Florian Obser(flor...@openbsd.org) on 2018.04.10 16:50:14 +0200:
> Theo pointed out that this breaks our example config:
> 
> /etc/examples/httpd.conf:13: server "example.com" defined twice
> 
> The problem is that * now means v4 and v6 and we have a listen on ::
> in there, so we are listening twice on any v6 address.
> 
> I think the best way forward is an entry to current.html and adapting
> (yet again) /etc/examples/httpd.conf:

ok
 
> diff --git etc/examples/httpd.conf etc/examples/httpd.conf
> index 4e2e243bd65..6afe975120a 100644
> --- etc/examples/httpd.conf
> +++ etc/examples/httpd.conf
> @@ -2,7 +2,6 @@
>  
>  server "example.com" {
>       listen on * port 80
> -     listen on :: port 80
>       location "/.well-known/acme-challenge/*" {
>               root "/acme"
>               root strip 2
> @@ -14,7 +13,6 @@ server "example.com" {
>  
>  server "example.com" {
>       listen on * tls port 443
> -     listen on :: tls port 443
>       tls {
>               certificate "/etc/ssl/example.com.fullchain.pem"
>               key "/etc/ssl/private/example.com.key"
> 
> 
> On Mon, Apr 09, 2018 at 10:58:43AM +0200, Florian Obser wrote:
> > 
> > This shuffles things around to make httpd listen on v4 and v6 for *.
> > 
> > OK?
> > 
> > diff --git httpd.conf.5 httpd.conf.5
> > index afda0ac132b..3194a3400c2 100644
> > --- httpd.conf.5
> > +++ httpd.conf.5
> > @@ -52,12 +52,12 @@ addresses of the specified network interface.
> >  If
> >  .Sq *
> >  is given as an address,
> > -it will be used as an alias for
> > +.Xr httpd 8
> > +will listen on all IPv4 and IPv6 addresses.
> >  .Ar 0.0.0.0
> > -to listen on all IPv4 addresses.
> > -Likewise,
> > -.Sq ::
> > -can be used to listen on all IPv6 addresses.
> > +means to listen on all IPv4 addresses and
> > +.Ar ::
> > +all IPv6 addresses.
> >  A
> >  .Ar port
> >  can be specified by number or name.
> > diff --git httpd.h httpd.h
> > index 1d49dfa230f..4d4d7eacd27 100644
> > --- httpd.h
> > +++ httpd.h
> > @@ -53,6 +53,7 @@
> >  #define HTTPD_LOGROOT              "/logs"
> >  #define HTTPD_ACCESS_LOG   "access.log"
> >  #define HTTPD_ERROR_LOG            "error.log"
> > +#define HTTPD_MAX_ALIAS_IP 16
> >  #define HTTPD_REALM_MAX            255
> >  #define HTTPD_LOCATION_MAX 255
> >  #define HTTPD_DEFAULT_TYPE { "bin", "application", "octet-stream", NULL }
> > diff --git parse.y parse.y
> > index fcf1938c42d..cda1860f447 100644
> > --- parse.y
> > +++ parse.y
> > @@ -106,7 +106,6 @@ int              host_if(const char *, struct 
> > addresslist *,
> >                 int, struct portrange *, const char *, int);
> >  int                 host(const char *, struct addresslist *,
> >                 int, struct portrange *, const char *, int);
> > -void                host_free(struct addresslist *);
> >  struct server      *server_inherit(struct server *, struct server_config *,
> >                 struct server_config *);
> >  int                 getservice(char *);
> > @@ -415,39 +414,61 @@ serveroptsl   : LISTEN ON STRING opttls port {
> >                             YYERROR;
> >                     }
> >  
> > -                   if (srv->srv_conf.ss.ss_family != AF_UNSPEC) {
> > -                           if ((alias = calloc(1,
> > -                               sizeof(*alias))) == NULL)
> > -                                   fatal("out of memory");
> > -
> > -                           /* Add as an IP-based alias. */
> > -                           s_conf = alias;
> > -                   } else
> > -                           s_conf = &srv->srv_conf;
> > -
> >                     TAILQ_INIT(&al);
> > -                   if (host($3, &al, 1, &$5, NULL, -1) <= 0) {
> > -                           yyerror("invalid listen ip: %s", $3);
> > -                           free($3);
> > -                           YYERROR;
> > +                   if (strcmp("*", $3) == 0) {
> > +                           if (host("0.0.0.0", &al, 1, &$5, NULL, -1) <=
> > +                               0) {
> > +                                   yyerror("invalid listen ip: %s",
> > +                                       "0.0.0.0");
> > +                                   free($3);
> > +                                   YYERROR;
