Skip Menu |
 

To: krb5-bugs@mit.edu
From: Ken Raeburn <raeburn@mit.edu>
Date: Sun, 08 Aug 2004 20:11:44 -0400
Subject: rpc code has no IPv6 support
Our current RPC code uses AF_INET, sockaddr_in, gethostbyname, etc
with no IPv6 support.

I don't know what the status is of an updated spec for the API or
protocol to encompass IPv6...
We install svc.h, which has sockaddr_in structures for the local and
remote addresses in SVCXPRT and directly accessed with svc_getcaller.
So any change to support IPv6 will break binary compatibility with our
currently deployed RPC libraries, necessitating a major version number
bump for the library.

Once we figure out what to do about IPv6 in the RPC code, see about
integrating the IPv6 bits of Denis Vlasenko's patch to the RPC library
(for IPV6_PKTINFO) in 3306.
As of r24147, it is possible for callers to use libgssrpc with IPv6
sockets provided that they:

* Create and connect/bind their own sockets.
* Only use TCP.
* Do not query the addresses of client or server objects.

That's enough to get kadmin working, as noted in #6746. There's no
fundamental reason why UDP could not also be supported, but allowing the
portmapper to be used might be difficult.

As I understand it, our libgssrpc is based on Sun's (now Oracle's) ONC
RPC. That API was updated to work with non-IPv4 transports and is now
called TIRPC. TIRPC has been incorporated into libc on the *BSD
platforms and has also been ported to Linux (though not incorporated
into glibc).

Our current understanding is that TIRPC code has been made available
under two licenses: the SISSL and (via OpenSolaris) the CDDL. Neither
is believed to be GPL-compatible. We are not aware of any
implementations of TIRPC which are not derived from Sun/Oracle's code.
We have made a request for the relevant parts of OpenSolaris to be
relicensed under a BSD-like license so we might adapt it for the krb5
tree.
A side note: currently our auth_gssapi.c performs channel bindings which
would only work with IPv4. However, any code new enough to work over
IPv6 would negotiate the newer auth_gss.c code, which does not perform
channel bindings.