ipv6only add lejp conf and flag docs

Signed-off-by: Andy Green <andy@warmcat.com>

README.lwsws.md

@@ -206,7 +206,10 @@ Other vhost options
  
  - "`ecdh-curve`": "<curve name>"   The default ecdh curve is "prime256v1", but you can override it here, per-vhost
 
- - "`noipv6`": "on"  Disable ipv6 for this vhost
+ - "`noipv6`": "on"  Disable ipv6 completely for this vhost
+
+ - "`ipv6only`": "on"  Only allow ipv6 on this vhost / "off" only allow ipv4 on this vhost
+
 
 Mounts
 ------

lib/lejp-conf.c

@@ -75,6 +75,7 @@ static const char * const paths_vhosts[] = {
 	"vhosts[].ciphers",
 	"vhosts[].ecdh-curve",
 	"vhosts[].noipv6",
+	"vhosts[].ipv6only",
 };
 
 enum lejp_vhost_paths {
@@ -107,6 +108,7 @@ enum lejp_vhost_paths {
 	LEJPVP_CIPHERS,
 	LEJPVP_ECDH_CURVE,
 	LEJPVP_NOIPV6,
+	LEJPVP_IPV6ONLY,
 };
 
 #define MAX_PLUGIN_DIRS 10
@@ -483,6 +485,14 @@ lejp_vhosts_cb(struct lejp_ctx *ctx, char reason)
 			a->info->options &= ~(LWS_SERVER_OPTION_DISABLE_IPV6);
 		return 0;
 
+	case LEJPVP_IPV6ONLY:
+		a->info->options |= LWS_SERVER_OPTION_IPV6_V6ONLY_MODIFY;
+		if (arg_to_bool(ctx->buf))
+			a->info->options |= LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE;
+		else
+			a->info->options &= ~(LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE);
+		return 0;
+
 	default:
 		return 0;
 	}

lib/libwebsockets.h

@@ -333,6 +333,58 @@ struct lws;
  * NOTE: These public enums are part of the abi.  If you want to add one,
  * add it at where specified so existing users are unaffected.
  */
+
+
+/**
+ * enum lws_context_options() - context + vhost options
+ *
+ * LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT:  (VH) Don't allow the
+ * 	connection unless the client has a client cert that we recognize;
+ * 	provides LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT
+ *
+ * LWS_SERVER_OPTION_SKIP_SERVER_CANONICAL_NAME:  (CTX) Don't try to get the
+ *	server's hostname
+ *
+ * LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT:  (VH) Allow non-SSL (plaintext)
+ *	connections on the same port as SSL is listening... undermines the
+ *	security of SSL; provides  LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT
+ *
+ * LWS_SERVER_OPTION_LIBEV:  (CTX) Use libev event loop
+ *
+ * LWS_SERVER_OPTION_DISABLE_IPV6:  (VH) Disable IPV6 support
+ *
+ * LWS_SERVER_OPTION_DISABLE_OS_CA_CERTS:  (VH) Don't load OS CA certs, you
+ *	will need to load your own CA cert(s)
+ *
+ * LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED:  (VH) Accept connections with no
+ *	valid Cert (eg, selfsigned)
+ *
+ * LWS_SERVER_OPTION_VALIDATE_UTF8:  (VH) Check UT-8 correctness
+ *
+ * LWS_SERVER_OPTION_SSL_ECDH:  (VH)  initialize ECDH ciphers
+ *
+ * LWS_SERVER_OPTION_LIBUV:  (CTX)  Use libuv event loop
+ *
+ * LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS:  (VH) Use http redirect to force
+ *	http to https (deprecated: use mount redirection)
+ *
+ * LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT:  (CTX) Initialize the SSL library
+ *	at all
+ *
+ * LWS_SERVER_OPTION_EXPLICIT_VHOSTS: (CTX) Only create the context when
+ *	calling context create api, user code will create its own vhosts
+ *
+ * LWS_SERVER_OPTION_UNIX_SOCK:  (VH) Use Unix socket
+ *
+ * LWS_SERVER_OPTION_STS:  (VH) Send Strict Transport Security header, making
+ *	clients subsequently go to https even if user asked for http
+ *
+ * LWS_SERVER_OPTION_IPV6_V6ONLY_MODIFY:  (VH) Enable
+ *	LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE to take effect
+ *
+ * LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE:  (VH) if set, only ipv6 allowed on the
+ *	vhost
+ */
 enum lws_context_options {
 	LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT	= (1 << 1) |
 								  (1 << 12),