APR connector on Windows 8+ fails to listen on all addresses

[Michael Osipov]

Folks,

we needed to deploy Tomcat 9.0.x on a Windows server (no jokes, please), 
but the contractor wasn't able to configure the APR connector to accept 
on external interfaces even after a day.
After my analysis it turned out be a subtile bug in libapr which affects 
Windows users only. I am also surprised why no one complained before.

Setup:
* Windows 8+ or Windows Server 2016/2019
* Have at least IPv6 available, no IP addresses necessary, ::1 is sufficient
* Any Tomcat with libtcnative 1.2.28 with the DLL compiled by Mark Thomas.
* Start Tomcat with the AprLifecycleListener and make sure that no 
address (hostname) is set.

To make a long investigation story short:
libapr, thus libtcnative suffer from a very subtile bug only visible
on dual-stack systems. Since on INET6 sockets IPV6_V6ONLY is 1 by 
default on Windows, no IPv4 addresses are bound. In the case above, 
Tomcat is only accessible on ::1. APR is supposed to set IPV6_V6ONLY to 
0 by default, but this fails because APR 1.7.x does not recognise 
anything above Windows 7 and assumes it to be Windows XP by default. As 
you might know Vista was the first Windows with true IPv6 an 
dual-sockets. When setsockopt is invoked APR gives you 70023, not 
implemented.

I was able, according to Mark's instructions, to compile OpenSSL, APR 
and Tomcat Native on Windows 10 and deploy on Windows Server 2019.
I'd like to push
* https://github.com/michael-o/tomcat/compare/main...clean-bind
* https://github.com/michael-o/tomcat-native/compare/main...clean-bind
as well as the real fix in APR 1.7.x: 
https://github.com/michael-o/apr/compare/1.7.x...1.7.x-windows

I ran all unit tests (main) with those modifications on these platforms:
* Windows 10, APR 1.7.0, 1.7.1-dev
* Windows Server 2019, APR 1.7.0, 1.7.1-dev
* FreeBSD 12-STABLE, APR 1.7.0, 1.7.1-dev
* RHEL 7, APR 1.4.8
* HP-UX 11i, APR 1.6.6

Some hosts are dual-stack, some IPv4 only. Moreover, I wrote a simple 
program which binds the socket for tracing only: 
https://gist.github.com/michael-o/dfb86df472f62d2b2dff6ef12ee3758e
It runs as expected on the above platforms, even with zone id on 
link-local addresses.

If no one objects, I'll merge soon.

Mark, I don't know when the next APR release will happen, but I consider 
this to be very annoying. Maybe it makes sense to push 1.2.29 with APR 
1.7.1-dev to please Windows users?

Michael

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org