> > +                           }
> > +                           if (host("::", &al, 1, &$5, NULL, -1) <= 0) {
> > +                                   yyerror("invalid listen ip: %s", "::");
> > +                                   free($3);
> > +                                   YYERROR;
> > +                           }
> > +                   } else {
> > +                           if (host($3, &al, HTTPD_MAX_ALIAS_IP, &$5, NULL,
> > +                               -1) <= 0) {
> > +                                   yyerror("invalid listen ip: %s", $3);
> > +                                   free($3);
> > +                                   YYERROR;
> > +                           }
> >                     }
> >                     free($3);
> > -                   h = TAILQ_FIRST(&al);
> > -                   memcpy(&s_conf->ss, &h->ss, sizeof(s_conf->ss));
> > -                   s_conf->port = h->port.val[0];
> > -                   s_conf->prefixlen = h->prefixlen;
> > -                   host_free(&al);
> > +                   while ((h = TAILQ_FIRST(&al)) != NULL) {
> >  
> > -                   if ($4)
> > -                           s_conf->flags |= SRVFLAG_TLS;
> > +                           if (srv->srv_conf.ss.ss_family != AF_UNSPEC) {
> > +                                   if ((alias = calloc(1,
> > +                                       sizeof(*alias))) == NULL)
> > +                                           fatal("out of memory");
> >  
> > -                   if (alias != NULL) {
> > -                           /* IP-based; use name match flags from parent */
> > -                           alias->flags &= ~SRVFLAG_SERVER_MATCH;
> > -                           alias->flags |= srv->srv_conf.flags &
> > -                               SRVFLAG_SERVER_MATCH;
> > -                           TAILQ_INSERT_TAIL(&srv->srv_hosts,
> > -                               alias, entry);
> > +                                   /* Add as an IP-based alias. */
> > +                                   s_conf = alias;
> > +                           } else
> > +                                   s_conf = &srv->srv_conf;
> > +
> > +                           memcpy(&s_conf->ss, &h->ss, sizeof(s_conf->ss));
> > +                           s_conf->port = h->port.val[0];
> > +                           s_conf->prefixlen = h->prefixlen;
> > +
> > +                           if ($4)
> > +                                   s_conf->flags |= SRVFLAG_TLS;
> > +
> > +                           if (alias != NULL) {
> > +                                   /*
> > +                                    * IP-based; use name match flags from
> > +                                    * parent
> > +                                    */
> > +                                   alias->flags &= ~SRVFLAG_SERVER_MATCH;
> > +                                   alias->flags |= srv->srv_conf.flags &
> > +                                       SRVFLAG_SERVER_MATCH;
> > +                                   TAILQ_INSERT_TAIL(&srv->srv_hosts,
> > +                                       alias, entry);
> > +                           }
> > +                           TAILQ_REMOVE(&al, h, entry);
> > +                           free(h);
> >                     }
> >             }
> >             | ALIAS optmatch STRING         {
> > @@ -1990,9 +2011,6 @@ host(const char *s, struct addresslist *al, int max,
> >  {
> >     struct address *h;
> >  
> > -   if (strcmp("*", s) == 0)
> > -           s = "0.0.0.0";
> > -
> >     h = host_v4(s);
> >  
> >     /* IPv6 address? */
> > @@ -2021,17 +2039,6 @@ host(const char *s, struct addresslist *al, int max,
> >     return (host_dns(s, al, max, port, ifname, ipproto));
> >  }
> >  
> > -void
> > -host_free(struct addresslist *al)
> > -{
> > -   struct address   *h;
> > -
> > -   while ((h = TAILQ_FIRST(al)) != NULL) {
> > -           TAILQ_REMOVE(al, h, entry);
> > -           free(h);
> > -   }
> > -}
> > -
> >  struct server *
> >  server_inherit(struct server *src, struct server_config *alias,
> >      struct server_config *addr)
> > 
> > 
> > 
> > 
> > -- 
> > I'm not entirely sure you are real.
> > 
> 
> -- 
> I'm not entirely sure you are real.
> 

Reply via email to