From 647f8a18eb6a2302529c080255123c8cda374c17 Mon Sep 17 00:00:00 2001
From: Jeff Trawick <trawick@apache.org>
Date: Thu, 14 Nov 2002 14:17:11 +0000
Subject: [PATCH] Add --[enable|disable]-v4-mapped configure option to control
 whether or not Apache expects to handle IPv4 connections on IPv6 listening
 sockets.  Either setting will work on systems with the IPV6_V6ONLY socket
 option.  --enable-v4-mapped must be used on systems that always allow IPv4
 connections on IPv6 listening sockets.

Note: As the ssl config file is not automatically generated and
      it is expected to require editing anyway to work, the only
      change there was to suggest the required Listen statements
      in a comment.

PR:   PR 14037 (Bugzilla), PR 7492 (Gnats), various dups of these PRs


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97516 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                     |  8 ++++++++
 acinclude.m4                |  2 ++
 configure.in                | 36 ++++++++++++++++++++++++++++++++++++
 docs/conf/httpd-std.conf.in |  3 ++-
 docs/conf/ssl-std.conf      |  3 +++
 server/listen.c             | 19 +++++++++++++++++++
 6 files changed, 70 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 6e0f726ada..174da035e1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,13 @@
 Changes with Apache 2.0.44
 
+  *) Add --[enable|disable]-v4-mapped configure option to control
+     whether or not Apache expects to handle IPv4 connections
+     on IPv6 listening sockets.  Either setting will work on 
+     systems with the IPV6_V6ONLY socket option.  --enable-v4-mapped
+     must be used on systems that always allow IPv4 connections on
+     IPv6 listening sockets.  PR 14037 (Bugzilla), PR 7492 (Gnats)
+     [Jeff Trawick]
+
   *) This fixes a problem where the underlying cache code
      indicated that there was one more element on the cache
      than there actually was. This happened since element 0
diff --git a/acinclude.m4 b/acinclude.m4
index 2342fabff1..de8f5891da 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -78,6 +78,8 @@ AC_DEFUN(APACHE_GEN_CONFIG_VARS,[
   APACHE_SUBST(MODULE_DIRS)
   APACHE_SUBST(MODULE_CLEANDIRS)
   APACHE_SUBST(PORT)
+  APACHE_SUBST(nonssl_listen_stmt_1)
+  APACHE_SUBST(nonssl_listen_stmt_2)
   APACHE_SUBST(CORE_IMPLIB_FILE)
   APACHE_SUBST(CORE_IMPLIB)
   APACHE_SUBST(SH_LIBS)
diff --git a/configure.in b/configure.in
index 9a40f9d49f..e8e372bb74 100644
--- a/configure.in
+++ b/configure.in
@@ -324,6 +324,42 @@ AC_ARG_WITH(port,APACHE_HELP_STRING(--with-port=PORT,Port on which to listen (de
         [if test "$withval" = "yes"; then AC_MSG_ERROR('option --with-port requires a value (the TCP port number)'); else PORT="$withval"; fi],
 	[PORT=80])
 
+dnl ## See if APR has IPv6 support
+ap_old_cppflags=$CPPFLAGS
+CPPFLAGS="$CPPFLAGS -I$APR_SOURCE_DIR/include -I$abs_builddir/srclib/apr/include"
+AC_TRY_COMPILE([#include <apr.h>], [
+#if !APR_HAVE_IPV6
+#error APR does not have IPv6 support
+#endif], apr_have_ipv6=yes, apr_have_ipv6=no)
+CPPFLAGS=$ap_old_cppflags
+
+AC_ARG_ENABLE(v4-mapped,APACHE_HELP_STRING(--enable-v4-mapped,Allow IPv6 sockets to handle IPv4 connections),
+[ 
+  v4mapped=$enableval
+],
+[
+    case $host in
+    *freebsd5*|*netbsd*|*openbsd*)
+        v4mapped=no
+        ;;
+    *)
+        v4mapped=yes
+        ;;
+esac
+])
+
+if test $v4mapped = "yes" -o $apr_have_ipv6 = "no"; then
+    nonssl_listen_stmt_1=""
+    nonssl_listen_stmt_2="Listen @@Port@@"
+    if test $apr_have_ipv6 = "yes"; then
+        AC_DEFINE(AP_ENABLE_V4_MAPPED, 1,
+                  [Allow IPv4 connections on IPv6 listening sockets])
+    fi
+else
+    nonssl_listen_stmt_1="Listen 0.0.0.0:@@Port@@"
+    nonssl_listen_stmt_2="Listen [[::]]:@@Port@@"
+fi
+
 AC_ARG_ENABLE(maintainer-mode,APACHE_HELP_STRING(--enable-maintainer-mode,Turn on debugging and compile time warnings),
 [
   APR_ADDTO(CPPFLAGS, -DAP_DEBUG)
diff --git a/docs/conf/httpd-std.conf.in b/docs/conf/httpd-std.conf.in
index de2171330f..636ea162ea 100644
--- a/docs/conf/httpd-std.conf.in
+++ b/docs/conf/httpd-std.conf.in
@@ -214,7 +214,8 @@ MaxRequestsPerChild    0
 # prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
 #
 #Listen 12.34.56.78:80
-Listen @@Port@@
+@nonssl_listen_stmt_1@
+@nonssl_listen_stmt_2@
 
 #
 # Dynamic Shared Object (DSO) Support
diff --git a/docs/conf/ssl-std.conf b/docs/conf/ssl-std.conf
index 90492100c1..efc703ec84 100644
--- a/docs/conf/ssl-std.conf
+++ b/docs/conf/ssl-std.conf
@@ -23,6 +23,9 @@
 # When we also provide SSL we have to listen to the 
 # standard HTTP port (see above) and to the HTTPS port
 #
+# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
+#       Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
+#
 Listen 443
 
 #
diff --git a/server/listen.c b/server/listen.c
index e57bef075e..cbdefae9bd 100644
--- a/server/listen.c
+++ b/server/listen.c
@@ -88,6 +88,13 @@ static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server)
 {
     apr_socket_t *s = server->sd;
     int one = 1;
+#if APR_HAVE_IPV6
+#ifdef AP_ENABLE_V4_MAPPED
+    int v6only_setting = 0;
+#else
+    int v6only_setting = 1;
+#endif
+#endif
     apr_status_t stat;
 
 #ifndef WIN32
@@ -110,6 +117,18 @@ static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server)
         return stat;
     }
 
+#if APR_HAVE_IPV6
+    stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting);
+    if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
+        ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p,
+                      "make_sock: for address %pI, apr_socket_opt_set: "
+                      "(IPV6_V6ONLY)",
+                      server->bind_addr);
+        apr_socket_close(s);
+        return stat;
+    }
+#endif
+
     /*
      * To send data over high bandwidth-delay connections at full
      * speed we must force the TCP window to open wide enough to keep the
-- 
2.40.0