Project

General

Profile

Actions

Feature #678

closed

$SERVER["socket"] to bind to IPv6 by default

Added by Anonymous almost 18 years ago. Updated over 7 years ago.

Status:
Fixed
Priority:
Normal
Category:
core
Target version:
ASK QUESTIONS IN Forums:

Description

I think $SERVER[[socket]] == ":1234" without explicitly specifying the host to bind to, should bind to IPv6 '::' instead of 0.0.0.0 when server.use-ipv6 = "enable" is specified.

I'm well aware that one can use "[[::]]:1234", but the behavior described above makes much more sense to me.

-- intgr


Files

https-bind-to-IPv6.patch (386 Bytes) https-bind-to-IPv6.patch Patch to fix Ticket 678 -- prgaikar Anonymous, 2007-03-22 11:53
Actions #1

Updated by Anonymous over 15 years ago

This is not just for HTTPS but for all alternate socket directives.

-- malaiwah

Actions #2

Updated by gstrauss almost 8 years ago

  • Description updated (diff)
  • Target version set to 1.4.40

(repeating the issue, with proper brackets for accuracy)

I think `$SERVER["socket"] == ":1234"` without explicitly specifying the host to bind to, should bind to IPv6 '::' instead of 0.0.0.0 when `server.use-ipv6 = "enable"` is specified.

I'm well aware that one can use "[::]:1234", but the behavior described above makes much more sense to me.

-- intgr

This should already work if you specify server.use-ipv6 = "enable" within the $SERVER["socket"] condition.

The actual issue is not inheriting the setting from the global scope. The following patch fixes that, but might surprise people with existing configs who have server.use-ipv6 = "enable" in the global scope, and then do not set server.use-ipv6 = "disable" in $SERVER["socket"] conditionals where IPv4 is desired instead of IPv6-mapped IPv4.

diff --git a/src/configfile.c b/src/configfile.c
index 690713c..094ad83 100644
--- a/src/configfile.c
+++ b/src/configfile.c
@@ -207,8 +207,8 @@ static int config_insert(server *srv) {
                s->ssl_empty_fragments = 0;
                s->ssl_use_sslv2 = 0;
                s->ssl_use_sslv3 = 0;
-               s->use_ipv6      = 0;
-               s->set_v6only    = 1;
+               s->use_ipv6      = (0 != i) srv->config_storage[0]->use_ipv6 : 0;
+               s->set_v6only    = (0 != i) srv->config_storage[0]->set_v6only : 1;
                s->defer_accept  = 0;
 #ifdef HAVE_LSTAT
                s->follow_symlink = 1;

While I do not think that this change would affect a large number of users, and I think that those who have such specific configs with mixed IPv6 and IPv4 addresses will have the knowledge to recognize if this change affects them, backward compatibility with existing configs might mean that this patch will not be accepted into a release.

Actions #3

Updated by gstrauss almost 8 years ago

  • Status changed from New to Patch Pending
Actions #4

Updated by stbuehler almost 8 years ago

  • Description updated (diff)
  • Assignee deleted (jan)
Actions #5

Updated by stbuehler almost 8 years ago

  • Description updated (diff)
Actions #6

Updated by stbuehler almost 8 years ago

I'd rather get rid of both options. Maybe we could deprecate them, and show a warning when they are used and also warn that they are not inherited? And remove them in 1.4.41/42?

Actions #7

Updated by gstrauss almost 8 years ago

That sounds reasonable. Do I understand this correctly:
  • IPv6 requires an IPv6 address, and IPV6_V6ONLY is always used with IPv6 addresses
  • "[::]" for inaddr6_any (IPv6)
  • missing host (just port ":1234") defaults to IPv4
  • listen to all addresses (IPv4 and IPv6) requires two socket declarations, but admin need not put other config inside the SOCKET condition -- they can share global config

Should we special-case "*" for INADDR_ANY (IPv4)?

Actions #9

Updated by gstrauss over 7 years ago

server.use-ipv6 is used in hints passed to getaddrinfo() if a name is provided instead of an IP address.

server.set-v6only = "enable" can be used to get deterministic behavior regardless of OS config, though OS config can override if set to "disable".

While the use of these flags should be discouraged except for advanced users with very specific config requirements, for the reasons above, I don't think we should remove them.

I do think that applying my patch above for sockets to inherit these settings from the global config is more intuitive to end-users, and so I plan to apply that patch.

Actions #10

Updated by gstrauss over 7 years ago

  • Target version changed from 1.4.40 to 1.4.41
Actions #11

Updated by gstrauss over 7 years ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100
Actions

Also available in: Atom