GeoIP module breaks for IPv4 when IPv6 is enabled
Igor Sysoev
igor at sysoev.ru
Fri May 13 22:38:49 MSD 2011
On Fri, May 13, 2011 at 10:15:09PM +0400, Igor Sysoev wrote:
> On Fri, May 13, 2011 at 05:05:02PM +0200, Matthias Saou wrote:
> > Hi,
> >
> > I just enabled IPv6 on some web servers running nginx, and the $geoip_*
> > variables all broke for existing IPv4 traffic.
> >
> > This seems to be because when not changing the net.ipv6.bindv6only
> > sysctl value to 1 on Linux, choosing to "listen [::]:80" has nginx
> > automatically work for IPv4 connections, but receiving source IP
> > addresses as IPv4-Mapped IPv6 addresses :
> >
> > Before the listen change : 192.168.38.87
> > After the listen change : ::ffff:192.168.38.87
> >
> > Lots of details are in rfc4291, rfc4038 (and surely others), but I
> > think that this configuration should be gracefully handled by the GeoIP
> > module.
> >
> > This was tested with nginx 1.0.2 on Red Hat Enterprise Linux 5 x86_64.
> >
> > A workaround is to change net.ipv6.bindv6only to 1 and have two
> > different listen directives as "80" and "[::]:80" for all "server"
> > sections, but that would be best avoided just to fix this.
>
> The attached patch should fix the issue.
The updated patch.
--
Igor Sysoev
-------------- next part --------------
Index: src/http/modules/ngx_http_geoip_module.c
===================================================================
--- src/http/modules/ngx_http_geoip_module.c (revision 3919)
+++ src/http/modules/ngx_http_geoip_module.c (working copy)
@@ -180,6 +180,44 @@
};
+static u_long
+ngx_http_geoip_addr(ngx_http_request_t *r)
+{
+ struct sockaddr_in *sin;
+#if (NGX_HAVE_INET6)
+ u_char *p;
+ u_long addr;
+ struct sockaddr_in6 *sin6;
+#endif
+
+ switch (r->connection->sockaddr->sa_family) {
+
+ case AF_INET:
+ sin = (struct sockaddr_in *) r->connection->sockaddr;
+ return ntohl(sin->sin_addr.s_addr);
+
+#if (NGX_HAVE_INET6)
+
+ case AF_INET6:
+ sin6 = (struct sockaddr_in6 *) r->connection->sockaddr;
+
+ if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
+ p = sin6->sin6_addr.s6_addr;
+ addr = p[12] << 24;
+ addr += p[13] << 16;
+ addr += p[14] << 8;
+ addr += p[15];
+
+ return addr;
+ }
+
+#endif
+ }
+
+ return INADDR_NONE;
+}
+
+
static ngx_int_t
ngx_http_geoip_country_variable(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data)
@@ -187,9 +225,7 @@
ngx_http_geoip_variable_handler_pt handler =
(ngx_http_geoip_variable_handler_pt) data;
- u_long addr;
const char *val;
- struct sockaddr_in *sin;
ngx_http_geoip_conf_t *gcf;
gcf = ngx_http_get_module_main_conf(r, ngx_http_geoip_module);
@@ -198,15 +234,8 @@
goto not_found;
}
- if (r->connection->sockaddr->sa_family != AF_INET) {
- goto not_found;
- }
+ val = handler(gcf->country, ngx_http_geoip_addr(r));
- sin = (struct sockaddr_in *) r->connection->sockaddr;
- addr = ntohl(sin->sin_addr.s_addr);
-
- val = handler(gcf->country, addr);
-
if (val == NULL) {
goto not_found;
}
@@ -234,9 +263,7 @@
ngx_http_geoip_variable_handler_pt handler =
(ngx_http_geoip_variable_handler_pt) data;
- u_long addr;
const char *val;
- struct sockaddr_in *sin;
ngx_http_geoip_conf_t *gcf;
gcf = ngx_http_get_module_main_conf(r, ngx_http_geoip_module);
@@ -245,15 +272,8 @@
goto not_found;
}
- if (r->connection->sockaddr->sa_family != AF_INET) {
- goto not_found;
- }
+ val = handler(gcf->org, ngx_http_geoip_addr(r));
- sin = (struct sockaddr_in *) r->connection->sockaddr;
- addr = ntohl(sin->sin_addr.s_addr);
-
- val = handler(gcf->org, addr);
-
if (val == NULL) {
goto not_found;
}
@@ -427,18 +447,12 @@
static GeoIPRecord *
ngx_http_geoip_get_city_record(ngx_http_request_t *r)
{
- u_long addr;
- struct sockaddr_in *sin;
ngx_http_geoip_conf_t *gcf;
gcf = ngx_http_get_module_main_conf(r, ngx_http_geoip_module);
- if (gcf->city && r->connection->sockaddr->sa_family == AF_INET) {
-
- sin = (struct sockaddr_in *) r->connection->sockaddr;
- addr = ntohl(sin->sin_addr.s_addr);
-
- return GeoIP_record_by_ipnum(gcf->city, addr);
+ if (gcf->city) {
+ return GeoIP_record_by_ipnum(gcf->city, ngx_http_geoip_addr(r));
}
return NULL;
More information about the nginx-devel
mailing list