From c0078ab45a3b1889672eef94ec2d03e0d5531825 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sat, 13 Feb 2016 18:45:23 +0900
Subject: [PATCH] nghttpx: Add options to specify address family of memcached
 connections

---
 gennghttpxfun.py    |  4 +++-
 src/shrpx.cc        | 39 +++++++++++++++++++++++++++++++++++--
 src/shrpx_config.cc | 47 +++++++++++++++++++++++++++++++++++++++++++++
 src/shrpx_config.h  | 10 ++++++++++
 4 files changed, 97 insertions(+), 3 deletions(-)

diff --git a/gennghttpxfun.py b/gennghttpxfun.py
index b424fe17..cda5bb5c 100755
--- a/gennghttpxfun.py
+++ b/gennghttpxfun.py
@@ -118,9 +118,11 @@ OPTIONS = [
     "backend-tls-session-cache-per-worker",
     "tls-session-cache-memcached-cert-file",
     "tls-session-cache-memcached-private-key-file",
+    "tls-session-cache-memcached-address-family",
     "tls-ticket-key-memcached-tls",
     "tls-ticket-key-memcached-cert-file",
-    "tls-ticket-key-memcached-private-key-file"
+    "tls-ticket-key-memcached-private-key-file",
+    "tls-ticket-key-memcached-address-family",
 ]
 
 LOGVARS = [
diff --git a/src/shrpx.cc b/src/shrpx.cc
index 72e91bac..4561f833 100644
--- a/src/shrpx.cc
+++ b/src/shrpx.cc
@@ -1051,6 +1051,13 @@ void fill_default_config() {
       memcachedconf.max_retry = 3;
       memcachedconf.max_fail = 2;
       memcachedconf.interval = 10_min;
+      memcachedconf.family = AF_UNSPEC;
+    }
+
+    auto &session_cacheconf = tlsconf.session_cache;
+    {
+      auto &memcachedconf = session_cacheconf.memcached;
+      memcachedconf.family = AF_UNSPEC;
     }
 
     ticketconf.cipher = EVP_aes_128_cbc();
@@ -1530,6 +1537,13 @@ SSL/TLS:
               ticket  key generator  to rotate  keys frequently.   See
               "TLS SESSION  TICKET RESUMPTION" section in  manual page
               to know the data format in memcached entry.
+  --tls-ticket-key-memcached-address-family=(auto|IPv4|IPv6)
+              Specify address  family of memcached connections  to get
+              TLS ticket keys.  If "auto" is given, both IPv4 and IPv6
+              are considered.   If "IPv4" is given,  only IPv4 address
+              is considered.  If "IPv6" is given, only IPv6 address is
+              considered.
+              Default: auto
   --tls-ticket-key-memcached-interval=<DURATION>
               Set interval to get TLS ticket keys from memcached.
               Default: )"
@@ -1573,6 +1587,13 @@ SSL/TLS:
               Specify  address of  memcached server  to store  session
               cache.   This  enables   shared  session  cache  between
               multiple nghttpx instances.
+  --tls-session-cache-memcached-address-family=(auto|IPv4|IPv6)
+              Specify address family of memcached connections to store
+              session cache.  If  "auto" is given, both  IPv4 and IPv6
+              are considered.   If "IPv4" is given,  only IPv4 address
+              is considered.  If "IPv6" is given, only IPv6 address is
+              considered.
+              Default: auto
   --tls-session-cache-memcached-tls
               Enable SSL/TLS on memcached connections to store session
               cache.
@@ -2199,7 +2220,7 @@ void process_options(
     auto &memcachedconf = tlsconf.session_cache.memcached;
     if (memcachedconf.host) {
       if (resolve_hostname(&memcachedconf.addr, memcachedconf.host.get(),
-                           memcachedconf.port, AF_UNSPEC) == -1) {
+                           memcachedconf.port, memcachedconf.family) == -1) {
         exit(EXIT_FAILURE);
       }
     }
@@ -2209,7 +2230,7 @@ void process_options(
     auto &memcachedconf = tlsconf.ticket.memcached;
     if (memcachedconf.host) {
       if (resolve_hostname(&memcachedconf.addr, memcachedconf.host.get(),
-                           memcachedconf.port, AF_UNSPEC) == -1) {
+                           memcachedconf.port, memcachedconf.family) == -1) {
         exit(EXIT_FAILURE);
       }
     }
@@ -2428,6 +2449,10 @@ int main(int argc, char **argv) {
          112},
         {SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_PRIVATE_KEY_FILE, required_argument,
          &flag, 113},
+        {SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_ADDRESS_FAMILY, required_argument,
+         &flag, 114},
+        {SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED_ADDRESS_FAMILY,
+         required_argument, &flag, 115},
         {nullptr, 0, nullptr, 0}};
 
     int option_index = 0;
@@ -2914,6 +2939,16 @@ int main(int argc, char **argv) {
         cmdcfgs.emplace_back(
             SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_PRIVATE_KEY_FILE, optarg);
         break;
+      case 114:
+        // --tls-ticket-key-memcached-address-family
+        cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_ADDRESS_FAMILY,
+                             optarg);
+        break;
+      case 115:
+        // --tls-session-cache-memcached-address-family
+        cmdcfgs.emplace_back(
+            SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED_ADDRESS_FAMILY, optarg);
+        break;
       default:
         break;
       }
diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc
index ad7e4f65..b7409358 100644
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@@ -575,6 +575,26 @@ std::vector<LogFragment> parse_log_format(const char *optarg) {
   return res;
 }
 
