Bug 599528 - RFE: make radtest script usable for testing over IPv6
RFE: make radtest script usable for testing over IPv6
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: freeradius (Show other bugs)
All Linux
medium Severity medium
: rc
: ---
Assigned To: John Dennis
Karel Srot
: FutureFeature
Depends On:
Blocks: 519903
  Show dependency treegraph
Reported: 2010-06-03 08:55 EDT by Karel Srot
Modified: 2011-05-19 09:35 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-05-19 09:35:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
proposed patch for radtest script (1.37 KB, patch)
2010-06-03 08:55 EDT, Karel Srot
no flags Details | Diff
2nd version of the proposed patch (1.09 KB, patch)
2011-02-15 03:03 EST, Karel Srot
no flags Details | Diff
add IP family options to radtest to support IPv6 as well as IPv4 (1.39 KB, patch)
2011-02-23 17:30 EST, John Dennis
no flags Details | Diff

  None (edit)
Description Karel Srot 2010-06-03 08:55:43 EDT
Created attachment 419358 [details]
proposed patch for radtest script

Description of problem:

radtest script is widely used in tutorials for freeradius testing but this script does work with IPv4 only. It would be good to make this script IPv6 ready (probably in case the RFE is accepted by upstream).

Upstream RFE bug: https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=80

Proposed patch attached.
Comment 1 RHEL Product and Program Management 2010-06-03 09:08:06 EDT
This feature request did not get resolved in time for Feature Freeze
for the current Red Hat Enterprise Linux release and has now been
denied. You may re-open your request by requesting your support
representative to propose it for the next release.
Comment 9 John Dennis 2011-02-14 15:19:48 EST
I've been looking at this patch and I think there is a problem with this part of it:

-	nas=`hostname`
+        if [ "$IPv" = "-6" ]; then
+            nas=`host $HOSTNAME | awk '/has IPv6 address/ {print $NF}'`
+        else
+            nas=`host $HOSTNAME | awk '/has address/ {print $NF}'`
+        fi

This is not the correct way to select an address. Address selection should be done by getaddrinfo and specifying the family. This is exactly what the FreeRADIUS utility ip_hton() does. ip_hton() is invoked for you when you pass a NAS-IP-Address or NAS-IPv6-Address. It accepts a hostname as well as numeric addresses (dotted-decimal for IPv4 or hex for IPv6). If you pass a hostname, the easiest thing to pass, it will select the most appropriate address based on the family (IPv4 or IPv6). The mechanisms of which are beyond the scope of this discussion. The need to specify a numeric address is quite rare. If for some reason you do need to pass a numeric address it should be provided as an argument to the radtest script, the radtest script should NEVER try to deduce an numeric address on it's own (this is why IPv6 added the getaddrinfo() library call).

The output of the host command does not apply the same logic as getaddrinfo() does. Also, using the host command may not be portable across a variety of operating systems FreeRADIUS is deployed on.

Aside from the fact the host command does not provide correct address selection the implementation in the patch has a significant error, it does not account for multiple addresses.

Consider the following example:

$ host ipv6.comcast.net
ipv6.comcast.net has address
ipv6.comcast.net has address
ipv6.comcast.net has IPv6 address 2001:558:1002:5:68:87:64:59
ipv6.comcast.net has IPv6 address 2001:558:1004:9:69:252:76:96

Using the logic suggested in the patch would result in the IPv6 address attribute being set to a nonsensical multi-value string, e.g:

$ host ipv6.comcast.net | awk '/has IPv6 address/ {print $NF}'


The nas should still default to the hostname

The only needed modifications are the address family specification and selecting the radius attribute based on the family.

Updated patch will follow.
Comment 10 Karel Srot 2011-02-15 03:03:54 EST
Created attachment 478782 [details]
2nd version of the proposed patch

Hi John, 
I absolutely agree, see #c3. Since the bug 599521 is already resolved there is no need to use IPv6 address in $nas. I would propose to use only the remaining parts of the patch (or ensure similar functionality other way). I have attached the new version of the patch.
Comment 12 John Dennis 2011-02-23 17:30:26 EST
Created attachment 480593 [details]
add IP family options to radtest to support IPv6 as well as IPv4
Comment 15 errata-xmlrpc 2011-05-19 09:35:30 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.