Recently in programming Category
Improved IPv6 support The Socket module provides new affordances for IPv6, including implementations of the Socket::getaddrinfo() and Socket::getnameinfo() functions, along with related constants and a handful of new functions. See Socket.
This change brings the standard getaddrinfo()/getnameinfo() socket calls into the core library. Prior to this, developers had to use a separate module, socket6, to get IPv6-capable socket calls. This change is long overdue. The getaddrinfo() and getnameinfo() calls were first defined in RFC 2113, which published in 1997!
In 2011, I can't imagine why anyone would want to write new code in Perl, but I'm glad that the core library finally has IPv6 support. There's still a lot of legacy Perl code out there, and much of it will have to get IPv6 support. This should make that process much easier.
I've recently been handed an assignment that requires me to write some Perl code. I'm not a fan of Perl anymore. I haven't used it routinely in almost seven years. It certainly filled a very useful niche in the '80s and early '90s, but by 2008, I think it's been superceeded by Python or Ruby. Frankly, I think it's an anachronism. But this isn't a blog about programming.
I've griped about the shoddy IPv6 support in Perl before. This post is in the same vein.
This code needs to use Perl-LDAP. Natually, I checked if that library supports IPv6 (remember, kids, in Perl, you have to check if every single library supports it!). Fortunately, it got support a few months ago, in version 0.35. All's well, right? Not so fast, kiddo. The changelog says it "add option to support IPv6". What does "option" mean?
Looking at the docs, I found this gem:
So let me get this straightish. To get IPv6 support in my LDAP apps, I have to pass a special "no, really, use IPv6" flag to every LDAP object I create? What happens if the hostname resolves to both an IPv6 and an IPv4 address? And I better just hope that I'm not using SSL. This is just charming. But it gets better. If you follow the link to IO::Socket::SSL, you find this:
Gah! You can't possibly be serious. Java has supported SSL-over-IPv6 and mixed v6-v4 apps> for 5 years! Hell, it's supported it for so long that the first version to get support is now EOL. Python has had support for the same amount of time.
Folks, this is not the way to design a maintainable, supportable, enterprise language. How people continue to use Perl in production totally escapes me. And this does not bode well for IPv6-enabling the large mountain of legacy Perl scripts that hold this University's IT systems together.
Today's bug - GMime doesn't parse URLs with literal IPv6 addresses. This has been reported to them as bug 515088.
GMime is a popular library for handling MIME. Penn State's WebMail system uses it. It has a very useful module that converts plaintext email containing URLs into HTML. WebMail uses this capability. Unfortunately, it doesn't support URLs with IPv6 addresses, such as http://[2610:8:6800:1::7]/. This is a valid URL, per RFC 2732.
From what I hear, the GMime developers are very responsive to bug reports. I look forward to this being fixed. It'll be one small step to making WebMail IPv6-capable. :)
We have many apps written in PHP and Perl, which we will eventually need to IPv6-enable. Given the abysmal state of IPv6 in these languages, I'm not optimistic about success. Critically, it not possible to write applications in PHP or Perl that use a single API and will work on IPv4-only, IPv6-only and IPv4/IPv6 dual-stacked hosts. The inability to do this is dooming.
Non-programmers can skip to the last paragraph. What follows is techy.
When a user posts a comment to a MovableType 4 blog, MT4 logs the user's IP address. However, the relevant column in MT's database is only big enough to store an IPv4 address. Here's the relevant code from lib/MT/Comment.pm:
PSU is using MovableType 4 for its blogging pilot, so I suppose I should submit a patch to fix this.
As an aside, it's disappointing that MovableType is storing the address as a string. I suppose this was done for portability reasons, but it means that MT can't take advantage of databases with intelligent IP address datatypes, like PostgreSQL. For almost a decade, PostgreSQL has had the inet and cidr datatypes, which are specifically designed for storing IP addresses. These datatypes have supported IPv6 since release 7.4 in late 2003.
It looks like the next version of Python will include an IPv6-safe convenience function to open a connection to a server: socket.create_connection(). You can see the gory details in the svn commit message.
This is A Good Thing. It wraps a rather verbose bit of code:
This code requests a list of all the addresses (both IPv4 and IPv6) for host using the socket.getaddrinfo() function. It then loops over that list, trying each address until it finds one that works. If none work, it raises an exception.
Python's socket.getaddrinfo() is quite handy. It's a Python wrapper around the C getaddrinfo(3) function, which is defined in RFC 3493: Basic Socket Interface Extensions for IPv6. I'll talk more about it in a future blog entry on how to write IPv6-clean programs (and make sure they still work with IPv4).
Here's a random little tip: To check if your platform's Python interpreter was built with IPv6 support, run this program:
Python 2.4.4 (#1, Jan 10 2007, 01:25:01) [C] on sunos5
Type "help", "copyright", "credits" or "license" for more information.
>>> import socket
The University of Michigan has developed a lot of open-source software. For example, PSU makes heavy use of their CoSign and radmind products. Their graphical SFTP client, Fugu is also very popular. Sadly, none of these are IPv6-clean.
As I mentioned previously, I've got patches to make CoSign IPv6-clean. This afternoon I looked at the radmind and Fugu sources, and it looks like they share some low-level networking libraries with CoSign. I suspect I'll be able to easily adapt my CoSign patches for them.
I setup the VMs for my CoSign testing this afternoon. I hope to actually get to testing things later this week.
Perhaps I'll make a blog entry about converting legacy C code to use the new IPv6-capable APIs. It's generally a straightforward conversion.
If you are IPv6-enabling a website protected by WebAccess, you might need to make a change to your web server's configuration. Specifically, you might need to set CosignCheckIP never in your Apache config. Otherwise, connections over IPv6 won't be authenticated. You can read more about why this happens in the ITS wiki.
Penn State's WebAccess product is based on CoSign, an open-source web single-sign-on system. The CoSign source code is not IPv6-clean, so even if ASET were to assign IPv6 addresses to the WebAccess servers, we'd still have problems. I'm working on a patch to CoSign to make it IPv6-clean. After the break, I'll do some more testing and submit it to the CoSign project for integration.