[RADIATOR] IPv6 enhancements in current patches: IPV6_V6ONLY and IPv6 CIDR clients

Heikki Vatiainen hvn at open.com.au
Thu Feb 6 07:05:35 CST 2014 

On 02/05/2014 08:07 PM, Hartmaier Alexander wrote:

> In a recent p5p mailing list discussion Paul Evans confirmed that
> Socket6 isn't needed these days as the core Socket has all functions
> required:
> https://rt.perl.org/Public/Bug/Display.html?id=75740#txn-1278801

I agree. The latest Perls do not require Socket6.pm to be used anymore
if IPv6 is needed.

> Please rework Radiator's code to use a new-enough Socket.pm instead of
> the deprecated Socket6.pm, thanks!

The current patches already default to Socket.pm. Socket6.pm is only
used if Socket.pm is not current enough.

> If everything goes well IO::Socket::IP will be in core Perl 5 Version
> 20, which will be released in March, as a replacement for
> IO::Socket::INET to provide IPv4 and IPv6 support.
> So if you're using ::INET today please replace it with ::IP and test it.
> You can also use Acme::Override::INET to override all ::INET with ::IP
> calls.

IO::Socket::INET, or IO::Socket::INET6 are not used much by Radiator.
Whatever the dependencies for those are, thet are likely to come from
the modules Radiator uses.

> That already sounds like it's using Socket instead of Socket6. I
> recommend to remove Socket6 at all and require a newer Socket.pm instead.

Socket6 is not required with 4.12.1+patches anymore. Only if Socket does
not have enough functionality, then Socket6 is needed. And even if
Socket6 is missing, any IPv6 typed attributes can still be proxied, and
processed as binary values. Binding to IPv6 addresses does not work,
though if Socket is not recent enough and Socket6 is not installed.

I do not think we will start to require recent enough Socket.pm always.
What is happening is that we do not require Socket6.pm. If Socket.pm is
not recent enough, then the user can install Socket6 or newer Socket.
I'd say that is easier because Socket6.pm is already packaged by many OS
vendors, such as RedHat for RHEL6.

>>> The very first sentence doesn't mention TACACS+, does it support IPv6
>>> too or not?
>> ServerTACACSPLUS should work with IPv6. Looks like
>> goodies/tacacsplustest does not support IPv6 for testing yet, but the
>> server side should work.
> Good to know, thanks!

goodies/tacacsplustest also supports IPv6 now. However, it is one of the
IO::Socket::I* users and requires IO::Socket::INET6 if IPv6 connections
are needed :)

An option might be to make it try IO::Socket::IP first before defaulting
back to IO::Socket::INET6 or ::INET.

If you plan to test the latest patches, please let us know how it goes
without Socket6.pm

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list