Received: (qmail 88760 invoked by uid 501); 30 Mar 2001 21:59:06 -0000 Message-Id: <20010330215906.88759.qmail@apache.org> Date: 30 Mar 2001 21:59:06 -0000 From: jun-ichiro hagino Reply-To: itojun@iijlab.net To: submit@bugz.apache.org Subject: config for IPv6-enabled machines X-Send-Pr-Version: 3.110 >Number: 7492 >Category: build >Synopsis: config for IPv6-enabled machines >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Fri Mar 30 14:00:02 PST 2001 >Closed-Date: Thu Nov 14 06:24:21 PST 2002 >Last-Modified: Thu Nov 14 06:24:21 PST 2002 >Originator: itojun@iijlab.net >Release: 2.0.28 >Organization: >Environment: NetBSD starfruit.itojun.org 1.5T NetBSD 1.5T (STARFRUIT) #431: Fri Mar 30 19:59:50 JST 2001 itojun@starfruit.itojun.org:/usr/home/itojun/NetBSD/src/sys/arch/i386/compile/STARFRUIT i386 >Description: it seems that the current code of Apache assumes RFC2553 section 3.7 (AF_INET6 wildcard socket grabs IPv4 traffic as well) and listens to AF_INET6 wildcard socket only, by default. For security reasons and other reasons, there are a lot of platforms that does not do this. therefore, if we run apache on those platforms, it will only accept IPv6 connections, not the IPv4 connections. >How-To-Repeat: compile and run apache on IPv6-ready OpenBSD, NetBSD or Win2k. >Fix: 1. listen to AF_INET6 and AF_INET socket by default, if there's no "Listen" directive. see apache 1.3.x patches at ftp://ftp.kame.net/pub/kame/misc/. use getaddrinfo with AI_PASSIVE flag and then go through all the addresses returned. 2. have the following two lines in docs/conf/httpd-std.conf. Listen 0.0.0.0:80 Listen [::]:80 >Release-Note: >Audit-Trail: State-Changed-From-To: open-feedback State-Changed-By: slive State-Changed-When: Wed Nov 14 12:46:36 PST 2001 State-Changed-Why: [This is a standard response.] This Apache problem report has not been updated recently. Please reply to this message if you have any additional information about this issue, or if you have answers to any questions that have been posed to you. If there are no outstanding questions, please consider this a request to try to reproduce the problem with the latest software release, if one has been made since last contact. If we don't hear from you, this report will be closed. If you have information to add, BE SURE to reply to this message and include the apbugs@Apache.Org address so it will be attached to the problem report! From: itojun@iijlab.net To: apbugs@Apache.Org Cc: Subject: Re: build/7492: config for IPv6-enabled machines Date: Thu, 15 Nov 2001 11:10:33 +0900 >Synopsis: config for IPv6-enabled machines >State-Changed-From-To: open-feedback the problem has not been addressed yet, i checked it with apache 2.0.28. itojun State-Changed-From-To: feedback-open State-Changed-By: slive State-Changed-When: Thu Nov 15 06:39:00 PST 2001 State-Changed-Why: Updating to 2.0.28 Release-Changed-From-To: 2.0.15-2.0.28 Release-Changed-By: slive Release-Changed-When: Thu Nov 15 06:39:00 PST 2001 State-Changed-From-To: open-closed State-Changed-By: trawick State-Changed-When: Thu Nov 14 06:24:21 PST 2002 State-Changed-Why: Just committed was a change to add --[enable|disable]-v4-mapped configure option which defaults to --disable-v4-mapped on freebsd5*|netbsd|openbsd, which will result in two listen statements in the default config file. The default ssl config is not automatically generated, so comments were added to that describing the two necessary Listen directives. >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]