GeoIP module breaks for IPv4 when IPv6 is enabled

Igor Sysoev igor at sysoev.ru
Fri May 13 22:15:09 MSD 2011


On Fri, May 13, 2011 at 05:05:02PM +0200, Matthias Saou wrote:
> Hi,
> 
> I just enabled IPv6 on some web servers running nginx, and the $geoip_*
> variables all broke for existing IPv4 traffic.
> 
> This seems to be because when not changing the net.ipv6.bindv6only
> sysctl value to 1 on Linux, choosing to "listen [::]:80" has nginx
> automatically work for IPv4 connections, but receiving source IP
> addresses as IPv4-Mapped IPv6 addresses :
> 
> Before the listen change : 192.168.38.87
> After the listen change : ::ffff:192.168.38.87
> 
> Lots of details are in rfc4291, rfc4038 (and surely others), but I
> think that this configuration should be gracefully handled by the GeoIP
> module.
> 
> This was tested with nginx 1.0.2 on Red Hat Enterprise Linux 5 x86_64.
> 
> A workaround is to change net.ipv6.bindv6only to 1 and have two
> different listen directives as "80" and "[::]:80" for all "server"
> sections, but that would be best avoided just to fix this.

The attached patch should fix the issue.


-- 
Igor Sysoev
-------------- next part --------------
Index: src/http/modules/ngx_http_geoip_module.c
===================================================================
--- src/http/modules/ngx_http_geoip_module.c	(revision 3919)
+++ src/http/modules/ngx_http_geoip_module.c	(working copy)
@@ -180,6 +180,44 @@
 };
 
 
+static u_long
+ngx_http_geoip_addr(ngx_http_request_t *r)
+{
+    struct sockaddr_in   *sin;
+#if (NGX_HAVE_INET6)
+    u_char               *p;
+    u_long                addr;
+    struct sockaddr_in6  *sin6;
+#endif
+
+    switch (r->connection->sockaddr->sa_family) {
+
+    case AF_INET:
+        sin = (struct sockaddr_in *) r->connection->sockaddr;
+        return ntohl(sin->sin_addr.s_addr);
+
+#if (NGX_HAVE_INET6)
+
+    case AF_INET6:
+        sin6 = (struct sockaddr_in6 *) r->connection->sockaddr;
+
+        if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
+            p = sin6->sin6_addr.s6_addr;
+            addr = p[12] << 24;
+            addr += p[13] << 16;
+            addr += p[14] << 8;
+            addr += p[15];
+
+            return addr;
+        }
+
+#endif
+    }
+
+    return INADDR_NONE;
+}
+
+
 static ngx_int_t
 ngx_http_geoip_country_variable(ngx_http_request_t *r,
     ngx_http_variable_value_t *v, uintptr_t data)
@@ -187,9 +225,7 @@
     ngx_http_geoip_variable_handler_pt  handler =
         (ngx_http_geoip_variable_handler_pt) data;
 
-    u_long                  addr;
     const char             *val;
-    struct sockaddr_in     *sin;
     ngx_http_geoip_conf_t  *gcf;
 
     gcf = ngx_http_get_module_main_conf(r, ngx_http_geoip_module);
@@ -198,15 +234,8 @@
         goto not_found;
     }
 
-    if (r->connection->sockaddr->sa_family != AF_INET) {
-        goto not_found;
-    }
+    val = handler(gcf->country, ngx_http_geoip_addr(r));
 
-    sin = (struct sockaddr_in *) r->connection->sockaddr;
-    addr = ntohl(sin->sin_addr.s_addr);
-
-    val = handler(gcf->country, addr);
-
     if (val == NULL) {
         goto not_found;
     }
@@ -234,9 +263,7 @@
     ngx_http_geoip_variable_handler_pt  handler =
         (ngx_http_geoip_variable_handler_pt) data;
 
-    u_long                  addr;
     const char             *val;
-    struct sockaddr_in     *sin;
     ngx_http_geoip_conf_t  *gcf;
 
     gcf = ngx_http_get_module_main_conf(r, ngx_http_geoip_module);
@@ -245,15 +272,8 @@
         goto not_found;
     }
 
-    if (r->connection->sockaddr->sa_family != AF_INET) {
-        goto not_found;
-    }
+    val = handler(gcf->country, ngx_http_geoip_addr(r));
 
-    sin = (struct sockaddr_in *) r->connection->sockaddr;
-    addr = ntohl(sin->sin_addr.s_addr);
-
-    val = handler(gcf->org, addr);
-
     if (val == NULL) {
         goto not_found;
     }
@@ -427,18 +447,12 @@
 static GeoIPRecord *
 ngx_http_geoip_get_city_record(ngx_http_request_t *r)
 {
-    u_long                  addr;
-    struct sockaddr_in     *sin;
     ngx_http_geoip_conf_t  *gcf;
 
     gcf = ngx_http_get_module_main_conf(r, ngx_http_geoip_module);
 
-    if (gcf->city && r->connection->sockaddr->sa_family == AF_INET) {
-
-        sin = (struct sockaddr_in *) r->connection->sockaddr;
-        addr = ntohl(sin->sin_addr.s_addr);
-
-        return GeoIP_record_by_ipnum(gcf->city, addr);
+    if (gcf->city) {
+        return GeoIP_record_by_ipnum(gcf->city, ngx_http_geoip_addr(r));
     }
 
     return NULL;


More information about the nginx-devel mailing list