On 2013-11-30 22:40, Heikki Vatiainen wrote: > On 11/29/2013 04:04 PM, Hartmaier Alexander wrote: > >> I've just read the IPv6 section in the 4.12.1 reference manual after >> installing 4.12.1 on a new RHEL6 box which has IPv6 support disabled via >> 'alias ipv6 off' and 'options ipv6 disable=1' in /etc/modprobe.d/local.conf. >> >> On startup Radiator logs: 'INFO: This system is IPv6 capable. IPv6 >> capability provided by: core' although the Socket6 module isn't >> installed because its tests fail because IPv6 support is disabled in the >> Linux kernel. > That's interesting. Does Socket6 compilation really check if IPv6 is > disabled in the system? > > The Radiator log message is about the IPv6 capability of the Perl that > was used to invoke radiusd. Now that you mentioned, it might be better > to say that the system has IPv6 capable Perl and the Perl IPv6 > capability required by Radiator is provided by Perl core (or Socket6 or > none). > > In your case, even if you can not use BindAddress ::, radiusd can still > process attributes with IPv6 addresses and prefixes without problems > since the Perl core libraries have support for e.g., getaddrinfo(). > >> But the manual says 'Note: Currently IPv6 support requires Socket6.pm >> Perl module.'. Which one is correct, the manual or the log message? > The manual is correct for Radiator 4.12.1 as it was released. Binding to > IPv6 addresses, address packing and other functions and decoding and > encoding of IPv6 addresses and prefix in attributes requires Socket6.pm > with 4.12.1. In a recent p5p mailing list discussion Paul Evans confirmed that Socket6 isn't needed these days as the core Socket has all functions required: https://rt.perl.org/Public/Bug/Display.html?id=75740#txn-1278801
Please rework Radiator's code to use a new-enough Socket.pm instead of the deprecated Socket6.pm, thanks! If everything goes well IO::Socket::IP will be in core Perl 5 Version 20, which will be released in March, as a replacement for IO::Socket::INET to provide IPv4 and IPv6 support. So if you're using ::INET today please replace it with ::IP and test it. You can also use Acme::Override::INET to override all ::INET with ::IP calls. > > The patches in 4.12.1 check Perl's IPv6 capability and try to prefer the > built in core modules. If the core does not support all the required > functionality, then presence of Socket6.pm is checked. If there is no > Socket6.pm either then IPv6 addresses and prefixes can not be encoded > and decoded in human readable format and are processed as binary data > which works for proxying. That already sounds like it's using Socket instead of Socket6. I recommend to remove Socket6 at all and require a newer Socket.pm instead. > >> The Perl version is 5.16.3 compiled on the box using perlbrew. > Perl 5.16.3 is recent enough, I think 5.14.0 has everything required, so > radiusd finds the core modules in 5.16.3 can be used. Also, since you > get the log message about IPv6 capability, it means you have Radiator > 4.12.1 + patches. > >> The very first sentence doesn't mention TACACS+, does it support IPv6 >> too or not? > ServerTACACSPLUS should work with IPv6. Looks like > goodies/tacacsplustest does not support IPv6 for testing yet, but the > server side should work. Good to know, thanks! > >> Please add this info. > The documentation regarding Socket6.pm not required for recent enough > Perls will be in the next release's documentation. We can also mention > TACACS+ too. > > Thanks, > Heikki > > -- > Heikki Vatiainen <h...@open.com.au> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, > NetWare etc. > _______________________________________________ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien Handelsgericht Wien, FN 79340b *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* Notice: This e-mail contains information that is confidential and may be privileged. If you are not the intended recipient, please notify the sender and then delete this e-mail immediately. *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator