httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jun-ichiro itojun Hagino <ito...@itojun.org>
Subject Re: IPv6 support in Apache's future?
Date Wed, 16 Jun 1999 04:48:49 GMT

>Are there any plans for IPv6 support in the Apache
>codebase and/or for the 2.x release?

	I have diff for 1.3.6 at ftp://ftp.kame.net/pub/kame/misc/.
	Unfortunately this needs several updates in module api (we can
	no longer hold addresses in u_long, for example), and configuration
	directives (host:port is not suitable if host is numeric IPv6 address).

itojun


---
IPv6-ready apache 1.3.x
KAME Project
$Id: README.v6,v 1.14 1999/06/16 04:48:31 itojun Exp $

This patchkit enables apache 1.3.x to perform HTTP connection over IPv6.
Most of optional modules are left unchanged, i.e. it won't support IPv6,
and it may not compile.

Basically you can write IPv6 address where IPv4 address fits.

extra command-line argument:
	-4	Assume IPv4 address on ambiguous directives
	-6	Assume IPv6 address on ambiguous directives

	The above two can be used, for example, to disambiguate
	"BindAddress *".

base commands:
    Listen
	Listen is expanded to take one or two arguments.
		Listen port
		Listen address:port
		Listen address port
	This is to let you specify "Listen :: 80", since "Listen :::80"
	won't work.

mod_access:
    deny from
    allow from
	"deny from" and "allow from" supports IPv6 addresses, under the
	following forms:
		{deny,allow} from v6addr
		{deny,allow} from v6addr/v6mask
		{deny,allow} from v6addr/prefixlen
	Also, wildcard ("*") and string hostname matches IPv6 hosts as well.

mod_proxy:
    ProxyRequests on
	http/ftp proxying for both IPv4 and IPv6 is possible.
	Access control functions (NoProxy) are not updated yet.

	NOTE: for security reasons, we recommend you to filter out
	outsider's access to your proxy, by directives like below:
		<Directory proxy:*>
		order deny,allow
		deny from all
		allow from 10.0.0.0/8
		allow from 3ffe:9999:8888:7777::/64
		</Directory>

virtual host:
    NameVirtualHost
	NameVirtualHost is expanded to take one more two arguments.
		NameVirtualHost address
		NameVirtualHost address:port
		NameVirtualHost address port
	This is to let you specify IPv6 address into address part.

	Note that, if colon is found in the specified address string,
	the code will to resolve the address in the following way:
	1. try to resolve as address:port (most of IPv6 address fails)
	2. if (1) is failed, try to resolve as address only
	If there's ambiguity, i.e. 3ffe:0501::1:2, the address may not be
	parsed as you expect (3ffe:0501::1 with port 2, or 3ffe:0501::1:2
	with default port).  To get the right effect you are encouraged
	to specify it without ambiguity.  In IPv6 case "address port"
	(specify address and port separated by a space) is the safest way.

    <VirtualHost host:port [host:port ...]>
	Unfortunately, the directive cannot be updated for IPv6 support
	at this moment.  Since it take multiple "host:port" (or "host") as
	argument, we cannot modify this to take "host port" syntax.
	If you would like to specify IPv6 numeric address in host part,
	disambiguate that by specifying full 128bit address, like below:
		<VirtualHost 0000:0000:0000:0000:0000:0000:0000:0001:80>
	The following is bad example.  This is ambiguous.
		<VirtualHost ::1:80>

logresolve (src/support)
	error statistics in nameserver cache code is omitted.

mod_unique_id
	Originally mod_unique_id used IPv4 address as a seed for UNIQUE_ID,
	and took IPv4 address registered onto DNS for the hostname (UNIX
	hostname taken by gethostname(3)).  Therefore, this does not work
	for IPv6-only hosts as they do not have IPv4 address for them.

	Now, UNIQUE_ID can be generated using IPv6 address.  IPv6 address can
	be used as the seed for UNIQUE_ID.
	Because of this, UNIQUE_ID will be longer than normal apache.  This
	may cause problem with some of the CGI scripts.
	The preference of the addresses is based on the order returned
	by getaddrinfo().  If your getaddrinfo() returns IPv4 address, IPv4
	adderss will be used as a seed.
	Note that some of IPv6 addresses are "scoped"; If you happened to use
	link-local or site-local address as a seed, the UNIQUE_ID may not be
	worldwide unique.

	If longer UNIQUE_ID causes a problem, define SHORT_UNIQUE_ID in
	mod_unique_id.c.  In this case, length of UNIQUE_ID will be kept the
	same.  However, for IPv6 addresses mod_unique_id.c will use the last
	32bit (not the whole 128bit) as the seed.  Therefore, there can be
	collision in UNIQUE_ID.

	The behavior should be improved in the near future; we welcome your
	inputs.

Modules known to be incompatible with IPv6
	(please report us)

configure
	Configure has extra option, --enable-rule=INET6.  if the option
	is specified, IPv6 code will be enabled.

This kit assumes that you have working(*) getaddrinfo() and getnameinfo()
library functions.  Even if you don't have one, don't panic.  We have
included last-resort version (which support IPv4 only) into the kit.
For more complete implementation you might want to check BIND 8.2.
(*) NOTE: we have noticed that some of IPv6 stack is shipped with broken
getaddrinfo().  In such cases, you should get and install BIND 8.2.

When compiling this kit onto IPv6, you may need to specify some additional
library paths or cpp defs. (like -linet6 or -DINET6)
--enable-rule=INET6 will give you some warning, if the IPv6 stack is
not known to the "configure" script.  Currently, the following IPv6 stacks
are supported:
- KAME IPv6 stack, http://www.kame.net/
	use configure.kame-v6 for convenience.

CAVEAT: This patchkit may change some of apache module API, to avoid
IPv4-dependent structure member variable.  Please let us know if there's
any troubles as we know very little about the apache module API.

Acknowledgements
	Thanks to all people submitted patches/fixes for this patch kit,
	including:
		"Chris P. Ross" <cross@eng.us.uu.net>

Author contacts
	Jun-ichiro itojun Hagino, KAME project
	http://www.kame.net/
	mailto:core@kame.net

Mime
View raw message