APR has to be compiled with -D_WIN32_WINNT=0x0600 -DWINVER=0x0600
Same with Tomcat Native
Use apr-1.6.x
On 25/05/2021 18:23, Michael Osipov wrote:
Folks,
we needed to deploy Tomcat 9.0.x on a Windows server (no jokes, please),
but the contractor wasn't able to configure the APR connector to accept
on external interfaces even after a day.
After my analysis it turned out be a subtile bug in libapr which affects
Windows users only. I am also surprised why no one complained before.
Setup:
* Windows 8+ or Windows Server 2016/2019
* Have at least IPv6 available, no IP addresses necessary, ::1 is
sufficient
* Any Tomcat with libtcnative 1.2.28 with the DLL compiled by Mark Thomas.
* Start Tomcat with the AprLifecycleListener and make sure that no
address (hostname) is set.
To make a long investigation story
short:http://svn.apache.org/viewvc?rev=1889037&view=rev
libapr, thus libtcnative suffer from a very subtile bug only visible
on dual-stack systems. Since on INET6 sockets IPV6_V6ONLY is 1 by
default on Windows, no IPv4 addresses are bound. In the case above,
Tomcat is only accessible on ::1. APR is supposed to set IPV6_V6ONLhttp://svn.apache.org/viewvc?rev=1889037&view=revY to
0 by default, but this fails because APR 1.7.x does not recognise
anything above Windows 7 and assumes it to be Windows XP by default. As
you might know Vista was the first Windows with true IPv6 an
dual-sockets. When setsockopt is invoked APR gives you 70023, not
implemented.
I was able, according to Mark's instructions, to compile OpenSSL, APR
and Tomcat Native on Windows 10 and deploy on Windows Server 2019.
I'd like to push
* https://github.com/michael-o/tomcat/compare/main...clean-bind
* https://github.com/michael-o/tomcat-native/compare/main...clean-bind
as well as the real fix in APR 1.7.x:
https://github.com/michael-o/apr/compare/1.7.x...1.7.x-windows
I ran all unit tests (main) with those modifications on these platforms:
* Windows 10, APR 1.7.0, 1.7.1-dev
* Windows Server 2019, APR 1.7.0, 1.7.1-dev
* FreeBSD 12-STABLE, APR 1.7.0, 1.7.1-dev
* RHEL 7, APR 1.4.8
* HP-UX 11i, APR 1.6.6
Some hosts are dual-stack, some IPv4 only. Moreover, I wrote a simple
program which binds the socket for tracing only:
https://gist.github.com/michael-o/dfb86df472f62d2b2dff6ef12ee3758e
It runs as expected on the above platforms, even with zone id on
link-local addresses.
If no one objects, I'll merge soon.
Mark, I don't know when the next APR release will happen, but I consider
this to be very annoying. Maybe it makes sense to push 1.2.29 with APR
1.7.1-dev to please Windows users?
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
--
^TM
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
