Skip to content
This repository

Home 

sumikawa edited this page · 16 revisions

Pages 1

Clone this wiki locally

IPv6-ready apache 1.3.x

The project site: http://wiki.github.com/sumikawa/apache13-ipv6/
The latest of the patch: http://github.com/sumikawa/apache13-ipv6/downloads

This patchkit enables apache 1.3.x to perform HTTP connection over IPv6. Most of optional modules are left unchanged, i.e. some of them won’t support IPv6, and some of them may not compile.

CAVEAT: This patchkit changes some of apache module API, to avoid IPv4-dependent structure member variable (like use of u_long to hold IPv4 address, or whatever). Therefore, it is almost impossible for the IPv6 patch to be used with other module patches, at the same time (including mod_ssl, mod_perl and others). We have no plan to fix it. Due to the reason, we strongly recommened you to switch to apache 2.x, which integrate both IPv6 and ssl.

ftp://ftp.42.org/pub/orphan/ has a patch against mod_ssl, which makes SSL over IPv6 work with the patch.

Basically you can write IPv6 address where IPv4 address fits.

extra command-line argument:
-4 Assume IPv4 address on ambiguous directives
-6 Assume IPv6 address on ambiguous directives (default)

The above two can be used, for example, to disambiguate “BindAddress *”.

base commands:
Listen
Listen is expanded to take one or two arguments.
Listen port
Listen address:port
Listen address port
This is to let you specify “Listen :: 80”, since “Listen :::80”
won’t work.

mod_access:
deny from
allow from
“deny from” and “allow from” supports IPv6 addresses, under the
following forms:
{deny,allow} from v6addr
{deny,allow} from v6addr/v6mask
{deny,allow} from v6addr/prefixlen
Also, wildcard (“*”) and string hostname matches IPv6 hosts as well.

mod_proxy:
ProxyRequests on
http/ftp proxying for both IPv4 and IPv6 is possible.
Access control functions (NoProxy) are not updated yet.

NOTE: for security reasons, we recommend you to filter out
outsider’s access to your proxy, by directives like below:
<Directory proxy:*>
order deny,allow
deny from all
allow from 10.0.0.0/8
allow from 3ffe:9999:8888:7777::/64

virtual host:
If you would like to this feature, you must describe ‘Listen’
part on configuration file explicitly. like below:
Listen :: 80
Listen 0.0.0.0 80

NameVirtualHost

NameVirtualHost is expanded to take one more two arguments.
NameVirtualHost address
NameVirtualHost address:port
NameVirtualHost address port
This is to let you specify IPv6 address into address part.

Note that, if colon is found in the specified address string,
the code will to resolve the address in the following way:
1. try to resolve as address:port (most of IPv6 address fails)
2. if (1) is failed, try to resolve as address only
If there’s ambiguity, i.e. 3ffe:0501::1:2, the address may not be
parsed as you expect (3ffe:0501::1 with port 2, or 3ffe:0501::1:2
with default port). To get the right effect you are encouraged
to specify it without ambiguity. In IPv6 case “address port”
(specify address and port separated by a space) is the safest way.

<VirtualHost host:port [host:port …]>

If you would like to specify IPv6 numeric address in host part,
use bracketed format like below:
<VirtualHost [::1]:80>
Note: Now we DO NOT handle old non-bracketed format,

so configuration file must be updated.
Note: The following is bad example to specify host ::1 port 80.
This will treated as host ::1:80.

logresolve (src/support)
error statistics in nameserver cache code is omitted.

mod_unique_id
Originally mod_unique_id used IPv4 address as a seed for UNIQUE_ID,
and took IPv4 address registered onto DNS for the hostname (UNIX
hostname taken by gethostname(3)). Therefore, this does not work
for IPv6-only hosts as they do not have IPv4 address for them.

Now, UNIQUE_ID can be generated using IPv6 address. IPv6 address can
be used as the seed for UNIQUE_ID.
Because of this, UNIQUE_ID will be longer than normal apache. This
may cause problem with some of the CGI scripts.
The preference of the addresses is based on the order returned
by getaddrinfo(). If your getaddrinfo() returns IPv4 address, IPv4
adderss will be used as a seed.
Note that some of IPv6 addresses are “scoped”; If you happened to use
link-local or site-local address as a seed, the UNIQUE_ID may not be
worldwide unique.

If longer UNIQUE_ID causes a problem, define SHORT_UNIQUE_ID in
mod_unique_id.c. In this case, length of UNIQUE_ID will be kept the
same. However, for IPv6 addresses mod_unique_id.c will use the last
32bit (not the whole 128bit) as the seed. Therefore, there can be
collision in UNIQUE_ID.

The behavior should be improved in the near future; we welcome your
inputs.

Modules known to be incompatible with IPv6
(please report us)

configure
Configure has extra option, —enable-rule=INET6. if the option
is specified, IPv6 code will be enabled.

configuration file
We do not support IPv4 mapped address (IPv6 address format like
::ffff:10.1.1.1) in configuration file.

This kit assumes that you have working(*) getaddrinfo() and getnameinfo() library functions. Even if you don’t have one, don’t panic. We have included last-resort version (which support IPv4 only) into the kit. For more complete implementation you might want to check BIND 8.2.

  • NOTE: we have noticed that some of IPv6 stack is shipped with broken getaddrinfo(). In such cases, you should get and install BIND 8.2.

When compiling this kit onto IPv6, you may need to specify some additional library paths or cpp defs (like -linet6 or -DINET6). Now you don’t have to specify —enable-rule=INET6. The “configure” script will give you some warnings if the IPv6 stack is not known to the “configure” script. Currently, the following IPv6 stacks are supported:

  • KAME IPv6 stack, http://www.kame.net/
    • use configure.v6 for convenience,
  • Linux IPv6 stack, http://www.linux.org/
    • use configure.v6 for convenience.
  • Solaris 8 IPv6 stack, http://www.sun.com/
    • use configure.v6 for convenience.
      To disable IPv6 support, specify —disable-rule=INET6 to the “configure” script.

Author contacts
Munechika Sumikawa, WIDE project
mailto:sumikawa@sumikawa.jp

Linux Port
Arkadiusz Miskiewicz, Polish Linux Distribution project (IPv6)
http://www.pld.org.pl/
Satoshi SHIDA, Linux IPv6 Users Group JP
http://www.v6.linux.or.jp/
YOSHIFUJI Hideaki, USAGI Project
http://www.linux-ipv6.org/

Acknowledgements
The original work was done by Jun-Ichiro “itojun” Hagino as a
results of KAME Project.

Thanks to all people submitted patches/fixes for this patch kit,
including:
Chris P. Ross

Something went wrong with that request. Please try again.