+namespace {
+int parse_address_family(int *dest, const char *opt, const char *optarg) {
+  if (util::strieq("auto", optarg)) {
+    *dest = AF_UNSPEC;
+    return 0;
+  }
+  if (util::strieq("IPv4", optarg)) {
+    *dest = AF_INET;
+    return 0;
+  }
+  if (util::strieq("IPv6", optarg)) {
+    *dest = AF_INET6;
+    return 0;
+  }
+
+  LOG(ERROR) << opt << ": bad value: '" << optarg << "'";
+  return -1;
+}
+} // namespace
+
 namespace {
 int parse_duration(ev_tstamp *dest, const char *opt, const char *optarg) {
   auto t = util::parse_duration_with_unit(optarg);
@@ -758,12 +778,14 @@ enum {
   SHRPX_OPTID_TLS_DYN_REC_WARMUP_THRESHOLD,
   SHRPX_OPTID_TLS_PROTO_LIST,
   SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED,
+  SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED_ADDRESS_FAMILY,
   SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED_CERT_FILE,
   SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED_PRIVATE_KEY_FILE,
   SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED_TLS,
   SHRPX_OPTID_TLS_TICKET_KEY_CIPHER,
   SHRPX_OPTID_TLS_TICKET_KEY_FILE,
   SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED,
+  SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_ADDRESS_FAMILY,
   SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_CERT_FILE,
   SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_INTERVAL,
   SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL,
@@ -1440,6 +1462,15 @@ int option_lookup_token(const char *name, size_t namelen) {
       break;
     }
     break;
+  case 39:
+    switch (name[38]) {
+    case 'y':
+      if (util::strieq_l("tls-ticket-key-memcached-address-famil", name, 38)) {
+        return SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_ADDRESS_FAMILY;
+      }
+      break;
+    }
+    break;
   case 41:
     switch (name[40]) {
     case 'e':
@@ -1450,6 +1481,16 @@ int option_lookup_token(const char *name, size_t namelen) {
       break;
     }
     break;
+  case 42:
+    switch (name[41]) {
+    case 'y':
+      if (util::strieq_l("tls-session-cache-memcached-address-famil", name,
+                         41)) {
+        return SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED_ADDRESS_FAMILY;
+      }
+      break;
+    }
+    break;
   case 44:
     switch (name[43]) {
     case 'e':
@@ -2301,6 +2342,12 @@ int parse_config(const char *opt, const char *optarg,
     mod_config()->tls.ticket.memcached.private_key_file = optarg;
 
     return 0;
+  case SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_ADDRESS_FAMILY:
+    return parse_address_family(&mod_config()->tls.ticket.memcached.family, opt,
+                                optarg);
+  case SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED_ADDRESS_FAMILY:
+    return parse_address_family(
+        &mod_config()->tls.session_cache.memcached.family, opt, optarg);
   case SHRPX_OPTID_CONF:
     LOG(WARN) << "conf: ignored";
 
diff --git a/src/shrpx_config.h b/src/shrpx_config.h
index 19f17cb2..fd2564b9 100644
--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@@ -215,12 +215,16 @@ constexpr char SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED_CERT_FILE[] =
     "tls-session-cache-memcached-cert-file";
 constexpr char SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED_PRIVATE_KEY_FILE[] =
     "tls-session-cache-memcached-private-key-file";
+constexpr char SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED_ADDRESS_FAMILY[] =
+    "tls-session-cache-memcached-address-family";
 constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_TLS[] =
     "tls-ticket-key-memcached-tls";
 constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_CERT_FILE[] =
     "tls-ticket-key-memcached-cert-file";
 constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_PRIVATE_KEY_FILE[] =
     "tls-ticket-key-memcached-private-key-file";
+constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_ADDRESS_FAMILY[] =
+    "tls-ticket-key-memcached-address-family";
 
 constexpr size_t SHRPX_OBFUSCATED_NODE_LENGTH = 8;
 
@@ -357,6 +361,9 @@ struct TLSConfig {
       // Maximum number of consecutive error from memcached, when this
       // limit reached, TLS ticket is disabled.
       size_t max_fail;
+      // Address family of memcached connection.  One of either
+      // AF_INET, AF_INET6 or AF_UNSPEC.
+      int family;
       bool tls;
     } memcached;
     std::vector<std::string> files;
@@ -374,6 +381,9 @@ struct TLSConfig {
       // Client private key and certificate for authentication
       ImmutableString private_key_file;
       ImmutableString cert_file;
+      // Address family of memcached connection.  One of either
+      // AF_INET, AF_INET6 or AF_UNSPEC.
+      int family;
       bool tls;
     } memcached;
   } session_cache;