
> ServerTACACSPLUS should work with IPv6. Looks like
> goodies/tacacsplustest does not support IPv6 for testing yet, but the
> server side should work.
Good to know, thanks!

>
>> Please add this info.
> The documentation regarding Socket6.pm not required for recent enough
> Perls will be in the next release's documentation. We can also mention
> TACACS+ too.
>
> Thanks,
> Heikki
>
> --
> Heikki Vatiainen <hvn at open.com.au>
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*


More information about the radiator mailing list