Ryan Phillips
Thu, 12 Jun 2008 08:52:31 -0700
Andr? Malo <[EMAIL PROTECTED]> said: > * Ryan Phillips wrote: > > > Ryan Phillips <[EMAIL PROTECTED]> said: > > > Jeff Trawick <[EMAIL PROTECTED]> said: > > > > On Mon, Jun 9, 2008 at 9:19 PM, Ryan Phillips > <[EMAIL PROTECTED]> wrote: > > > > > Ryan Phillips <[EMAIL PROTECTED]> said: > > > > >> So I needed to create some mod_rewrite rules only for IPv6 when > > > > >> httpd is configured for both ipv4 and ipv6 modes. This patch adds > > > > >> 'RewriteCond IPV6 on' support to the ruleset. > > > > >> > > > > >> I initially tried to see if the incoming socket was APR_INET6, but > > > > >> couldn't find the right structure within the request to query. > > > > > > > > > > Should r->connection->local_addr or remote_addr have the correct > > > > > socket family? If I try either of these over an IPv4 connection, I > > > > > always get a socket family of IPv6. > > > > > > > > On most platforms, httpd will handle IPv4 connections on an IPv6 > > > > socket; the address family will be APR_INET6 and the socket address > > > > will have a special format which indicates that the client is IPv4 > > > > (http://en.wikipedia.org/wiki/IPv4_mapped_address). > > > > > > > > Replace "Listen ##" with the combination "Listen 0.0.0.0:##" + > > > > "Listen [::]:##" and you should be able to distinguish between client > > > > connection type by checking the address family (not a real solution). > > > > > > > > The system macro IN6_IS_ADDR_V4MAPPED() can check if an IPv6 socket > > > > address represents an IPv4 client connection. Apparently APR doesn't > > > > provide an equivalent. > > > > > > Jeff, > > > > > > Thanks for the detailed explanation. I wasn't aware of this. > > > > Attached is a patch which uses IN6_IS_ADDR_V4MAPPED to see if the client > > is from an IPv4 socket. > > You should probably add conditionals for both macros (AF_INET6 and > IN6_IS_ADDR_V4MAPPED) and deal with non-existance properly. If INET6 is > missing, you can safely return "off", I think. If IN6_IS_ADDR_V4MAPPED is > missing - well, then "on" might be right. > > Next point - which header files are the macros and structs in? Should we > include them explicitly? Or are they provided by APR already (and > officially)? > > And finally, "return apr_strdup" should be replaced by "result = ". I know, > it's probably pasted from the HTTPS variable stuff, but that's not good > there too ;) > > Ah, another last point - is your patch against trunk? It doesn't look like > it. Thanks for the tips. IN6_IS_ADDR_V4MAPPED is defined in netinet/in.h on unices and APR defines it on windows. I've modified the patch to check for APR_HAVE_IPV6 support and check for APR_HAVE_NETINET_IN_H. Also, this patch will apply to trunk/. Thanks, Ryan
Index: modules/mappers/mod_rewrite.c
===================================================================
--- modules/mappers/mod_rewrite.c (revision 667098)
+++ modules/mappers/mod_rewrite.c (working copy)
@@ -82,6 +82,9 @@
#if APR_HAVE_CTYPE_H
#include <ctype.h>
#endif
+#if APR_HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
#include "ap_config.h"
#include "httpd.h"
@@ -1887,6 +1890,18 @@
rewritelog((r, 1, ctx->perdir, "RESULT='%s'", result));
return (char *)result;
}
+ else if (!strcmp(var, "IPV6")) {
+ int flag = FALSE;
+#if APR_HAVE_IPV6
+ apr_sockaddr_t *addr = r->connection->remote_addr;
+ flag = (addr->family == AF_INET6 &&
+ !IN6_IS_ADDR_V4MAPPED((struct in6_addr *)addr->ipaddr_ptr));
+ rewritelog((r, 1, ctx->perdir, "IPV6='%s'", flag ? "on" : "off"));
+#else
+ rewritelog((r, 1, ctx->perdir, "IPV6='off' (IPv6 is not enabled)"));
+#endif
+ result = (flag ? "on" : "off");
+ }
break;
case 5: