Return-Path: 
 <dev-return-38883-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 1018 invoked by uid 500); 12 Aug 2003 16:23:01 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
list-post: <mailto:dev@httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 956 invoked from network); 12 Aug 2003 16:23:01 -0000
Date: Tue, 12 Aug 2003 17:23:00 +0100
To: dev@httpd.apache.org
Subject: Re: [PATCH] Default Listen with IPv6 enabled incorrect
Message-ID: <20030812162300.GA3750@castlerea.stdlib.net.>
References: <1130000.1060655300@scotch.ics.uci.edu>
 <20030812142201.GA3271@castlerea.stdlib.net.>
 <2147483647.1060679045@[10.0.1.12]>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <2147483647.1060679045@[10.0.1.12]>
User-Agent: Mutt/1.3.28i
From: "Colm MacCarthaigh,,," <colmmacc@stdlib.net>
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

On Tue, Aug 12, 2003 at 09:04:05AM -0700, Justin Erenkrantz wrote:
> >If IPv6 has been enabled, that should bind to :: , this is the standard
> >behaviour of all IPv6 apps, and to not do so would be utterly broken.
> >If by some quirk the OS doesn't support IPv4 over IPv6 sockets, then
> >getaddrinfo PF_UNSPEC magic should return the correct linked list to
> >handle this.
> 
> Um, then wouldn't it only be listening on IPv6 sockets, not IPv4?

Yep :)

> Surely that can't be right.  -- justin

It is, in fact it's the only way you can do it on some stacks (Linux
is an example of one). The socket will accept IPv4 addresses and
treat them as IPv4 mapped IPv6 addresses. They look like:

	::ffff:193.1.219.90 

Apache handles these just fine for the most part, and the addresses
are translated into the correct AF for logging and so on. E.g on
Linux:

colmmacc@byron:~$ netstat -an | grep 80
tcp        0      0 :::80                   :::* 	LISTEN   

byron:/home/colmmacc# tail -1 /var/log/apache/access.log
193.1.219.104 - - [15/May/2003:11:22:39 +0100] "GET / HTTP/1.0" 200 4110
"-" "check_http/1.32.2.6 (netsaint-plugins 1.2.9-4)"

Allthough on some platforms (Tru64) I'm tracking down a bug which
seems to leave the addresses mapped for variables like REMOTE_ADDR.

There's also some slight Access List type problems in that IPv4
ACLs don't get applied properly in some situations because of
this, and also mapped addresses in access lists never seem to work.
I can't allow/deny ::ffff:$something for example, which really
I should be able to.

I have an AF-indepentent access list implementation which I wrote
for NSD which I'm working on utilising in APR for apache which should
fix a lot of these niggly problems, but havnt had much time to work
on it lately.

-- 
Colm MacC�rthaigh                        Public Key: colm+pgp@stdlib.net
colm@stdlib.net					  http://www.stdlib.net/