The Solaris 10 man page for getnameinfo() states:
The function can also return the IPv6 zone-id in the form:
<address>%<zone-id>
If httpd receives a connection on a link-local (perhaps site-local?)
IPv6 socket, apr_getnameinfo()/ap_get_remote_host() can/will return
something like the following: myv6host.xyz.com%bge0
There doesn't appear to be a way to tell the resolver not to append the zone.
This can trip up mod_auth_access/mod_authz_host/others? when
performing a domain name match (Allow/Deny would have to be encoded
with interface names to match the return value of getnameinfo())
If httpd should be agnostic wrt zones, should ap_get_remote_host strip
off anything following a percent symbol? This still allows some
interested module to use apr_getnameinfo() but makes sure things like
loggers or AAA aren't surprised by a zone name in the hostname.
(patch attached)
--
Eric Covener
[EMAIL PROTECTED]
Index: core.c
===================================================================
--- core.c (revision 329873)
+++ core.c (working copy)
@@ -798,6 +798,7 @@
{
int hostname_lookups;
int ignored_str_is_ip;
+ char *scope_id;
if (!str_is_ip) { /* caller doesn't want to know */
str_is_ip = &ignored_str_is_ip;
@@ -828,6 +829,11 @@
== APR_SUCCESS) {
ap_str_tolower(conn->remote_host);
+ /* IPv6 zone-id returned along with hostname? */
+ if ((scope_id = ap_strchr(conn->remote_host, '%'))) {
+ *scope_id = '\0';
+ }
+
if (hostname_lookups == HOSTNAME_LOOKUP_DOUBLE) {
do_double_reverse(conn);
if (conn->double_reverse != 1) {
