GeoIP module breaks for IPv4 when IPv6 is enabled
Maxim Dounin
mdounin at mdounin.ru
Mon May 16 15:53:35 MSD 2011
Hello!
On Mon, May 16, 2011 at 02:45:00PM +0400, Igor Sysoev wrote:
> On Mon, May 16, 2011 at 02:41:54PM +0400, Maxim Dounin wrote:
> > Hello!
> >
> > On Fri, May 13, 2011 at 10:38:49PM +0400, Igor Sysoev wrote:
> >
> > > On Fri, May 13, 2011 at 10:15:09PM +0400, Igor Sysoev wrote:
> > > > On Fri, May 13, 2011 at 05:05:02PM +0200, Matthias Saou wrote:
> > > > > Hi,
> > > > >
> > > > > I just enabled IPv6 on some web servers running nginx, and the $geoip_*
> > > > > variables all broke for existing IPv4 traffic.
> > > > >
> > > > > This seems to be because when not changing the net.ipv6.bindv6only
> > > > > sysctl value to 1 on Linux, choosing to "listen [::]:80" has nginx
> > > > > automatically work for IPv4 connections, but receiving source IP
> > > > > addresses as IPv4-Mapped IPv6 addresses :
> > > > >
> > > > > Before the listen change : 192.168.38.87
> > > > > After the listen change : ::ffff:192.168.38.87
> > > > >
> > > > > Lots of details are in rfc4291, rfc4038 (and surely others), but I
> > > > > think that this configuration should be gracefully handled by the GeoIP
> > > > > module.
> > > > >
> > > > > This was tested with nginx 1.0.2 on Red Hat Enterprise Linux 5 x86_64.
> > > > >
> > > > > A workaround is to change net.ipv6.bindv6only to 1 and have two
> > > > > different listen directives as "80" and "[::]:80" for all "server"
> > > > > sections, but that would be best avoided just to fix this.
> > > >
> > > > The attached patch should fix the issue.
> > >
> > > The updated patch.
> >
> > Looking though libGeoIP suggests it supports ipv6 lookups since
> > 1.4.5 released at 2008-09-16 (though it still mark it experimental
> > as of 1.4.7 now available...).
>
> As I understand the current bases do not contain IPv6 addresses.
MaxMind provides at least something called "IPv6 GeoLite Country
database".
http://www.maxmind.com/app/geolitecountry
> > Probably just using libGeoIP ipv6 interface for ipv6 addresses
> > would be better idea.
>
> May be, if it handles ipv4 mapped to ipv6.
Err, disregard this. It looks like it can[1], but it requires
ipv6 version of database to work.
[1] At least their ipv6 binary country database bigger than
corresponding ipv4 one, so it looks like it contain ipv4 addresses
as well.
Maxim Dounin
More information about the nginx-devel
mailing list