tac_plus is listening on ipv6 only on FreeBSD
Olli Hauer
found the process is listining on IPv6 only.
The system has both an IPv4 and IPv6 address.
OS versions tested:
- FreeBSD 7.4 (i386)
- FreeBSD 8.2 (x64)
used source: DEVEL.201109122012.tar.bz2
Any hint how to get tac_plus listening on IPv4?
--
Regards,
olli
Marc Huber
on IPv6 hosts the daemon will by default bind to the IPv6 wildcard. This works great if "IPv4 mapped IPv6" addresses are supported, but FreeBSD apparently doesn't, by default. Snapshot 201109152047 will enable that feature on FreeBSD (see the patch below).
Alternatively, the following would work:
id = spawnd {
...
listen = { address = :: port = 49 }
listen = { address = 0.0.0.0 port = 49 }
...
}
Cheers,
Marc
--- misc/net.c 2011/08/20 14:04:40 1.36
+++ misc/net.c 2011/09/15 18:42:17
@@ -328,6 +328,11 @@
(socklen_t) sizeof(one));
setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (char *) &one,
(socklen_t) sizeof(one));
+#if defined(IPPROTO_IPV6) && defined(IPV6_BINDV6ONLY)
+ one = 0;
+ setsockopt(s, IPPROTO_IPV6, IPV6_BINDV6ONLY, (char *) &one,
+ (socklen_t) sizeof(one));
+#endif
return bind(s, &sa->sa, su_len(sa));
}
olli hauer
Hi Marc,
Thanks, the patch is working ;)
I've already a port for FreeBSD on the start, missing only some test
and proper rc-scripts (tasklist for the weekend).
Before committing the port I will ask for your permission to mirror
the source but keep your site as Master.
Additional I'm searching for a portname, I think about something like
"tac_plus-mavis", since "mavis" or "event-driven-servers" do not
reflect with a first look the power of this tacacs implementation. Is
"tac_plus-mavis" as portname acceptable for you?
--
Regards,
olli
Marc Huber
On Thursday, September 15, 2011 9:30:46 PM UTC+2, Olli Hauer wrote:
I've already a port for FreeBSD on the start, missing only some testand proper rc-scripts (tasklist for the weekend).
Before committing the port I will ask for your permission to mirror
the source but keep your site as Master.
That's fine for me. However, I'd imagine that ports requires some kind of "stable" release, and my current distribution model more closely resembles, well, "current".
Additional I'm searching for a portname, I think about something like
"tac_plus-mavis", since "mavis" or "event-driven-servers" do not
reflect with a first look the power of this tacacs implementation. Is
"tac_plus-mavis" as portname acceptable for you?
Thanks,
Marc
olli hauer
Hi Mark,
I have the port nearly finish, not all parts are tested until now
(running out of time ...)
During build testing I found the following issue (maybe it is FreeBSD
specific, I haven''t tested on other platforms until now.)
If I specify "--with-freeradius=$location" or "--with-pam" the build
fails the following error message
gmake: Entering an unknown directory
gmake: *** mavis/radmavis: No such file or directory. Stop.
gmake: Leaving an unknown directory
The following patch solves this issue (maybe relevant on other platforms too)
--- ./configure.orig 2011-09-05 12:58:49.000000000 +0200
+++ ./configure 2011-09-19 19:19:01.000000000 +0200
@@ -366,11 +366,11 @@
delete $A{"--with-$a-include"};
- $content .=
"DIRS+=mavis/radmavis\n"
- if $a
eq "freeradius";
+# $content .=
"DIRS+=mavis/radmavis\n"
+# if $a
eq "freeradius";
- $content .=
"DIRS+=mavis/pammavis\n"
- if $a eq "pam";
+# $content .=
"DIRS+=mavis/pammavis\n"
+# if $a eq "pam";
}
}
PS:
a preview of the port is available as shar file here.
http://people.freebsd.org/~ohauer/shar/tac_plus-mavis.shar
--
Regards
olli
olli hauer
patch located here:
http://people.freebsd.org/~ohauer/shar/patch-configure.txt
and as attachement.
Marc Huber
thanks, I've removed the offending parts from the configure script.
Earlier releases in fact came with the mavis/(rad|pam)mavis
directories, but a recent restructuring made these obsolete. And
frankly, I *never* use any of the --with-... switches.
I've had a quick look at the distfile and saw that DEVEL.201109191948
is referenced there, explicitely. However, I cannot guarantee that
this file will be available forever on *my* server. I tend to simply
remove older snapshots at arbitrary times, and non-existing tarballs
will be redirected to the current snapshot.
Cheers,
Marc
olli hauer
> Hi Olli,
>
> thanks, I've removed the offending parts from the configure script.
>
> Earlier releases in fact came with the mavis/(rad|pam)mavis
> directories, but a recent restructuring made these obsolete. And
> frankly, I *never* use any of the --with-... switches.
This is the other site of porting, if it is possible and it makes
sense offer it to the users ...
> I've had a quick look at the distfile and saw that DEVEL.201109191948
> is referenced there, explicitely. However, I cannot guarantee that
> this file will be available forever on *my* server. I tend to simply
> remove older snapshots at arbitrary times, and non-existing tarballs
> will be redirected to the current snapshot.
That's, no issue if I have your permission to mirror a given distfile
I can commit the port as soon everything is done.
I will regularly update the version if there are changes which affect
users or on your or user / request.
Not possible will be a 1/1 portversion/ current distversion since you
are very fast with fixes and new releases which is indeed a good sign
;)
I hope I find the time to do some more tests and finish the rc.scripts
until end of next week.
--
Regards,
olli