httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: mod_remoteip DNS address resolution
Date Thu, 04 Aug 2016 13:30:10 GMT
Am 04.08.2016 um 13:36 schrieb Yann Ylavic:
> On Thu, Aug 4, 2016 at 10:14 AM, Rainer Jung <rainer.jung@kippdata.de> wrote:
>>
>> Something like "RemoteIPLookups (On|Off|NNN)". "On" would be current
>> behavior, "Off" would be "No DNS and use connection IP if address is
>> invalid", "NNN" would be "No DNS and return status NNN if address is
>> invalid". Default "On" or "Off" for 2.4 and "Off" for trunk.
>
> +1
>
>>
>> Note that we don't have an "IP address string to numeric IP" conversion
>> function at hand. APR has apr_inet_pton(), but unfortunately it currently is
>> not made public via the header files. We could probably copy it in and make
>> public for future versions.
>
> We have apr_ipsubnet_create() which can validate whether a string is a
> valid IP address (among other things).

I did some experiments with it. There's two problems with 
apr_ipsubnet_create():

- it produces a apr_ipsubnet_t which IMHO is an opaque type. Of course 
we could cast by using our knowledge of what that type actually is, but 
by that we break our ability to later change that type in APR. Or we add 
accessors for the members of the struct to APR or we make the struct 
definition public in APR.

- apr_ipsubnet_create() has some logic, that for instance accepts 
"192.168" as input with NULL mask_or_numbits and returns sub 192.168.0.0 
and mask 255.255.0.0. So one has to set mask_or_numbits to some 
(correct) value, IMHO "32" for IPv4 and "128" for IPv6. That means one 
has to first check the string IP address whether it is likely IPv4 or 
IPv6, then set mask_or_numbits to the string representation of the 
address size and then let apr_ipsubnet_create() convert everything back. 
Not especially efficient.

But of course probably the shortest in term of code complexity.

Regards,

Rainer


Mime
View raw message