Am 2021-05-27 um 07:39 schrieb Mladen Turk:
APR has to be compiled with -D_WIN32_WINNT=0x0600 -DWINVER=0x0600
Same with Tomcat Native
Use apr-1.6.x
Both don't work out for the following reasons:
* Your setenv.bat sets WINVER=0x0601 which fails for the NMakefile which in turn requires a symbolic name instead of a hex value, I have to pass WINVER=WIN7 anyway, then the rest works. * Even if I do, the check in APR is performed at runtime for the OS version, therefore setting the socket option fails. * How is 1.6.x going me to help here if it does not now anything about Windows 8, 10?
This [1] is what you need to make it work.

Kindly respond to my PR.

M

[1] https://github.com/apache/apr/commit/2bcd4b3ddb108d16f1c758c00a45de9aef57aa3a
On 25/05/2021 18:23, Michael Osipov wrote:
Folks,

we needed to deploy Tomcat 9.0.x on a Windows server (no jokes, please), but the contractor wasn't able to configure the APR connector to accept on external interfaces even after a day. After my analysis it turned out be a subtile bug in libapr which affects Windows users only. I am also surprised why no one complained before.
Setup:
* Windows 8+ or Windows Server 2016/2019
* Have at least IPv6 available, no IP addresses necessary, ::1 is sufficient * Any Tomcat with libtcnative 1.2.28 with the DLL compiled by Mark Thomas. * Start Tomcat with the AprLifecycleListener and make sure that no address (hostname) is set.
To make a long investigation story 
short:http://svn.apache.org/viewvc?rev=1889037&view=rev
libapr, thus libtcnative suffer from a very subtile bug only visible
on dual-stack systems. Since on INET6 sockets IPV6_V6ONLY is 1 by default on Windows, no IPv4 addresses are bound. In the case above, Tomcat is only accessible on ::1. APR is supposed to set IPV6_V6ONLhttp://svn.apache.org/viewvc?rev=1889037&view=revY to 0 by default, but this fails because APR 1.7.x does not recognise anything above Windows 7 and assumes it to be Windows XP by default. As you might know Vista was the first Windows with true IPv6 an dual-sockets. When setsockopt is invoked APR gives you 70023, not implemented.
I was able, according to Mark's instructions, to compile OpenSSL, APR 
and Tomcat Native on Windows 10 and deploy on Windows Server 2019.
I'd like to push
* https://github.com/michael-o/tomcat/compare/main...clean-bind
* https://github.com/michael-o/tomcat-native/compare/main...clean-bind
as well as the real fix in APR 1.7.x: https://github.com/michael-o/apr/compare/1.7.x...1.7.x-windows
I ran all unit tests (main) with those modifications on these platforms:
* Windows 10, APR 1.7.0, 1.7.1-dev
* Windows Server 2019, APR 1.7.0, 1.7.1-dev
* FreeBSD 12-STABLE, APR 1.7.0, 1.7.1-dev
* RHEL 7, APR 1.4.8
* HP-UX 11i, APR 1.6.6

Some hosts are dual-stack, some IPv4 only. Moreover, I wrote a simple program which binds the socket for tracing only: https://gist.github.com/michael-o/dfb86df472f62d2b2dff6ef12ee3758e It runs as expected on the above platforms, even with zone id on link-local addresses.
If no one objects, I'll merge soon.

Mark, I don't know when the next APR release will happen, but I consider this to be very annoying. Maybe it makes sense to push 1.2.29 with APR 1.7.1-dev to please Windows users?
Michael

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to